Tag Archives: ddos news

Hackers ransoming encryption keys from website owners

Hackers are finding even more ways to harm website owners, in a new report from security firm High-Tech Bridge hackers are switching encryption keys and then ransoming website owners for money. The attack—known as “RansomWeb”—manages to take the current encryption keys and swap them with non-working numbers. In order for the website owner to regain control, they are forced to pay the hackers. Encryption is the basis of modern internet security, but with this new hack it locks the website owner out and gives no way to get back in, without having even more security latched on top. Even if the website owner sends payment over, there is no guarantee they will get the website back, or any guarantee that the attacker will not launch the same attack later. “We are probably facing a new emerging threat for websites that may outshine defacements and DDoS attacks.” Ilia Kolochenko, chief executive of High-Tech Bridge said. “RansomWeb attacks may cause unrepairable damage, they are very easy to cause and pretty difficult to prevent.” These hackers wait for months until new patches of encryption keys are added, before locking out the website owner. This gives them full control over the website and allows them to implement old keys that are invalid. Kolochenko claims this is a change in hacker identity, moving from chaos to financial motives. He believes the next slew of hackers will always look for ransoms and lock owners out, instead of simply defacing a website. This was first seen on the Sony Pictures hack, when the apparent hackers sent ransom messages to Sony executives three days before taking the entire system offline. The ever changing world of encryption makes it hard for security firms to properly defend customers, especially with this new RansomWeb attack. It may lead to firms like Google and Facebook offering security help for smaller sites, offering new encryption and security tools. Source: http://www.itproportal.com/2015/02/03/hackers-ransoming-encryption-keys-website-owners/

Tidal waves of spoofed traffic: DDoS attacks

While massive retail breaches dominated headlines in 2014, with hacks involving state-sponsored threats coming in a strong second, distributed denial-of-service (DDoS) attacks continued to increase, both in the volume of malicious traffic generated and the size of the organizations falling victim. Recently, both the Sony PlayStation and Xbox Live gaming networks were taken down by Lizard Squad, a hacking group which is adding to the threat landscape by offering for sale a DDoS tool to launch attacks. The Sony and Xbox takedowns proved that no matter how large the entity and network, they can be knocked offline. Even organizations with the proper resources in place to combat these attacks can fall victim. But looking ahead, how large could these attacks become? According to the “Verisign Distributed Denial of Service Trends Report,” covering the third quarter of 2014, the media and entertainment industries were the most targeted during the quarter, and the average attack size was 40 percent larger than those in Q2. A majority of these insidious attacks target the application layer, something the industry should be prepared to see more of in 2015, says Matthew Prince, CEO of CloudFlare, a website performance firm that battled a massive DDoS attack on Spamhaus early last year. Of all the types of DDoS attacks, there’s only one Price describes as the “nastiest.” And, according to the “DNS Security Survey,” commissioned by security firm Cloudmark, more than 75 percent of companies in the U.S. and U.K. experienced at least one DNS attack. Which specific attack leads that category? You guessed it. “What is by far the most evil of the attacks we’ve seen…[are] the rise of massive-scale DNS reflection attacks,” Prince said. By using a DNS infrastructure to attack someone else, these cyber assaults put pressure on DNS resolver networks, which many websites depend on when it comes to their upstream internet service providers (ISP). Believing these attacks are assaults on their own network, many ISPs block sites in order to protect themselves, thus achieving the attacker’s goal, Prince said. By doing so “we effectively balkanize the internet.” As a result, more and more of the resolvers themselves will be provided by large organizations, like Google, OpenDNS or others, says Prince. Source: http://www.scmagazine.com/tidal-waves-of-spoofed-traffic-ddos-attacks/article/393059/

Originally posted here:
Tidal waves of spoofed traffic: DDoS attacks

BitTorrent’s Project Maelstrom will host websites in torrents

When you enter a URL and hit enter, your computer reaches out to a server someplace in the world to access a website. Sometimes a site is stored on a few servers for redundancy or load balancing, but the model is functionally the same. BitTorrent, the company behind the popular file sharing protocol, is looking to change the way websites are hosted by keeping the data not on a centralized server, but on the home computers of users. These sites would be split up into pieces just like a file shared via a torrent. BitTorrent calls this system Project Maelstrom, and it’s getting very close to reality. Project Maelstrom is built on a modified version of Chromium, the open source project that backs Google’s Chrome browser. If we extend the file sharing analogy to Project Maelstrom, the modified browser is basically your torrent client. You enter a web address, and the browser connects to a “swarm” of users already accessing the site who have pieces of it ready to send over. These bits are assembled into the final product and displayed normally. If it works as intended, you won’t notice a difference in the functionality of these sites. The torrent browser is going to be able to access regular web pages via the internet, but it’s mainly for these so-called torrent web pages. One of the main advantages here will be scalability that surpasses anything we have today on traditional server infrastructure. When a site gets hit by a lot of traffic, a server has to devote more and more bandwidth to serving content, which can easily saturate the pipes. In the case of a distributed denial of service attack (DDoS), a website can be knocked offline for hours or days. A torrent web page should actually become more reliable as it is accessed more. More seeds means more speed and accessibility. One notable drawback to Project Maelstrom would be the relative difficulty in keeping very new or unpopular sites online. When a new torrent web page is created, there is only one source for the data, probably with nowhere near the power of a dedicated web server. So the creator is the first seed, the next person to visit is the second seed, but the third person then has two sources to download from, then becoming the third seed. It’s just like a torrent — it can get stupid-fast when there are enough seeds. The decentralized nature of Project Maelstrom would also make it nearly impossible to take down a website as long as users kept seeding it. Seems like a perfect match for The Pirate Bay, right? This platform would present ethical issues, of course. What if a legitimately terrible or illegal site were hosted in Maelstrom? There might not be any way to take it down. This is something law enforcement already deals with on Tor, but Project Maelstrom has the potential to be much faster and easier to use. Still, BitTorrent thinks content providers will get on board with Maelstrom as a way to reduce costs. For example, if Netflix can detect when a user is connecting through a Maelstrom-enabled browser, it could save money by serving video content through a swarm of multiple users, rather than pushing separate streams out to everyone individually. It would be like a content delivery network on steroids. BitTorrent is going to find out if Maelstrom will be used for good or evil soon. A consumer version is expected this year. Source: http://www.extremetech.com/internet/198578-bittorrents-project-maelstrom-will-host-websites-in-torrents

View article:
BitTorrent’s Project Maelstrom will host websites in torrents

Nearly half of all DDoS attacks uses multiple attack vectors

Akamai released a new security report that provides analysis and insight into the global attack threat landscape including DDoS attacks. Akamai observed a 52 percent increase in average peak band…

More:
Nearly half of all DDoS attacks uses multiple attack vectors

How much can a DDoS attack cost your organization?

A DDoS attack on a company’s online resources might cause considerable losses – with average figures ranging from $52,000 to $444,000 depending on the size of the company. For many organizations, thes…

View article:
How much can a DDoS attack cost your organization?

Facebook downtime was due to server fault, not DDoS attack

Unless you were living under a rock or had something better to do than check Facebook every single minute, you would have realised that both Facebook and Instagram was down for many people. However, despite claims that it was due to a DDoS attack, Facebook has said that the outage was because of a server fault. “This was not the result of a third-party attack but instead occurred after we introduced a change that affected our configuration systems,” Facebook said in a statement to the ABC. “Both services are back to 100 per cent for everyone.” Other services that also suffered an outage were Tinder and HipChat – both are now accessible at the time of writing. While Tinder hasn’t confirmed what caused the outage, HipChat has suggested that it was a database error. Facebook’s explanation is different to what Lizard Squad, known for their high-profile DDoS attacks on PlayStation Network and Xbox Live, recently posted on Twitter. A post suggested that they did a DDoS attack to take Facebook down. Another news organisation has casted doubt on Facebook’s explanation, citing a screenshot of IP Viking as evidence. IP Viking is a website maintained by security company Norse and displays cyberattacks in real-time. However, that does not necessarily proof that Facebook was taken down by a DDoS attack by attackers. IP Viking only tracks cyberattacks on Norse’s honeypot servers only – which emulate vulnerable servers to gather intelligence on attackers, such as IP addresses. While Facebook might have data centres in particular city, so do many other companies – like Norse. So, unless something drastic happens – like a massive data dump of personal information – to prove otherwise, then the outage was just a system change gone wrong. Source: http://techgeek.com.au/2015/01/27/facebook-downtime-due-server-fault-not-ddos-attack/

Read the article:
Facebook downtime was due to server fault, not DDoS attack

Malaysia Airlines Website Hacked by Group Calling Itself ‘Cyber Caliphate’

Airline’s Site Attacked by Group Claiming to Be Aligned With Islamic State Malaysia Airlines had its website hacked by a group that appeared to be trying to settle a score with a U.S. videogame company. Most visitors to MalaysiaAirlines.com for several hours Monday saw a message that said “ISIS WILL PREVAIL” at the top of their browser’s window, and the airline’s ticket booking and other services were unavailable. Instead, a large picture of a Malaysia Airlines Airbus Group NV A380 plane and the messages “404-Plane Not Found,” and “Hacked by Cyber Caliphate,” were displayed. Later, the site displayed a different image: a tuxedo-adorned, pipe-smoking lizard sporting a top hat and monocle. “Hacked by Lizard Squad, Official Cyber Caliphate,” it said, giving the Twitter handle for a group called Lizard Squad. A group calling itself Lizard Squad in December claimed responsibility for a cyberattack on videogame servers of Sony Corp. and Microsoft Corp. Later Monday, the carrier replaced the hacked version of its site with a pared-down version that allowed users to book flights. Both images displayed the Twitter handles for the accounts of what appear to be two men who work for Roxana, Illinois-based U.S. gaming company UMG, which hosts videogame events across the U.S. “We were not involved in any website being hacked in any way,” one of the men, Chris Tuck, told The Wall Street Journal via a direct message on Twitter. “The group who did it is a group of kids who aren’t fond of our company,” he said. “I presume they added our names to either scare us or warn us.” The other man whose handle was shown, UMG Chief Executive Robert Terkla, couldn’t be reached for comment. The Twitter timeline for Lizard Squad revealed recent Tweets directed at the two men about the alleged banning from events of certain gamers. It was unclear whether the gamers allegedly banned were involved with Lizard Squad. The owner or owners of the Lizard Squad Twitter account didn’t immediately respond to a request for comment via Twitter. It was unclear why Malaysia Airlines was targeted. The airline’s loss of two aircraft last year, which left 537 people dead or missing, brought global attention to Malaysia Airlines, which to that point hadn’t been widely known outside the region. In a statement, the company said its web servers are “intact” and customer bookings and data are secure. It said that its domain name system was compromised. Malaysia Airlines said the matter was immediately reported to CyberSecurity Malaysia, a forensics and analysis agency under the Ministry of Science, Technology and Innovation, and the Ministry of Transport. CyberSecurity Malaysia Chief Executive Amirudin Abdul Wahab said its investigation determined that it was a case of domain hijacking. Domain name servers are Internet phone books that translate Web domain names, such as MalaysiaAirlines.com, into numeric addresses computers use to reach individual machines. Tampering with domain names to divert traffic from the intended site would generally require less sophistication than a more complex breach in which a company’s servers are compromised and data is exposed. In December a group called Lizard Squad claimed responsibility for attacking Sony’s PlayStation Network and Microsoft’s Xbox Live videogame services. The group said that attack was a distributed denial of service attack, which disrupts websites by overwhelming them with data traffic. Source: http://www.wsj.com/articles/malaysia-airlines-website-hacked-by-group-calling-itself-cyber-caliphate-1422238358

More here:
Malaysia Airlines Website Hacked by Group Calling Itself ‘Cyber Caliphate’

The Dirty hit by DDoS attack

The FBI is on the hunt for hackers who shutdown Nik Richie ‘s website The Dirty … and the reality star tells us he’s hemorrhaging money. The Dirty has been down for weeks after a team of hackers began hitting the site with a DDoS attack — which basically floods a server with so many requests it shuts down. Nik tells us he contacted FBI investigators and they’re on the case. Richie says he’s lost $250-300K this month alone in Super Bowl ads he couldn’t deliver. He’s also losing out because of cancelled appearances because he promotes them on his site. Nik is blunt … “These hackers are hypocrites. My website promotes free speech. F****** losers.” Source: http://www.tmz.com/2015/01/20/the-dirty-hacked-nik-richie-fbi-investigation-ddos-attack/

Continue Reading:
The Dirty hit by DDoS attack

NSA: We’re in YOUR BOTNET

Victims? More like SCAPEGOATS The NSA quietly commandeered a botnet targeting US Defence agencies to attack other victims including Chinese and Vietnamese dissidents, Snowden documents reveal.…

Excerpt from:
NSA: We’re in YOUR BOTNET

Lizard Squad’s DDoS website hacked, unencrypted customer database stolen

The hacker group that calls itself the “Lizard Squad” has received another serious blow: LizardStresser(dot)su, the website where customers go to rent their DDoS service powered by a botnet of mostly …