Tag Archives: ddos-attacks

$50m deal to keep government websites going in a cyber attack

Six firms have won a multimillion- dollar bulk tender as Singapore further tightens its defence against sophisticated attacks that aim to disable government websites. The Straits Times understands that the three-year bulk contract which started yesterday is worth about $50 million – around twice the value of the last three-year contract which has lapsed. The deal comes on the heels of StarHub’s broadband outage last year linked to a cyber attack in the United States, and the theft of the personal details of 850 national servicemen and staff at the Ministry of Defence (Mindef), discovered in February. The six contractors awarded the contract by GovTech are local telcos Singtel and StarHub, Britain- based telco BT, and Singapore- based tech firms CHJ Technologies, Evvo Labs and Embrio Enterprises. The six firms are expected to keep government websites fully available to the public even when attacks are taking place. This is done by providing distributed denial of service (DDoS) mitigation services, which will now take into account the threats that took down United States Internet firm Dyn’s services in October last year. Dyn’s service outage, which took down websites such as The New York Times and Spotify, in turn disrupted Web surfing for StarHub’s broadband customers. DDoS attacks work by having thousands of infected computers accessing and overwhelming a targeted site, causing a huge spike in traffic. DDoS mitigation is a set of techniques that differentiates genuine incoming traffic from that sent by hijacked, infected browsers, so that services to genuine users will not be denied. According to tender documents seen by ST, the contractors are also expected to provide new capabilities to combat attacks stemming from software flaws on Internet-facing machines. In early February, Mindef discovered that a vulnerability in its I-net system had been exploited, resulting in the loss of NRIC numbers, telephone numbers and birth dates of 850 personnel. The I-net system provides Mindef staff and national servicemen with Internet access on thousands of dedicated terminals. Cloud security services firm Akamai Technologies’ regional director of product management Amol Mathur said that the new DDoS mitigation capabilities are necessary in an evolving threat landscape where large-scale attacks are being powered by compromised Internet devices such as Web cameras and routers. Dr Chong Yoke Sin, chief of StarHub’s enterprise business group, said it will provide the Singapore Government with its telco- centric security operations as well as the cloud-based mitigation services of its technology partner Nexusguard. Mr Jason Kong, co-founder of Toffs Technologies, the supplier of content delivery back-up services for Embrio Enterprises, said: “Organisations should have a content delivery back-up plan to ensure business is as usual should the main delivery platform suffer an outage.” Last week, the Nanyang Tech- nological University solicited a separate DDoS contract with more stringent requirements to com- bat attacks stemming from software flaws on Internet-facing machines. The university discovered in April this year that it was the victim of an apparent state-sponsored attack aimed at stealing government and research data. The National University of Singapore was similarly attacked at around the same time. Last year, an unnamed government agency also became the victim of a state-sponsored attack, the Cyber Security Agency of Sin- gapore said in a report released last Thursday. Source: http://www.straitstimes.com/tech/50m-deal-to-keep-govt-websites-going-in-a-cyber-attack

Taken from:
$50m deal to keep government websites going in a cyber attack

Apache Struts Vulnerabilities and The Equifax Hack, What Happened?

In the wake of the Equifax breach, a lot of people are wondering how the theft of personal information occurred and how it could have been prevented. Equifax initially reported that a vulnerability in Apache Struts was used to infiltrate their public-facing web server. Apache Struts has faced its fair share of vulnerabilities with 21 having been discovered since the start of 2016. Which Apache Struts vulnerability was used in the Equifax hack? At DOSarrest we researched current and past Apache Strut vulnerabilities and determined that they likely were not hacked using the new CVE-2017-9805 but likely CVE-2017-5638. Equifax released additional details on Sept 13 th 2017 confirming that the vulnerability involved was CVE-2017-5638. The CVE-2017-5638 vulnerability dates back to March 2017, which is why people in the security industry are now questioning how they could be so far behind in patching this well-known exploit. The two vulnerabilities, CVE-2017-5638 and the recently revealed CVE-2017-9805 are very similar in nature and are both considered Remote Code Execution (RCE) vulnerabilities . How does a RCE vulnerability work and how can they be prevented? A RCE vulnerability is exploited when an attacker crafts a packet or request containing arbitrary code or commands. The attacker uses a method to bypass security that causes a vulnerable server to execute the code with either user or elevated privileges. Such vulnerabilities can be prevented with a two-fold approach to web application security: 1) New vulnerabilities will continually be discovered in any web application framework, and it is the duty of IT teams to keep the software patched. This requires regular audits and patches to vulnerable software. Even the most proactive IT teams will not be able to prevent a so-called zero-day attack by patching alone so more must be done to protect the web server from zero-day vulnerabilities. 2) Since there is always a delay between the time a vulnerability is discovered and when a patch is developed by the maintainer of that product, a means to protect your website from undiscovered zero-day vulnerabilities is needed. Web Application Firewall’s (WAF) that typically rely on signatures are unfortunately at a disadvantage because signatures for existing vulnerabilities in most cases do not match newer zero-day vulnerabilities. If I cannot rely on signature-based WAF options, what can I rely on to protect my business? At DOSarrest our WAF is different. The problem with relying on signatures is that it requires constant updates as new vulnerabilities become known. Instead our WAF looks for sets of characters (such as /}/,/“/, and /;/) or phrases (like “/bin/bash” or “cmd.exe”) that are known to be problematic for some web applications. What makes DOSarrest’s WAF even more appealing is that it is fast. Much faster than signature-based solutions that require high CPU use to match signatures–such matching could result in a measurable impact on latency. With DOSarrest’s WAF there is no increase in latency, and vulnerabilities not yet discovered will still be mitigated. Examples of how the Apache Strut vulnerabilities are performed: For the benefit of more technical users, some sample requests will be analyzed below. The first example represents a normal non-malicious request sent by millions of people everyday and the following two exploit RCE vulnerabilities in Apache Struts: We can note the following characteristics in the exploit of CVE-2017-5638: 1. The Content-Type Header starts with %{(, an incorrect format. 2. The payload contains a java function call, java.lang.ProcessBuilder, that is normally regarded as dangerous. 3. The payload contains both windows and Linux command line interpreters: “cmd.exe” (Windows Command Prompt) and “/bin/bash” (Linux Bash shell/terminal). The RCE vulnerability used to infiltrate Equifax, CVE-2017-5638 exploits a bug in the way Apache Struts processes the “Content-Type” HTTP header. This allows attackers to run an XML script with elevated user access, containing the java.lang.ProcessBuilder.Java.lang.ProcessBuilder is required to execute the commands the attacker has placed within the XML request. CVE 2017-9805, announced September 2017, is very similar to the previous RCE vulnerability. With CVE-2017-9805, we can note the following characteristics: 1. The Content-Type is application/xml with the actual content in the request body matching that of the Content-Type. 2) The payload also contains the java function call java.lang.ProcessBuilder. 3) The payload in this case is Linux specific and calls “/bin/bash -c touch ./CVE-2017-9805.txt” to confirm that the exploit works by creating a file, “CVE-2017-9805.txt”. Are the payloads shown the exact ones used by attackers to obtain data from Equifax? Although some of the commands may have been used together as part of the information gathering process, the actual commands used to obtain the data from Equifax may only be known by the attackers and possibly Equifax or an auditing security team directly involved in the case. The examples show how the vulnerability could be exploited in the wild and what methods might be used, e.g., setting Content-Type and sending an XML file with a payload. These examples do not represent the actual payload used to obtain the data from Equifax. Since the payload itself can be completely arbitrary, an attacker can run any commands desired on the victim’s server. Any action the web server software is capable of could be performed by an attacker, which could allow for theft of information or intellectual property if it is accessible from the hacked server. In the case of Equifax, there was likely an initial vulnerability scan that the attackers used to expose Equifax’s vulnerability to this particular attack. This would have been followed by an effort to determine what files were available or what actions could be performed from the Equifax public-facing web server.At some point the attackers came across a method for accessing personal credit details on millions of Americans and citizens from other countries who had credit checks performed on their identities within the United States. If Equifax had been using the DOSarrest WAF, they could have avoided a costly mistake. Don’t let your business suffer a damaging security breach that could result in you being out of business for good. Talk to us about our services. For more information on our services including our Web Application Firewall, see DOSarrest for more information on Security solutions . Source: https://www.dosarrest.com/ddos-blog/apache-struts-vulnerabilities-and-the-equifax-hack-what-happened/

Read More:
Apache Struts Vulnerabilities and The Equifax Hack, What Happened?

How Artificial Intelligence Will Make Cyber Criminals More ‘Efficient’

The era of artificial intelligence is upon us, though there’s plenty of debate over how AI should be defined much less whether we should start worrying about an apocalyptic robot uprising. The latter issue recently ignited a highly publicized dispute between Elon Musk and Mark Zuckerberg, who argued that it was irresponsible to “try to drum up these doomsday scenarios”. In the near-term however, it seems more than likely that AI will be weaponized by hackers in criminal organizations and governments to enhance now-familiar forms of cyberattacks like identity theft and DDoS attacks. A recent survey has found that a majority of cybersecurity professionals believe that artificial intelligence will be used to power cyberattacks in the coming year. Cybersecurity firm Cylance conducted the survey at this year’s Black Hat USA conference and found that 62 percent of respondents believe that “there is high possibility that AI could be used by hackers for offensive purposes.” Artificial intelligence can be used to automate elements of cyber attacks, making it even easier for human hackers (who need food and sleep) to conduct a higher rate of attacks with greater efficacy, writes Jeremy Straub, an assistant professor of computer science at North Dakota State University who has studied AI-decision making. For example, Straub notes that AI could be used to gather and organize databases of personal information needed to launch spearphishing attacks, reducing the workload for cybercriminals. Eventually, AI may result in more adaptive and resilient attacks that respond to the efforts of security professionals and seek out new vulnerabilities without human input. Rudimentary forms of AI, like automation, have already been used to perpetrate cyber attacks at a massive scale, like last October’s DDoS attack that shut down large swathes of the internet. “Hackers have been using artificial intelligence as a weapon for quite some time,” said Brian Wallace, Cylance Lead Security Data Scientist, to Gizmodo . “It makes total sense because hackers have a problem of scale, trying to attack as many people as they can, hitting as many targets as possible, and all the while trying to reduce risks to themselves. Artificial intelligence, and machine learning in particular, are perfect tools to be using on their end.” The flip side of these predictions is that, even as AI is used by malicious actors and nation-states to generate a greater number of attacks, AI will likely prove to be the best hope for countering the next generation of cyber attacks. The implication is that security professionals need to keep up in their arms race with hackers, staying apprised of the latest and most advanced attacker tactics and creating smarter solutions in response. For the time being, however, cyber security professionals have observed hackers sticking to tried-and-true methods. “I don’t think AI has quite yet become a standard part of the toolbox of the bad guys,” Staffan Truvé, CEO of the Swedish Institute of Computer Science said to Gizmodo . “I think the reason we haven’t seen more ‘AI’ in attacks already is that the traditional methods still work—if you get what you need from a good old fashioned brute force approach then why take the time and money to switch to something new?” Source: https://www.idropnews.com/news/fast-tech/artificial-intelligence-will-make-cyber-criminals-efficient/49575/

See original article:
How Artificial Intelligence Will Make Cyber Criminals More ‘Efficient’

Destructive cyberattacks are only going to get worse

Overlooked among the stark headlines of the sheer scale of personal information hackers stole from credit monitor Equifax, was a Symantec reportdemonstrating that Dragonfly, a cyber-espionage group, continues to escalate its access to energy facilities’ operational systems in the United States, Turkey, and Switzerland. More than simple exploration and espionage, the report shows a clear step towards pursuing sabotage and destruction, a trend that’s become more common alongside rising geopolitical tensions. This latest cause for alarm should not be viewed as an anomaly but as the current state-of-cyber in 2017 and beyond. Over the last decade, destructive attacks have been targeting an increasing number and variety of organizations and critical infrastructure, but there has been a noticeable spike over the last year. In December, Crash Override, destructive malware largely attributed to Russia, struck the Ukraine power grid with a highly customized attack that could control the grid circuit switches and breakers. A few weeks earlier, Shamoon 2.0 surfaced, targeting Saudi government entities, infecting thousands of machines and spreading to Gulf states. Soon after, Stonedrill, another destructive malware, surfaced, targeting Saudi entities and at least one European organization. These attacks are also evolving and bringing additional effects into play. For example, KillDisk, malware with a wiper component, has recently been updated with a ransomware component. On the other hand, NotPetya masqueraded as ransomware, but was likely a targeted wiper malware attack focused on destabilizing business and state organizations in Ukraine. Dragonfly itself reflects an escalation in objectives from general intelligence gathering towards the system control that necessary for more damaging sabotage. This sort of escalation to destructive attacks usually occurs between interstate rivals with a higher propensity for conflict. In 2009, the North Korea-linked Dark Seoul gang was among the first to deploy wiper malware within a larger campaign, targeting the United States and South Korea with a combination of DDoS attacks and wiper malware. Similarly, following the Iran nuclear agreement, Iran and Saudi Arabia’s relative cyber ceasefire from 2012-15 gave way to a major escalation of tit-for-tat attacks on websites prior to Shamoon 2.0 and Stonedrill. More recently, the back-and-forth between Russia and Ukraine represents the most prominent use of these destructive attacks and the best example of a major power attacking smaller country. In many of these instances, private sector organizations are caught in the crossfires. NotPetya may cost shipping giant Maersk $300 million even though, by most accounts, it was not the intended target. Unfortunately, many of these attack vectors and destructive malware are now in the wild and are likely to be deployed by other groups. Dragonfly is just the latest reminder that attackers are increasingly brazen, and critical infrastructure remains a prime target.  Unlike the series of publicized destructive attacks that have been slowly on the rise for the last decade, we see no proof of actual sabotage with Dragonfly, but pre-positioning is probably underway.  We should not panic that the grid is about to go down, but we must pay attention to the trend.  Furthermore, although the energy sector is a prime target for destructive attacks, enterprises in other industries including media (I’m looking at you, HBO), finance and beyond must also be ready to protect themselves. As long as geopolitical tensions remain high, and with the growing open source proliferation of nation-state malware, this trend is unlikely to abate any time soon. Source: http://www.businessinsider.com/equifax-breach-proves-that-cyber-attacks-are-only-going-to-get-worse-2017-9

View original post here:
Destructive cyberattacks are only going to get worse

DOSarrest Rolls Out all New DDoS Protection Software

VANCOUVER, British Columbia, Sept. 11, 2017 (GLOBE NEWSWIRE) — DOSarrest Internet Security announced today that they have released their new DDoS protection software, along with a number of other advances and upgrades. This is DOSarrest’s 5th major release since starting in the fully managed cloud based DDoS protection service in 2007. This latest release is a complete rewrite of DOSarrest’s front end and backend systems utilizing the latest software development tools and technologies. Some of the new enhancements include. All new customer facing portal with 15 real-time, interactive traffic statistics displays. Complete new back end with new security features that can be deployed live in seconds All new big data analytics engine for faster real-time and historical statistics displays Machine learning module for traffic anomaly and bot detection All new larger routers and increased upstream capacity in all global locations Mark Teolis, CEO at DOSarrest, explains, “We are in our 11th year of providing a fully managed cloud based DDoS protection service, and if there’s one thing we have learned it’s that you’d better be ahead of the bad actors. This new release was developed with extreme flexibility in mind; we can basically analyze and create a feature that will stop any sophisticated attacks not yet even seen in the wild.” Teolis adds, “The biggest misconception in the DDoS protection world is that you only need capacity to fend off DDoS attacks, but in reality your chance of being hit by a small 10Mb/sec attack that will take your site down is millions of times greater.” About DOSarrest Internet Security: DOSarrest founded in 2007 in Vancouver, B.C., Canada is one of only a couple of companies worldwide to specialize in only cloud based DDoS protection services.  Additional Web security services offered are Cloud based  W eb  A pplication  F irewall (WAF) ,  V ulnerability  T esting and  O ptimization (VTO) ,  DataCenter Defender-GRE  as well as  cloud based global load balancing . Source: https://www.dosarrest.com/news-and-events/dosarrest-rolls-out-all-new-ddos-protection-software/

Continued here:
DOSarrest Rolls Out all New DDoS Protection Software

Sharing is caring, but keep your botnets to yourself

Sharing economy apps are prime targets for malicious attacks. The boom of mobile applications has superseded traditional services, revolutionising customer experience as we know it. In Australia, peer-to-peer services are being embraced by millions of consumers. A 2017 report by RateSetter revealed, 65% of Australians used sharing economy services like Uber and Airbnb in the past 6 months, with that set to increase to 75% in the next six months. With users willing to share personal details and financial information for the benefit of convenience or speed, these apps themselves are now a prime target for malicious attacks. These attacks paralyse services potentially for ransom, or worse, to unleash or amplify Distributed Denial of Service (DDoS) attacks to exploit users’ data. The very nature of DDoS attacks are changing to reflect the app boom. Old fashioned ‘network-layer’ DDoS attacks (the big bandwidth volumetric ones we read about) are being overtaken by smarter ‘application-layer’ attacks which interject the good application requests with the bad, harder to identify ones. As sharing economy apps become prime targets for malicious attacks, so do the services they connect to – and digital transformation means that many of those services are now in the cloud, or were born there natively. Big brands that have a huge amount of consumer data like Airbnb or Uber are moving quickly to the cloud. Airbnb migrated almost all of its cloud computing functions to Amazon Web Services (AWS) only after a year of starting and Uber has been in talks with the likes of Google, Microsoft and Amazon. The underlying danger of DDoS According to Neustar’s 2017 ‘Worldwide DDoS Attacks and Cyber Insights Research Report’, 84% of organisations surveyed globally were hit by a DDoS attack in the last 12 months, and 86% of these organisations were hit multiple times. Within the broader spectrum of risks for corporate security and IT decision makers, DDoS attacks present a growing challenge for several reasons. Firstly, the number of vulnerable devices has dramatically increased and so too has the level to which DDoS attacks have become automated and commoditised. Where a connection to the Internet previously required something that was more traditionally like a computer, IoT and cloud convergence have enabled even light bulbs to be connected to a network – providing an increased number of sources generating traffic. Secondly, according to Telstra’s 2017 cybersecurity report, 59% of Australian businesses experienced a DDoS attack on at least a yearly basis, with only 36% reporting a recovery time of within 30 minutes – and that’s a potential 30 minutes of app downtime in an economy where the patience of web and mobile users is measured in seconds. Security must be embedded in company culture Large scale DDoS attacks, like the Mirai botnet, gained significant media coverage after successfully impacting sites and services like Amazon, PayPal, Reddit and Twitter. If DDoS can disrupt giants like Amazon, then sharing economy apps like GoGet and Airtasker can become prime targets too, resulting in loss of revenue or customer loyalty. Organisations should strengthen their stance against all types of attacks and invest in smarter cyber security solutions. An important first step should be to cultivate a culture of cyber security awareness to create on-going conversations across all business units and functions. Anyone who has low awareness of cyber security and does not embrace good digital hygiene can be a weak link. Most importantly, security assessments must be an integral part of the application development framework, not an afterthought. Having securely coded applications will not only protect critical data at source, but will also enhance customer experiences and their confidence in an organisation. Ultimately, these simple yet effective measures integrated into every aspect of the organisation will ensure that customer trust is retained and the organisation’s bottom line is protected. Whilst the sharing economy is a prime target for attacks, with well-designed security infrastructure and best practices in place, we can be confident that it will continue to thrive and users’ personal data will remain secure. Source: https://www.computerworld.com.au/article/627122/sharing-caring-keep-your-botnets-yourself/?

Continue reading here:
Sharing is caring, but keep your botnets to yourself

Application layer DDoS attacks rising

Application layer distributed denial of service (DDoS) attacks are on the rise, and organizations must protect themselves from this uptick in application layer attacks and from the overall scourge of multi-vector DDoS attacks. The size, scope and sophistication of distributed denial of service (DDoS) attacks continue to grow at an alarming rate – some recent DDoS attacks have exceeded 1 Tbps, making them the largest on record – but it’s not just the large-scale attacks that can threaten your applications and your business. Despite the perceived spike in DDoS attack size, the average DDoS attack peaked at 14.1 Gbps in 2017’s first quarter, according to Verisign’s DDoS Trends Report (Note: Verisign is an A10 Networks Security Alliance Partner). While that average attack size seems minuscule in comparison to the colossal, record-breaking attacks of late last year, DDoS attacks that target the application layer tend to be smaller and can go unnoticed until it’s too late. These types of attacks are often referred to as “slow-rate” or “low and slow” attacks, meaning they target applications in a way that they look like actual requests from users until they become overburdened and can no longer respond. Application layer attacks, or layer 7 attacks as they’re often called, are typically part of a multi-vector DDoS attack target not only applications, but also the network and bandwidth. The Verisign report estimates that 57 percent of DDoS attacks in Q1 2017 were multi-vector as opposed to single vector attacks. The most common types of application layer DDoS attacks include those targeting DNS services, HTTP and HTTPS. And like other types of DDoS attacks, they have one goal: to take out an application, a website or an online service. According to Imperva’s Q1 2017 Global DDoS Threat Landscape Report, application layer attacks are on the rise. The report found that application layer DDoS attacks reached an all-time high of 1,099 attacks per week in the second quarter of 2017, a rise of 23 percent over the previous quarter’s 892. One reason for the uptick in application layer attacks is the Mirai malware. According to Threat Post, a new variant of Mirai is being used to launch application layer attacks. While Mirai originally carried out Layer 2 and 3 DDoS attacks, some of the more recent Mirai-fueled DDoS attacks, including a 54-hour assault against a U.S. college, are aimed squarely at Layer 7. “Looking at the bigger picture, this variant of Mirai might be a symptom of the increased application layer DDoS attack activity we saw in the second half of 2016,” Imperva’s Dima Bekerman wrote. “That said, with over 90 percent of all application layer assaults lasting under six hours, an attack of this duration stands in a league of its own.” Application layer DDoS attacks becoming shorter in duration – the 54-hour onslaught against the college being an exception to that rule – but are growing in frequency, complexity and persistence. That means attackers target a web server, or an application server, and flood it with just enough traffic to knock it offline. In the case of a web server, it’s sending hundreds to thousands of HTTP requests per second that the server just can’t handle – and BOOM! – the site or service is gone. Because of this, application layer attacks are less expensive for threat actors to carry out and are perceived as harder for security solutions to detect than attacks aimed at the network layer. So how do you protect your applications from this uptick in application layer attacks and from the overall scourge of multi-vector DDoS attacks? Businesses require a high-performance, surgical multi-vector DDoS protection. It’s imperative that a DDoS solution not only detects, but also mitigates attacks large and small – from megabit to terabit in size – including application, volumetric, protocol, resource and IoT-based attacks. A DDoS defense solution should also be able to be deployed in proactive and reactive mode, depending on a business’s preference, to ensure appropriate protection. The right DDoS defense solution not only protects your application layer from attacks, but also your network layer and other vectors, ultimately helping your organization avoid falling victim to a damaging DDoS attack. Source: https://www.csoonline.com/article/3222824/network-security/application-layer-ddos-attacks-rising.html

Read the article:
Application layer DDoS attacks rising

America’s Cardroom, WPN Hit by DDoS Attack Again

It had been a while, but America’s Cardroom seemed due for another cyber attack. Yup, leading into the Labor Day weekend, ACR and its network, the Winning Poker Network, were hit with a Distributed Denial of Service (DDoS) attack, something that is unfortunately not a unique event for either the online poker room or the network. The attack began Thursday evening, affecting, among many other games, ACR’s Online Super Series (OSS) Cub3d. Problems continued all the way through Saturday. America’s Cardroom initially tweeted about the issues at about quarter after eight Thursday night, writing, “We are currently experiencing a DDOS attack, all running tournaments have been paused. Will keep you updated.” A half hour later, ACR announced that it was cancelling all tournaments in progress and providing refunds per the site’s terms and conditions. At about 9:00pm, the site was back up, but the DDoS attacks continued, causing poker client interruptions less than two and a half hours later. Problems continued well into Friday morning until ACR and WPN finally got things under control (temporarily) close to noon. The pattern continued that evening, with games going down after 6:00pm Friday and then resuming, and going down again after 7:00pm. Finally, around noon Saturday, ACR’s techs seemed to get a handle on things “for good.” In a Distributed Denial of Service attack, the attacker (or attackers) floods a server with millions of communications requests at once. It’s not a virus or a hack or anything malicious like that, but the communications overwhelm the server and grind it to a halt. Think of it like the traffic jam to end all traffic jams. It wouldn’t be THAT big of a deal if the attack was coming from one source, but since it is “distributed,” the attacker arranges it so that it originates from literally millions of IP addresses. It makes defending one’s network insanely difficult. To use another brilliant illustration, if you are trapped in a house and a zombie horde is coming for your juicy brains, it’s scary and awful, but if all the zombies decide to come in through the front door, you can probably handle it if properly equipped. If they surround you and just crash in through every door, window, and mouse hole like in Night of the Living Dead, might as well develop a taste for human flesh because you’re screwed. As with other DDoS attacks, the network was contacted by the aggressor, who demanded a ransom of some sort. WPN CEO Phil Nagy went on Twitch and said he refused to cave to any demands. He even posted a brief series of messages from the attacker, who said he was doing it on behalf of a competing poker room (all spelling mistakes what-not his): this is my job anouther site give me money for doos you and i ddos you this is my job Nagy said that he hoped that by at least making it public that it may be another site responsible for the DDoS attack that it will make someone nervous that they could get caught and the attacks will subside. WPN first experienced a major DDoS attack in December 2014, during its Million Dollar Sunday tournament, when it caused disconnections, lag, and registration problems. It happened again in September 2015 and again in October 2015. The network will be re-running many of the tournaments, including the OSS and MOSS, and will cut the buy-in of the million dollar guaranteed OSS tourney in half as well as add an extra Sunday Million. Source: https://www.pokernewsdaily.com/americas-cardroom-wpn-hit-ddos-attack-30342/

Read More:
America’s Cardroom, WPN Hit by DDoS Attack Again

Alleged UK Bank Hacker Extradited From Germany

U.K. officials have extradited the man who allegedly masterminded a cyberattack earlier this year that impacted two of England’s biggest banks. They have accused 29-year-old Daniel Kaye, who was found in Germany, of using an infected computer network to damage and blackmail both Barclays and Lloyds Banking Group, The Financial Times  reported. Following the cyberattack, Lloyds found its digital services crippled on and off for over 48 hours in January 2017, preventing some customers from being able to check their bank balances or send out payments via the network. The assault was a distributed “denial of service” (DDoS) attack, which overwhelms a firm’s website so its services don’t operate properly. The same month, Barclays fought off their own cyberattack, according to the National Crime Agency. These cybercrime attacks occurred just months following a high-profile cyberattack against Tesco Bank that caused 9,000 people to have their money stolen from accounts. HSBC also saw an attack against its personal banking website and mobile app in 2016, causing thousands of customers to be locked out of their accounts. “The investigation leading to these charges was complex and crossed borders,” said Luke Wyllie, the National Crime Agency’s senior operations manager. “Our cybercrime officers have analyzed reams of data on the way. Cybercrime is not victimless, and we are determined to bring suspects before the courts,” the  Financial Times reported. Daniel Kaye is also being accused of operating a cyberattack against Liberia’s largest internet provider, Lonestar MTN. Kaye is scheduled to appear in the U.K.’s Westminster Magistrates Court on Aug. 31. “In January, we were the target of a substantial distributed denial of service (DDoS) attack,” Lloyds Banking Group said in remarks according to news by the  Financial Times . “This was successfully defended but resulted in intermittent and temporary service issues for some customers. There was no attempt to access the bank’s systems and no customer details or accounts were compromised.” Source: http://www.pymnts.com/news/security-and-risk/2017/cybercriminal-daniel-kaye-extradited-following-ddos-cyberattacks/

Read More:
Alleged UK Bank Hacker Extradited From Germany

Google pulls 300 Android apps used for DDoS attacks

A number of security researchers teamed up to fight the WireX botnet. If a random storage manager or video player you downloaded recently has disappeared from your Android device, don’t worry: it might have been for your own good. Google has removed 300 apps from the Play store, which were apparently merely masquerading as legitimate applications. In truth, they were made to hi-jack your phone so it can be used as part of a botnet’s distributed denial of service (DDoS) attacks. WireX, as the botnet is called, pummeled several content providers and delivery networks with traffic from the devices it hi-jacked on August 17th, though it’s been active since around August 2nd. In some cases, it also acted as a ransomware, demanding money from its victim. It was content delivery network Akamai that discovered its existence following an assault on one of its clients. The company then got together with Google and several security researchers from rival companies like Cloudflare, Flashpoint, Oracle + Dyn, RiskIQ, Team Cymru and other organizations to solve the issue. Upon learning that the Play Store is inundated with hundreds of fake WireX apps hiding behind the guise of innocuous programs like storage managers and ringtones, the big G did its part and blocked them all. Here are a few samples of infected apps: In a statement, Mountain View said it’s now also in the process of removing applications from affected devices. It’s unclear how long that would take, though, since based on the team’s research, WireX compromised over 70,000 devices from over 100 countries. Source: https://www.engadget.com/2017/08/29/google-pulls-300-android-apps-wirex-ddos/

Taken from:
Google pulls 300 Android apps used for DDoS attacks