Tag Archives: credit-card

Google wins lawsuit against alleged Russian botnet herders

Judge tells tale of two men, their lawyer, and a ‘willful campaign… to mislead the court’ A New York judge has issued a default judgment against two Russian nationals who are alleged to have helped create the “Glupteba” botnet, sold fraudulent credit card information, and generated cryptocurrency using the network.…

View article:
Google wins lawsuit against alleged Russian botnet herders

How Hackers Make Money from DDoS Attacks

Attacks like Friday’s are often financially motivated. Yesterday’s attack on the internet domain directory Dyn, which took major sites like Twitter and Paypal offline, was historic in scale. But the motivation for the attack may seem opaque, since no valuable information seems to have been stolen. A group called New World Hackers is claiming credit, but giving conflicting accounts of their motives—and security experts have called them “impostors.” So why else might someone have done it? This class of hack, known as a distributed denial of service (DDoS) attack, has been around for a while. And while many DDoS attacks are indeed motivated by politics, revenge, or petty trolling, there’s frequently money involved. For instance, DDoS attacks are often used as leverage for blackmail. Once a hacking group has a reputation for being able to field a large and dangerous botnet to knock servers offline, they can demand huge ‘protection’ payments from businesses afraid of facing their wrath. In fact, they don’t even have to do the hacking in the first place—in one recent case, someone posing as a notorious cabal merely emailed blackmail messages and managed to pocket tens of thousands of dollars before they were exposed. In the current case, there are rumors that Dyn was a target of extortion attempts before the attack. And the hackers behind what may be the biggest DDoS attack in history could demand a pretty penny to leave other companies alone. A wave of impostors will likely give it a shot, too. There’s another, even darker money-driven application of DDoS attacks—industrial sabotage. Companies seeking to undermine their competition can hire hackers to take the other guys offline. DDoS services are often contracted through so-called “booter” portals where anyone can hire a hacker’s botnet in increments as small as 15 minutes. Researchers found last year that three of the most prominent booter services at the time had over 6,000 subscribers in total, and had launched over 600,000 attacks. (And despite the criminal reputation of Bitcoin, by far the largest method used to pay for DDoS-for-hire was Paypal.) But it’s unlikely that this was some sort of hit called in by a competitor of Dyn—that tactic seems to primarily appeal to already-shady dealers, including online gambling operations. Finally, DDoS attacks can serve as a kind of smokescreen for more directly lucrative crimes. While a security team is struggling to deal with an army of zombie DVRs pummeling their system, attackers can grab passwords, credit card numbers, or identity information. In weighing possible explanations for Friday’s attack, it’s important to note the massive scale of the thing. Even if their claims of responsibility aren’t credible, New World Hackers’ description of about 1.2 terabits of data per second thrown at Dyn’s servers is both vaguely plausible and utterly mind-boggling. That’s around a thousand times as powerful as the huge 620 gigabit per second attack that knocked out a single website, Krebs on Security, last month. Dyn has also described the attack as sophisticated, arriving in three separate waves that targeted different parts of their systems. That kind of operation could have been pulled off by a gang of kids doing it for kicks—and maybe that’s the scarier scenario. But such a massive undertaking suggests bigger, and possibly more lucrative, motivations. Source: http://fortune.com/2016/10/22/ddos-attack-hacker-profit/

See the original post:
How Hackers Make Money from DDoS Attacks

?The top 5 least-wanted malware in any corporate IT infrastructure

Ask a group of people to define malware, and you’re likely to get a range of different answers. The term has become a catch-all description for a broad collection of different cyber threats that keep IT managers awake at night. Categories falling under the malware banner include viruses and worms, adware, bots, Trojans and root kits. Each category is different but all can cause disruption and loss if not detected and quickly removed. Of the malware types in the wild, the top five are: 1. Remote Access Trojans (RATs) RATS comprise malicious code that usually arrives hidden in an email attachment or as part of a downloaded file such as a game. Once the file is open, the RAT installs itself on the victim’s computer where it can sit unnoticed until being remotely trigged. RATs provide attackers with a back door that gives them administrative control over the target computer. This can then be used to steal data files, access other computers on the network or cause disruption to business processes. One of the first examples, dubbed Beast, first appeared in the early 2000s. It was able to kill running anti-virus software and install a key logger that could monitor for password and credit card details. Sometimes it would even take a photo using the target computer’s web cam and send it back to the attacker. 2. Botnets Some liken botnets to a computerised ‘zombie army’ as they comprise a group of computers that have been infected by a backdoor Trojan. Botnets have similar features to a RAT, however their key difference is that they are a group of computers being controlled at the same time. Botnets have been described as a Swiss Army knife for attackers. Linked to a command-and-control channel, they can be instructed to forward transmissions including spam or viruses to other computers in the internet. They can also be used to initiate distributed denial of service (DDoS) attacks similar to the one suspected to have disrupted the Australian census. Some attackers even rent their botnets out to other criminals who want to distribute their own malware or cause problems for legitimate websites or services. 3. Browser-based malware This type of malware targets a user’s web browser and involves the installation of a Trojan capable of modifying web transactions as they occur in real time. The benefit for malware of being in a browser is that it enables it to avoid certain types of security protection such as packet sniffing. Some examples of the malware generate fake pop-up windows when they know a user is visiting a banking web site. The windows request credit card details and passwords which are then sent back to the attacker. Security experts estimate that there have been around 50 million hosts infected by browser-based malware and estimated financial losses have topped $1 billion. 4. Point-of-sale (POS) Malware This is a specialised type of malware that seeks out computers specifically used for taking payments in retail outlets. The malware is designed to infect the computer to which POS terminals are attached and monitor it for credit card details. One example, called Backoff, appeared in late 2013 and managed to infect more than 1000 businesses including the large US-based retailer Dairy Queen. 5. Ransomware This category of malware is designed to take over a computer and make it or the data stored on it unusable. The code usually encrypts data and then the attacker demands payment from the user before providing the encryption key. One of the more prevalent ransomware versions is called Locky and appeared in early 2016. It has already infected a large number of individuals, companies and public facilities such as hospitals. While early examples used poor encryption techniques, ransomware has quickly evolved to the point where many varieties now use industry-standard 256-bit encryption which is effectively impossible to crack without the private key. The best anti-malware steps to take While the impact of a malware infection can be significant for individuals or an organisations, there are steps that can be taken to reduce the likelihood of infection. They include: General awareness It’s important for users to be aware of the threats that malware brings. Staff should be educated about phishing attacks and to be cautious when downloading files or opening attachments from unfamiliar parties. Regular backups Regular back-ups of critical data are a vital part of any security strategy. In larger organisations, a global share drive can be created in which all important files should be stored. This drive can then be backed up as often as is needed. Copies of backups should also be kept offline as an additional layer of protection.   Defence in depth In a complex IT infrastructure, there should be multiple layers of security designed to stop attacks. While no single defence can protect completely, creating a defence in depth strategy will ensure systems and data are as secure as they can be. Layered protection should range from firewalls and anti-virus software through to network intrusion and advanced persistent threat tools. By taking a comprehensive and multi-layered approach to security, organisations can reduce the likelihood they will fall victim to malware attacks and avoid the disruptive and potentially costly problems they can cause. Source: http://www.cso.com.au/article/605901/top-5-least-wanted-malware-any-corporate-it-infrastructure/

View original post here:
?The top 5 least-wanted malware in any corporate IT infrastructure

Media Organizations Beware – DDos Attacks are Coming

There’s nothing subtle about a DDoS attack. Your incident response console is lit up like a Christmas tree. Alarms are going off indicating that your network is down or severely disrupted. System users and managers are sending you panicky messages that business has ground to a halt. Meanwhile your mind is racing: Who would do this to us? Some kind of cyber extortionist? An unsavoury competitor? Hacktivists trying to send a message? And why would they do this? There are many reasons behind a DDoS attack but one thing we have continued to see is the rise of DDoS attacks on media publications – most recently demonstrated by the attacks on Swedish media sites. After a bit of investigation, Arbor found that the attack was not endorsed by the Russian government, but instead a typical distributed attack, with computers located in Russia, among many other countries, generating attack traffic – most likely a botnet for hire service. At the end of last year, we also saw the BBC hit by a DDoS attack and according to Newscycle Solutions, while Brian Krebs was hit by a DDoS back in 2013. Over 50% of media companies have been the victim of some sort of cyber-attack in the last two years – it’s clear that media organizations are currently in the firing line for hackers. We know that every business has a different IT team and because of this have different views towards security. But it is important that even soft targets such as media organizations have a good understanding of the threat landscape and implement the right security processes. There are several factors media organizations should consider. Easy to implement, easy to attack Firstly, it is now far too easy to launch a DDoS attack.  For a mere $5/hr anyone without any technical knowledge can purchase a DDoS for Hire Service and launch a DDoS attack.  Quite often, it is used as a smokescreen to cover fraudulent activity. Combine this with the many motives behind a DDoS attack and you see why there is such a rise in the number of DDoS attacks across all types of industries. Changing motivations Traditionally, vandalism and political/ideological disputes are the common reason for attacks on media organizations. The poster child for this is the DDoS attack on the BBC. It is just a way for hackers to flex their muscles to show everyone what they’re capable of. More recent attacks have highlighted the growth of criminal extortion, data exfiltration and DDoS for Bitcoin. As media organizations report on all types events, while they may not take a side, they could still become a target of an attack. Interestingly there is usually a correlation between political conflicts in the real world and online attacks – often called cyber-reflection. The variety of DDoS continues to grow DDoS attacks are utilized as a diversion or smokescreen in multiple stages of the cyberattack kill chain. The following cases have all been documented as part of complex attacks and should be steps every business should be aware of: Reconnaissance : In this initial stage, cybercriminals launch a small DDoS attack to size up your security posture and ability to respond. If they find that a business’ security is weak, they will stick around to do some discrete probing and port scanning, looking for vulnerabilities to exploit so they can break into the organization. The knowledge they gather in this phase will be used for the Extract Data/Complete Mission Phase Malware Delivery/Exploitation : Now they’re inside the network and spreading out, dropping malware onto your machines. To cover their tracks, hackers will launch a DDoS attack to overwhelm an organization’s threat detection and forensics tools, making the search for the breach and the planted malware much harder to detect Extract Data/Complete Mission : In the final stage, they launch a DDoS attack as a diversion while they steal confidential data such as credit card information, intellectual property or other valuable information they can get their hands on. While the IT team are distracted, cyber criminals quietly slip away undetected with their loot and the DDoS attack mysteriously ends Don’t be low-hanging fruit If a media organization is hit with a DDoS attack, it might not be an independent event. It’s important to make sure there’s nothing happening inside the network that could be related to that attack – otherwise the consequences could be far worse. In fact, businesses may be able to take some cues from the DDoS attack that will help them investigate further. For example, if the IT team knows where the attack is coming from, that could indicate who the threat actor may be. Plus the tactics, techniques and procedures (TTPs) the threat actor uses may help you hunt for other indicators of compromise (IOCs) potentially signalling that you’re falling victim to a larger threat campaign. But why take all the risk? Preventing smokescreen attacks, and the potentially devastating damage they cause, is one more reason why many companies invest in strong DDoS protection. Like a burglar checking for unlocked doors, cyber-criminals look for low-hanging fruit. If they realize that a media site has the defenses in place that can deflect their initial attack, they’re more likely to abandon their efforts and look for an easier victim. Source: http://www.infosecurity-magazine.com/opinions/media-organizations-beware-ddos/

See more here:
Media Organizations Beware – DDos Attacks are Coming

81% of healthcare organizations have been compromised

Eighty-one percent of health care executives say that their organizations have been compromised by at least one malware, botnet, or other cyber-attack during the past two years, and only half feel tha…

Excerpt from:
81% of healthcare organizations have been compromised

Nice SECURITY, ‘Lizard Squad’. Your DDoS-for-hire service LEAKS

You just exposed your users to world+dog, buddy A DDoS-for-hire service purportedly set up by the Lizard Squad hacking crew exposes registered users’ login credentials.…

More:
Nice SECURITY, ‘Lizard Squad’. Your DDoS-for-hire service LEAKS

PlayStation clambers back online 48 hours after DDoS attack CRIPPLED network

Titsup gaming service struggling to return to life Sony’s PlayStation network is slowly returning to normal service roughly 48 hours after it was hit by another major denial-of-service attack on Christmas Day.…

See the article here:
PlayStation clambers back online 48 hours after DDoS attack CRIPPLED network

PlayStation clambers back online days after DDoS attack PARALYSED network

Gaming service STILL struggling to return to life Updated   Sony’s PlayStation network is slowly returning to normal service roughly 48 hours after it was hit by another major distributed denial-of-service (DDoS) attack on Christmas Day.…

See more here:
PlayStation clambers back online days after DDoS attack PARALYSED network

Fort Lauderdale websites DDoSed after Anonymous threats over feeding ban

Turns out the whole thing was pointless anyway Municipal websites in Fort Lauderdale, Florida suffered a distributed denial of service attack on Monday after Anonymous promised to disrupt the city’s activities following the passing of local laws outlawing the feeding of homeless people.…

Taken from:
Fort Lauderdale websites DDoSed after Anonymous threats over feeding ban