Prolexic Technologies issued a high alert DDoS attack threat advisory on the DNS Flooder v1.1 toolkit. The toolkit makes it faster and easier for malicious actors to launch crippling reflection attack…
Follow this link:
DDoS attack toolkit simplifies the launch of large reflection attacks
Researcher allegedly blocked after he went public A security consultant who works for Telefonica has turned up a bug in how Snapchat handles authentication tokens, which enables a denial-of-service attack against users’ phones.…
Read More:
Snapchat bug lets hackers aim DENIAL of SERVICE attacks at YOUR MOBE
A cyber security researcher has discovered a vulnerability within the Snapchat mobile app that makes it possible for hackers to launch a denial-of-service attack that temporarily freezes a user’s iPhone. Jaime Sanchez, who works as a cyber-security consultant for Telefonica, a major telecommunications company in Spain, said he and another researcher found a weakness in Snapchat’s system that allows hackers to send thousands of messages to individual users in a matter of seconds. Sanchez said he and the fellow researcher discovered the glitch on their own time. Flooding one user with so many messages can clog their account to the point that the Snapchat app causes the entire device to freeze and ultimately crash, or require that the user perform a hard reset. Snapchat is a popular mobile app for iPhone and Android devices that allows users to send each other photo and video messages that disappear a few seconds after they are opened by their recipients. Every time a user attempts to send a message through Snapchat, a token, which is a code made up of letters and numbers, is generated to verify their identity. Sanchez, who wrote about his security findings on seguridadofensiva.com (in Spanish), said a flaw within Snapchat’s system allows hackers to reuse old tokens to send new messages. By reusing old tokens, hackers can send massive amounts of messages using powerful computers. This method could be used by spammers to send messages in mass quantities to numerous users, or it could be used to launch a cyber attack on specific individuals, he said. Sanchez demonstrated how this works by launching a Snapchat denial-of-service attack on my account. He sent my account 1,000 messages within five seconds, causing my device to freeze until it finally shut down and restarted itself. (See the video above.) Launching a denial-of-service attack on Android devices doesn’t cause those smartphones to crash, but it does slow their speed. It also makes it impossible to use the app until the attack has finished. Sanchez said he has not contacted Snapchat about the vulnerability because he claims the Los Angeles startup has no respect for the cyber security research community. He says Snapchat earned that reputation by ignoring advice in August and on Christmas Eve from Gibson Security, a security group that predicted a flaw within the app could be used to expose user data. On New Year’s Eve, another group exploited that vulnerability and exposed the user names and phone numbers of nearly 5 million Snapchat users. “They warned Snapchat about issues — about the possible dump of database — and Snapchat didn’t care,” he said. The Times asked Snapchat if it knew of the vulnerability claimed by Sanchez. Snapchat said it was not aware of the problem. “We are interested in learning more and can be contacted at security@snapchat.com,” a Snapchat spokeswoman wrote in an email reply. Source: http://www.latimes.com/business/technology/la-fi-tn-snapchat-shut-down-iphone-20140207,0,3127301.story#axzz2sixJmHSh
Read the original:
Snapchat Vulnerability Could Lead To iPhone DDoS Attacks
JTRIG active intelligence unit boasts of bugging and burgling At the start of this week, documents released by whistleblower Edward Snowden detailed DDOS attacks on chatrooms by a British online intelligence unit dubbed the Joint Threat Research Intelligence Group (JTRIG). Now he has released a new trove showing that JTRIG is about much more than purely online annoyances.…
Visit site:
Snowden documents show British digital spies using viruses and ‘honey traps’
The UK allegedly created a spy unit that, other than mounting attacks on cyber enemies, also targeted hacktivists Anonymous and LulzSec, NBC News reports, citing documents taken from the US National Security Agency by whistleblower Edward Snowden. The Government Communications Headquarters Communications (GCHQ) — the UK’s intelligence service — launched a DDOS attack to scare away 80 percent of the users of Anonymous Internet chat rooms, according to the documents. NBC News notes that this makes the British government “the first Western government known to have conducted such an attack.” The British reportedly aimed the DDOS attack against IRC chat rooms where criminal hackers were believed to have been concentrated, after authorities were alarmed by a spate of hacking attacks in 2011, when online hackers wreaked havoc across the Internet, bringing down websites on a purported crusade of righteousness. The victims included the UK. A GCHQ spokesperson emphasized in a statement to NBC News that it carried out its work “in accordance with a strict legal and policy framework” and that its activities — which it didn’t elaborate on — were “authorized, necessary and proportionate.” Source: http://thenextweb.com/uk/2014/02/05/uk-allegedly-targeted-anonymous-lulzsec-hacktivists-via-ddos-attack-documents-show/#!uyXtM
More:
The UK allegedly targeted Anonymous and LulzSec hacktivists via a DDOS attack, documents show
Prolexic Technologies shared an analysis of nearly a dozen global DDoS attacks that indicates cyber attackers are using DDoS attacks in an attempt to influence market values and interfere with exchang…
Taken from:
DDoS attacks used to influence stock prices
A growing number of data center outages are caused by distributed denial of service attacks. On a technical level, DDoS campaigns are much more complicated to address than other leading causes such as human error or IT equipment failure. Accordingly, they often cost hundred of thousands of dollars to resolve. Throughout 2013, credit unions were increasingly targeted by DDoS attacks that overwhelmed their websites with traffic and sometimes created distractions so that other threats could bypass IT security. Going into 2014, mitigating risk from DDoS through software and backup solutions will be the key to reducing the costs and consequences of IT outages. Report finds that DDoS, equipment failure among the leading causes of outages According to one think tank’s research, DDoS attacks accounted for only 2 percent of outages at 67 U.S. data centers in 2010. By 2013, the share had risen to 18 percent. Perpetrators have benefited from ongoing increases in network speeds and the growing complexity of IT infrastructure, both of which have made it much easier to generate massive amounts of fraudulent traffic. The resulting server and equipment failures have footed IT departments with some steep bills. Outages caused by DDoS attacks typically ran $822,000 apiece, far outpacing the $380,000 price tag for incidents attributable to human error. Equipment issues were the most expensive cause, with each event costing slightly under $1 million. While the length of data center outage has gone down over the past few years, related expenses have risen. The average 2013 incident lasted 86 minutes, but cost $690,204, or 37 percent more than in 2010. Credit unions have felt the impact of more frequent DDoS attacks The rise of DDoS attacks has affected IT operations at credit unions, which were targeted by several prominent campaigns in 2013. A $4 billion credit union in Pleasanton, Calif., and a $1.6 billion one in Austin, Texas, had online services knocked out for hours at a time in the wake of DDoS attacks. More specifically, cybercriminals have honed tactics that put financial institution computers through the motions until they become exhausted. For example, a DDoS attack may ask a site for password resets on thousands of spurious accounts, forcing the system to go through each request. Some DDoS incidents may be distractions that facilitate wire theft, but others are politically motivated. Credit unions may need better preparation against DDoS risk, especially since some simply rely on online banking providers or ISPs to protect data. Restore on reboot software can be easily deployed by IT administrators as part of an imaging solution, and it provides fine-tuned management of all office endpoints. Organizations can ensure that kiosks and cash dispensing services remain active even in the event of a crash or attack. Source: http://www.faronics.com/news/blog/credit-unions-among-industries-that-suffered-more-ddos-attacks-in-2013/
Read the article:
Credit unions among industries that suffered more DDoS attacks in 2013
With the Target and Neiman Marcus breach being all over the news in the last few weeks, the topic of malware that collects card data directly from Point-of-Sale devices has received renewed interest. …
FBI went down to Georgia Russian national Aleksandr Andreevich Panin has pleaded guilty to charges of banking and wire fraud for his role in developing the SpyEye Trojan, which used botnets of enslaved computers to harvest financial credentials from internet users around the world.…
See more here:
Russian SpyEye author pleads guilty to starting malware onslaught
DDoS attacks will continue to be a serious issue in 2014 – as attackers become more agile and their tools become more sophisticated, according to Radware. Their report was compiled using data from ove…
Read the original post:
DDoS attacks become smarter, faster and more severe