Tag Archives: ddos

Drupal Patches Denial of Service Vulnerability

Details on a patched denial of service vulnerability in the open source Drupal content management system have been disclosed. The vulnerability, patched yesterday, could be abused to crash a website running on the CMS. Researchers Michael Cullum, Javier Nieto and Andres Rojas Guerrero reported the bug to Drupal and urge site owners and Drupal admins to upgrade Drupal 6.x to Drupal core 6.34 or 7.x to Drupal core 7.34. The vulnerability exposes user names in addition to threatening the availability of a Drupal site. The researchers said they were able to guess a valid Drupal user name by exploiting the bug by entering an overly long password; they give an example of a million-character password. They explain that Drupal only calculates a password hash for valid user names; by measuring the time it takes to get a response from the system with a long password, they can infer that the user name they tried is valid. “In Drupal, the way of calculating the password hash (SHA512 with a salt) by using phpass results in the CPU and memory resources being affected when really long passwords are provided,” the researchers wrote. “If we perform several log-in attempts by using a valid username at the same time with long passwords, that causes a denial of service in the server.” Depending on the server configuration—in this case Drupal 7.32 running on Apache with a MySQL default installation—the attack crashes the entire server. The researchers said this happens because the RAM and CPU limits are reached. It can also crash the database, they said. “If the Apache configuration is optimized and tuned to the hardware resources, we are able to reach all sessions available quickly and handle them for 30 seconds which performs a DOS without crashing the server or database,” the researchers said, adding that 30 seconds is the longest a script can run before it is terminated by a parser. “This helps prevent poorly written scripts from tying up the server.” The researchers said they will publish a proof of concept attack at a later time. This vulnerability was rated moderately critical by Drupal, unlike a much more serious SQL injection flaw that became public on Oct. 15. The flaw was found in a Drupal module designed to defend against SQL injection attacks. Attackers quickly wrote automated exploits targeting the vulnerability; the attacks worked without the need for a Drupal account and left no trace. Drupal quickly released an advisory urging site admins to proceed as if every Drupal 7 site that was not patched within hours of the announcement were compromised. “Attackers may have created access points for themselves (sometimes called ‘backdoors’) in the database, code, files directory and other locations. Attackers could compromise other services on the server or escalate their access. Removing a compromised website’s backdoors is difficult because it is not possible to be certain all backdoors have been found,” Drupal said in a statement. The patch was made available on Oct. 15; the vulnerability was found in a database abstraction API that sanitized queries to prevent SQL injection. Source: http://threatpost.com/drupal-patches-denial-of-service-vulnerability-details-disclosed/109502

Original post:
Drupal Patches Denial of Service Vulnerability

Sophisticated Android-based botnet a danger to enterprise networks

A new, more sophisticated and more stealthy version of the NotCompatible Android Trojan continues to strengthen one of the most long-lived and advanced mobile botnets ever to exist (since mid-2012). …

View article:
Sophisticated Android-based botnet a danger to enterprise networks

#OpKKK: Anonymous launches DDoS attacks on KKK websites

Anonymous claims it has taken down several Ku Klux Klan websites and Twitter accounts as part of what internet hacktivists describe as a “cyber war”, inspired by KKK threats of using “lethal force” against Ferguson protesters. Anonymous listed the KKK websites it put offline Sunday night on its Twitter feed, with reports on the attacks coming with the hashtag #OpKKK. The group has acknowledged, though, that its anti-KKK action was not running smoothly enough. “ A lot of the sites being DDOS’d in #OpKKK seem to be going down, coming up, going back down, coming back up, etc ,” Anonymous explained. The hacktivists have also announced having taken over two KKK Twitter accounts @KuKluxKlanUSA and @YourKKKCentral. “ Based on the direct messages sent from and to this account, we can confirm that this account was run by an official Klan member ,” the group posted at one of the hacked accounts, promising more details in a statement coming in a few hours. The group is targeting the Ku Klux Klan over fliers it distributed among residents of the St. Louis area. The leaflets described protesters in Ferguson as “terrorists” and warned the KKK was ready to use lethal force against them. READ MORE: Missouri KKK: We will use ‘lethal force’ against Ferguson protesters The hacktivists reacted to the threats by releasing a video, announcing the launch of a “cyber war” on the KKK. “ DDos attacks have already been sent and have infiltrated your servers over the past 2 days… d0x’s have also been launched on leaders of the KKK. All information retrieved will be given to the public ,” the video says. The online attacks by the Anonymous come as tensions rise in St Louis, where a decision by a grand jury is expected any day now, though the date of the verdict has not been announced. The ruling will determine whether criminal charges will be brought against white police officer Darren Wilson, who shot unarmed black teenager Michael Brown, killing him. On Sunday, a crowd of demonstrators staged a peaceful protest in St. Louis, marking 100 days since the fatal shooting. Protesters lay down on chalk-marked areas, pretending to have been shot. Source: http://rt.com/usa/206067-anonymous-hacks-kkk-accounts/

See the original article here:
#OpKKK: Anonymous launches DDoS attacks on KKK websites

DDoS Attack Against Svenska Spel

The debate about Sweden’s restrictive online gambling legislation is heating up, as Gustaf Hoffstedt , from the country’s Moderate Party, proposed a motion to the Swedish Parliament to modify the current law in favor of an open and regulated market. After the European Commission (EC) decided to refer the country to the European Court of Justice to finally define whether Sweden’s monopoly on gambling is in conflict with EU laws or not, the pressure for a legislative change now comes from inside the country. “Sweden’s monopoly only exists on paper, therefore it is natural to change this to a licensing system where more operators can apply for a license in Sweden,” Hoffstedt said. “The companies that meet the highest standards should, on application, be given a license to operate in Sweden.” Hoffstedt believes that a change in the legislation is needed since it’s time for Sweden’s authorities to face the fact that the gambling monopoly in the hands of the State-controlled Svenska Spel did not work as initially expected. Especially as a large number of Swedish citizens regularly play on rooms that should not be reached from within the country. “When we talk about foreign gaming companies, these are in fact, in many cases, Swedish companies, since Sweden is one of the leading export nations in the gaming industry with companies like Unibet and Betsson ,” Hoffstedt explained to GamingIntelligence . “The current gaming law forces these companies to operate abroad. It is easy to see that a business policy that forces world-leading Swedish companies to leave the country can hardly be regarded as successful.” Similarly to the EC, the member of Sweden’s Moderate party believes that the country’s gambling monopoly did not succeed also in protecting players from the perils of compulsive gambling. “Compulsive gambling is a medical diagnosis, but today only 30 of the 290 municipalities provide specialised gambling treatment,” he stated. Hoffstedt parliamentary motion is only the last chapter of a long debate that many believe will soon result in the opening of Sweden’s gambling market. Also Sweden’s Minister of public administration Ardalan Shekarabi agrees with Hoffstedt on the fact that the country should rethink its approach to gambling and allow more companies to join an open, yet regulated, market. In a comment reported by PokerNews in October, Shekarabi explained how he believes it will be the government’s intention to “accelerate the work that is currently taking place to find a licensing system which can be implemented in Sweden.” Right when the Parliament was busy discussing the possibility to end the state-controlled gambling monopoly, things did not go too well for the country’s monopolistic company Svenska Spel. With a note published on the company’s website on Nov. 13, Svenska Spel’s press officer Johan Söderkvist announced that “the poker room had to temporarily shut down because of DDoS attacks.” “Svenska Spel has undergone several targeted denial of service attacks, known as DDoS attacks,” the note explains. “Given the major disruptions caused by the attacks, it has been decided to temporarily shut down the poker room. Cancelled games will be refunded according to Svenska Spel’s terms and conditions,” the note continued. “Svenska Spel has filed a police report the incident.” Heavy DDoS attack against Svenska Spel were also reported on Nov. 2, when the poker room was forced to cancel the inaugural event of its 2014 Swedish Masters . Source: http://www.pokernews.com/news/2014/11/ddos-attacks-against-svenska-spel-continue-19823.htm

Originally posted here:
DDoS Attack Against Svenska Spel

The Bitcoin Forum At Bitcointalk.org Went Offline Due to DoS attack

Bitcointalk.org, the Bitcoin Forum, is currently offline with the official explanation being a DOS attack. In the past, Bitcointalk.org has faced hacks, man-in-the-middle attacks, and DDOS. According to isitdownrightnow, a service that tells you the status of websites worldwide, bitcointalk.org has been down since at least 17:00 PT. This is corroborated by the first reports on twitter of the bitcointalk.org outage:   In the meantime, users can use Bitcointa.lk, which stores all of the Bitcointalk.org messages and has an additional list of features, as well. Bitcointalk confirms the DoS attack: Source: https://www.cryptocoinsnews.com/bitcoin-forum-bitcointalk-org-currently-offline-due-to-dos/  

Read More:
The Bitcoin Forum At Bitcointalk.org Went Offline Due to DoS attack

Blizzard confirms World of Warcraft target of DDoS attack

Update 5:50 a.m. PST: The servers are now down for maintenance, and the attack is over. If further ones happen, we’ll announce accordingly. Update 8:15 p.m. PST The DDoS attacks continue. Blizzard is rolling out updates to the backend services at a breakneck pace right now, some of which are having unintended consequences and further complicating an already messy situation. However, it should be noted that this is to be expected when combating such a large scale attack. In no way is Blizzard responsible for the server outages on this scale — responsibility rests with the script kiddies and bot net controllers. It’s hard to know just how big this attack is, but with the sustained issues it’s causing, and the severity of response from Blizzard, it’s safe to assume that it’s big . Battle.net is a hardened internet service that has withstood onslaughts like this before. For it to fail at such a critical juncture is nothing but catastrophic for the short term, and could have serious long term implications. We have some idea, shown above, of just how global this attack is. We’ll update this post as the night continues, providing you with the latest. In the mean time — we recommend you catch up on your lore, and not concern yourself with logging in. Original Post: WoW Insider received reports earlier today that Blizzard may be the target of a significant DDoS effort — and community manager Bashiok has confirmed it on the World of Warcraft forums. Bashiok goes on to outline additional issues Blizzard is currently attempting to resolve: instance servers timing out, disconnects from the continent servers, and performance and phasing issues with garrisons. Source: http://wow.joystiq.com/2014/11/13/blizzard-confirms-world-of-warcraft-target-of-ddos-attack/

Visit site:
Blizzard confirms World of Warcraft target of DDoS attack

Dormant IP addresses RIPE for hijacking

‘That’s not us spamming, honest’ cries hosting firm Spammers are using loop holes in the internet routing registry to commandeer address space and pump out junk mail, and potentially launch denial of service attacks and steal traffic.…

Read the original:
Dormant IP addresses RIPE for hijacking

Image DNSresponse-640x436.png

Don’t blame Obama, but DDoS attacks are now using his press releases

A new form of Domain Name Service-based distributed denial of service (DDoS) attacks that emerged in October, attacks that can significantly boost the volume of data flung at a targeted server. The method builds upon the well-worn DNS reflection attack method used frequently in past DDoS attacks, exploiting part of the DNS record returned by domain queries to increase the amount of data sent to the target—by stuffing it full of information from President Barack Obama’s press office. DNS reflection attacks (also known as DNS amplification attacks) use forged requests to a DNS server for the Internet Protocol address and other information about a specific host and domain name. For example, a response from Google’s DNS server typically returns something like this—a simple response with the canonical name (CNAME) of the DNS address sent in the request and an IPv4 or IPv6 address for that name: DNS requests are usually sent using the User Datagram Protocol (UDP), which is “connectionless.” It doesn’t require that a connection be negotiated between the requester and the server before data is sent to make sure it’s going to the right place. By forging the return address on the DNS request sent to make it look like it came from the target, an attacker can get a significant boost in the size of a DDoS attack because the amount of data sent in response to the DNS request is significantly larger. But this new attack pumps up the size of the attack further by exploiting the TXT record for a domain—a free-form text entry for a domain name. TXT records are used to provide “time to live” (TTL) information for caching of webpages, configuring anti-spam policies for e-mail service, and verifying ownership of domains being configured for Google Apps and other enterprise services. It can also be used to provide information about other services associated with a domain name. A TXT record for a domain can be up to 255 characters—a significant boost over the relatively small size of the request sent for it. In October, Akamai’s security team noticed a trend in DNS reflection attacks using TXT record requests to the domain “guessinfosys.com” and other malicious domains. The contents for those were not exactly what you’d expect in such a record—they contained text pulled from news releases on WhiteHouse.gov: These attacks lasted for over five hours during each episode, resulting in malicious traffic of up to four gigabits per second hitting their targets. The contents of the TXT records were apparently being updated automatically, possibly scraping data from the WhiteHouse.gov site. DDoS attacks, like many “reflection” attacks, are preventable by DNS server operators by blocking external DNS requests. The attacks can sometimes be stopped at the edge of the network, but that usually requires having more bandwidth available than the size of the attack—something smaller sites without DDoS protection from a content delivery network such as Akamai or CloudFlare may have some difficulty doing. Source: http://arstechnica.com/security/2014/11/dont-blame-obama-but-ddos-attacks-are-now-using-his-press-releases/

Read the article:
Don’t blame Obama, but DDoS attacks are now using his press releases

Defending against the dark arts of DDoS

In the magical world of Harry Potter, the boy wizard and his cohorts were enrolled in a class called Defence Against the Dark Arts as part of their curriculum. In the world of technology, defending against the “dark arts” of DDoS attackers is just as much a requirement. DDoS attacks suspend service to a website by overwhelming it with traffic from multiple sources, thus blocking access to the site and preventing users from accessing important information. Hackers can take down a website in one fell swoop using DDoS attacks, and the longer they last, the more costly they can be to a business. According to a report from TrendMicro Research, a week-long DDoS attack costs $150 on average from the Internet’s black market, while Verisign/Merrill Research reports that one-third of all downtime activity on the Internet can be attributed to DDoS attacks. Additionally, a newly-released report from Symantec indicates that DDoS attacks have increased by a staggering 183 per cent between January and August of 2014. In an exclusive interview with IT in Canada, Candid Wüeest, senior software engineer at Symantec Advanced Threat Research, discusses how businesses can defend against these attacks, and how Symantec can arm them for this battle. IT in Canada: Why are more businesses falling victim to DDoS attacks? Wüeest: I think we’re seeing more mid-sized and larger companies falling victim to DDoS attacks because they’re very easy to carry out by the attackers, and it can be very devastating on the receiving end as a result. The motivation behind it might often vary. For example, there are hacktivists who might do it to protest a company’s ideologies, but we also see others do it to make a profit. One of the most obvious profit-related (schemes) is extortion, where an attacked company might be told “Give us a certain amount of money or your online shop will be down.” The other is carried out by a company’s competition, using DDoS attacks to redirect customers to their business. With Thanksgiving coming up, if an online shop is not online during critical hours, people might go to a different shop, allowing the competition to profit from those sales. ITIC: The Symantec report notes that DDoS attacks increased by 183 per cent between January and August of 2014. What is the reason for that? CW: I think it’s a bit of a self-fulfilling prophecy. We see that they are successful, and more people in the media are talking about them. This shows hackers that it’s a proven way to attack someone, so they decide to go through with it, which also creates a bigger demand for automated tools and DDoS services. We are also seeing more advertising in the underground market for people selling these services, and this is probably the reason why you’re seeing more of them actually happening. ITIC: What can businesses do to prevent DDoS attacks? CW: When it comes to defending against DDoS attacks, there are a few strategies. The first one is to simply be prepared for them and know who to call. Have a response plan integrated into your system to accommodate DDoS attacks. In most case, when businesses fall victim to DDoS attacks, they don’t know what to do or who to call, or who is responsible at the IP level, and this results in valuable time and revenue being lost. The second one is planning for scalability and flexibility within your network. That starts with having the opportunity to filter out traffic whenever possible in multiple locations, have a load balancer in for multiple sites, or have a caching proxy in place. The third strategy involves implementing certain protection services. Nowadays, if you’re a medium- or large-sized business, you should also definitely speak with providers of specific protection services, which can help you mirror your website across multiple locations, allowing for better filtering if you are under attack. ITIC: Why are hackers now relying on mobile devices to execute attacks? CW: We’ve seen that hackers are experimenting with mobile phones. This not just because of their 4G and LTE capabilities, which means they can generate a lot of bandwidth traffic, but because they are very good at generating application level DDoS attacks. They can attempt to overload a database with queries and perhaps use up all of an application’s resources. This is done through WebRequest, which can be easily sent over any mobile network. We all know that most mobile phones are usually not protected by any kind of security software, so once they infected, they usually stay infected for a very long time because most people don’t notice it, as they don’t switch off their phones after 24 hours online. As a result, I think that mobile phones might be a better attacking platform than a laptop that you would shut down overnight. ITIC: What kinds of services does Symantec offer for defending against these attacks? CW: Symantec is very active in the intelligence and protecting people from becoming the source of an attack. We can help you defend against having your service compromised by any of the malware tools being used or a third-party amplification attack. We cooperate with different companies for the distribution of the network, but that is more of the focus of companies like Akamai and CloudFlare. With our knowledge that we have in the data centre, we can help with the flexibility of setting up networks that can be integrated into those services without having to switch too much on your existing platform. ITIC: Are DDoS issues more of a problem in Canada then they are in the U.S.? CW: As a country, Canada is doing well. It’s less of a problem there compared to the U.S., but we can’t expect there to be a country where DDoS attacks aren’t happening. One of the reasons is because they’re so easy to conduct, and many more hackers are relying on them now as a result. They are definitely happening in Canada, and people should definitely be preparing themselves if they haven’t already done so. ITIC: What can companies do to protect their cloud from attacks? CW: Cloud protection is an interesting problem. Companies should definitely read the FAQs from their cloud service providers to learn how they can protect against denial-of-service attacks. Sometimes, they might be a DDoS attack against a company’s online storage, but if it’s targeting the cloud provider, the business might not even notice that they are under attack. They might just notice that they are no longer available, or the availability of certain documents is failing. You should definitely talk to you cloud provider about how they are protected against DDoS attacks, and most of them do have a plan or have multiple locations and balancing in place to cope with these attacks. Make sure that you are aware of them, and if they don’t have them, you should consider moving to another one or plan a strategy on how you can switch to a secondary site in the event of an attack. ITIC: What does the future hold for DDoS attack prevention? CW: With DDoS attack prevention, we see that it’s moving in another way, but kind of complimenting to the whole bandwidth issue. At the moment, most of the mitigation tactics rely on providing a larger bandwidth so that the attackers cannot fill it up. This is good for basic attacks, but we see that there is a limitation to this. In the end, this is a race which will be won by the attackers most of the time because they can compromise more machines. What we see in the future is that we have to rely more on the protection of resources, such as websites and databases, and ensuring that they are protected and secure against having their resources used up. We also have to ensure we can perform proper filtering and only let genuine people in. We see more features being implemented in back service technologies or proxies that are close to the web server. Source: http://www.itincanadaonline.ca/index.php/security/1003-defending-against-the-dark-arts-of-ddos

Read the original post:
Defending against the dark arts of DDoS