Anonymous shut down the bank of Greece website in a powerful DDoS attack — Vows to target more banks against financial corruption. The online hacktivist Anonymous recently relaunched operation OpIcarus directed towards banking sector in Europe and the United States — The first bank coming under the fire is the Bank of Greece who had their website under a series of distributed denial-of-service attacks ( DDoS ) forcing the servers to remain offline for more than 6 hours. OpIcarus is all about targeting banking and financial giants Anonymous’ Operation OpIcarus was launched in January 2016 and restarted in March 2016. The hacktivists behind the operation believe banks and financial giants are involved in corruption and to register their protest they had to take the war to a next level. In an exclusive conversation with one of the hacktivists behind the Greek bank DDoS attack, HackRead was told that: “The greek central bank has been offline all day. we would like all banks out there to know that unless they hold themselves accountable for their crimes against humanity that we will strike a new bank every single day and punish them #OpIcarus.” Source: https://www.hackread.com/anonymous-ddos-attack-bank-greece-website-down/ The hacktivists also released a YouTbe video revealing the reason and a list of banking websites that will be targeted. The list includes banking and financial institutions in Brazil, Bangladesh, China, USA, UK, Pakistan, Iran and several other countries.
After terrorizing companies under the fake Armada Collective moniker, the same group appears to have switched to using the name of the infamous Lizard Squad hacking crew, CloudFlare reported today. Early this week on Monday, CloudFlare let everyone know there was a criminal goup sending out extortion emails to companies around the globe. The criminals were posing as Armada Collective , an infamous group known for carrying out DDoS attacks if victims didn’t pay a so-called “protection tax.” The crooks were basing their attacks on the victims googling their name and finding out about the tactics of the real Armada Collective. In fact, CloudFlare says it never saw a single DDoS attack carried out by this group against its targets. In another blog post today, CloudFlare says that three days after they exposed the group, the criminals dropped the Armada Collective name and started using Lizard Squad instead, another hacking crew, famous for downing the Xbox and PlayStation networks on Christmas 2014. The change was to be expected since extorted organizations that would google the Armada Collective name would see all the stories about the copycats instead. CloudFlare says that over 500 companies received extortion emails from this group claiming to be Lizard Squad and that all these emails were identical. As before, the group used one single Bitcoin address to receive payments. By using one Bitcoin address, the group would not be able to tell which companies paid the ransom and which didn’t, meaning this was almost sure the same group as before, launching empty threats once again. CloudFlare says that just like when claiming to be Armada Collective, the group never launched any DDoS attacks when posing as Lizard Squad. Below is a comparison of the two ransom notes received by companies, from the fake Lizard Squad group on the left, and from the fake Armada Collective group on the right. Source: http://justfreedownload.net/news/98693/armada-collective-copycats-now-posing-as-lizard-squad-in-ddos-extortion-scheme.html
Few organizations globally are being spared DDoS attacks, according to a Neustar survey of over 1,000 IT professionals across six continents. With the bombardment fairly constant throughout 2015, it is no longer a matter of if or when attacks might happen, but how often and how long the attack will last. Faced with this ongoing onslaught, the report demonstrates that increasingly DDoS-defense savvy organizations are now arming themselves accordingly. The research results show that although … More ?
View the original here:
DDoS aggression and the evolution of IoT risks
Data centers may be more reliable, but failures due to malicious attacks are increasing. Their cost is also rising, says Michael Kassner Some cost accountants would cringe at his methodology, but after a 2013 DDoS attack on Amazon, Network World journalist Brandon Butler took a simple route to come up with an attention-grabbing headline: “Amazon.com suffers outage – nearly $5M down the drain?” Did Amazon really lose this much money? Or did it lose more? Butler worked backward from the company’s reported quarterly earnings: “Amazon.com’s latest (2013) earnings report shows the company makes about $10.8 billion per quarter, or about $118 million per day and $4.9 million per hour.” The DDoS outage lasted nearly an hour, hence the almost $5 million figure. That is a truly staggering amount to lose in one hour of unplanned maliciously-caused downtime. And Butler’s methodology seems logical on the surface. But could we get a more accurate idea of the actual cost? The Ponemon way of estimating If the Ponemon Institute is known for anything, it is the company’s diligence in providing accurate accounting of issues on the company’s radar – in particular security issues. Its areas of interest happen to include the cost of data center outages, which it covers in a regular report series. The executive summary of the latest, January 2016, report says: “Previously published in 2010 and 2013, the purpose of this third study is to continue to analyze the cost behavior of unplanned data center outages. According to our new study, the average cost of a data center outage has steadily increased from $505,502 in 2010 to $740,357 today (or a 38 percent net change).” To reach those conclusions the Ponemon researchers surveyed organizations in various industry sectors (63 data centers) that experienced an unplanned data center outage during 2015. Survey participants held positions in the following categories: Facility management Data center management IT operations and security management IT compliance and audit The Ponemon researchers used something called activity-based costing to come up with their results. Harold Averkamp at AccountingCoach.com describes activity-based costing as follows: “Activity-based costing assigns manufacturing overhead costs to products in a more logical manner than the traditional approach of simply allocating costs on the basis of machine hours. Activity-based costing first assigns costs to the activities that are the real cause of the overhead. It then assigns the cost of those activities only to the products that are actually demanding the activities.” Following Averkamp’s definition, Ponemon analysts came up with nine core process-related activities that drive expenditures associated with a company’s response to a data outage (see Box). It’s a detailed list, and includes lost opportunity costs. Key findings The research report goes into some excruciating detail, and significant real information can be gleaned from the survey’s key findings. For example, the maximum cost of a data center outage has more than doubled since Ponemon Institute started keeping track, from $1 million in 2010 to more than $2.4 million in 2016. Overall outage costs Source: Ponemon Institute “Both mean and median costs increased since 2010 with net changes of 38 and 24 percent respectively,” says the report. “Even though the minimum data center outage cost decreased between 2013 and 2016, this statistic increased significantly over six years, with a net change of 58 percent.” The report also found that costs varied according to the kind of interruption, with more complexity equalling more cost. “The cost associated with business disruption, which includes reputation damages and customer churn, represents the most expensive cost category,” states the report. The least expensive costs, the report says involve “the engagement of third parties such as consultants to aid in the resolution of the incident.” The Ponemon report looked at 16 different industries, and the financial services sector took top honors with nearly a million dollars in costs per outage. The public sector had the lowest cost per outage at just under $500,000 per outage. Primary causes of outages Source: Ponemon Institute Next, the Ponemon team looked at the primary cause of outages. UPS system failure topped the list, with 25 percent of the companies surveyed citing it. Twenty-two percent selected accidental or human error and cyber attack as the primary root causes of the outage. Something of note is that all root causes, except cyber crime, are becoming less of an issue, whereas cybercrime represents more than a 160 percent increase since 2010. One more tidbit from the key findings: complete unplanned outages, on average, last 66 minutes longer than partial outages. The Ponemon researchers did not determine the cost of an outage per hour; deciding to look at the price per outage and per minute, and how those numbers have changed over the three survey periods. The cost per outage results are considerably less than that reported for the Amazon incident, but an average of $9,000 per minute or $540,000 per hour is still significant enough to make any CFO take note. DDoS is not going away Data centers can only increase in importance, according to the Ponemon analysts, due in large part to cloud computing (30 percent CAGR between 2013 and 2018) and the IoT market (expected to reach 1.7 trillion dollars by 2020). “These developments mean more data is flowing across the internet and through data centers—and more opportunities for businesses to use technology to grow revenue and improve business performance,” write the report’s authors. “The data center will be central to leveraging those opportunities.” An interesting point made by the report is how costs continue to rise and the reasons for data center downtime today are mostly not that different from six years ago. The one exception is the rapid and apparently unstoppable growth in cyber attacks. The report authors are concerned about this very large increase in cyber attack outages, and they make a stark warning that the problem is not going away soon. Components of cost: Detection cost Activities associated with the initial discovery and subsequent investigation of an outage incident. Containment cost Activities and associated costs that allow a company to prevent an outage from spreading, worsening, or causing greater disruption. Recovery cost Activities and associated costs related to bringing the organization’s networks and core systems back to normal operation. Ex-post response cost All after-the-fact incidental costs associated with business disruption and recovery. Equipment cost The cost of equipment, new purchases, repairs, and refurbishment. IT productivity loss The lost time and expenses associated with IT personnel downtime. USER productivity loss The lost time and expenses associated with end-user downtime. Third-party cost The cost of contractors, consultants, auditors, and other specialists engaged to help resolve unplanned outages. Lost revenues Total revenue loss from customers and potential customers because of their inability to access core systems during the outage. Business disruption Total economic loss of the outage, including reputational damages, customer churn, and lost business opportunities. Source: http://www.datacenterdynamics.com/security-risk/the-rising-cost-of-ddos/96060.article http://www.datacenterdynamics.com/magazine
The rising cost of DDoS
In less than two months, online businesses have paid more than $100,000 to scammers who set up a fake distributed denial-of-service gang that has yet to launch a single attack. The charlatans sent businesses around the globe extortion e-mails threatening debilitating DDoS attacks unless the recipients paid as much as $23,000 by Bitcoin in protection money, according to a blog post published Monday by CloudFlare, a service that helps protect businesses from such attacks. Stealing the name of an established gang that was well known for waging such extortion rackets, the scammers called themselves the Armada Collective. “If you don’t pay by [date], attack will start, yours service going down permanently price to stop will increase to increase to 20 BTC and will go up 10 BTC for every day of the attack,” the typical demand stated. “This is not a joke.” Except that it was. CloudFlare compared notes with other DDoS mitigation services and none of them could find a single instance of the group acting on its threat. CloudFlare also pointed out that the group asked multiple victims to send precisely the same payment amounts to the same Bitcoin addresses, a lapse that would make it impossible to know which recipients paid the blood money and which ones didn’t. Despite the easily spotted ruse, many businesses appear to have fallen for the scam. According to a security analyst contacted by CloudFlare, Armada Collective Bitcoin addresses have received more than $100,000. “The extortion emails encourage targeted victims to Google for the Armada Collective,” CloudFlare CEO Matthew Prince wrote. “I’m hopeful this article will start appearing near the top of search results and help organizations act more rationally when they receive such a threat.” Source: http://arstechnica.com/security/2016/04/businesses-pay-100000-to-ddos-extortionists-who-never-ddos-anyone/
Businesses pay $100,000 to DDoS extortionists who never DDoS anyone
Anonymous Ghost Squad’s DDoS Attack Closes Down KKK Website The Anonymous vs. Ku Klux Klan (KKK) cyber war is well known to all of us. In continuation of that war, Anonymous affiliate Ghost Squad brought down one of major website belonging to the KKK members. In a series of powerful distributed denial-of-service (DDoS) attacks just a few hours ago, Anonymous has shut down the official website of Loyal White Knights of the Ku Klux Klan (KKK). Ghost Squad, the group said to be behind this attack works with the online hacktivist Anonymous. The reason for attacking the KKK is the “blunt racism” in the name of free speech. In an exclusive conversation with one of the attackers, HackRead was told that: “We targeted the KKK due to our hackers being up in their face, we believe in free speech but their form of beliefs is monolithic and evil. We stand for constitutional rights but they want anyone who is not Caucasian removed from earth so we targeted the KKK official website to show love for our boots on the ground and to send a message that all forms of corruption will be fought. We are not fascist but we certainly do not agree with the KKK movement. They are the Fascists and they are the Racists.” An error message “The kkkknights.com page isn’t working” is displayed for those visiting the website. KKK has not for the first time come under attacks by Anonymous. Earlier, the hacktivists disclosed personal information of KKK members. In October 2015, the group also carried out DDoS attacks on KKK’s website, as one of the Klan members apparently harassed a woman on Twitter. This is not it. In 2014, the official website of a Mississippi-based white supremacist organization “The Nationalist Movement” (nationalist.org) was also spoiled with messages like “Good night white pride.” The KKK Knights website is still offline across the world as shown in the screenshot below: Source: http://www.techworm.net/2016/04/kkk-website-shut-anonymous-ghost-squads-ddos-attack.html
Originally posted here:
KKK Website Shut Down by Anonymous Ghost Squad’s DDoS Attack
Anti-dolphin-munching mission DDoSed car-maker Nissan A pair of Akamai researchers are warning that entities using the name and iconography of hacker collective Anonymous will soon expand a six-year distributed denial of service (DDoS) attack campaign against Japan to other whale-and-dolphin-eating nations.…
The vast majority of enterprise end users (85%) want their ISPs to offer more comprehensive DDoS protection-as-a-service, according to Corero Network Security. The research, which polled over 100 ISPs and 75 enterprise customers about their DDoS mitigation strategies, revealed that an alarming proportion of ISPs are still relying on outdated technologies to protect their customers. For example, forty-six per cent divert DDoS traffic through a scrubbing centre – an expensive and notoriously slow technique which … More ?
View the original here:
ISPs are putting their enterprise customers at risk of DDoS attacks
When the waters finally calmed, Blizzard took to Twitter with the following message. That’s because some nefarious individuals launched a DDOS attack on the service. In fact, all of Blizzard’s U.S. servers were down for an extended period last night. Sony and Microsoft undergo similar attacks on a regular basis and are especially prone to such attacks during the holidays. GAMING SERVICES were hit with a distributed denial-of-service (DDoS) attack that forced users to eat Cheetos while not screaming at total strangers. This isn’t the first time the group has attacked a gaming company. Blizzard has suffered an attack on its servers that halted access to many of its games. By about 11:45 p.m., Blizzard sent out the above tweet giving gamers the all clear to jump back online. Given some of the realm stability issues caused by the service interruptions, there may be some log loss when loot is dropped or crafting occurs. A DDoS attack targeting game developer Blizzard’s servers has disrupted gamers from logging into popular games such as Diablo 3 and World of Warcraft. From the looks of it, a Blizzard employee’s Outlook account was hacked which lead to personal information and contact lists with information about other Blizzard employees being found. Maybe the hacking group felt their fellow gamers were being wronged (they weren’t) and this was their grand form of retaliation. They have teased that they have “more to come” without explaining what they plan to do next. Source: http://sacredheartspectrum.com/2016/04/blizzards-battle-net-hit-with-major-ddos-attack/
Originally posted here:
Blizzard’s Battle.net Hit With Major DDoS Attack