OMG, it reconfigures your firewall… SAVE yourselves, Linux lords A router-to-router bot first detected two years ago has evolved – and now has the capability to reconfigure the firewalls of its victims.…
Excerpt from:
Use home networking kit? DDoS bot is BACK… and it has EVOLVED
DOSarrest and HOSTING partner together to help you understand the details of DDoS attacks – how they are executed, what they typically targets and how to quickly and efficiently recovered when you fall victor. It will be an interactive and informative session as all attendees will have a chance to participate in and defend against a DDoS attack in Real-Time and see its effects on a live website. Click here to register today!
Taken from:
WEBINAR – The Ultimate DDoS Info Session
Attacks being used by gamers to settle disputes and by people with rudimentary hacking skills to target companies Reflection/amplification distributed denial of service (DDoS) attacks have now become so large that entire ISP networks are getting disrupted, says a networking security expert. Arbor Networks senior security engineering & response team (ASERT) analyst Roland Dobbins told Computerworld Australia that DDoS attacks are being used by gamers to settle disputes and by people with rudimentary hacking skills to target companies. “The main characteristic of these attacks is that they are huge. The biggest one we have seen so far was 400Gb/s. Because these attacks are so large, they fill up the pipes of Internet service providers [ISPs], the peering and transit links,” he said. According to Dobbins, the attacks are possible because many ISPs and enterprise networks have not implemented universal anti spoofing measures. “The way these [DDoS] attacks work is that the attacker will try to get control of a computer on a network that does not enforce IP source validation. [The attacker] spoofs the IP address of his target and sends a bunch of queries to a misconfigured server.” The misconfigured server answers these queries and “pummels” the target of the attack with unsolicited responses, he said. “It’s as if I called up 20 pizza parlours in Sydney, pretended to be someone else and ordered a lot of large pizzas to be delivered to that person.” The largest reflection/amplification DDoS attack recorded in Australia by Arbor Networks staff was 62Gb/s, he said. The attack, which took place in early 2014, appeared to be triggered by an online gaming dispute. “Since October 2013, there has been an explosion in these attacks that online gamers use. One player gets a grudge against another and decides to be unsportsman like and resort to a DDoS attack. It’s like using a nuclear weapon to solve a playground dispute,” he said. Dobbins had three tips for ISPs to avoid reflection/amplification DDoS attacks. The first was that ISPs should enforce anti-spoofing or source address validation at the edges of their network. “The second thing they [ISPs] can do is make sure they utilise flow telemetry analysis from routers and switches. This provides real time visibility into network traffic. When these attack floods traverse their network, they can detect it and trace it back [to the source] immediately,” he said. “The third thing they need to do is implement reaction and mitigation mechanisms. One of these is called an intelligent DDoS mitigation system [IDMS].” “If they have these reaction and mitigation tools to deal with this attack traffic, they will be in a much better position to deal with these events and minimise disruption,” said Dobbins. Source: http://www.computerworld.com.au/article/554558/ddos-reflection-amplification-attacks-disrupting-isp-networks-analyst/
Read the original post:
DDoS reflection/amplification attacks disrupting ISP networks
Actual culprit appears to be silly router configurations and Euro-nasties New Zealand’s largest ISP, Spark, has spent the weekend fighting off a DDOS incorrectly assumed to have a connection with last week’s nude celebrity picture scandal.…
Read this article:
Nude celeb pics wrongly blamed for DDOS at New Zealand’s largest ISP
As the Reuters headline read this week “Hackers break into server for Obamacare website” It was about hackers who uploaded malicious code onto a development server, which is part of ObamaCare. The code installed on the government website was said to be part of a larger operation and used primarily to carry out DDoS attacks on other websites. What’s so important about such a tiny infraction ? It gives you an idea of why DDoS attacks are getting larger and more sophisticated and more frequent. It would be a safe bet to assume this development machine had plenty of horsepower and a GigE connection that wasn’t throttled. This is where a lot of DDoS attacks are being perpetrated from especially the large and complex variety. Its not bot infected laptops at home anymore, although they can be troublesome too sometimes. Its easy to let security slide if it’s a test or development machine that’s just used by programmers and maybe just completely forgotten about when a project ends. Don’t become part of the problem. Run vulnerability scans to test and find holes where hackers can gain entry. When DOSarrest Internet Security started offering Vulnerability testing last year, they saw almost 9 out of 10 servers had at least one vulnerability and most had multiple holes.
View the original here:
Are your servers secure from hackers ?
In what could be another jolt for US President Barack Obama’s dream project ‘Obamacare health insurance program’, a government cybersecurity team last week discovered that an unknown hacker or a group of hackers tried to peep into a computer server supporting the HealthCare.gov website by apparently uploading malicious files. The Centers for Medicare and Medicaid Services, the lead Obamacare agency, on Thursday briefed about the intrusions to top congressional staff. “The first incidence of breach occurred on July 8”, Aaron Albright, CMS spokesman, said. According to Albright, the main objective of the hackers was not to steal personal data but to launch a distributed denial of service (DDoS) attack against other websites. In a DDoS attack, the malwares trying to communicate with the website makes the computers with internet-connectivity so overwhelmed that they fail to handle legitimate requests and lead to crash. “Our review indicates that the server did not contain consumer personal information; data was not transmitted outside the agency, and the website was not specifically targeted. We have taken measures to further strengthen security,” Albright said. Albright also shed out speculations that the attack would adversely impact on the second round of enrollment period, which begins on November 15, for the health coverage under the Obamacare. Meanwhile, the CMS’s parent agency – Office of Inspector General of the Department of Health and Human Services- and the HHS leadership have been notified of the attack and sources say investigation is under process. The Department of Homeland Security spokesperson said that the affected server has been forensically preserved by its Computer Emergency Readiness Team (US-CERT). The agency, which is also responsible in investigating cyber attacks, said that they had identified the malware designed to launch the DDoS attack and extracted them. Source: http://www.wallstreetotc.com/hackers-launch-ddos-attack-on-obamacare-website-server-user-data-safe/28570/
Read this article:
Hackers upload malicious files on the Obamacare website to launch a DDoS Attack
In what could be another jolt for US President Barack Obama’s dream project ‘Obamacare health insurance program’, a government cybersecurity team last week discovered that an unknown hacker or a group of hackers tried to peep into a computer server supporting the HealthCare.gov website by apparently uploading malicious files. The Centers for Medicare and Medicaid Services, the lead Obamacare agency, on Thursday briefed about the intrusions to top congressional staff. “The first incidence of breach occurred on July 8”, Aaron Albright, CMS spokesman, said. According to Albright, the main objective of the hackers was not to steal personal data but to launch a distributed denial of service (DDoS) attack against other websites. In a DDoS attack, the malwares trying to communicate with the website makes the computers with internet-connectivity so overwhelmed that they fail to handle legitimate requests and lead to crash. “Our review indicates that the server did not contain consumer personal information; data was not transmitted outside the agency, and the website was not specifically targeted. We have taken measures to further strengthen security,” Albright said. Albright also shed out speculations that the attack would adversely impact on the second round of enrollment period, which begins on November 15, for the health coverage under the Obamacare. Meanwhile, the CMS’s parent agency – Office of Inspector General of the Department of Health and Human Services- and the HHS leadership have been notified of the attack and sources say investigation is under process. The Department of Homeland Security spokesperson said that the affected server has been forensically preserved by its Computer Emergency Readiness Team (US-CERT). The agency, which is also responsible in investigating cyber attacks, said that they had identified the malware designed to launch the DDoS attack and extracted them. Source: http://www.wallstreetotc.com/hackers-launch-ddos-attack-on-obamacare-website-server-user-data-safe/28570/
Original post:
Hackers launch DDoS attack on Obamacare website server, user data safe
The effects of a DDoS attack that crippled NYAA, one of the largest anime torrent sites, continue today with fingers being pointed at everyone from the Japanese government to an anti-piracy group working with anime distributors. Subtitling site HorribleSubs, which was also affected, has its own ideas. Distributed Denial of Service or DDoS attacks are a relatively common occurrence in the file-sharing community and something that many sites are subjected to throughout the course of a year. They disrupt service and can often cost money to mitigate. Those carrying out the attacks have a variety of motives, from extortion and blackmail to “the lulz“, and a dozen reasons in between. Often the reasons are never discovered. During the past few days several sites involved in the unauthorized sharing of anime have been targeted by DDoS-style attacks. Swaps24 reported that Haruhichan, Tokyo Toshokan and AnimeTake were under assault from assailants unknown, although all now appear to be back online. A far more serious situation has played out at NYAA.se, however. The site is probably the largest public dedicated anime torrent index around and after being hit with an attack last weekend it remains offline today. The attack on NYAA had wider effects too. NYAA and leading fan-subbing site HorribleSubs reportedly shared the same hosting infrastructure so the DDoS attack took down both sites. That’s significant, not least since at the end of August HorribleSubs reported that their titles had been downloaded half a billion times. As the image above shows it now appears that HorribleSubs has recovered (and added torrent magnet links) but the same cannot be said about NYAA. The site’s extended downtime continues with no apparent end in sight. This has resulted in a backlash from the site’s fans and somewhat inevitably accusatory fingers are being pointed at potential DDoS suspects. As far-fetched as it might sound, one of the early suspects was the Japanese government itself. The launch of a brand new anti-piracy campaign last month in partnership with 15 producers certainly provided a motive, but a nation carrying out this kind of assault seems unlikely in the extreme. Quickly, however, an announcement from HorribleSubs turned attentions elsewhere. “Chill down. It’s not just us. Every famous anime sites [are] getting DDoS attacks, but that doesn’t mean this is the end,” the site’s operator wrote on Facebook. “We have located where DDoS are coming from. It’s from ?#?Crunchyroll? and ?#?Funimation? Employees.” Funimation is an US television and film production company best known for its distribution of anime while Crunchyroll is a website and community focused on, among other things, Asian anime and manga. While both could at least have a motive to carry out a DDoS, no evidence has been produced to back up the HorribleSubs claims. That said, HorribleSubs admits that its key motivation is to annoy Crunchyroll. “We do not translate our own shows because we rip from Crunchyroll, FUNimation, Hulu, The Anime Network, Niconico, and Daisuki,” the site’s about page reads, adding: “We aren’t doing this for e-penis but for the sole reason of pissing off Crunchyroll.” Shortly after, attention turned to anti-piracy outfit Remove Your Media (RYM). The company works with anime companies Funimation and Viz Media, which includes the sending of millions of DMCA notices to Google. The spark came when the company published a tweet (now removed) which threatened to send “thousands” of warning letters to NYAA users once the site was back online. This doesn’t seem like an idle threat. A few weeks ago the company posted a screenshot on Twitter containing an unredacted list of Comcast, Charter and CenturyLink IP addresses said to have been monitored infringing copyright. Due to the NYAA downtime, RYM later indicated it had switched to warning users of Kickass.to. This involvement with anime companies combined with the warning notice statement led to DDoS accusations being directed at RYM. TorrentFreak spoke to the company’s Eric Green and asked if they knew anything about the attacks. “The short answer is No. In fact we were waiting for [NYAA] to go back online to begin monitoring illegal transfers again. Sorry to disappoint but we had no involvement,” Green told TF. Just a couple of hours ago RYM made a new announcement on Twitter, stating that the original tweet had been removed due to false accusations. “Nyaa post deleted due to all the Ddos libel directed at this account. Infringement notices continue to ISPs, for piracy, regardless of tracker,” they conclude. Although it’s impossible to say who is behind the attacks, it does seem improbable that an anti-piracy company getting paid to send notices would do something that is a) seriously illegal and b) counter-productive to getting paid for sending notices. That said, it seems likely that someone who doesn’t appreciate unofficial anime sites operating smoothly is behind the attack. Who that might be will remain a mystery, at least for now. Source: http://torrentfreak.com/anti-piracy-outfit-denies-ddosing-anime-sites-140904/
Read More:
Anti-Piracy Outfit Denies launching DDoS attacks on Anime Sites
Distributed denial of service (DDoS) attacks are a method attackers favor for disrupting an organization’s operations by flooding the network with traffic, overwhelming available bandwidth, and making network resources unavailable. According to research from the Ponemon Institute, DDoS attacks accounted for 18 percent of data center outages in 2013, up from 2 percent in 2010. They found that such attacks are the most costly data-center attacks to mitigate, costing an average of $822,000 per outage, leading to problems such as business disruption, loss of revenues, and reduced productivity. However, the costs can be even higher for organizations that rely on their websites as their main sales vehicle, since the unavailability of those websites can lead to those organizations losing multiple millions of dollars in sales. According to Forrester Research, the average organization loses $27 million for a 24-hour outage, with business services and financial services institutions faring the worst. Despite the damage that DDoS attacks can do in and of themselves, they are often used as a smoke screen to divert resources into clearing up the disruption, leaving organizations unaware of other attacks happening simultaneously. Often, the real motivations are financial manipulation or a competitive takeout. In other cases, the motivations are ideological, looking to hurt or embarrass organizations. For example, in late 2012 to early 2013, 46 financial institutions in the United States were hit with over 200 coordinated and timed DDoS attacks. It is believed that the motivation for this campaign of attacks was to cause consumers to lose their trust in the retail banking system. However, organizations in any walk of life can be impacted, both in the private and public sector, and such attacks should be considered a top concern by any organization, especially as DDoS attacks are increasingly becoming a weapon of choice. Not only are DDoS attacks growing in number and affecting a wider range of organizations, but more tools are becoming available that make them easier to pull off. Whereas previously an attacker would have had to possess a fair degree of skill and recruit an army of computers into a botnet in order to create enough computing power to launch an attack, new attack methods require considerably fewer resources and less skill. DDoS attack kits are now readily available on the Internet for low prices, making the job of a relatively unskilled hacktivist much easier, and DDoS-as-a-service attacks are an increasingly common phenomenon, whereby attackers hire themselves and their botnets out to those wishing to launch attacks. Another recent development is the use of network time protocol amplification attacks, which use publicly available network time protocol servers, the real purpose of which is to provide clock-synchronization services over public networks. Using this method means that attackers no longer need to go through the effort of putting together a botnet to launch their attacks. Recently, there has also been a dramatic rise in mobile applications used in DDoS attacks, driven by the ease with which mobile apps can be downloaded. These apps allow any mobile user to join a DDoS attack if he or she wishes—for example, for an ideological cause with which he or she sympathizes. It is predicted that such attacks will increase dramatically. The tremendous growth in DDoS attacks in 2013 that continued, if not accelerated, in 2014 means that all organizations should beware of the consequences. Where they do not have the resources in-house to defend themselves, organizations should investigate the use of services that can divert traffic away from their networks while remediation measures are taken. While, on the one hand, there is a trend toward increasing complexity and sophistication of attacks, on the other hand, attacks are becoming easier to pull off by an ever-wider range of criminal actors. The DDoS attack landscape is set to become much more complicated, and many more organizations will become victims. All organizations should beware. Source: https://blogs.rsa.com/ddos-attacks-increasingly-weapon-choice/
CyberVor, huh, yeah. What is it good for? Anecdotal evidence is emerging that the Russian botnet raiders behind the “biggest-ever” password theft have begun attacks against web services using stolen login credentials.…
More here:
Gang behind ‘1.2 billion’ megahack ransack is pwning our customers – hosting firm