Fed bust of massive attack network caused traffic loads to plummet in Q4 The FBI’s takedown of a group of prolific DDoS-for-hire websites has single-handedly helped to drop attack levels globally.…
More:
Silence of the WANs: FBI DDoS-for-hire greaseball takedowns slash web flood attacks ‘by 11%’
Healthcare networks pummeled amid drama over teen girl’s custody Five months after he was found guilty of orchestrating a distributed denial-of-service attack against US healthcare providers, the self-styled Anonymous hacker Martin Gottesfeld has been sentenced to 121 months in prison.…
Continue reading here:
No plain sailing for Anon hacktivist picked up by Disney cruise ship: 10 years in the cooler for hospital DDoS caper
Earlier in the year, a huge DDoS attack was launched on Krebs on Security. Analysis showed that the attack pelted servers with 620 Gbps, and there were fears that the release of the Mirai source code used to launch the assault would lead to a rise in large-scale DDoS attacks. Welcome Leet Botnet. In the run-up to Christmas, security firm Imperva managed to fend off a 650 Gbps DDoS attack. But this was nothing to do with Mirai; it is a completely new form of malware, but is described as “just as powerful as the most dangerous one to date”. The concern for 2017 is that “it’s about to get a lot worse”. Clearly proud of the work put into the malware, the creator or creators saw fit to sign it. Analysis of the attack showed that the TCP Options header of the SYN packets used spelled out l33t, hence the Leet Botnet name. The attack itself took place on 21 December, but details of what happened are only just starting to come out. It targeted a number of IP addresses, and Imperva speculates that a single customer was not targeted because of an inability to resolve specific IP addresses due to the company’s proxies. One wave of the attack generated 650 Gbps of traffic — or more than 150 million packets per second. Despite attempting to analyze the attack, Imperva has been unable to determine where it originated from, but the company notes that it used a combination of both small and large payloads to “clog network pipes and bring down network switches”. While the Mirai attacks worked by firing randomly generated strings of characters to generate traffic, in the case of Leet Botnet the malware was accessing local files and using scrambled versions of the compromised content as its payload. Imperva describes the attack as “a mishmash of pulverized system files from thousands upon thousands of compromised devices”. What’s the reason for using this particular method? Besides painting a cool mental image, this attack method serves a practical purpose. Specifically, it makes for an effective obfuscation technique that can be used to produce an unlimited number of extremely randomized payloads. Using these payloads, an offender can circumvent signature-based security systems that mitigate attacks by identifying similarities in the content of network packets. While in this instance Imperva was able to mitigate the attack, the company says that Leet Botnet is “a sign of things to come”. Brace yourself for a messy 2017… Source: http://betanews.com/2016/12/28/leet-botnet-ddos/
View article:
Bigger than Mirai: Leet Botnet delivers 650 Gbps DDoS attack with ‘pulverized system files’
Thirty four people, including teenagers, are arrested after an international police operation involving EU and US authorities.
CloudFlare spotted a new botnet in the wild which launched massive DDoS attacks aimed at the US West Coast for 10 days in a row. A new monster botnet, which hasn’t been given a name yet, has been spotted in the wild launching massive DDoS attacks. Security experts at CloudFlare said the emerging botnet is not related to Mirai, but it is capable of enormous distributed denial-of-service attacks. If this new botnet is just starting up, it could eventually be as powerful as Mirai. The company has so far spent 10 days fending off DDoS attacks aimed at targets on the US West Coast; the strongest attacks peaked at over 480 gigabits per second (Gbps) and 200 million packets per second (Mpps). CloudFlare first detected the new botnet on November 23; peaking at 400 Gbps and 172 Mpps, the DDoS attack hammered on targets “non-stop for almost exactly 8.5 hours” before the attack ended. CloudFlare’s John Graham-Cumming noted, “It felt as if an attacker ‘worked’ a day and then went home.” The botnet DDoS attacks followed the same pattern the next day, like the attacker was “someone working at a desk job,” except the attacks began 30 minutes earlier. On the third day, the attacks reached over 480 Gbps and 200 Mpps before the attacker decided to knock off a bit early from ‘work.’ Once Thanksgiving, Black Friday and Cyber Monday were over, the attacker changed patterns and started working 24 hours a day. The attacks continued for 10 days; each day the DDoS attacks “were peaking at 400 Gbps and hitting 320 Gbps for hours on end.” That’s not as powerful as the Mirai botnet made up of insecure IoT devices, but this botnet is presumably just getting started. It’s already plenty big enough to bring a site to its knees for hours on end unless it has some decent form of DDoS protection. If it were to be combined with other botnet strains, it might be capable of beating the unprecedented records set by the Mirai attacks. Although CloudFlare never elaborated on what devices the new botnet was abusing for its attacks, the company said it uses different attack software then Mirai. The emerging botnet sends very large Layer 3 and Layer 4 floods aimed at the TCP protocol. Hopefully it’s not using poorly secured internet of things devices as there seems to be an endless supply of IoT devices with pitiful-to-no security waiting to be added to botnets. That’s likely going to get worse, since IoT gadgets are expected to sell in record-breaking numbers this holiday season. It’s just a guess, but it does seem likely that the new botnet is aimed at such devices. CloudFlare posted the new botnet information on Friday, so it is unknown if the attacks have continued since the article was published. Last week, a modified version of the Mirai IoT malware was responsible for creating chaos in Germany and other worldwide locations; the hackers reportedly responsible for attempting to add routers to their botnet apologized for knocking Deutsche Telekom customers offline as it was allegedly not their intention. DDoS attacks may give a blue Christmas to gamers Regarding DDoS attacks, the most recent Akamai State of the Internet/Security Report suggested that gamers might not have the best holiday season. For the past several years, hackers have attacked and sometimes taken down Microsoft’s Xbox and Sony’s PlayStation networks, even Steam, making it impossible for seasoned gamers as well as those who received new gaming platforms for Christmas to enjoy new games and consoles. “Thanksgiving, Christmas, and the holiday season in general have long been characterized by a rise in the threat of DDoS attacks,” the Akamai report stated. “Malicious actors have new tools – IoT botnets – that will almost certainly be used in the coming quarter.” As first pointed out by Network World’s Tim Greene, Akamai added, “It is very likely that malicious actors are now working diligently to understand how they can capture their own huge botnet of IoT devices to create the next largest DDoS ever.” Let’s hope the newly discovered botnet isn’t an example of Akamai’s prediction. Source:http://www.computerworld.com/article/3147081/security/new-botnet-launching-daily-massive-ddos-attacks.html
View article:
New botnet launching daily massive DDoS attacks
Black Friday will be a big day for retailers — and hopefully for all the right reasons. Some of the biggest shopping days of the year are upon us. But while retailers are focused on ensuring that they cope with huge peaks in online and in-store sales, are they as prepared as they need to be to defend against major distributed denial of service (DDoS) attacks? Avoiding a cyber-crime catastrophe Black Friday is here (along with the increasingly popular Cyber Monday). As ever, crowds of shoppers will flock to retailers’ stores and websites in search of rock-bottom prices. And this will mean a huge increase in sales for both physical and online stores. Black Friday may be a sales bonanza but it’s also a period of high vulnerability that criminals could exploit to maximise the threat to a retailer’s business. With Christmas sales accounting for a sizeable chunk of most retailers’ annual revenues, from a criminal’s perspective, there could hardly be a better time to launch a cyber attack. What’s more, with systems already creaking under the load of peak volumes, it might not take much of a straw to break the camel’s back. The last thing a retailer wants is for their business to spectacularly and very visibly come to a sudden halt because they can’t defend against and mitigate a major distributed denial of service (DDoS) attack. Retailers face a growing threat Talk of cyber attacks are more than mere scaremongering – the threat is very real. For example, in September, the release of the Mirai code — a piece of malware that infects IoT devices enabling them to be used for DDoS attacks — opened a Pandora’s box of opportunities for ruthless cyber entrepreneurs who want to disrupt their target markets and exploit the vulnerabilities and weaknesses of companies who honestly serve their customers. This code gives criminals the ability to orchestrate legions of unsecured Internet of Things (IoT) devices to act as unwitting participants in targeted DDoS attacks. These objects could be anything from domestic hubs and routers, to printers and digital video recorders — as long as they’re connected to the internet. The latest large DDoS attacks have used botnets just like this — proving that the bad guys are multiplying and, perhaps, gearing up for bigger things. Prevention is better than the cure There are no easy answers to the question of how to secure IoT smart devices — especially at the ‘budget conscious’ end of the market. That’s why we expect that these DDoS attacks will continue to proliferate, meaning that targeted DDoS attacks of increasing scale and frequency will almost certainly occur as a result. So how can retailers defend themselves against the threat of an attack on Black Friday? Organisations have to use a combination of measures to safeguard against even the most determined DDoS attack. These include: Limiting the impact of an attack by absorbing DDoS traffic targeted at the application layer, deflecting all DDoS traffic targeted at the network layer and authenticating valid traffic at the network edge. Choosing an ISP that connects directly to large carriers and other networks, as well as internet exchanges — allowing traffic to pass efficiently. Employing the services of a network-based DDoS provider — with a demonstrable track record of mitigating DDoS attacks and sinking significant data floods. This will safeguard specific IP address ranges that organisations want to protect. Black Friday will be a big day for retailers — and hopefully for all the right reasons. But in an increasingly digital world, consideration needs to be given to the IT infrastructure that underpins today’s retail business and the security strategy that protects it. Source: http://www.itproportal.com/features/three-ways-to-prevent-a-ddos-disaster-this-black-friday/
View original post here:
Three ways to prevent a DDoS disaster this Black Friday
Infamous hacker group Lizard Squad is thought to be at it again, this time taking down Overwatch servers and leaving players unable to join and remain in a session. Over the past week, Blizzard has been experiencing some problems with Battle.net that have made it difficult for players to use the service as intended with games like Overwatch . Now, there’s word that these issues might have been caused by a DDoS attack launched by members of hacker group Lizard Squad. Some users are reporting that they are unable to log in to Battle.net. Others are able to enter, but find themselves kicked out of multiplayer matches in Overwatch for seemingly no reason. Ordinarily, issues like these would be brushed off as being part and parcel of the modern online experience. However, a suspicious tweet from a known Lizard Squad member has led to the group being implicated, according to a report from VG247. The above tweet is being taken as proof that Lizard Squad member AppleJ4ck was involved with the attack. Some Overwatch players responded to his post to vent their annoyance about the situation — to which AppleJ4ck responded, “in a way, I’m doing y’all a favor.” This is not the first time that Lizard Squad has targeted organizations within the video game industry. The group rose to prominence back in 2014, when a coordinated attack brought down the PlayStation Network and Xbox Live over Christmas, causing massive headaches for the companies involved. Of course, the attack was not an unmitigated success for the group, as the high-profile hack made Lizard Squad an immediate target for authorities. Just days later, a 22-year-old alleged to be a part of the organization was the subject of a raid by police in the United Kingdom. However, the strength of a group like Lizard Squad is the fact that they are spread all over the world. Individual members can be found and brought to justice, but it’s difficult to make a concerted attempt to stamp out its activity outright. If the situation is hard on the authorities, then it’s even more challenging for a company like Blizzard. The overwhelming popularity of Overwatch means its hard enough for the company to keep Battle.net afloat at the best of team, never mind when there are hackers on the prowl. Unfortunately, criminal elements like Lizard Squad are part and parcel of the modern online experience. Companies like Blizzard have to take these groups into consideration when operating a service like Battle.net — hackers have the power to ruin the experience for the rest of us, and the only defence is a robust level of security. Source: http://gamerant.com/overwatch-servers-down-ddos-attack-846/
You just exposed your users to world+dog, buddy A DDoS-for-hire service purportedly set up by the Lizard Squad hacking crew exposes registered users’ login credentials.…
More:
Nice SECURITY, ‘Lizard Squad’. Your DDoS-for-hire service LEAKS
Titsup gaming service struggling to return to life Sony’s PlayStation network is slowly returning to normal service roughly 48 hours after it was hit by another major denial-of-service attack on Christmas Day.…
See the article here:
PlayStation clambers back online 48 hours after DDoS attack CRIPPLED network
Gaming service STILL struggling to return to life Updated Sony’s PlayStation network is slowly returning to normal service roughly 48 hours after it was hit by another major distributed denial-of-service (DDoS) attack on Christmas Day.…
See more here:
PlayStation clambers back online days after DDoS attack PARALYSED network