Tag Archives: ddos

Ukrainian Interior Ministry Website Reportedly Hit By DDoS Attack

The website Ukraine’s Interior Ministry is currently inaccessible, having apparently fallen foul of a distributed denial-of-service (DDoS) attack by hackers, local media said Sunday. Ukraine’s IT specialists claimed that they were behind the outage, which came after police violently dispersed a pro-EU rally in downtown Kiev Saturday, and promised to take down other Ukrainian government websites, pravda.com.ua reported. “Unfortunately, not each Ukrainian can come to Mykhailivska Square in Kiev or other local squares… That’s why I suggest an efficient way that everyone can show their protest in the Internet… I mean DDoS attack on the sites of our enemies in the government,” IT specialists said in a statement. The report said the Ukrainian government portal, www.kmu.gov.ua, also went out of service Sunday after suspected hacking. Some 35 people were injured after riot police cracked down on protesters camping out in the Independence Square in the capital Kiev Saturday, doctors said. Seven people still remain in hospital. A total of 35 people were briefly detained by police. Protesters regrouped Saturday near a monastery at Mykhailivska Square in downtown Kiev, which became the new place for continuing pro-EU rallies. Activists spent a night there and said they would form a national resistance task force to prepare a nationwide strike. Source: http://en.ria.ru/world/20131201/185186195/Ukrainian-Interior-Ministry-Website-Reportedly-Hit-By-Hackers.html

See the original post:
Ukrainian Interior Ministry Website Reportedly Hit By DDoS Attack

$1M lost in attack against Bitcoin Internet Payment Services

Copenhagen-based Bitcoin Internet Payment Services (BIPS) has been hit with a DDoS attack and has had 1,295 BTC stolen (a little over $1M) mostly from the company’s own holdings, but some from their c…

See the article here:
$1M lost in attack against Bitcoin Internet Payment Services

What e-commerce companies think about DDoS protection

Prolexic announced the results of a survey of global e-commerce companies who were asked about DDoS protection and the effectiveness of different types of DDoS mitigation services. A cross-sectio…

Read the original:
What e-commerce companies think about DDoS protection

New Zealand Couriers struck down by DDoS attack

The New Zealand Couriers website was the victim of a ‘denial of service’ botnet attack late last week, believed to be from overseas. The ‘denial of service’ attack, which took place on Thursday November 7, was specifically aimed at preventing access to www.nzcouriers.co.nz and the online tools hosted on this page, and required intensive and malicious effort by an unknown group. Revealed through a customer email sent out by the company, NZ Couriers wrote: “We have sorted out the issues caused by this attack for the most part. “But there are some important pieces of information we wanted to make you aware of: • You may experience a longer wait time than usual when contacting our call centre, due to more people doing things over the phone that they would usually do through our website. We would encourage you in the first instance to try using our online tools as usual before calling through to book a courier, buy product, or track an item. • The issue was caused by a malicious attack, but no one who visits our website is at any sort of risk – this is not related to viruses or anything along those lines. • Traffic to www.nzcouriers.co.nz has been restricted to New Zealand and Australian based companies – so if you have a customer outside of this region, or if your company runs an offshore system then they may not be able to access this website. If this occurs, we do have a way to resolve this – simply contact us on 0800 800 841 and we’ll get the details from you required to sort this out. Admitting that there may be “some lingering issues over the next few days,” NZ Couriers claims these are likely to be sorted out within the next week. “New Zealand Couriers apologises for this interruption of service and we will continue to do everything in our power to deliver the same great service you have come to expect from us,” the company email concluded. Source: http://techday.com/netguide/news/nz-couriers-struck-down-by-dos-attack/173381/

Read More:
New Zealand Couriers struck down by DDoS attack

Pro Afrikaans Action Group (Praag) under DDoS attack

Afrikaans language activist group Praag intends to lay criminal charges against people responsible for attacking its website, the group said on Thursday. Pro Afrikaans Action Group (Praag) founder Dan Roodt said the website and servers had been under a “distributed denial of service” (DDOS) attack, causing disruptions since Tuesday. He believed the attack was aimed at bankrupting Praag and its service provider through the consumption of bandwidth and damage to network infrastructure. “We are going to lay charges with the SA Police Service under the Electronic Communications and Transactions (ECT) Act 25 of 2002 for the DDOS attack against us, but also against those anonymous individuals slandering us on Facebook, social media, and in relation to potential advertisers on our site,” said Roodt. On Sunday, Rapport reported that Google had decided to stop channelling advertising to Praag, and this threatened the future of the website. Roodt told the paper that Praag made thousands of rands from advertising on its website, and would not be able to function without advertisers. He said Google told him that Afrikaans was not a recognised advertising language and it could channel advertisements only to the English version of the Praag website. Roodt, however, alleged that a woman who opposed Praag was behind the problem. He claimed the woman had started a “malicious and fanatical” Facebook group called “Speak Out Against the Website Praag”. In a letter she reportedly posted on the social media network, she accused Praag of being racist and of spreading hate speech, and shared the letter with companies she claimed were helping it spread this message by advertising on the website. On Thursday, Roodt said he had the backing of supporters to take on the attackers. “We will not be using the distasteful and underhanded techniques of our opponents but will be defending ourselves in an open, transparent and legal manner,” he said. Source: http://www.iol.co.za/news/crime-courts/charges-pending-after-praag-web-attack-1.1607313#.UoTwduLrKb4

View the original here:
Pro Afrikaans Action Group (Praag) under DDoS attack

3-Cyber attack “war game” tests London banks

* Exercise involved “fake foreign government attack”-source * Also involved “denial of service attack” – source * Event dubbed “Waking Shark II” * Bank of England has told banks to strengthen defences By Matt Scuffham and Joshua Franklin A cyber attack by a foreign government on financial markets played out in one of London’s historic halls on Tuesday in a “war game” simulation designed to test the City’s defences against online saboteurs. About 100 bankers, regulators, government officials and market infrastructure providers gathered to take part in a exercise dubbed “Waking Shark II” at Plaisterers’ Hall in the heart of Britain’s financial district. Regulators and companies are growing increasingly concerned about the threat of cyber crime to the banking system, including the impact of coordinated online assaults or hacking attacks on specific lenders. The Bank of England has told banks to strengthen their defences against cyber attacks. One unidentified London-listed company incurred losses of 800 million pounds ($1.3 billion) in a cyber attack several years ago, according to British security services. Tuesday’s five and a half hour event ran from 1200 GMT and involved simulations designed to test how well banks and other market players communicate and coordinate with authorities and each other, sources told Reuters. An industry source who attended said one of the simulations featured a cyber attack by a fake foreign government and a denial-of-service (DOS) attack, which makes network resources unavailable to users. The source described the test as a “productive exercise” which left participants better equipped to deal with a real-life attack. The finance ministry, Bank of England and the Financial Conduct Authority said the exercise had been “sustained and intensive”. “A thorough review of the lessons learned is underway to identify potential improvements to the resilience of the sector,” their joint statement added. A report will be published early in the new year. REAL CHALLENGE The event, one of the largest of its kind in the world, follows a similar large-scale simulation in New York this year dubbed “Quantum Dawn 2? and comes amid heightened fears over the threat from hacking and cyber attacks. “This is a good opportunity to iron out any flaws now before our cyber defences are tested in anger,” said Stephen Bonner, a partner in KPMG’s Information Protection & Business Resilience team. Richard Horne, a partner at PricewaterhouseCoopers who specialises in cyber security, said the exercise was useful but the real challenge lay in co-ordinating across the industry to make sure a crisis scenario is never reached. “It will take a lot of detailed technical work and testing, coordinated across the industry, to really understand all the interdependencies and develop meaningful containment and recovery plans,” Horne said. The investment banking industry itself played a key role in co-ordinating the exercise, along with the Bank of England, the Treasury and the Financial Conduct Authority (FCA) and follows a similar exercise two years ago, the sources said. Institutions involved in this year’s test included Barclays , BNP Paribas, Bank of America, CHAPS, Commerzbank, Credit Suisse, Deutsche Bank , Euroclear, Goldman Sachs, HSBC, JP Morgan, LCH Clearnet, London Stock Exchange, Morgan Stanley, Nomura, Royal Bank of Scotland , SocGen, SWIFT and UBS, according to a source familiar with the matter. Source: http://www.reuters.com/article/2013/11/12/banks-wargame-idUSL5N0IX48C20131112

Read the original:
3-Cyber attack “war game” tests London banks

DDoS as dance: Anonymous hits the ballet

A new multimedia ballet, “HackPolitik,” fuses jarring, angular movements with electroacoustic music and video projection to interpret the activities of hacker collective Anonymous. Hacker collective Anonymous is going to the ballet. Take that in; it’s not often you’ll see Anonymous and ballet in the same sentence. The unusual pairing will take place November 15 and 16 at the Boston University Dance Theater, where the Juventas New Music Ensemble debuts “HackPolitik,” a new contemporary ballet based on the hacktivist group’s activities and personalities. The piece combines electroacoustic music, modern dance, and video projection to examine how the Internet impacts 21st century discourse and sometimes blurs the lines between activism and anarchy. Instead of pastel tutus, expect to see dancers in black and white, with dramatic face paint that evokes Guy Fawkes masks. And erratic, sometimes militant movements instead of fluid pirouettes. How do hacks on Twitter and LinkedIn accounts translate to physical movement? Neither the dance nor the music is neatly representative of things like Web site defacements, distributed denial-of-service attacks, and data theft, though they do aim to capture the mood of cyber insurgency. One scene, for example, opens with a soloist appearing to search for a way into something. Once she’s successful, the rest of the dancers join her with a series of advancing movements directed at one point in space that’s meant to represent the entity being attacked. “The movement interprets the initial culture of Anonymous as a crass, chaotic, and immature world out of which particular personalities and goals emerge,” choreographer Kate Ladenheim tells CNET. “For example, in the opening of the piece, we created a phrase that we lovingly refer to as the ‘f*@% you’ phrase. There are 10 examples of immature gestures/f*@%-you hand motions that are abstracted to become full bodied and then traveled through space in various ways.” This was Ladenheim’s take on trolling, memes, and the “all-around chaos of IRC and online message boards like 4chan.” The idea for “HackPolitik” came to Boston-based composer Peter Van Zandt Lane in late 2011, when some of Anonymous’ more high-profile politically driven cyberattacks grabbed the spotlight. Lane teaches a course at Brandeis University called “Protest and Propaganda in Music,” but hadn’t had much occasion to meld those interests with his creative work. “The idea of a ballet based on the global hacktivist movement excited me, as it was a way I could potentially pull these three spheres together,” he tells CNET. The two-act piece touches, among other things, on the December 2010 distributed denial-of-service attack on PayPal. It was organized in response to PayPal halting donations to the online leaked-documents clearinghouse WikiLeaks. Another of the ballet’s 10 scenes references Anonymous’ 2011 attack on HBGary Federal, a security firm trying to investigate the loosely organized global group. “The music, on its own, says…disorder, absurdity, cohesion/collaboration, militaristic triumph, humiliation, betrayal, etc.,” Lane says. “Choreography can connect these expressions a bit more concretely to the activities of Anonymous, but ultimately, the audience has to make connections themselves, between a generally abstract art form and the specific events that inspired them.” To create the ballet, Lane; Ladenheim, artistic director of NY-based contemporary dance company The People Movers; and conductor Lidiya Yankovskaya, artistic director of the Juventas New Music Ensemble, mined author Parmy Olson’s writings on Anonymous, which closely examine the global activist movement. Anonymous has supporters worldwide, as evidenced by this week’s “Million Mask March” in cities from Washington, D.C., to Tokyo to Sao Paulo, Brazil. Some pioneers of the hacktivist movement, however, have criticized Anonymous, saying its methods abridge free speech and hurt the cause . But “HackPolitik,” Lane insists, isn’t about taking sides. “For me,” he says, “the piece is less about answers, and more about bringing up questions on how we emotionally and artistically are able to respond to the influence of technology on our society.” Source: http://news.cnet.com/8301-17938_105-57611236-1/ddos-as-dance-anonymous-hits-the-ballet/

Taken from:
DDoS as dance: Anonymous hits the ballet

Denial of Service (DDoS) Cyber attacks – are they using the same logic as terror threats?

Much has been discussed about the damage that the Advanced Persistent Threat (APT) attacks cause to corporates and governments alike. It is estimate that at least 50% of Fortune 500 companies have been compromised by APT, and the potential financial damage to these organizations is almost impossible to quantify, but probably in the trillions of US dollars. Compared to this a crude Denial of Service (DoS) attack or its more advance siblings, the Distributed Denial of Service (DDoS) attacks and Distributed Reflector (DRDoS) attacks, their outcome seems pretty benign- your site is being bombarded by thousands of request for information, until the server gives up and no-one can actually use the site. Once the attack stops, access is possible again and no damage to your IT infrastructure has occurred, no data or money was stolen and hopefully your angry customer will believe it was just a “site malfunction”. But as attack methods have become more sophisticated AND more accessible (for example, now one can simply rent hundreds of BOT computer as a service, to carry the attack for him, using a simple interface, with no need to know how to actually hack), the industry had to act, and developed means to mitigate these attacks. Several methods of DDoS mitigation exist and multiple companies offer these as a service. Now a very dangerous equation begins to unfold, one where the attacker can use simple, cheap tools (a fairly typical rate for DDoS botnet rental hovers around the $200 for 10,000 bot agents per day), and the defender must invest much larger resources, both internal (maintaining a Security Operations Center or SOC) and external (service providers), creating an inherent asymmetry. This asymmetry means that organizations wishing to mitigate this threat will keep investing (or throwing, since there is no actual gain here, only minimizing the impact) money over time, until they are in serious economic pain. And this is exactly what Islamic terrorist have been trying to do in the recent global jihad campaign- making western countries bleed money in order to try and prevent sparse attacks carried by rudimentary means. As Osama bin Laden said: “It is very important to concentrate on hitting the American economy with every available tool … the economy is the base of its military power. The United States is a great economy but at the same time it is fragile.” The risk is that using offensive cyber means one can achieve this goal much faster (and one does not have to blow himself to pieces in the process, or hurt innocent people). Therefore, prevention and not only mitigation is necessary. Organizations must be far more proactive than they are now. Sure, investments in IT security and best practices are always a good idea, but also applying preventive intelligence to greatly reduce the impact of attacks. This, couples with harsher legislation and enforcement against both the suppliers and the perpetrators of the attacks will hopefully, in the end, balance this asymmetric equation. For protection against your eCommerce site click here . Source: http://defense-update.com/20131107_denial-service-ddos-cyber-attacks-using-logic-terror-threats.html

Read the original:
Denial of Service (DDoS) Cyber attacks – are they using the same logic as terror threats?

Avoiding Website Outages During the Holiday Season

The holiday shopping season is practically upon us, and online retailers don’t want to endure any IT downtime between Thanksgiving and Christmas when many ring up a third of their annual receipts. That’s a lot of green. Online shopping carts should register nearly $100 billion this holiday season in online sales – up 12% from a year ago, estimates Shop.org. What can online retailers do to avoid outages and other disruptions? It’s an important issue because an estimated one-in-five retailers suffered outages last year. The damage? Forty-five% estimated they could lose $500,000 to $5 million in one day due to a website crash. Gartner consultants predict a 10% growth in the financial impact that cybercrime will have on online businesses through 2016. They see distributed denial-of-service (DDoS) attackers taking advantage of new software vulnerabilities to begin an assault with multiple sources and often multiple targets. These can be introduced via employee-owned devices used in the workplace and even via the Cloud. Actions to Take Now While it’s probably too late to take major actions this holiday season, retailers can still take some steps to minimize such disruptions. However, to really combat the outage and downtime challenges, retailers should begin taking more effective steps after the New Year starts to get ready for the 2014 holiday rush. Three-of-four online retailers (77%) strengthened their online IT defenses this year to reduce downtime from last year. Downtime certainly occurs. Considering the common 99.5% system uptime, this leaves 43 hours – roughly one-and-a-half days – of downtime yearly.  A key focus area should be ensuring your site can handle rapid and unexpected increases in demand. That demand can take two forms: desired demand, which should be scaled up Cyber Monday and undesired demand, which should be mitigated, like a cyberattack. Here’s what online retailers still can do before the approaching Big Season. Determine whether you can handle the increased traffic from desired demand expected during the holiday season, especially on Cyber Monday, when online sales soar. You might still be able to turn to cloud-based services to add capacity and prevent a site crash. But if you don’t have a cloud provider, it’s probably too late to make those arrangements and transfer your data to the provider’s site. Determine if you have adequate mitigation capabilities for DDoS attacks from hackers. The last quarter of the year, primarily holiday season, is when DDoS attacks increase in size and intensity. In the 2012 fourth quarter, one DDoS protection service mitigated attacks that reached more than 50 gigabits per second directed against ecommerce clients; the average attack duration was 32.2 hours. Find out how various types of DDoS threats can impact different elements of your network and determine mitigation actions that can protect them, including employing a DDoS mitigation service. Keep tabs on blogs and social media sites because hackers enjoy bragging about their activities and sometimes disclose their next industry target. Make sure your payment data being collected remains secure because attackers often are going after customer credit card data. For retailers about to begin or who have begun what’s called the “network freeze,” in which no changes of any type can be made to their network and system components or apps operations until mid-January to avoid triggering downtime, if any severe vulnerability that has the potential to cause downtime is found, an emergency change window should be requested to remediate the problem – even during the “freeze.” This “freeze” practice actually is a Payment Card Industry (PCI) regulation. But only 21%bof businesses that store credit and debit card data comply with that regulation in between their mandatory annual audits, a Verizon study finds. What to Do for Next Holiday Season When the holiday and post-holiday sales rush slows, begin thinking about the 2014 holiday season, especially if you’re really bent on enhancing your defenses and scalability against downtime or outages and you haven’t taken major steps yet. Here are some suggested initiatives: Confer with a consulting firm or a data center or cloud provider about what you need to do, specifically, to realize your objectives. Consider actually retaining a service provider that delivers services to help you scale out and protect your IT operations. Going to the cloud doesn’t alleviate your IT responsibility where security is involved. The cloud doesn’t necessarily make your apps secure. A service provider can work with developers to develop and meet these objectives. Shift to a scale-out IT model so your applications scale out, not up, and this may require application transformation efforts to make you application resilient even when infrastructure services are disrupted in local regions. Act early in the year because this type of transformation effort will require changes across all parts of your infrastructure and application; no real shortcut exists and there won’t be time to make these types of changes once the selling season is upon you. Embrace cloud-type platforms if you’re a seasonal online retailer because they’re more dynamic and it’s easy to scale up quickly to meet demand and not incur extra costs when the demand isn’t there. Look into establishing a hybrid cloud so those apps that can’t be moved to the cloud quite yet, can continue to be handled in their traditional manner. For instance, you might use the cloud for web and application tiers and keep other operations in your normal IT setup until you are ready to take on the transformation actives required to update your database environment. Be sure to test your enhanced system before the holiday season and design it to support 100% availability because your goal must strive to always be up. This means securing secondary and tertiary facilities and resources far apart from your principal facility so if an outage occurs in one site, the load can be automatically shifted to an alternate site. Lastly, understand your key performance indicators, or KPIs – those measurements used to evaluate the success of particular activities in which you’re engaged. To do this well, you must possess a firm understanding of the KPIs across all tiers of your applications. Certainly for online retailers, the holiday selling season is critical to their financial strength and even survival. That’s why it’s imperative to keep your IT operations up and running and to recognize and repel cyber-attackers. But remember. You can’t do everything.  Simply do what you can for this year and move swiftly to prepare for the 2014 holiday season. Source: http://multichannelmerchant.com/crosschannel/avoiding-outages-holiday-season-06112013/

Read More:
Avoiding Website Outages During the Holiday Season