Tag Archives: blocking-ddos

Hackers threaten South Korean banks with DDoS attacks following record ransomware payment

The Armada Collective hacking group has issued a ransom demand of approximately $315,000 to seven South Korean banks, threatening to launch distributed denial of service attacks against each of their organizations. The threat came just days after fellow South Korean firm NAYANA negotiated a record $1.01 million ransom payment on June 14 to remedy an unrelated ransomware attack that locked up its systems. The timing of this latest threat has reportedly prompted some observers to wonder if NAYANA’s actions encouraged the Armada Collective to test the resolve of other South Korean companies. Citing financial authorities, the Yonhap News Agency on June 21 named the threatened banks as KB Kookmin Bank, Shinhan Bank, Woori Bank, KEB Hana Bank, NH Bank and two other lenders. The banks were given a deadline of June 26. The Armada Collective has engaged in this behavior before. For instance, in April 2016 Cloudfare published a report detailing an Armada Collective campaign that issued empty DDoS threats against a wide range of businesses extorting hundreds of thousands of dollars in the process. Source: https://www.scmagazine.com/hackers-threaten-south-korean-banks-with-ddos-attacks-following-record-ransomware-payment/article/671377/

Excerpt from:
Hackers threaten South Korean banks with DDoS attacks following record ransomware payment

Dems: FCC DDoS Attack Raises Cybersecurity Questions

Looking for lots more answers on net neutrality docket. If the FCC was subject to multiple DDoS attacks that affected input in the Open Internet comment docket, leading House Democrats say that raises questions about the FCC’s cybersecurity preparedness that need answers. That came in letters to the FCC and National Cybersecurity and Communications Integration Center. “We ask you to examine these serious problems and irregularities that raise doubts about the fairness, and perhaps even the legitimacy, of the FCC’s process in its net neutrality proceeding,” the Democratic legislators said. “Giving the public an opportunity to comment in an open proceeding such as this one is crucial – so that the FCC can consider the full impact of its proposals, and treat everyone who would be affected fairly.” Democratic Sens. Ron Wyden of Oregon and Brian Schatz of Hawaii had asked FCC Chairnman Ajit Pai for an explanation of the attacks. But the response—that they were “non-traditional” attaocks–only created new questions, the letters to the FCC and NCCIC said. That includes: •”What ‘additional solutions’ is the FCC pursuing to ‘further protect the system,’ as was mentioned in the FCC’s response? •”According to the FCC, the alleged cyberattacks blocked ‘new human visitors … from visiting the comment filing system.’ Yet, the FCC, consulting with the FBI, determined that ‘the attack did not rise to the level of a major incident that would trigger further FBI involvement.’ What analysis did the FCC and the FBI conduct to determine that this was not a ‘major incident?’ •”What specific ‘hardware resources’ will the FCC commit to accommodate people attempting to file comments during high-profile proceedings? Does the FCC have sufficient resources for that purpose? •”Is the FCC making alternative ways available for members of the public to file comments in the net neutrality proceeding?” Signing on to the letters were Energy and Commerce Ranking Member Frank Pallone, Jr. (N.J.), Oversight and Government Reform (OGR) ranking member Elijah Cummings (Md.), E&C Communications and Technology Subcommittee Ranking Member Mike Doyle (Pa.), Oversight and Investigations Subcommittee ranking member Diana DeGette (Colo.), OGR Information Technology Subcommittee ranking member Robin Kelly (Ill.), and Government Operations Subcommittee ranking member Gerald Connolly (Va.) Some of the same Dems have asked Republican leadership of the House E&C to hold a hearing on the FCC Web issues. And last month, another group of Democrats called on the FBI to investigate the multiple DDoS attacks the FCC said it had suffered related to the docket. http://www.multichannel.com/news/congress/dems-fcc-ddos-attack-raises-cybersecurity-questions/413693

See original article:
Dems: FCC DDoS Attack Raises Cybersecurity Questions

Ten steps for combating DDoS in real time

To the uninitiated, a distributed denial-of-service (DDoS) attack can be a scary, stressful ordeal. But don’t panic. Follow these steps by David Holmes, senior technical marketing manager: Security, F5 Networks, to successfully fight an attack: If you appear to be suffering a volumetric attack, it helps to have a historical sense of your own traffic patterns. Keep a baseline of normal traffic patterns to compare against. If you have determined that you are under a DDoS attack, record the estimated start time in your attack log. Monitor volumetric attacks. Remember to keep a monitoring web page open to indicate when the attack may be over (or mitigated). You will need to follow (up to) 10 steps for your DDoS mitigation: Step 1: Verify the attack Not all outages are caused by a DDoS attack. DNS misconfiguration, upstream routing issues, and human error are also common causes of network outages. You must first rule out these types of non-DDoS attacks and distinguish the attack from a common outage. · Rule out common outages: The faster you can verify the outage is a DDoS attack, the faster you can respond. Even if the outage was not caused by a misconfiguration or other human error, there may still be other explanations that resemble a DDoS attack. · Check outbound connectivity: Is there outbound connectivity? If not, then the attack is so severe that it is congesting all inbound and outbound traffic. Check with your usual diagnostic tools (such as traceroute, ping, and dig) and rule out all such possibilities. · Rule out global issues: Check Internet weather reports, such as Internet Health Report and the Internet Traffic Report, to determine if the attack is a global issue. · Check external network access: Attempt to access your application from an external network. Services and products that can perform this kind of monitoring include: Keynote testing and monitoring, HP SiteScope agentless monitoring, SolarWinds NetFlow Traffic Analyzer, and Downforeveryoneorjustme.com. · Confirm DNS response: Check to see if DNS is responding for your website. The following UNIX command resolves a name against the OpenDNS project server: % dig @208.67.222.222 yourdomain.com Step 2: Contact team leads. Once the attack is verified, contact the leads of the relevant teams. If you have not filled out any quick reference sheets or a contact list, create one now or use our templates. When an outage occurs, your organisation may hold a formal conference call including various operations and applications teams. If your company has such a process in place, use the meeting to officially confirm the DDoS attack with team leads. · Contact your bandwidth service provider: One of the most important calls you can make is to the bandwidth service provider. List the number for your service provider in your contact sheet. The service provider can likely confirm your attack, provide information about other customers who might be under attack, and sometimes offer remediation. · Contact your fraud team: It is especially important to invoke the fraud team as soon as the attack is verified. DDoS attacks can be used as cover to hide an infiltration. Logs that would normally show a penetration may get lost during a DDoS attack. This is why high-speed, off-box logging is so important. Step 3: Triage applications Once the attack is confirmed, triage your applications. When faced with an intense DDoS attack and limited resources, organisations have to make triage decisions. High-value assets typically generate high-value online revenue. These are the applications you will want to keep alive. Low-value applications, regardless of the level of legitimate traffic, should be purposefully disabled so their CPU and network resources can be put to the aid of higher-value applications. You may need the input of team leads to do this. Ultimately, these are financial decisions. Make them appropriately. Create an application triage list; it takes only a few minutes to fill one out, and will greatly assist in making tough application decisions while combating an actual DDoS event. Decide which applications are low priority and can be disabled during the attack. This may include internal applications. Step 4: Protect partners and remote users. · Whitelist partner addresses: Very likely you have trusted partners who must have access to your applications or network. If you have not already done so, collect the IP addresses that must always be allowed access and maintain that list. You may have to populate the whitelist in several places throughout the network, including at the firewall, the Application Delivery Controller (ADC), and perhaps even with the service provider, to guarantee that traffic to and from those addresses is unhindered. · Protect VPN users: Modern organisations will whitelist or provide quality-of-service for remote SSL VPN users. Typically this is done at an integrated firewall/ VPN server, which can be important if you have a significant number of remote employees. Step 5: Identify the attack Now is the time to gather technical intelligence about the attack. The first question you need to answer is “What are the attack vectors?” There are four types of DDoS attack types, these are · Volumetric: flood-based attacks that can be at layers 3, 4, or 7; · Asymmetric: designed to invoke timeouts or session-state changes; · Computational: designed to consume CPU and memory; and · Vulnerability-based: designed to exploit software vulnerabilities. By now you should have called your bandwidth service provider with the information on your contacts list. If the attack is solely volumetric in nature, the service provider will have informed you and may have already taken steps at DDoS remediation. Even though well-equipped organisations use existing monitoring solutions for deep-packet captures, you may encounter cases where you have to use packet captures from other devices, such as the ADC, to assist in diagnosing the problem. These cases include: SSL attack vectors and FIPS-140. Step 6: Evaluate source address mitigation options If Step 5 has identified that the campaign uses advanced attack vectors that your service provider cannot mitigate (such as slow-and-low attacks, application attacks, or SSL attacks), then the next step is to consider the following question: “How many sources are there?” If the list of attacking IP addresses is small, you can block them at your firewall. Another option would be to ask your bandwidth provider to block these addresses for you. · Geoblocking: The list of attacking IP address may be too large to block at the firewall. Each address you add to the block list will slow processing and increase CPU. But you may still be able to block the attackers if they are all in the same geographic region or a few regions you can temporarily block. The decision to block entire regions via geolocation must be made as a business decision. Finally, if there are many attackers in many regions, but you don’t care about any region except your own, you may also use geolocation as a defence by blocking all traffic except that originating from your region. · Mitigating multiple attack vectors: If there are too many attackers to make blocking by IP address or region feasible, you may have to develop a plan to unwind the attack by mitigating “backwards”; that is, defending the site from the database tier to the application tier, and then to the web servers, load balancers, and finally the firewalls. You may be under pressure to remediate the opposite way; for example, mitigating at layer 4 to bring the firewall back up. However, be aware that as you do this, attacks will start to reach further into the data centre. Step 7: Mitigate specific application attacks If you have reached this step, the DDoS attack is sufficiently sophisticated to render mitigation by the source address ineffective. Tools such as the Low Orbit Ion Cannon, the Apache Killer, or the Brobot may generate attacks that fall into this category. These attacks look like normal traffic at layer 4, but have anomalies to disrupt services in the server, application, or database tier. To combat these attacks, you must enable or construct defences at the application delivery tier. Once you have analysed the traffic in Step 4, if the attack appears to be an application-layer attack, the important questions are: Can you identify the malicious traffic? Does it appear to be generated by a known attack tool? Specific application-layer attacks can be mitigated on a case-by-case basis with specific F5 counter-measures. Attackers today often use multiple types of DDoS attack vector, but most of those vectors are around layers 3 and 4, with only one or two application-layer attacks thrown in. We hope this is the case for you, which will mean you are nearly done with your DDoS attack. Step 8: Increase application-level security posture. If you have reached this step in a DDoS attack, you’ve already mitigated at layers 3 and 4 and evaluated mitigations for specific application attacks, and you are still experiencing issues. That means the attack is relatively sophisticated, and your ability to mitigate will depend in part on your specific applications. Asymmetric application attack: Very likely you are being confronted with one of the most difficult of modern attacks: the asymmetric application attack. This kind of attack can be: · A flood of recursive GETs of the entire application. · A repeated request of some large, public object (such as an MP4 or PDF file). · A repeated invocation of an expensive database query. Leveraging your security perimeter: The best defence against these asymmetric attacks depends on your application. For example, financial organisations know their customers and are able to use login walls to turn away anonymous requests. Entertainment industry applications such as hotel websites, on the other hand, often do not know the user until the user agrees to make the reservation. For them, a CAPTCHA (Completely Automated Public Turning test to tell Computers and Humans Apart) might be a better deterrent. Choose the application-level defence that makes the most sense for your application: A login wall, human detection or real browser enforcement. Step 9: Constrain resources. If all the previous steps fail to stop the DDoS attack, you may be forced to simply constrain resources to survive the attack. This technique turns away both good and bad traffic. In fact, rate limiting often turns away 90 to 99 percent of desirable traffic while still enabling the attacker to drive up costs at your data centre. For many organisations, it is better to just disable or “blackhole” an application rather than rate-limit it. · Rate shaping: If you find that you must rate-limit, you can provide constraints at different points in a multi-tier DDoS architecture. At the network tier, where layer 3 and layer 4 security services reside, use rate shaping to prevent TCP floods from overwhelming your firewalls and other layer 4 devices. Connection limits: Connection limits can be an effective mitigation technique, but they do not work well with connection-multiplexing features. Application tier connection limits should provide the best protection to prevent too much throughput from overwhelming your web servers and application middleware. Step 10: Manage public relations Hacktivist organisations today use the media to draw attention to their causes. Many hacktivists inform the media that an attack is underway and may contact the target company during the attack. Financial organisations, in particular, may have policies related to liability that prevent them from admitting an attack is underway. This can become a sticky situation for the public relations manager. The manager may say something like, “We are currently experiencing some technical challenges, but we are optimistic that our customers will soon have full access to our online services.” Journalists, however, may not accept this type of hedging, especially if the site really does appear to be fully offline. In one recent case, a reporter called a bank’s local branch manager and asked how the attack was proceeding. The branch manager, who had not received media coaching, responded, “It’s awful, we’re getting killed!” If the DDoS attack appears to be a high-profile hacktivist attack, prepare two statements: · For the press: If your industry policies allow you to admit when you are being externally attacked, do so and be forthright about it. If policy dictates that you must deflect the inquiry, cite technical challenges but be sure to prepare the next statement. · For internal staff, including anyone who might be contacted by the press: Your internal statement should provide cues about what to say and what not to say to media, or even better, simply instruct your staff to direct all inquiries related to the event back to the PR manager. Include a phone number. Anton Jacobsz, managing director at Networks Unlimited, a value-adding reseller of F5 solutions throughout Africa, notes that it is the organisations focusing on a holistic security strategy that are considered forward-looking and ahead of the digital economy curve. “In a digital age – where sensitive or personal information is at risk of being exposed, and where geo-location and sensor-based tools track movements – organisations need to be prepared for a cyber attack. It has become essential to scrutinise security throughout the entire operation and offerings in order to build the strongest cornerstones for establishing trust between company, employees and consumers,” says Jacobsz. Source: http://www.itnewsafrica.com/2017/06/ten-steps-for-combating-ddos-in-real-time/

Read More:
Ten steps for combating DDoS in real time

If You Learn of DDoS Attacks from Customers, You’ve Already Failed

If your customers notice something’s wrong before your own security specialists do, you’ve failed on multiple levels When Benjamin Franklin said, “Time is money,” he gave the world an aphorism that would be quoted frequently by businesspeople for more than 200 years. For all his wit and insight, of course, Franklin could never have foreseen the many scenarios for which his pithy observation would come to apply. It turns out that among the most relevant applications of the quote in today’s digitally driven world is in the realm of cybersecurity. Why? Because for organizations that suffer a cyberattack, a slow response can prove very costly. In an early 2017 survey of more than 1,000 IT and business decision makers, nearly two-thirds of the respondents said they could lose $100,000 per hour or more if a distributed denial of service (DDoS) attack were to disrupt their peak business periods. On the bright side, 8 in 10 of the organizations responding to the Neustar-sponsored survey said they’ve learned about new DDoS attacks from their internal security and IT teams – at least sometimes. Less encouraging is the fact that 40% also said they have, at times, received their first notification of attacks from their customers. If your customers notice something’s wrong before your own security specialists do, you’ve failed on multiple levels. The ideal DDoS defense is to recognize an emerging threat and neutralize it before it even gains a foothold – and certainly before your customers experience any negative impacts. If customers start complaining about an inability to access your websites or other services, you’ve already started to lose money before you’re even aware of the problem. Beyond causing staggering monetary losses for many corporations, successful DDoS attacks can alienate customers and shake their confidence in the victim’s ability to secure its own systems. By extension, customer then worry about the security of their own interactions with the company, and about the safety of any customer data the company may hold. The resulting customer churn and reduced loyalty can result in additional financial consequences. In this regard, another Franklin quote sadly holds true: “It takes many good deeds to build a good reputation, and only one bad one to lose it.” Fortunately, there are many security tools and services available to organizations that decide to be proactive in their DDoS defenses. As is often the case when it comes to cybersecurity, the most effective defenses will leverage a layered approach. The first-level of defense for DDoS attacks ideally will be provided by the network or Internet service provider, which is often the first to see – and block – suspicious network activity. For those attacks that still manage to get through, companies need their own DDoS identification and mitigation solutions. Some of those solutions may be on-premises appliances and other controls, while others may be provided by cloud-based or managed security services providers. Such “security-as-a-service” offerings are rapidly gaining in popularity, especially if an attack’s scale exceeds the capabilities of the on-premises protections. In short, there’s little excuse to be reactive, rather than proactive, when it comes to DDoS defenses. And, yes, Franklin once again provides some sage advice to those who may be too cavalier in their attitudes about DDoS threat. “By failing to prepare, you are preparing to fail.” Source: http://www.csoonline.com/article/3200084/leadership-management/if-you-learn-of-ddos-attacks-from-customers-you-ve-already-failed.html

See the original article here:
If You Learn of DDoS Attacks from Customers, You’ve Already Failed

Report: DDoS attacks are less common, but they’re bigger

Information security company Verisign just published its Distributed Denial of Trends Report for Q1 2017. This report talks about changes in the frequency, size, and type of DDoS attack that the company has observed over the first few months of this year. The main takeaway is this: The number of DDoS attacks has plunged by 23 percent compared to the previous quarter. That’s good! However, the average peak attack size has increased by almost 26 percent, making them vastly more potent at taking down websites and critical online infrastructure. That’s bad. The report also notes that attacks are sophisticated in nature, and use several different attack types to take down a website. While 43 percent use just one attack vector, 25 percent use two, and six percent use five. This, obviously, makes it much more difficult to mitigate against. Verisign’s report also talks about the largest DDoS attack observed by the company in Q1. This was a multi-vector attack that peaked at 120 Gbps, and with a throughput of 90 Mpps. Per the report: This attack sent a flood of traffic to the targeted network in excess of 60 Gbps for more than 15 hours. The attackers were very persistent in their attempts to disrupt the victim’s network by sending attack traffic on a daily basis for over two weeks. The attack consisted primarily of TCP SYN and TCP RST floods of varying packet sizes and employed one of the signatures associated with the Mirai IoT botnet. The event also included UDP floods and IP fragments which increased the volume of the attack. So, in short. The attackers were using several different attack types, and they were able to sustain the attack over a long period of time. This shows the attacker has resources, either to create or rent a botnet of that size, and to sustain an attack over two weeks. The fact that DDoS attacks have increased in potency is hardly a surprise. They’ve been getting bigger and bigger, as bad actors figure out they can easily rope insecure Internet of Things (IoT) devices into their botnets. The Mirai botnet, for example, which took down Dyn last year, and with it much of the Internet, consisted of hundreds of thousands of insecure IoT products. The main thing you can gleam from the Verisign report is that DDoS attacks are increasingly professional, for lack of a better word. It’s not 2005 anymore. We’ve moved past the halcyon days of teenagers taking down sites with copies of LOIC they’d downloaded off Rapidshare. Now, it’s more potent. More commoditized. And the people operating them aren’t doing it for shits and giggles. Source: https://thenextweb.com/insider/2017/05/24/report-ddos-attacks-are-less-common-but-theyre-bigger/#.tnw_RJHfi1AZ

Originally posted here:
Report: DDoS attacks are less common, but they’re bigger

Expect an increase in ransomware and DDoS attack combos in 2017

“Follow the money” is a popular catchphrase attributed to the 1976 movie All The President’s Men suggesting a money trail or corruption scheme within high (often political) office. Cybercriminal actors are certainly following the advice. The Deloitte Global Cyber Executive Briefing on E-Commerce & Online payments suggests that as retailers discover the financial rewards of having an e-commerce website, criminals are not far behind. But while robbing a brick and mortar store is wrought with risk of getting caught, the cyber world is proving much more lucrative relative to the effort and investments needed to execute a digital heist. For every e-commerce site that goes up, the potential target expands to include merchant, payment service provider, card company, suppliers, banks and buying customer. That is because e-commerce websites are directly connected both to the internet and to the business’ back-end systems for data processing and supply management. This makes e-commerce website a prime attack point for gaining access to crucial information assets within the organization according to Deloitte. The fourth Neustar annual Worldwide DDoS Attacks and Cyber Insights Research Report reveals that attacks against the financial services and retail industries are on the rise. Industry respondents confirm that it is getting much longer for organizations to detect and respond as cyberattacks grow in volume, complexity and frequency. Financial services institutions (FSIs) under attack There is recognition among industry players that they remain at high risk of malware and data theft (44% in 2017 versus 37% in 2016). Ransomware appears to be on the rapid rise in financial services industry as respondents to the survey indicate an increase in reported attacks from 17% in 2016 to 28% a year later. Financial institutions are also investing against Distributed Denial of Service (DDoS) attacks with 91% of organizations putting in more resources in 2017 compared to 79% in 2016. FSIs continue to be one of the favored targets of hackers as 86% of surveyed respondents confirm being under attack in 2017, up 10% from the previous year. More worrisome is that 88% reported being under attack more than once. Retailers under attack Eighty percent of respondents said they were under attack in 2017, up 7% from 2016. Respondents to the survey also noted that it took longer for them to detect and respond to the attacks in 2017 compared to 2016 suggesting that attack are getting sophisticated. Retailers responding to the survey Industry confirmed that they are spending more for security in 2017 (87%) compared to 2016 (76%). Respondents also report that ransomware attacks have increased from 13% in 2016 to 21% in 2017. Asia Pacific under attack Among respondents in Asia Pacific, 33% reported average revenue loss of at least US$250,000 with 49% reporting ransomware and DDoS attacks occurring in concert. Time to detect for 49% of respondents in the region stood at about three hours while 42% said it was taking them at least three hours to respond following discovery of the attack. In response to escalating frequency, complexity and severity of malware and DDoS attacks, Robin Schmitt, general manager, APAC at Neustar recommended that IT and business leaders need to evaluate the effectiveness of existing security strategies. “The research shows that simply identifying an attack and depending on basic defenses is not enough. Organizations in the region need to adopt stronger defenses and innovative solutions to more quickly and effectively mitigate the growing risk and likely impact of a major DDoS attack,” he said. According to Neustar the data from the research suggests that 2017 will be another challenging one from a DDoS threat landscape perspective. Generic Routing Encapsulation (GRE) based flood attacks and Connectionless Lightweight Directory Access Protocol (CLDAP) reflection attacks are emerging as the new hot attack trends for 2017, suggesting that attackers are constantly eyeing new ways to turn legitimate infrastructure elements against their owners. Source: https://www.enterpriseinnovation.net/article/expect-increase-ransomware-and-ddos-attack-combos-2017-145803210

Original post:
Expect an increase in ransomware and DDoS attack combos in 2017

Major French news sites victim of DDoS attack

Major news sites in France including Le Monde and Le Figaro went down yesterday in the fallout of a DDoS attack. Many of the biggest French news sites were hit by a DDoS attack on a Portland, Oregon cloud computing company – Cedexis. The attack caused the sites to go dark. Dr Malcolm Murphy, technology director at Infoblox said “This is the latest in a run of cyber attacks in France – only a week ago newly elected French President Macron’s emails were leaked by hackers. This latest attack highlights the importance of organisations prioritising cyber defences at a time when commonly deployed cyberattacks are being used to disrupt both political processes and organisations.” Bloomberg reported that Le Monde and Le Figaro were two of the websites that crashed. “At approximately 2 p.m. GMT (7 a.m. Pacific time), the Cedexis infrastructure came under a unique and sophisticated distributed denial of service (DDOS) attack,” Cedexis said in a written statement. “This attack caused a partial but widespread outage that affected many of our customers. Our customers are our number one priority and at this time, the attack is being mitigated, and services are being restored.” DDoS attacks have grown in prevalence as more and more unsecure Internet of Things (IoT) devices have entered the market. Murphy suggested that “DDoS attacks in particular are growing in both frequency and sophistication. Whilst there is no easy solution to securing DNS, there are a few steps that an organisation’s IT team can take to help mitigate and respond to DNS-based DDoS attacks.” “Organisations who don’t know their query load will never know when they’re under attack. By using statistical support, administrators can help analyse their data for attack indicators. Whilst it may not always be clear what an attack looks like, anomalies will be more easily identifiable. IT teams should also continually scrutinise internet-facing infrastructure for single points of failure by going beyond external authoritative name servers, and checking on the switch and router interactions, firewalls, and connections to the internet.” Source: http://www.information-age.com/major-french-news-sites-victim-ddos-attack-123466206/

More:
Major French news sites victim of DDoS attack

How Shall DDoS Attacks Progress In The Future?

In recent months we have witnessed a rise in new and significantly high-volume distributed denial of service (DDoS) attacks. The venomous nature Mirai botnet Mirai botnet is a prime example in this case. Involved in a string of DDoS attacks in recent months, including the one on DNS provider Dyn in October, the botnet is said to have a population of around 300,000 compromised IoT devices. Its population could increase significantly if hackers somehow amend the source code to include the root credentials of many other devices not currently employed by the botnet. Cybersecurity experts predict that Mirai botnet, and others like it, will become more complex as 2017 progresses. Hackers are always to evolve, and once they do, they’d adapt the botnet to new DDoS attacking methods. It is believed that Mirai currently contains around 10 different DDoS attack techniques which are being utilized by hackers to initiate an attack. These will obviously increase as 2017 progresses. Corporate giants need to fear the possibility of more DDoS attacks Mirai botnet is only the first of many examples. The motivation for DDoS attacks are endless, and the range of these attacks is expanding into political and economic domains. Though, previously these attacks were restricted to small websites. Now, they have the potential to disrupt websites of internet giants including BBC, Dyn and Twitter. Our entire digital economy depends upon access to the Internet, so organizations should think carefully about business continuity in the wake of such events. Individual DDoS attacks, on average, cost large enterprises $444,000 per incident in lost business and IT spending, so the combined economic impact from an entire region being affected would be extremely damaging. Some argue that companies must place back-up telephone systems in place to communicate with customers in case of a DDoS attack. Though, beneficial for small companies, this will certainly not help internet giants like Amazon, Alibaba and other such services. DDoS attacks on gamers According to multiple surveys, gamers are a big target of DDoS attacks. Over recent years, gaming has gradually shifted towards an online model, and things will continue moving in this direction. However, sometimes to get undue advantage, hackers often hit rival gamers with DDoS attacks in order to win the game in a cheap manner. ISPs Need to Play a Role in Reducing DDoS Attacks In the wake of recent IoT-related DDoS attacks, experts encourage manufacturers to install multiple security protocols on internet connected devices before they are sold to customers. Though, this may help in reducing the strength of future DDoS attacks, ISPs still need to play a major role in eliminating the threat of future DDoS attacks. At least on a local level, ISPs could reduce the overall volume of DDoS attacks significantly under their domain by employing systems and features which could help detect and remediate infected bots that are used to launch DDoS attacks. A nexus of ISPs, device manufacturers, the government and internet giants can greatly help in reducing the threat of future DDoS attacks. The internet community is paying attention to problems related to DDoS attacks, and network operators and internet giants are looking for ways to address this issue. If this nexus operates together and works hard enough to protect the integrity of the internet, we may make tremendous progress in defeating the threat of DDoS attacks once and for all! Source: http://www.informationsecuritybuzz.com/articles/shall-ddos-attacks-progress-future/

See more here:
How Shall DDoS Attacks Progress In The Future?

Teenage hacker jailed for masterminding attacks on Sony and Microsoft

Adam Mudd jailed for two years for creating attack-for-hire business responsible for more than 1.7m breaches worldwide. A man has been jailed for two years for setting up a computer hacking business that caused chaos worldwide. Adam Mudd was 16 when he created the Titanium Stresser program, which carried out more than 1.7m attacks on websites including Minecraft, Xbox Live and Microsoft and TeamSpeak, a chat tool for gamers. He earned the equivalent of more than £386,000 in US dollars and bitcoins from selling the program to cyber criminals. Mudd pleaded guilty and was sentenced at the Old Bailey. The judge, Michael Topolski QC, noted that Mudd came from a “perfectly respectable and caring family”. He said the effect of Mudd’s crimes had wreaked havoc “from Greenland to New Zealand, from Russia to Chile”. Topolski said the sentence must have a “real element of deterrent” and refused to suspend the jail term. “I’m entirely satisfied that you knew full well and understood completely this was not a game for fun,” he told Mudd. “It was a serious money-making business and your software was doing exactly what you created it to do.” Mudd showed no emotion as he was sent to a young offender institution. During the two-day hearing, Jonathan Polnay, prosecuting, said the effect of Mudd’s hacking program was “truly global”, adding: “Where there are computers, there are attacks – in almost every major city in the world – with hotspots in France, Paris, around the UK.” The court heard that Mudd, who lived with his parents, had previously undiagnosed Asperger syndrome and was more interested in status in the online gaming community than the money. The court heard that the defendant, now 20, carried out 594 of the distributed denial of service (DDoS) attacks against 181 IP addresses between December 2013 and March 2015. He has admitted to security breaches against his college while he was studying computer science. The attacks on West Herts College crashed the network, cost about £2,000 to investigate and caused “incalculable” damage to productivity, the court heard. On one occasion in 2014, the college hacking affected 70 other schools and colleges, including Cambridge, Essex and East Anglia universities as well as local councils. Mudd’s explanation for one of the attacks was that he had reported being mugged to the college but claimed no action was taken. Polnay said there were more than 112,000 registered users of Mudd’s program who hacked about 666,000 IP addresses. Of those, nearly 53,000 were in the UK. Among the targets was the fantasy game RuneScape, which had 25,000 attacks. Its owner company spent £6m trying to defend itself against DDoS attacks, with a revenue loss of £184,000. The court heard that Mudd created Titanium Stresser in September 2013 using a fake name and address in Manchester. He offered a variety of payment plans to his customers, including discounts for bulk purchases of up to $309.99 for 30,000 seconds over five years as well as a refer-a-friend scheme. Polnay said: “This is a young man who lived at home. This is not a lavish lifestyle case. The motivation around this we tend to agree is about status. The money-making is by the by.” When he was arrested in March 2015, Mudd was in his bedroom on his computer, which he refused to unlock before his father intervened. Mudd, from Kings Langley in Hertfordshire, pleaded guilty to one count of committing unauthorised acts with intent to impair the operation of computers; one count of making, supplying or offering to supply an article for use in an offence contrary to the Computer Misuse Act; and one count of concealing criminal property. Ben Cooper, defending, appealed for his client to be given a suspended sentence. He said Mudd had been “sucked into” the cyber world of online gaming and was “lost in an alternate reality” after withdrawing from school because of bullying. Mudd, who was expelled from college and now works as a kitchen porter, had been offline for two years, which was a form of punishment for any computer-obsessed teenager, Cooper said. The “bright and high-functioning” defendant understood what he did was wrong but at the time he lacked empathy due to his medical condition, the court heard. Cooper said: “This was an unhappy period for Mr Mudd, during which he suffered greatly. This is someone seeking friendship and status within the gaming community.” But the judge said: “I have a duty to the public who are worried about this, threatened by this, damaged by this all the time … It’s terrifying.” Source: https://www.theguardian.com/technology/2017/apr/25/teenage-hacker-adam-mudd-jailed-masterminding-attacks-sony-microsoft

Link:
Teenage hacker jailed for masterminding attacks on Sony and Microsoft

‘One in five’ British firms hit by cyber attack in 2016

One in five British firms was hit by a cyber attack last year, research from the British Chambers of Commerce suggests Cyber attacks are a growing threat to global business operations. This was confirmed by research from the British Chambers of Commerce (BCC), which surveyed 1,200 companies, revealing that one in five British businesses experienced a cyber attack last year. Larger businesses – defined as those with over 100 staff – were more likely to be attacked than smaller counterparts, according to the survey. The report found that 42% of larger organisations had suffered a cyber attack, compared with 18% of smaller ones. Clearly, more needs to be done by businesses to protect themselves. Indeed, the BCC’s report alos found that only a quarter of the firms surveyed had put in security protocols to protect themselves from hackers and cyber threats. The well documented data breaches of web giant Yahoo, telecoms firm TalkTalk and the dating website Ashley Madison have all hit the headlines in recent years. But this survey has shown just how widespread the problem is. It is endemic. “Cyber attacks risk companies’ finances, confidence and reputation, with victims reporting not only monetary losses, but costs from disruption to their business and productivity,” said BCC director-general Adam Marshall. “Firms need to be proactive about protecting themselves from cyber attacks.” Reacting to the news, Anton Grashion, managing director-security practice at Cylance, said “This is probably an underestimate if anything. Two reasons for this, firstly, this assumes they even know they have been hit, secondly people are more likely to under-report.” “Evidence of our testing when we run a POC with prospective customers is that we almost invariably discover active malware on their systems so it’s the unconscious acceptance of risk that plagues both large and small businesses.” Stephanie Weagle, VP at Corero Network Security, has identified DDoS attacks as the greatest cyber threat facing business. She said “Attackers will always find new exploits, and new attack methods of disrupting financial opportunity, extortion, accessing personally identifiable data, and disrupting an organisations online availability. Cyber attack activity is prevalent today, more than ever – especially when it comes to DDoS attacks.” DDoS attacks are on the rise and “continue to increase in frequency, scale and sophistication over the last year. 31% of IT security professional and network operators polled in a 2017 survey conducted by Corero experienced more DDoS attacks than usual in recent months, with 40% now experiencing attacks on a monthly, weekly or even daily basis. Source: http://www.information-age.com/major-flaws-devops-teams-security-123465765/

See more here:
‘One in five’ British firms hit by cyber attack in 2016