Tag Archives: ddos news

Seal with Clubs goes down due to DDoS Attack

Bitcoin poker site, Seals with Clubs, was twice targeted by a Distributed Denial of Service (DDoS) attack this weekend – forcing it offline for three days. It is not known why the US-facing poker site was targeted for the DDoS attacks – in which multiple computer systems overload a single web site with incoming traffic – or who was responsible. The first attack started on Thursday evening (local time) when the site became inaccessible to regular players while those who were already logged in found that their games stalled and then the site crashed. Seal with Clubs´ CEO Bryan Micon was quick to re-assure players on the site that no accounts had been compromised and the Seals with Clubs Twitter account kept clients up to date with the progress of “Seal Team 6” as the site battled to get the software transferred to a new data centre. However, shortly after getting up and running on Sunday, Seals with Clubs was hit by a second, smaller DDoS attack which knocked out all the Sunday feature tournaments on the site. Protection Implemented Against Further Attacks [The first attack] was a large DDoS, very sophisticated and quite powerful enough to knock everything off, get an IP blackholed, all that good stuff, Micon said in a statement to PokerFuse.com. We have quickly, in the middle of the weekend, changed datacenters and have a new, beefier setup with all of our data intact and a sick DDoS protection layer. New software has also been integrated into the Seals with Clubs downloadable client to add further protection, and players have been advised that they will have to update their existing software to enable them to play on Seals with Clubs. An update to the Seals with Clubs Android App is also expected later today (Monday). The Seals are Back By late Sunday evening, Seals with Clubs was back online and saw more than 300 players on the cash game tables with several low-value tournaments under way. Due to the change of data centres, players who recently deposited into their accounts may have to wait until Monday to see the funds appear in the cashier; however facilities for getting Bitcoin funds out of players´ accounts are operating normally with withdrawal requests dealt with in a matter of hours. Players who were involved in poker tournaments at the time of the DDoS attack have been told that they will receive “generous refunds” in respect of their tournament buy-ins. Source: http://www.pokernewsreport.com/seal-with-clubs-gets-battered-in-ddos-attack-12029

Read more here:
Seal with Clubs goes down due to DDoS Attack

Anti-spam Spamhaus up again after 75Gbps Distributed Denial of Service (DDoS) Attacks

The website of non-profit spam fighter Spamhaus is online again after a huge DDoS attack knocked it offline on Sunday, but attackers are continue to target another anti-spam sites that help ISPs combat spam from infected IP addresses. Spamhaus, which provides several anti-spam DNS-based blocklists and maintains the “register of known spam operations”, came under a huge DDoS attack on Sunday, which knocked its web server and mail server offline until Wednesday. Spamhaus spokesperson Luc Rossini on Monday denied a report that Anonymous was behind the attack and pointed to a “Russian criminal malware gang” as the source. On Tuesday Spamhaus sought cover from the attack with DDoS protection provider CloudFlare, which today reported the attack on Spamhaus reached a peak of about 75 gigabits per second. The attackers used a cocktail of DDoS attack methods, but the primary one that helped generate that volume of traffic was a “reflection attack”, according to Matthew Prince, CloudFlare’s CEO. “The basic technique of a DNS reflection attack is to send a request for a large DNS zone file with the source IP address spoofed to be the intended victim to a large number of open DNS resolvers,” Prince explained, noting that 30,000 open DNS resolvers were recorded in the attack, which used spoofed IP addresses CloudFlare had issued to Spamhaus. “The resolvers then respond to the request, sending the large DNS zone answer to the intended victim. The attackers’ requests themselves are only a fraction of the size of the responses, meaning the attacker can effectively amplify their attack to many times the size of the bandwidth resources they themselves control.” Source: http://www.cso.com.au/article/456917/anti-spam_spamhaus_up_again_after_75gbps_ddos_attack/

Read the original:
Anti-spam Spamhaus up again after 75Gbps Distributed Denial of Service (DDoS) Attacks

Chameleon botnet grabbed $6m A MONTH from online ad-slingers

Click fraudster bot fingered after analysts crack its signature A web analytics firm has sniffed out a botnet that was raking in $6m a month from online advertisers.…

See more here:
Chameleon botnet grabbed $6m A MONTH from online ad-slingers

Distributed Denial of Service-DDoS: 6 Banks Hit on Same Day

Six leading U.S. banking institutions were hit by distributed-denial-of-service attacks on March 12, the largest number of institutions to be targeted in a single day, says security expert Carl Herberger of Radware. The attacks are evolving, and the bot behind them, known as Brobot, is growing, he adds. This recent wave of DDoS attacks has proven to be the most disruptive among the campaigns that date back to September, says Herberger, vice president of security for the anti-DDoS solutions provider. “The Brobot has grown, the infection rate has increased, and the encrypted attacks have become more refined,” Herberger says. “As a result, it all is more effective. They’ve clearly gotten better at attacking more institutions at once.” Radware offers DDoS-mitigation tools to several high-profile clients, including U.S. banking institutions targeted in the recent attacks, Herberger says. As a result, the company has insights about numerous industrial sector attacks as well as online traffic patterns. Herberger declined to name the institutions affected, citing Radware’s non-disclosure agreements. But according to online traffic patterns collected by Internet and mobile- cloud testing and monitoring firm Keynote Systems Inc., JPMorgan Chase & Co., BB&T and PNC Financial Services Group suffered online outages on March 12. The three banks declined to comment about the attacks or confirm whether they had been targeted this week. Chase, however, acknowledged an online disruption in a March 12 post to the Chase Twitter f e ed . The post states: “*ALERT* We continue to work on getting Chase Online back to full speed. In the meantime, pls. use the Chase Mobile app or stop by a branch.” On March 13, the bank came back with this tweet: “We’re sorry it was such a rough day and we really appreciate your patience.” Phase 3 Attacks The hacktivist group Izz ad-Din al-Qassam Cyber Fighters on the morning of March 12 posted an update in the open forum Pastebin about its third phase of attacks. In it, the group mentions nine targets struck during the previous week. The group claims it is waging its attacks against U.S. banking institutions over a Youtube video deemed offensive to Muslims. The nine latest targets identified by the hacktivists – Bank of America, BB&T, Capital One, Chase, Citibank, Fifth Third Bancorp, PNC, Union Bank and U.S. Bancorp – have either declined to comment or have denied suffering any online disruptions. But Keynote Systems says Chase, BB&T and PNC suffered major online failures between 12:30 p.m. and 11 p.m. ET on March 12. Outages suffered by Chase resulted in a nearly 100 percent failure rating between the hours of 2 p.m. ET and 11 p.m. ET, says Ben Rushlo, Keynote’s director of performance management. “That means the site was unavailable most of that time. That’s pretty massive.” BB&T also had significant issues, but not quite so severe, Rushlo says. Between 12:30 p.m. and 2:30 p.m. ET, and then again briefly at 5:30 p.m. ET, BB&T’s online-banking site suffered intermittent outages, he adds. PNC’s site suffered a significant outage for a 30-minute span beginning bout 3:30 p.m. ET, Rushlo says. “On a scale relative to Chase, they were affected 10 times less.” Rushlo stresses that Keynote cannot confirm the cause of the online outages at the three banks because the company does not monitor DDoS activity; it only monitors customer-facing applications. Nevertheless, the online analysis Keynote conducts is in-depth, Rushlo contends. “We’re actually going behind the logons to emulate what the customer sees or experiences when they try to conduct online-banking,” he says. Defeating DDoS Radware’s Herberger says some institutions have successfully mitigated their DDoS exposure, while others are only succeeding at masking the duress their online infrastructures are experiencing. “There has been a lot of quick provisioning to address these attacks,” he says. “But if something changes, like it has now, then the whole game changes and the whole equilibrium changes. It’s not really solving the problem; it’s just addressing a glitch.” More banking institutions need to go beyond Internet protocol blocking to address attacks that are aimed at servers and site-load balancers, he says. But many organizations have failed to take the additional steps needed to successfully and consistently deflect these emerging DDoS tactics. “The thing that’s kind of frustrating to all of us is that we are six months into this and we still feel like this is a game of chess,” Herberger says. “How is it that an industry that has been adorned with so many resources – with more than any other industrial segment in U.S. – missed the threat of hacktivist concerns? There seems to clearly be industrial sector vulnerabilities that were missed in all of the historical risk assessments.” For DDoS protection click here . Source: http://www.bankinfosecurity.com/ddos-6-banks-hit-on-same-day-a-5607

Follow this link:
Distributed Denial of Service-DDoS: 6 Banks Hit on Same Day

J.P. Morgan Confirms Distributed Denial of Service (DDoS) Attacks on Chase.com

The retail banking website of J.P. Morgan Chase & Co. (JPM) on Tuesday has come under a so-called “denial of service” attack, rendering it unusable for customers, a bank spokesman confirmed. The site first slowed earlier Tuesday, and in the afternoon it became unavailable. The bank is responding with increased security measures for the website, chase.com. The spokesman said no customer data had been compromised, but didn’t say when the site would be fully restored. The bank’s mobile-banking applications are working, and branches and automated teller machines aren’t impacted. The bank, the nation’s largest by assets, told customers in a Twitter message Tuesday afternoon that it is experiencing “intermittent issues,” followed by another message stating that the bank is working “on getting Chase Online back to full speed.” On the website, the bank posted: “Our website is temporarily unavailable. We’re working to quickly restore access. Please log on later.” Banks have been increasingly hit by cyberattacks over the last two years, including DOS attacks that increase the volume of website hits, slowing access to the sites by customers. Banks have been preparing in recent days for a new wave of DOS attacks, according to a banking industry source, including strengthening their firewalls. Citigroup Inc. (C) said in its annual earnings filing with the Securities and Exchange Commission last month that it, like other banks, was the victim of several cyberattacks in 2012 and previous years, and that it managed to detect and respond to these incidents “before they became significant.” The attacks nevertheless “resulted in certain limited losses in some instances.” For DDoS protection against your eCommerce website click here . Source: http://www.foxbusiness.com/news/2013/03/12/jp-morgan-confirms-denial-service-attacks-on-chasecom/

Read the article:
J.P. Morgan Confirms Distributed Denial of Service (DDoS) Attacks on Chase.com

Czech finance sector hit by Distributed Denial of Service (DDoS) Attacks

The Czech financial sector was targeted in cyber attacks on Wednesday, with the national bank and stock exchange websites disrupted by dedicated denial of service (DDOS) attacks. The Czech financial sector was targeted in cyber attacks on Wednesday, with the national bank and stock exchange websites disrupted by dedicated denial of service (DDOS) attacks. The Czech National Bank’s official website was the victim of a “massive cyber attack” on the external server hosting its site, before being brought back online later that day. The attacks overloaded servers with thousands of requests, making them inaccessible to the central bank’s customers. However, the bank said in a statement that its internal IT systems were unaffected by the disruptions. “We apologise for any difficulties experienced by visitors to the CNB website due to the outage,” said CNB spokesman Marek Petru in a statement. Other major banks were also targeted, including CSOB, Ceska Sporitelna and Komercni Banka, as well as a number of smaller banks. It is not believed that customer data has been compromised. The Prague Stock Exchange also had its website taken down on Wednesday. according to Reuters, with a spokesman claiming that a “co-ordinated” attack by hackers was likely to be responsible. Earlier this week a number of Czech news outlets were targeted by the cyber attacks, with the website of the broadsheet newspaper DNES taken down. There have been a number of DDOS attacks against banks across the world in recent months. Earlier this week the Izz ad-Din al-Qassam Cyber Fighters group promised to continue a series of attack against US banks which began in October with DDOS attacks against JPMorgan Chase, Bank of America, CapitalOne and Citibank among others. The group indicated it would cease its campaign of attacks in January. In January two members of Anonymous were jailed in the UK for their part in DDOS attacks against a number of financial services companies including Visa and Mastercard. Last month Anonymous posted personal details of 4,000 bankers, after breaching defences of the US Federal Reserve. Source: http://computerworld.co.nz/news.nsf/security/czech-finance-sector-hit-by-cyber-attacks

See the original article here:
Czech finance sector hit by Distributed Denial of Service (DDoS) Attacks

Raspberry Pi Foundation gets hit by a Distributed Denial of Service (DDoS) Attack

Attacked by a million node botnet Raspberry Pi’s website went black after unknown hackers brought it down with a distributed denial of service attack (DDoS). The website has since been restored. “For those interested, this one’s quite hardcore: We’re seeing a SYN flood from a botnet that seems to have about a million nodes,” said Raspberry Pi on Twitter. “This is the second attack in a couple of days. We haven’t had the blackmail email yet. It’s getting plonked when it arrives.” During the attack, the company actively tweeted accounts of the attack, saying they were unable to trace it back to its creator. This, according to Raspberry Pi, is due to the attackers using a “SYN flood” to mask their identities. It believes the attacker is likely an “angry and confused kid” who won’t be able to hold up an expensive attack like this for very much longer. The company is also unable to get in touch with its host given that it is nighttime in the U.K., where Raspberry Pi is based. The general question on Twitter concerning the DDoS is “Why?” Raspberry Pi creates cheap micro PCs, which has caught the eye of many. Its foundation arm is also focused on bringing computer science education to children and is involved in other charities. When asked about why it might be a target, Raspberry Pi tweeted, “Well, we *are* horrid, what with our focus on education and charity and everything. Boo to irritating do-gooders.” Source: http://venturebeat.com/2013/03/05/raspberry-pi-ddos/

Visit link:
Raspberry Pi Foundation gets hit by a Distributed Denial of Service (DDoS) Attack

Distributed Denial of Service (DDoS) Protection Hardware for the Data Centre… Or Not!

Earlier this month, Juniper Networks purchased Webscreen Systems from Accumuli a UK-based IT security specialist. With this acquisition, Juniper is furthering a strategy to try to deal with distributed denial of service (DDoS) attacks from within a data centre by adding more hardware. While one can understand why a company that produces and sells hardware would see hardware as the best fix, there are several reasons why this is the wrong solution for most consumers, and could actually unnecessarily cost you time, money and brand integrity. Given the varied range in DDoS hardware protection options out there, it seems that many feel this is the strongest solution to protect their online presence from a DDoS attack. However, after more than 15 years in the industry, I can think of five good reasons why using DDoS hardware protection in a data centre hosting environment is a flawed strategy. REASON #1 Increased costs passed on to customers. With DDoS hardware protection, the expense of purchasing, updating and maintaining the hardware, plus the necessary staff to manage it in a data centre hosting environment, will be high. These costs will be passed on to you, the hosting customer. REASON #2 More points of failure. By adding another piece of hardware, you are adding yet another point of failure. In all things networking, keeping your number of points of potential failure low is a key to success. Studies show that firewalls, IDS and other similar hardware protection platforms have over a 42 percent chance of failing. [Arbor Worldwide Infrastructure Security Report 2011 ] Do you want to be on that platform when it fails? REASON #3 Someone else’s problem becomes your problem. In a data centre environment, multiple customers often share resources (whether they know it or not). Platforms like servers, switches, routers and firewalls are often provisioned with more than one client. If you are sharing DDoS hardware protection, you become vulnerable to the problems of other clients sharing that device. REASON #4 One size never really fits all. A solution for a data centre will try to be generic enough to fit all clients’ needs, which means it probably won’t be specific enough for your exact requirements, or robust enough to handle more sophisticated attacks. REASON #5 How focused are the people watching your gear? Even with the best DDoS hardware protection out there, you might as well try to protect your websites with a toaster if there isn’t a proficient team dedicated to administering and managing the hardware. In a hosting environment, the operations team has many responsibilities, of which managing DDoS hardware is a low priority one. Even if someone is paying attention and able to divert their focus to your servers for a short while during a DDoS attack, it won’t be for long, and repeated DDoS attacks would likely go unmitigated, or your IP would be null-routed to save resources and minimize collateral damage. With so many vendors offering DDoS hardware protection, it might be tempting to conclude that it’s a safer option that will serve your business well. However, cloud-based DDoS protection offers many benefits that are not possible with DDoS hardware solutions, with few of the risks. To learn more about DOSarrest cloud-based DDoS protection and mitigation services, click here . Jag Bains, CTO, DOSarrest Internet Security (Formerly Director of Network Engineering and Operations for Peer1 Hosting)

See the original post:
Distributed Denial of Service (DDoS) Protection Hardware for the Data Centre… Or Not!