Apple has released an update for its XProtect anti-malware system which makes it detect three different version of the iWorm OS backdoor malware discovered last week by AV specialists from Dr. Web. …
Follow this link:
Apple updates XProtect to kill iWorm botnet threat
Unfortunately, the sheer size and scale of hosting or datacenter operator network infrastructures and their massive customer base presents an incredibly attractive attack surface due to the multiple entry points and significant aggregate bandwidth that acts as a conduit for a damaging and disruptive DDoS attack. As enterprises increasingly rely on hosted critical infrastructure or services, they are placing themselves at even greater risk from these devastating cyber threats – even as an indirect target. What is secondhand DDoS? The multi-tenant nature of cloud-based data centres and shared, hosted environments can be less than forgiving for unsuspecting tenants. A DDoS attack, volumetric in nature against one tenant, can lead to disastrous repercussions for others; a domino effect of latency issues, service degradation and potentially damaging and long lasting service outages. The excessive amount of malicious traffic bombarding a single tenant during a volumetric DDoS attack can have adverse effects on other tenants as well as the overall data centre or hosting providers operation. In fact, it is becoming more common that attacks on a single tenant or service can completely choke up the shared infrastructure and bandwidth resources, resulting in the entire data centre can be taken offline or severely slowed – AKA, secondhand DDoS. Black-holing or black-hole routing is a common, crude defense against DDoS attacks, which is intended to mitigate secondhand DDoS. With this approach, the cloud or hosting provider blocks all packets destined for a domain by advertising a null route for the IP address (es) under attack. There are a number of problems with utilising this approach for defending against DDoS attacks: Most notably is the situation where multiple tenants share a public IP address range. In this case, all customers associated with the address range under attack will lose all service, regardless of whether they were a specific target of the attack. In effect, the data centre or hosting operator has finished the attacker’s job by completely DoS’ing their own customers. Furthermore, injection of null-routes is a manual process, which requires human analysts, workflow processes and approvals; increasing the time to respond to the attack, leaving all tenants of the shared environment suffering the consequences for extended periods of time, potentially hours. The growing dependence on the Internet makes the impact of successful DDoS attacks-financial and otherwise-increasingly painful for service providers, enterprises, and government agencies. And newer, more powerful DDoS tools promise to unleash even more destructive attacks in the months and years to come. Enterprises which rely on hosted infrastructure or services need to start asking the tough questions of their hosting or datacentre providers, as to how they will be properly protected when a DDoS attack strikes. As we’ve seen on numerous occasions, hosted customers are simply relying on their provider to ‘take care of the attacks’ when they occur, without fully understanding the ramifications of turning a blind eye to this type of malicious behavior. What to do to mitigate an attack and protect the infrastructure Here are three key steps for providers to consider to better protect their own infrastructure, and that of their customers. Eliminate the delays incurred between the time traditional monitoring devices detects a threat, generates an alert and an operator is able to respond; reducing initial attack impact from hours to seconds by deploying appliances that both monitor and mitigate DDoS threats automatically. The mitigation solution should allow for real-time reporting alert and event integration with back-end OSS infrastructure for fast reaction times, and the clear visibility needed to understand the threat condition and proactively improve DDoS defenses. Deploy the DDoS mitigation inline. If you have out-of-band devices in place to scrub traffic, deploy inline threat detection equipment quickly that can inspect, analyse and respond to DDoS threats in real-time. Invest in a DDoS mitigation solution that is architected to never drop good traffic. Providers should avoid the risk of allowing the security equipment to become a bottleneck in delivering hosted services—always allowing legitimate traffic to pass un-interrupted, a do no harm approach to successful DDoS defense. Enterprises rely on their providers to ensure availability and ultimately protection against DDoS attacks cyber threats. With a comprehensive first line of defense against DDoS attacks deployed, date centre and hosting providers are protecting its customers from damaging volumetric threats directed at or originating from or within its networks. Source: http://www.information-age.com/technology/security/123458517/secondhand-ddos-why-hosting-providers-need-take-action
Link:
Secondhand DDoS: Why hosting providers need to take action
New malware targeting Mac machines, opening backdoors on them and roping them into a botnet currently numbering around 17,000 zombies has been spotted and analyzed by malware researchers of Russian AV…
See more here:
New OS X backdoor malware roping Macs into botnet
Cross platform messaging app Telegram has been a target of massive distributed denial of service (DDoS) attacks for two days in a row over the weekend with the largest in tune of 150Gbps. The DDoS attacks started on Saturday – September 27 – and according to Telegram the scale of the attack was in tune of tens of Gbps. “A DDoS attack on Telegram in progress, tens of Gigabitsec. Users in some countries may have connection issues. We’re working on it, folks!” tweeted Telegram. Prior to the official confirmation, users started complaining of connectivity issues as well as not being able to send messages successfully. These complaints were picked up by Telegram administrators and upon investigation they zeroed it down to DDoS attack. Telegram soon managed to recover from the attack, but DDoS perpetrators launched another massive attack and this time in tune of of 150Gbps. “Detecting a 150+ Gbit/s DDoS now, an attack three times as large as yesterday’s.” tweeted Telegram. Users are still complaining about connectivity issues and there has been no confirmation from Telegram on whether they have been able to resolve the issue or not. Source: http://www.techienews.co.uk/9718714/telegram-150gbps-ddos-attack/
Continued here:
Telegram under 150Gbps DDoS attack
Gets back up again after half an hour though Ello, the social network site intended to serve as something of an antidote to ad-stuffed Facebook, was hit by a suspected Distributed-Denial-of-Service attack today.…
More:
Ello? ello? ello?: Facebook challenger in DDoS KNOCKOUT
DDoS traffic volume was up overall with a third peaking at over 500Mbps and more than five percent reaching up to 4Gbps, according to NSFOCUS. A continuing trend of distributed denial-of-service (DDoS) attacks that are short in duration and repeated frequently has been revealed by the NSFOCUS 2014 Mid-Year Threat report. In parallel, high-volume and high-rate distributed denial of service (DDoS) attacks were on the upswing in the first half of 2014. DDoS traffic volume was up overall with a third peaking at over 500Mbps and more than five percent reaching up to 4Gbps. In addition, findings showed that over 50 percent DDoS attacks were above 0.2Mpps in the first half of 2014, increasing from around 16 percent. More than 2 percent of DDoS attacks were launched at a rate of over 3.2Mpps, according to the report. “The DDoS attack is a relatively easy attack method to be employed with noticeable effects among other network attacks. When online service is stopped, the impact and damage it causes is very apparent and straightforward,” Xuhua Bao, senior researcher at NSFOCUS, told eWeek. “Attacks with high frequency make it hard for attack’ targets to respond to instantly, increasing the difficulty of the defense level.” The longest single attack lasted nine days and 11 hours, or 228 hours, while the single largest attack in terms of packet-per-second (pps) hit at a volume of 23 million pps. More than 42 percent of attack victims were targeted multiple times while one in every 40 victims was repeatedly hit more than 10 times. The highest frequency of attacks experienced by a single victim was 68 separate DDoS attacks. “Today, DDoS attack methods have become highly instrumental and resourceable. When an attacker plans to launch a DDoS attack on a specific target, there are plenty of DDoS attack tools and resources available online to be purchased and used,” Bao said. “With the rise of hacktavism in recent years, DDoS attacks have become a means of protesting or expressing your own opinion, which is widely used by some hacker groups.” The report revealed HTTP Flood, TCP Flood and DNS Flood were the top three attack types, together making up 84.6 percent of all attacks. DNS Flood attacks held their place as the most popular attack method, accounting for 42 percent of all attacks. While the number of DNS and HTTP Flood attacks decreased, TCP Flood attacks grew substantially. More than 90 percent of attacks detected lasted less than 30 minutes, an ongoing trend the report said indicates that latency-sensitive websites, such as online gaming, e-commerce and hosting service should be prepared to implement security solutions that support rapid response. The survey also indicated an increase in Internet service providers (ISPs), enterprises and online gaming sites as targets. Attacks targeting ISPs increased by 87.2 percent, while attacks on enterprises jumped by 100.5 percent and online gaming by 60 percent. “The online gaming industry has been a target of DDoS attacks and are mainly profit-driven. The nature of online gaming relies greatly on the Internet service and often there is a huge amount of money involved making them extremely sensitive to attacks,” Bao said. “When they are being attacked, there are obvious and direct economic losses, as well as the loss of the resources from players, which leads to malicious competition and extortion.” Source: http://www.eweek.com/small-business/ddos-attacks-target-online-gaming-sites-enterprises.html
See the article here:
DDoS Attacks Target Online Gaming Sites, Enterprises
DDoS zombie army found in the wild hours after flaw surfaces Mere hours after its discovery, the Shell Shock Bash vulnerability was exploited by an attacker to build a botnet.…
More:
Bad boy builds beastly Bash bug botnet, brutally batters boxes
The cyber security industry has a new front to defend. Hackers are migrating their malicious techniques and technology to mobile platforms and businesses, organizations and users are already feeling the impact. Android: The New DDoS Launchpad A new Android app is causing the mass distribution of a DDoS malware. This DDoS tool uses a Low Orbit Impact Cannon (LOIC) to send TCP/UDP packets to a URL of the hacker’s choosing. Originally, LOIC was an attack that originated from desktops. But a hacker took the open-source LOIC and converted it into an Android app that has sent the security industry reeling. Current mobile infrastructures are vulnerable to hacking and cyber hijacking—the standard security measures of desktop networks and operating systems are rarely seen on mobile devices. The Problem of Super Proxies DDoS attacks sent from mobile devices present a difficult challenge for mitigation; malicious data packets sent from mobile devices travel in “Super Proxies,” or secure servers channeling data from countless other mobile devices. Data traveling in Super Proxies is notoriously difficult to separate and filter. Simply installing a piece of hardware that can stop traffic from specific IPs is not enough; this will cause the server to group bad traffic with that of legitimate users. When users can’t get through to the server, the DDoS hacker has succeeded in ‘denying service.’ Mobile DDoS and Android.DDoS.1.origin The cyber-security community is trying to take lessons from a dangerous mobile DDoS event in 2012. Most substantial DDoS events require a ‘botnet’ or ‘zombie’ army to carry out the attack, and Android.DDoS.1 was no different. It began when a hacker disguised malware in a fake Google Play application. Users downloaded the bogus software onto their devices, giving the hacker remote command of the mobile’s computing power. After amassing a significant botnet army, the hacker sent commands via SMS (didn’t the hacker know about Whatsapp?) to the DDoS viruses. These instructions included the target’s server address and a script to repeat. Once confirmed, the mobile devices also sent out spam text messages to the victim’s contact list, likely to spread the virus. With thousands of these infected mobile devices operating in unison, their requests generated a powerful DDoS force capable of overwhelming even large target servers. One mobile device sending bad requests does little, but an army can do some serious damage. Even experienced users who are wary of the typical trappings of PC-based malware may not be aware of the new dangers on mobile. Expect to see hackers getting more creative as the vulnerabilities in mobile networking are exposed. Handling the New Wave of Mobile DDoS Organizations and businesses trying to stay ahead of the DDoS mobile evolution are entrusting their security measures to experienced third-party protection services, whose robust networks are equipped to handle TCP and UDP attacks, among all other major attack methods in the security landscape. Source: http://www.sitepronews.com/2014/09/25/ddos-attacks-go-mobile/
Continue reading here:
DDoS Attacks Go Mobile
Who’d have thought it would be such a chore to run a radio station? Chain Radio, which launched a at the end of July, and since then they’ve dealt with some major issues. Namely, they’ve been the subject of DDoS attacks for weeks, but it really caught up with them in the last week. Rockstar, the head of Chain Radio, made a post on their page talking about what they’ve had to deal with in order to get their site up and running again, and the challenges they’ve faced. Unlike many other sites in the world of Bitcoin land we are operating a fleet of streaming servers which can not be simply placed behind the protection of CloudFlare. When someone is attacking our servers we are in a constant state of battle blocking IP ranges, blocking specific IPs and trying to keep everything online. Nevertheless, Rockstar remained defiant in the face of adversity. “It costs us over a thousand dollars each month to keep this service online for our listeners and if the DDOS attacks continue it will likely cost even more,” he said. “That said, we are committed to seeing this project through and NOT letting a few jerks silence what we are doing and the community that we are creating.” As to the identity of those “few jerks” and their motives, it remains unknown. As of this writing, Chain Radio is back up and running. They’re running a non-profit operation, relying largely on donations from the community. They’re taking donations to help offset the cost of the project through their website. Source: http://thecoinfront.com/chain-radio-returns-after-a-massive-ddos-attack/
Continue reading here:
Chain Radio Returns After A Massive DDoS Attack
Akamai Technologies released, through the company's Prolexic Security Engineering & Response Team (PLXsert), a new cybersecurity threat advisory that alerts enterprises to a high-risk threat of powerf…
Originally posted here:
Mitigations for Spike DDoS toolkit-powered attacks