Two arrested for attacks on Indonesian and Australian websites The Australian Federal Police (AFP) claim to have arrested two chaps who conducted defacement and denial of service attacks on Indonesian and Australian government websites while using the name and iconography of Anonymous.…
Tag Archives: ddos news
TypePad Claims It Was Hit By Another DDoS Attack
A number of technology companies, including Meetup, Basecamp, Vimeo, Bit.ly and others, have undergone website-crashing DDoS attacks (distributed denial-of-service) in recent months, but SAY Media-owned blogging platform Typepad, apparently, has the dubious honor of being taken down for an extended outage more than once in just a few weeks. The company has confirmed to us this morning that it is again undergoing another DDoS attack, which has taken its service offline. However, until all the facts are in and TypePad can provide more info about the nature of this attack, which right now it’s unable to do, it’s unclear at this time that this morning’s network outage is definitely a DDoS attack — the same as before. Because it’s still early in the investigation, it’s possible the company is presuming a DDoS attack, where only a network outage was at fault. We’ll update when we — and they — know more. However, when asked around an hour ago, TypePad did say that it was indeed “under a DDoS attack.” In April, we reported that Typepad was undergoing an extended DDoS attack, which, at the time, had been underway off and on for nearly five days. The company explained that the attack was similar in style to that which had taken down Basecamp, and confirmed that it was working with technology providers, including CloudFlare and Fastly to help mitigate the attack and bring its service back online. Though TypePad never shared extensive technical details about the DDoS attack, the typical scenario — and one that Basecamp had faced, as well — involves an initial demand for some sort of “ransom” once the site and its related services have been knocked offline. The amount first requested is usually small, but once attackers know they have a willing victim, they’ll often increase the amount. SAY Media said it had also received a “ransom” note, and was cooperating with the FBI on an investigation. According to Paul Devine, VP of Engineering at Say Media, this new Typepad attack began at 6:00 AM PT and the company is again working with CloudFlare and Fastly to mitigate the situation. “[We] don’t expect these attacks to have longevity,” he tells us. “We’re looking forward to having the sites up and running as quickly as we can.” As of a few minutes ago, the company tweeted that blogs were loading. However, at the same time, the URL http://www.typepad.com was still largely crashed when we tried it ourselves. That is, instead of loading up properly, CloudFlare is providing a snapshot of the site through its “Always Online” service, which helps sites offer a webpage instead of an error message when taken down through cyberattacks like this. The www.saymedia.com website address came up, however, though a bit slowly. (SAY Media operates a number of brands, including ReadWrite, xoJane, Fashionista, Cupcakes and Cashmere, and others.) The site loads but a “fatal error” message appears at the bottom of the page. Thanks to newer, more powerful types of DDoS attacks that have emerged as of late, attacks that once would have been thought to be record-breaking in size are now becoming routine. For instance, Meetup’s attack was 8 Gigabits in size, and it’s not uncommon for NTP-based DDoS attacks (which exploit an older protocol called Network Time Protocol) to be 10 Gigabits in size. However, one side effect of these attacks is that when a company later experiences a network outage, they sometimes immediately presume that they’re being attacked again. It can be difficult to tell the difference, especially in the early hours of these sorts of situations. We’ll be looking for TypePad to provide its customers with a longer post-mortem following this morning’s outage. Given multiple attacks over the course of several weeks, the company has a responsibility to let their customers know whether or not they’re being targeted by criminals, or if unrelated network outages came into play this morning instead. Source: http://techcrunch.com/2014/05/19/typepad-claims-it-was-hit-by-another-ddos-attack/?ncid=rss
Continued here:
TypePad Claims It Was Hit By Another DDoS Attack
SNMP could be the future for DDoS attacks
DNS amplification and NTP reflection are two big buzz-terms in the modern world of distributed denial-of-service (DDoS) attacks, but when successful defensive measures force those wells to run dry, a lesser-used reflection attack vector, known as Simple Network Management Protocol (SNMP), could take the forefront. Johannes Ullrich, dean of research with the SANS Technology Institute, told SCMagazine.com in a Monday email correspondence that SNMP, a UDP-based protocol used to read and set the configurations of network devices, hasn’t posed as big a threat as DNS and NTP attacks because there are not as many reflectors available as there are for other protocols. Ullrich said that most network-connected devices support SNMP in some form and, in a Thursday post, opined that it could be the next go-to vector for attackers after he observed a DDoS reflection attack taking advantage of an unnamed video conferencing system that was exposing SNMP. In this instance, the attacker spoofed a SNMP request to appear to originate from 117.27.239.158, Ullrich said, explaining that the video conferencing system receives the request and then replies back to the IP address with a significant reply. An 87 byte “getBulkRequest” resulted in a return of 60,000 bytes of fragmented data, Ullrich wrote in the post, adding that the individual reporting the attack observed roughly five megabits per second of traffic. “The requests are pretty short, asking for a particular item, and the replies can be very large,” Ullrich said. “For example, SNMP can be used to query a switch for a list of all the devices connected to it. SNMP provides replies that can be larger than DNS or NTP replies.” As people improve configurations, effectively causing those DNS and NTP reflectors to dry up, SNMP could be the attack vector of choice, Ullrich said – a point that John Graham-Cumming, a programmer with CloudFlare, agreed with in a Monday email correspondence with SCMagazine.com. “I think that attackers will turn to SNMP once other attack methods are thwarted,” Graham-Cumming said. “At the moment it’s easy to use NTP and DNS for attacks, so there’s no need for SNMP.” To get a jumpstart defending against this DDoS vector, Graham-Cumming suggested that network operators limit access to the SNMP devices on their networks. Ullrich went so far as to say that SNMP devices should not be exposed to the internet at all. Both experts added that the “community string,” which serves as a password for accepting requests, should not be so obvious. Source: http://www.scmagazine.com/snmp-could-be-the-future-for-ddos-attacks/article/346799/
Linux distros get patching on terminal bug
Pseudo-terminal buffer bug from 2009 discovered Linux admins need to get busy patching, as a newly discovered bug has emerged in the kernel’s tty handling that can let local users create memory corruption leading to denial of service, unauthorised modification of data, and disclosure of information.…
Attackers rope DVRs in bitcoin-mining botnet in record time
How long does it take for one out of the box digital video recorder to be compromised with malware once the device has been connected to the Internet? The unfortunate answer is just one day. When, …
More:
Attackers rope DVRs in bitcoin-mining botnet in record time
Boffins pen ‘Guide to better spamming’
Small, widely-dispersed botnets ought to do the trick Ignoring the manual and keeping your ‘bot nimble are some of the tips a quartet of security researchers have recommended to help spam reach inboxes more effectively.…
View article:
Boffins pen ‘Guide to better spamming’
UltraDNS Dealing with DDoS Attack
UltraDNS said it has mitigated a distributed denial of service (DDoS) attack for most of its customers after the service was held down for most of the day. “Currently, only customers utilizing a segment of UltraDNS Name Server addresses are experiencing resolution latency due to intermittent network saturation in the Western US,” said Neustar director of product management, security solutions, Jim Fink in an email to Threatpost. “We continue to aggressively refine mitigations for these customers and hope to have the issue resolved shortly. We have been and will continue to provide regular updates to our UltraDNS customers via our usual customer notification process.” UltraDNS is a Neustar company. The SANS Institute’s Internet Storm Center said this afternoon that it received multiple reports of outages and DNS resolution issues, reportedly because of a 100 Gbps DDoS attack against one of UltraDNS’ customers that resulted in latency issues for others. “One reporting party did indicate that they learned that the management of UltraDNS had said that one of their customers was being attacked and that they black-holed that customer to get back on trend,” wrote ISC handler Russ McRee. “Resolver nodes around the world are resetting.” DDoS attacks the size of this one are quickly becoming the norm. A report from Arbor Networks this week said it has already tracked more than 70 DDoS attacks of 100 Gbps or more of bad traffic, topping out at 325 Gbps. The largest attacks on public record were recorded by traffic optimization and security provider CloudFlare Most volumetric attacks rely on some kind of amplification such as DNS reflection or Network Time Protocol amplification attacks where the requesting IP address is spoofed as the target’s and massive amounts of traffic is returned at relatively little cost to the attacker. With DNS amplification attacks, attackers take advantage of any number of the 28 million open DNS resolvers on the Internet to launch large-scale DDoS attacks. The motivations are varied. Ideological hackers use them to take down services in protest, while profit-motivated criminals can use DDoS as a cover for intellectual property theft and financial fraud. Beginning with the DDoS attacks against large U.S. banks early last year, the spike in these attacks merited a mention in the recent Verizon Data Breach Investigations Report. “We’re seeing a growing trend of combining DDoS with APT campaigns,” said Arbor Networks’ Gary Sockrider said. “Go back a few years, and DDOs was thought of more as a takedown mechanism, not for data exfiltration. Now we’re seeing it more frequently combined with APT, prolonged campaigns where an attacker is on your network and now need to get the data out, they’ll initiate a DDoS attack. It’s the equivalent of a natural disaster and while you’re dealing with it, that’s when they’ll exfiltrate data.” Source: http://threatpost.com/ultradns-dealing-with-ddos-attack/105806
See the original article here:
UltraDNS Dealing with DDoS Attack
France Getting Battered By DDoS Attacks
France is seeing massive amounts of DDoS traffic going through its networks, thanks to sizeable hits on the country’s popular hosting providers As the UK enjoys a relatively low volume of distributed denial of service (DDoS) attacks, France is seeing deluges of traffic hitting organisations frequently, according to research. Major hosting providers, including the hugely-polular, OVH have attracted DDoSers to France, which was only outdone by the US in terms of the amount of DDoS traffic passing through the countries’ networks, according to Arbor Networks. A record 325Gbps attack hit France this year, but it is not known who was involved. DDoS threat getting bigger and bigger Darren Anstee, director of solutions architects at Arbor, said France was being attacked largely because of the popularity of those hosting providers. “They’ve got a lot of big hosting providers and some of those are used by the gaming industry [which is subject to significant sized attacks],” he told TechWeekEurope . Arbor spotted an unprecedented rise in DDoS attacks over the first quarter of 2014. It saw 72 attacks larger than 100Gbps and 1.5 times the number of attacks over 20Gbps as in the whole of 2013. The epic increase in attack size has come as a result of what’s known as amplification. Protocols such as Network Time Protocol can be used to generate massive DDoS attacks with relatively little effort on behalf of the offenders. They can abuse vulnerable NTP servers by spoofing the IP address of a target, sending small requests and getting massive responses. The target IP is then flooded with that traffic. Even protocols used by popular gaming services, from Quake to the Steam protocol, can be abused for amplification purposes. Source: http://www.techweekeurope.co.uk/news/ddos-france-gaming-hosting-companies-144777
View the original here:
France Getting Battered By DDoS Attacks
Researcher reveals how Facebook Notes can be used to DDoS sites
A programmer has divulged how the Facebook Notes feature can be used to launch distributed denial-of-service (DDoS) attacks against websites. In a blog post this weekend, researcher Chaman Thapa said that the DDoS abuse is possible due to Facebook’s protocol of allowing HMTL image tags in notes. “Facebook Notes allows users to include tags,” Thapa wrote in the Sunday blog post. “Whenever a tag is used, Facebook crawls the image from the external server and caches it. Facebook will only cache the image once, however, [and by] using random GET parameters the cache can be bypassed and the feature can be abused to cause a huge HTTP GET flood.” By creating a list of unique image tags, and using m.facebook.com to create notes, Thapa was able to create several notes, which were each responsible for sending an influx of HTTP request to the target server, he wrote. In only a couple of seconds, he was able to send thousands of GET requests to the designated server. Thapa disclosed the issue to Facebook’s bug bounty program on March 3, but after being alerted to the issue, the company ultimately said that the attack scenario was “interesting/creative,” – but one the company didn’t intend to fix due to the logistics involved. Thapa posted the email correspondence with Facebook (which occurred April 11) in his blog post. “In the end, the conclusion is that there’s no real way to us fix this that would stop ‘attacks’ against small consumer grade sites without also significantly degrading the overall functionality,” Facebook told Thapa. “Unfortunately, so-called ‘won’t fix’ items aren’t eligible under the bug bounty program, so there won’t be a reward for this issue. I want to acknowledge, however, both that I think your proposed attack is interesting/creative and that you clearly put a lot of work into researching and reporting the issue last month. That IS appreciated and we do hope that you’ll continue to submit any future security issues you find to the Facebook bug bounty program.” In a Friday email to SCMagazine.com, a Facebook spokesperson further explained the company’s decision on addressing the bug. “Ultimately, we decided against making changes to avoid disrupting intended and desirable functions,” the spokesperson wrote. Via his blog, Thapa also revealed that similar DDoS abuse can be carried out using Google’s Feedfetcher tool. According to a Google support page, Feedfetcher allows Google to grab RSS or Atom feeds when users add them to their Google homepage or Google Reader. Source: http://www.scmagazine.com/researcher-reveals-how-facebook-notes-can-be-used-to-ddos-sites/article/344271/
Continue Reading:
Researcher reveals how Facebook Notes can be used to DDoS sites
Innocent surfers drafted into ZOMBIE ARMY by sneaky XSS vuln
Javascript snafu turned 22,000 bods into unwitting DDoSers Visitors to a video distribution website were unwittingly turned into participants in a hacker’s DDoS battle against a third-party site earlier this month.…
Link:
Innocent surfers drafted into ZOMBIE ARMY by sneaky XSS vuln