Tag Archives: ddos

18 Election Websites Offline During the U.S. Midterm Elections possible DDoS attack

On the day of the U.S. midterm elections, the Contra Costa County Department of Elections website for was inaccessible starting at 7:20 a.m. local time. And it wasn’t alone, the Bay Area News Group reported that 18 election websites run by Florida-based SOE Software across the country were down for most of the election day. According to local news reports, Contra Costa County officials said the hosting of the website was contracted to SOE Software, which was also offline at the time. Election officials said SOE Software was working trying to fix the problem, and the sites were back online this week. The main function of election websites is to provide information on where voters can find polling stations, but they also provide features such as Vote by Mail ballot registration. Officials recommended that voters needing to find their polling station visit Get to the Polls, a website sponsored by the Pew Charitable Trust and others. It’s possible that the election websites were unprepared for the amount of traffic they would get on election day, but it’s also likely that a Distributed Denial of Service attack flooded SOE Software’s servers with requests, blocking legitimate traffic from reaching the websites it hosts. Source: http://www.thewhir.com/web-hosting-news/least-18-election-websites-offline-u-s-midterm-elections

Read More:
18 Election Websites Offline During the U.S. Midterm Elections possible DDoS attack

100 Bitcoin bounty slapped onto head of blackmailer who DDoS attack Bitalo site

  On Saturday, an attacker and blackmailer “DD4BC” sent a note to the Bitalo Bitcoin exchange threatening distributed denial of service (DDoS). DD4BC demanded 1 Bitcoin (about £206, $326) as protection money and for “info on how I did it and what you need to do to prevent it”. Hello Your site is extremely vulnerable to ddos attacks. I want to offer you info how to properly setup your protection, so that you can’t be ddosed! My price is 1 Bitcoin only. Right now I will star small (very small) attack which will not crash your server, but you should notice it in logs. Just check it. I want to offer you info on how I did it and what you have to do to prevent it. If interested pay me 1 BTC to [Bitcoin address] Thank you. Bitalo CEO Martin Albert eschewed the offer for lessons on avoiding DDoS. Instead, the exchange slapped a bounty on DD4BC’s head, to the tune of 100x the ransom money. That price may seem steep, but this is serious business to Albert, who told Motherboard that his company wants to show that it’s serious. He noted that while its users’ funds were never at risk because of Bitalo’s multi-signature setup, extortionists like DD4BC nonetheless threaten the smaller startups that complete the global Bitcoin community. These kind of people can do much more harm to the community than any government by regulation or something like that, in my opinion. Fear and uncertainty take their toll as well: Bitcoin value plummeted after the fall of Mt. Gox. DD4BC’s DDoS attack on Bitalo lasted two days. Albert said that the company soon found out that the same attacker was behind threats to others: Immediately we figured out it was not an unknown guy; it was this guy who also threatened many other people. The list of DD4BC’s targets include exchange CEX.io and Bitcoin sportsbook Nitrogen Sports, Albert said. Now, the company is offering 100 BTC – about $32,859 or £20,599 at Tuesday’s exchange rates – through the Bitcoin Bounty Hunter site. This isn’t the first bounty for a Bitcoin burglar, but it’s the biggest by far. Other bounties include: ?37.6875 (approx. $12,331, £7,710) For help in catching whomever broke into the email accounts of Satoshi Nakamoto – the person or people who created the Bitcoin protocol and reference software – and Bitcoin angel investor, evangelist, the founder himself of the Bitcoin Bounty Hunter site, and a man known by some as the “Bitcoin Jesus”, Roger Ver. ?2.1249 (approx. $698, £434) For help in catching whomever’s behind the missing 600K BTC from Mt. Gox. Ver told Motherboard that he started the bounty site in September after somebody got into an old email account and started making threats: Somebody hacked an old email account of mine and then was claiming they were going to steal my identity. [They also demanded] that I pay them $20,000 worth of bitcoin or they were going to ruin my life and ruin my family’s life, and they made all sorts of nasty threats. At the time, Ver offered a 37 BTC reward in a Facebook post for “information leading [to] the arrest of the hacker.” The problem was that he didn’t know what to do with the information people sent him, he said, some of which appeared legitimate but some of which were clearly a joke. Thus was Bitcoin Bounty Hunter born: a site that allows anyone to offer information and claim a bounty anonymously. It relies on the site proofofexistence.com, which requires informants to send in details in a manner that proves that they know something without revealing what it is that they know. In order to claim any of the bounties, the culprit has to be arrested and convicted. Why not just go to the cops? Ver told Motherboard that when he’s been targeted by theft in the past, he had to track down the stolen parts himself before the police became interested. The police in California did absolutely nothing to help, they didn’t even lift a finger. Going to the police, traditionally, they don’t do much of anything to help at all. By providing a bounty I think you can provide an incentive to have anybody – including the police – to actually do the right thing and help victims of crimes. Albert said there haven’t been any real tips on the Bitalo attacker yet, but the company’s also analysing traffic to try to get at the blackmailer’s identity. Source: http://nakedsecurity.sophos.com/2014/11/05/100-bitcoin-bounty-slapped-onto-head-of-blackmailer-who-ddosed-bitalo/

Taken from:
100 Bitcoin bounty slapped onto head of blackmailer who DDoS attack Bitalo site

DDoS Explosion Imminent for Guy Fawkes Day

Guy Fawkes: famous for a plot to assassinate England’s King James in 1604 and for guarding copious amounts of gunpowder, is remembered every Nov. 5 in Britain with fireworks and bonfires. Researchers say that businesses should brace themselves for a different kind of plot: an influx of distributed denial of service (DDoS) attacks from hacktivist group Anonymous on Wednesday. “The forecast for the future looks dark, as we expect to see many DDoS attacks during Guy Fawkes Day on November 5, as the Anonymous collective has already announced various activities under the Operation Remember campaign,” said Candid Wueest, threat researcher at Symantec, in a blog. “However, hacktivists protesting for their ideological beliefs are not the only ones using DDoS attacks. We have also seen cases of extortion where targets have been financially blackmailed, as well as some targeted attacks using DDoS as a diversion to distract the local CERT team while the real attack was being carried out.” DDoS attacks have grown in intensity as well as in number in the last two years, although the duration of an attack is often down to just a few hours. Amplification attacks especially are very popular at the moment as they allow relatively small botnets to take out large targets with amplification factors of up to 500. For such an attack, spoofed traffic is sent to a third-party service, which will reflect the answer to the spoofed target. “Such attacks are simple to conduct for the attackers, but they can be devastating for the targeted companies,” said Wueest. From January to August 2014, Symantec has seen a 183% increase in DNS amplification attacks, making it the most popular method seen by Symantec’s Global Intelligence Network. Multiple methods are often used by attackers in order to make mitigation difficult and, to make matters worse, DDoS attack services can be hired for less than $10 on underground forums. “It is the distribution of hosts that attracts attackers — such as the group Anonymous — as it provides multiple advantages; undetectable location, multiple machines and identity anonymity,” said Alex Raistrick, director cybersecurity solutions at Palo Alto Networks. And all of that “which makes DDoS attacks an appealing instrument for destruction on Guy Fawkes Day,” he added. As far as mitigation, Raistrick noted that some attacks simply exploit vulnerabilities that subsequently crash or severely destabilize the system so that it can’t be accessed or used. “Segmentation helps to block attacks trying to spread from one area of the network to another,” he said. “Next-generation firewall will also directly contribute to a stronger overall security platform, starting with the endpoint and detecting attacks there as well as detecting when threats are attempting lateral moves within networks.” He added, “Essentially, make your estate difficult and expensive to breach — and the bad actors will go elsewhere.” Source: http://www.infosecurity-magazine.com/news/ddos-explosion-imminent-for-guy/

Follow this link:
DDoS Explosion Imminent for Guy Fawkes Day

Pro-democracy Hong Kong sites DDoS’d with Chinese cyber-toolkit

Now we’re not saying it was the Chinese government, but… Hacking attacks against organisations promoting democracy in Hong Kong were run using the same infrastructure previously linked to Chinese cyber-espionage attacks, according to new research from security firm FireEye.…

More:
Pro-democracy Hong Kong sites DDoS’d with Chinese cyber-toolkit

Shellshock Being Used to Build a DDoS Botnet to launch DDoS attacks

The advisory alerts enterprises to a DDoS botnet-building operation by attackers taking advantage of the Shellshock Bash bug in Linux-based, Mac OS X and Cygwin systems. Failure to take action can result in a vulnerable system being used to propagate a DDoS botnet, launch DDoS attacks, exfiltrate confidential data and run programs on behalf of attackers. “PLXsert has observed the DDoS botnet-building operation of an attacker using Shellshock to gain access to and control Linux-based systems.” said Stuart Scholly, senior vice president and general manager, Security Business Unit, Akamai. “We are sharing this information to help enterprises patch their systems to prevent unauthorised access and use by this botnet. Akamai customers have multiple options to minimise the risk of a breach and to mitigate DDoS attacks enabled by this vulnerability.” Attackers breach vulnerable systems Malicious actors are using the Bash bug vulnerability, which is reportedly present in GNU Bash versions 1.03 through 4.3, to download and execute payloads on victim machines. These payloads include executable files and script files written in programming languages such as Perl, Python or PHP. The dropped files are capable of launching DDoS attacks, stealing sensitive information and moving laterally across internal networks to breach other systems. In addition, malicious attackers have implemented backdoor functionality to gain unrestricted access to victim machines in the future. DDoS botnet uses Internet Relay Chat IRC for communication PLXsert recorded an actual IRC conversation of a botnet-building operation that uses the Shellshock vulnerability to add new bots to a botnet. The observed botnet involved 695 bots. IRC channels #p and #x were used to issue commands, and new bots were requested to join channel #new. Web applications at high risk Web applications that use the Common Gateway Interface (CGI) method to serve dynamic content are at risk for the Bash bug.  It is important to check internal and external web servers for this type of application and others that may potentially pass input to Bash.  The Shellshock vulnerability has also been exploited in OpenSSH (OpenBSD Secure Shell), a set of computer programs that provides encrypted communication sessions. In this case the vulnerability is exploited after authentication, which lowers the risk of exploitation but should still be considered high risk. Enterprises need to patch (and re-patch) vulnerable hosts Enterprises must update and patch vulnerable hosts as soon as possible. Some of the earlier patches were insufficient. It is important to obtain and apply the latest patch from the operating system developer. Fully patched, remote exploitation attempts of this type will be unsuccessful. PLXsert anticipates further infestation and the expansion of this DDoS botnet. Get the Shellshock DDoS Botnet Threat Advisory to learn more In the Bash bug advisory, PLXsert shares its analysis and details, including: Vulnerable Bash versions DDoS building capabilities of binary payloads Types of DDoS attacks IRC conversation from within the DDoS botnet How to mitigate this vulnerability DDoS mitigation Source: http://www.australiansecuritymagazine.com.au/2014/11/akamai-observes-shellshock-used-build-ddos-botnet/

Read More:
Shellshock Being Used to Build a DDoS Botnet to launch DDoS attacks

Cyber security expert warns of massive Ddos attacks against Armenian websites

Armenian cyber security expert Samvel Martirosyan warned today of Ddos attacks against Armenian websites. According to his personal site, a massive Ddos attack in 7 Gbps began yesterday in Japan. “Given that the attack is carried out from one country, we can assume that it may be a sensing, and it is possible that massive attacks from different countries may follow in the coming days,» says Martirosyan. He says that ahead of the meeting of the presidents of Armenia and Azerbaijan, Serzh Sargsyan and Ilham Aliyev, in Paris on October 27, a similar but more powerful attack had been registered against the Armenian president’s official website. Source: http://telecom.arka.am/en/news/internet/cyber_security_expert_warns_of_massive_ddos_attacks_against_armenian_websites/

See more here:
Cyber security expert warns of massive Ddos attacks against Armenian websites

White House Says Unclassified Network Hit In Cyberattack

Mitigation efforts have caused temporary outages and loss of connectivity for some staff, but no computers have been damaged, official says. An unclassified portion of the White House network has been hit with what appears to be an ongoing cyberattack. Efforts to mitigate the threat have resulted in temporary system outages and loss of network connectivity for some users, a National Security Council spokeswoman confirmed Wednesday. The attacks have not caused any damage to White House computers or systems, though some elements of the unclassified network have been impacted, the official said. “The temporary outages and loss of connectivity for our users is solely the result of measures we have taken to defend our networks,” the spokeswoman stressed in an emailed statement to Dark Reading. The Executive Office of the President (EOP) routinely receives alerts about potential cyberthreats against White House systems and discovered the current attack while following through on one such alert. White House cyber security staff is still assessing the severity of the attack and ways to mitigate it, the statement added. “Certainly a variety of actors find our networks attractive targets and seek access to sensitive government information.” An internal White House memo to staff members obtained by The Huffington Post noted that EOP component heads and senior directors at the NSC have put in place several interim measures to help employees on high priority tasks to continue work as usual. Some of the system outages and connectivity issues resulting from the attack have been resolved while others are in the process of being remediated, the memo said. The White House has not released any details on the nature of the attack or the person or group that might be responsible for it. But some media reports citing unnamed White House sources have claimed that the attacks have been going on for at least two weeks. This isn’t the first time that the White House has been the target of a cyberattack. In 2012, malicious attackers used a spear phishing attack to gain access to a non-classified system used by the White House Military Office. In 2009, the main White House website was one of the targets of a distributed denial of service (DDoS) attack campaign that also targeted the Pentagon, the Department of Homeland Security, and several other government networks. A similar DDoS attack temporarily took down the whitehouse.gov website back in 2001. Cyberattacks against White House networks have invariably tended to be portrayed as significantly hostile actions against the US by unfriendly nations. Many have tended to blame China in particular for such attacks though the actual proof for such claims has been somewhat tenuous. News of the latest attack is sure to fuel similar speculation especially because it comes just one day after security vendor FireEye’s new report on APT28, a Russian hacker collective that is believed responsible for numerous attacks against government and other websites. The group is believed engaged in widespread espionage activities and appears to be sponsored by the Russian government, according to FireEye. Security analysts themselves have in the past cautioned against reading too much into reports of cyberattacks against the White House in the absence of any real information on the nature or scope of the attacks. “Government networks the world over are on the front lines of a digital conflict, so it’s no surprise the White House has been targeted, as it presents a very rich target,” said Chris Boyd, malware intelligence analyst at Malwarebytes Lab in emailed comments. Though no White House systems appear to have been compromised, the attack serves as a reminder of how geopolitical tensions are expressed these days, he said. John Pescatore, director of emerging security threats at the SANS Institute said reports of the attacks needs to be viewed in a slightly broader context given all that has been happening recently with White House security. “Given what seems to be a decrease in rigor around physical protection of the White House, I think we do have to be concerned about cyber security protection around White Houses computer systems,” Pescatore said. “I have no insight into what attacks actually occurred, but the reports make it sound like suspicious activity was detected and dealt with quickly. Those are good things. But that is what the first reports of the fence jumper said as well.” Source: http://www.darkreading.com/attacks-breaches/white-house-says-unclassified-network-hit-in-cyberattack/d/d-id/1317060?_mc=RSS_DR_EDT

Link:
White House Says Unclassified Network Hit In Cyberattack

City of Phoenix Computers Under DDoS Attack

Police computer communication went down for almost an hour An attack targeting the computer systems of the public services in Phoenix, Arizona, affected the city’s activity for a period of almost an hour. Police work was also impacted, as officers were not able to search for information about suspects from the computers in their cars. According to information from inside sources, the attack had been carried out for days in a row, culminating with a disruption of the system on Saturday. No sensitive information was stolen There is no information about the identity of the attackers or their purpose, but Randell Smith, City CISO (Chief Information Security Officer), said in an interview for Fox 10 that he believed the goal to be gaining access to the network and obtaining as much personally identifiable information (PII) as possible; this is generally used for financial gains. No other possible reason was given by the CISO, who told the TV station that the defense tactics had held and no data could be exfiltrated. Over the weekend, the city’s servers received a heavy DDoS blow resulting in a 45-minute outage, and the public safety systems could not send information to police officers requesting details about names, license plates, and checking criminal records. Radio is the main communication system, which means that officers can still deliver details from the field to their colleagues. Important to note is that the entire computer system of the public service is affected, and the cybercriminals do not focus on a particular department. The city of Phoenix contacted the FBI along with technology partners to help put an end to the attacks. DDoS attack services can be rented At the moment, the City of Phoenix website is available intermittently until midnight Tuesday, for maintenance reasons and probably for analyzing any clues the crooks may have left behind. The current situation was uncovered by Fox 10, who managed to obtain internal letters containing references to the attack. In one of them, a deputy city manager wrote that the city could be under a coordinated denial of service (DoS) attack, given its intensity and persistence. Although it may appear a difficult task to pull, DSoS attacks can be easily carried out, even by those with little technical knowledge. The criminal market provides such services that can be sustained for a week, for as little as $100 / €79. Depending on the level of protection of the target system and the size of the attack, the price goes up. Still, for strong servers or websites with better protection in place, the cost is about $500 / €394 for a week-long incident. Source: http://news.softpedia.com/news/City-of-Phoenix-Computers-Under-DDoS-Attack-463286.shtml  

Continue Reading:
City of Phoenix Computers Under DDoS Attack

Register for DDoS Protection and Response Strategies Webinar!

  As cyber-criminals innovate and develop new techniques to tackle defensive methods, it has never been more important for information security professionals to have strong, proactive defense and remediation strategies in place. During this webinar, the speakers will share insight on how to address the risks and respond to attacks. Hear about the evolution of and motivations behind DDoS attacks and the attack vectors exploited Discover how to implement multi-layered DDoS defense Identify best practice detection and classification techniques Discover how to implement resilient DDoS incident response practices Date: November 12th 2014 Time: 10:00AM EST/15:00 GMT Click here to register !

See more here:
Register for DDoS Protection and Response Strategies Webinar!

DDoS attack on Ukraine election commission website

Ukraine’s election commission website has been attacked by hackers on the eve of the country’s parliamentary polls. According to Ukrainian officials, the website came under cyber attack on Saturday, just one day before Ukraine is set to hold general elections. “There is a DDoS attack on the commission’s site,” said the Ukrainian government information security service. A distributed denial-of-service (DDoS) attack slows down or disables a website by flooding it with communications requests. The security service labeled the attack as “predictable” and went on to say that the website’s design insures that it could not be completely taken down and that it is currently completely functional. “If a site runs slowly, that doesn’t mean it has been destroyed by hackers,” the statement added. As for reports that the site was in control of hackers, Markiyan Lubkivskyy, an adviser to the Ukrainian Security Service said, “Any statements regarding the alleged successful unauthorized intrusions into the cyber space of the Central Election Commission or the elements of the elections systems do not correspond to the facts. Hackers are controlling nothing.” Ukraine’s snap elections were called in August as President Petro Poroshenko came under pressure to purge the parliament of lawmakers allegedly tied to the overthrown government of Viktor Yanukovych. As many as 36 million Ukrainians are eligible to take part in the parliamentary elections. The leaders of the breakaway eastern regions of Donetsk and Lugansk have refused to allow the polls to be held in territories under their control, with a population of almost three million. Ukraine’s mainly Russian-speaking regions in the east have been the scene of deadly clashes between pro-Russia protesters and the Ukrainian army since the government in Kiev launched military operations in mid-April in a bid to crush the protests.   Source: http://www.presstv.ir/detail/2014/10/25/383623/ukraines-election-website-hacked/

Read More:
DDoS attack on Ukraine election commission website