Tag Archives: ddos

Massive DDoS attacks reach record levels as botnets make them cheaper to launch

Nineteen attacks that exceeded 100Gbps were recorded during the first three months of 2016 There were 19 distributed denial-of-service (DDoS) attacks that exceeded 100 Gbps during the first three months of the year, almost four times more than in the previous quarter. Even more concerning is that these mega attacks, which few companies can withstand on their own, were launched using so-called booter or stresser botnets that are common and cheap to rent. This means that more criminals can now afford to launch such crippling attacks. “In the past, very few attacks generated with booter/stresser tools exceeded the 100 Gbps mark,” researchers from Akamai said in the company’s State of the Internet security report for the first quarter of 2016 that was released Tuesday. By comparison, only five DDoS attacks over 100 Gbps were recorded during the fourth quarter of 2015 and eight in the third quarter. Nineteen such attacks in a single quarter is a new high, with the previous record, 17, set in the third quarter of 2014. But high bandwidth is not the only aspect of DDoS attacks that can cause problems for defenders. Even lower-bandwidth attacks can be dangerous if they have a high packet rate. A large number of packets per second poses a threat to routers because they dedicate RAM to process every single packet, regardless of its size. If a router serves multiple clients in addition to the target and exhausts its resources, that can cause collateral damage. According to Akamai, in the first quarter there were six DDoS attacks that exceeded 30 million packets per second (Mpps), and two attacks that peaked at over 50 Mpps. DDoS reflection and amplification techniques continue to be used extensively. These involve abusing misconfigured servers on the Internet that respond to spoofed requests over various UDP-based protocols. Around one-in-four of all DDoS attacks seen during the first three months of 2016 contained UDP (User Datagram Protocol) fragments. This fragmentation can indicate the use of DDoS amplification techniques, which results in large payloads. The four next most common DDoS attack vectors were all protocols that are abused for DDoS reflection: DNS (18 percent), NTP (12 percent), CHARGEN (11 percent) and SSDP (7 percent). Another worrying trend is that an increasing number of attacks now use two or more vectors at the same time. Almost 60 percent of all DDoS attacks observed during the first quarter were multivector attacks: 42 percent used two vectors and 17 percent used three or more. “The continued rise of multi-vector attacks suggests that attackers or their attack tools are growing more sophisticated,” the Akamai researchers said in their report. “This causes problems for security practitioners, since each attack vector requires unique mitigation controls.” China, the U.S. and Turkey were the top three countries from where DDoS attack traffic originated, but this indicates where the largest number of compromised computers and misconfigured servers are located, not where the attackers are based. The most-hit industry was gaming, accounting for 55 percent of all attacks. It was followed by software and technology (25 percent), media and entertainment (5 percent), financial services (4 percent) and Internet and telecommunications (4 percent). Being hit by one isn’t the only way DDoS attacks can affect businesses: They can also be blackmailed with the threat of one, an increasing trend over the past year. In some cases attackers don’t even have to deliver on their threats. Researchers from CloudFlare reported recently that an extortion group earned $100,000 without ever launching a single DDoS attack. Source: http://www.itnews.com/article/3079988/massive-ddos-attacks-reach-record-levels-as-botnets-make-them-cheaper-to-launch.html

See original article:
Massive DDoS attacks reach record levels as botnets make them cheaper to launch

Anonymous DDoS and shutdown London Stock Exchange for two hours

Anonymous hacktivists take down the London Stock Exchange website for more than two hours as part of protest against world’s banks The online hacktivist group, Anonymous reportedly shut down the London Stock Exchange (LSE) website last week for more than two hours as part of a protest against world’s banks and financial institutions. According to the Mail on Sunday, the attack was carried out by Philippines unit of Anonymous on June 2 at 9am. Previous targets have included the Bank of Greece, the Central Bank of the Dominican Republic and the Dutch Central Bank. The newspaper says: “Anonymous claims the incident was one of 67 successful attacks it has launched in the past month on the websites of major institutions, with targets including the Swiss National Bank, the Central Bank of Venezuela and the Federal Reserve Bank of San Francisco.” A spokesperson for the LSE declined to comment on the incident, however, the attack most likely took the form of a distributed denial of service (DDoS) attack, meaning trading would not have been affected and no sensitive data would have been compromised. In the 24 hours before the LSE site went down, the group also claims that the attack on the LSE was the latest in a series that has also seen it target the websites of NYSE Euronext, the parent company of the New York Stock Exchange and the Turkey Stock Exchange, as part of a campaign called Operation Icarus. According to the newspaper, City of London Police said it was not informed that the LSE website had gone down and had no knowledge of the attack. However, the latest attack may not be a complete surprise. In a video posted to YouTube on May 4, a member of the amorphous group announced in that “central bank sites across the world” would be attacked as part of a month-long Operation Icarus campaign. The video statement said: “We will not let the banks win, we will be attacking the banks with one of the most massive attacks ever seen in the history of Anonymous.” By using a distributed-denial-of-service (DDoS) cyberattack, the group also successfully disrupted the Greek central bank’s website. In light of that event, a separate video was posted to YouTube on May 2. The masked individual representing Anonymous group said: “Olympus will fall. How fitting that Icarus found his way back to Greece. Today, we have continuously taken down the website of the Bank of Greece. Today, Operation Icarus has moved into the next phase.” The Anonymous spokesperson added: “Like Icarus, the powers that be have flown too close to the sun, and the time has come to set the wings of their empire ablaze, and watch the system their power relies on come to a grinding halt and come crashing down around them. We must strike at the heart of their empire by once again throwing a wrench into the machine, but this time we face a much bigger target – the global financial system.” Source: http://www.techworm.net/2016/06/anonymous-ddos-shutdown-london-stock-exchange-two-hours.html

Continue reading here:
Anonymous DDoS and shutdown London Stock Exchange for two hours

Hackers Hit Facebook CEO Mark Zuckerberg’s Twitter and Pinterest Accounts

Facebook co-founder and CEO Mark Zuckerberg was apparently targeted by a hacking team over the weekend that was able to access his seldom-used Twitter and Pinterest accounts. The hacker group OurMine, believed to be based in Saudi Arabia, posted messages to Zuckerberg’s Twitter account, @finkd, which features just 19 tweets and hasn’t been otherwise updated since 2012. The team also briefly commandeered Zuckerberg’s Pinterest account, which has just a few boards and pins. Both Twitter and Pinterest have since removed the unauthorized content on Zuckerberg’s accounts, and Twitter has also suspended OurMine’s main account. The group is now posting on Twitter via a backup account. ‘Saving People from Other Hackers’ On Sunday, OurTeam tweeted on the backup account, “i don’t understand why @twitter suspended our account while we are saving people from other hackers!” Another tweet posted this morning added, “Our Old Twitter (@_OurMine_) is suspended because we are just trying to secure Mark Zuckerberg Accounts!” The person or people posting to the backup OurTeam Twitter page also noted they would try to get the team’s main Twitter account unsuspended. Contrary to some news reports stating that OurTeam claimed to have found Zuckerberg’s login information from user data leaked from a major hack attack on LinkedIn in 2012, the hacking group noted in a tweet yesterday that it had made no such claim and added that it had never used LinkedIn. ‘Relatively New’ Hacking Group OurMine is a “relatively new” hacking group that first appeared on Twitter in March 2015, according to a report published by the content delivery network specialist Akamai last year. The team initially appeared to focus on distributed denial of service (DDoS) attacks on gaming services, and later took responsibility for similar such attacks on financial service companies. Nine companies were attacked by OurTeam on July 22 of last year, with the combined DDoS attack levels exceeding 117 gigabytes per second. OurMine has also claimed to have attacked a number of other targets, including Soundcloud and PewDiePie. Zuckerberg hasn’t made any public statement regarding the OurMine attacks on his accounts. However, after OurMine tweeted it had accessed his accounts, Zuckerberg responded, “No you didn’t. Go away, skids.” That tweet has also since been removed. A June 2012 hack of LinkedIn was originally believed to have involved just 6.5 million passwords — at least, that’s the number LinkedIn first acknowledged. However, a report emerged last month that a dark Web marketplace and another site, LeakedSource, had obtained data from 167 million hacked LinkedIn accounts. Of those, 117 million included e-mails and passwords. The remaining accounts are thought to belong to users who logged into the site via Facebook. Some news reports have stated that OurTeam claimed to have found Zuckerberg’s Twitter and Pinterest password — “dadada” — in the compromised LinkedIn data. Source: http://www.sci-tech-today.com/news/Hackers-Hit-Zuckerberg-s-Accounts/story.xhtml?story_id=012001GT5W5O

Read More:
Hackers Hit Facebook CEO Mark Zuckerberg’s Twitter and Pinterest Accounts

BitGo Under DDoS Attack; Wirex Advises Customers Not To Use Platform

Wirex, a bitcoin debit card provider, sent an email to customers today advising them to avoid making transactions on the Wirex platform until it could confirm from thatBitGo services have been resumed. The message included a BitGo tweet advising users it was under a distributed denial of service (DDoS) attack. BitGo is a wallet and a security platform for bitcoin and blockchain technologies. “We, therefore, recommend to avoid making any transactions via E-Coin/Wirex platform until confirmation from BitGo that the services have been resumed,” the Wirex email noted. The BitGo tweet stated: “We apologize for the issue, but we’re under DDOS attack at this moment. We’re working on it and will keep you updated.” Wirex is a wallet service that provides both physical and virtual bitcoin debit cards. Wirex users were able to send bitcoin from within the BitGo Instant network. BitGo Offers Instant Settlement Wirex uses the BitGo Instant service, which provides immediate settlement of bitcoin transactions, CCN reported in February. There was nothing on the BitGo blog about the attack at the time of this report. BitGo’s service eliminates the “double spend” potentiality in bitcoin transactions. The service is for users seeking instant bitcoin transactions while securing funds against the possibility that the sender will spend the money elsewhere before the transaction gets confirmed via the blockchain. BitGo provides immediate transaction settlement using the crypto keys among participating users’ wallets. BitGo Gains A Following Other cryptocurrency exchanges and apps offering BitGo Instant include Bitstamp, Bitfinex, Unocoin, Kraken and the Fold app. There have been several DDoS attacks bitcoin wallets and exchanges in recent months. Bitcoin and alt.coins exchange BTC-e suffered a DDoS attack in January. BTCC, the Shanghai, China-based digital currency exchange, suffered a DDoS attack at the end of last year. OkCoin, another exchange, was also the target of a DDoS attack in July. Source: https://www.cryptocoinsnews.com/bitgo-ddos-wirex-advisory/

See more here:
BitGo Under DDoS Attack; Wirex Advises Customers Not To Use Platform

NTP Patches Flaws That Enable DDoS

The network time protocol, at the center of a number of high-profile DDoS attacks in 2014, was updated on Thursday to ntp-4.2.8p8. The latest version includes patches for five vulnerabilities, including one rated high-severity. NTP, specifically the NTP daemon, synchronizes system clocks with time servers. Vulnerable NTP servers were used two years ago with regular frequency to carry out amplification attacks against targets. High-bandwidth NTP-based DDoS attacks skyrocketed as attackers used vulnerable NTP implementations to amplify DDoS attacks much in the way DNS amplification has been used in the past. Some NTP amplification attacks reached 400 Gbps in severity, enough to bring down even some of the better protected online services. US-CERT today released a vulnerability notification about the latest set of NTP vulnerabilities. “Exploitation of one of these vulnerabilities may allow a remote attacker to cause a denial-of-service condition,” the US-CERT advisory said. US-CERT also published a list vendors potentially vulnerable to attack; as of this afternoon, only the NTP project’s ntpd implementation is known to be affected. The status of the remainder of the A-Z list of vendors is characterized as unknown. “Unauthenticated, remote attackers may be able to spoof or send specially crafted packets to create denial of service conditions,” US-CERT said. One of the vulnerabilities, privately reported by Cisco, is a crypto-NAK crash or denial-of-service bug. Crypto-NAK responses are sent by NTP servers if a server and client do not agree on a message authentication code. The four remaining flaws were disclosed by Red Hat researchers. One is related to the crypto-NAK issue. “An attacker who knows the origin timestamp and can send a spoofed packet containing a CRYPTO-NAK to an ephemeral peer target before any other response is sent can demobilize that association,” an NTP.org bug report says. Another patch corrects a flaw where spoofed server packets were processed. “An attacker who is able to spoof packets with correct origin timestamps from enough servers before the expected response packets arrive at the target machine can affect some peer variables and, for example, cause a false leap indication to be set,” said the bug report. An autokey association reset flaw was also patched. Here an attacker who spoofs a packet with a correct origin timestamp before the response arrives can send a crypto-NAK or bad MAC and cause an association’s peer variables to be cleared, eventually preventing it from working correctly. The final vulnerability addressed is an issue where broadcast clients may be flipped into interleave mode. Source: NTP Patches Flaws That Enable DDoS https://wp.me/p3AjUX-uOO

Read More:
NTP Patches Flaws That Enable DDoS

Russia’s top 3 banks were target of world’s largest DDoS attack

Russia’s three largest Russian banks – VTB, Sberbank and Bank of Moscow – came under a massive DDoS-attack in the fall of 2015, a top manager at VTB has said. Claiming the attackers demanded a bitcoin payment for stopping the attack. A senior official from one of Russia’s largest banks has revealed that the lender became the target of the most extensive DDoS-attack in the entire history of monitoring in the fall of 2015. “A certain group of perpetrators” carried out a series of “the strongest DDoS-attacks” against Sberbank, VTB and Bank of Moscow for several days, Dmitry Nazipov, senior vice president of VTB, told the Russian media on June 1. According to him, the bank received a “fairly typical letter” in English at that time demanding a bitcoin payment in return for stopping the attacks. “Obviously, we did not agree to pay, but that attack was generally localized in three days, and was not repeated on such a scale thereafter,” said Nazarov. He pointed out that to solve the problem, VTB collaborated with police, telecom service providers and the Central Bank’s information security center, FinCert. In September 2015, the deputy head of the Central Bank’s main security and information protection directorate, Artyom Sychev, said that the websites of five major Russian banks had been subjected to a DDoS-attack. He did not disclose the names of the banks. Sychev said that after the end of the attacks, some of the banks attacked received letters from extortionists who demanded that 50 bitcoins (the average value of a bitcoin was around $230 in September 2015 – RBTH) be transferred to them for not repeating such attacks. He noted that the banks did not suffer damage as a result of the attack. Earlier on June 1, the Federal Security Service and the Interior Ministry reported the detention of 50 suspects in a theft of 1.7 billion rubles ($25 million) from financial institutions. The police also said that they could prevent 2.2 billion rubles’ ($32.5 million) worth of possible damage. The law enforcement agencies turned to security software producer Kaspersky Lab for help in identifying the suspects. According to the company, the hackers stole 3 billion rubles ($44.5 million). Six Russian banks, including Metallinvestbank, the Russian International Bank, Metropol and Regnum, were victims of the hackers. Source: https://rbth.com/business/2016/06/02/russias-top-3-banks-were-target-of-worlds-largest-ddos-attack_599743

Read More:
Russia’s top 3 banks were target of world’s largest DDoS attack

Anonymous Announces #OpSilence, Month-Long Attacks on Mainstream Media

Members of the Ghost Squad Hackers team, one of most active Anonymous sub-divisions, have carried out DDoS attacks on CNN and FOX News as part of a new hacktivism campaign. Called OpSilence, the campaign’s goal is to attack all mainstream media that fails to report on the Palestine war or the true crimes happening in Syria, one of the hackers told Mic. #OpSilence will take place during the entire month of June 2016 The operation will be run similarly to #OpIcarus , a month-long series of attacks that took place in the month of May against various banks around the world. Any hacktivism group is welcomed to join, and the campaign comes on the heels of OpIcarus, which just ended yesterday. Ghost Squad Hackers didn’t wait for June to start to begin their attacks, and they’ve already hit the email servers of FOX News and CNN. The group has been changing tactics lately, switching from DDoSing public websites to attacking mail servers, as they did most recently against the Bank of England. Other hackers have taken a pro-Palestine stance before Taking a pro-Palestine stance isn’t something strange for hackers, many others supporting this cause as well. The previous group that did so was CWA (Crackas With Attitude), whose hacked targets include CIA Director John Brennan’s personal AOL email account, FBI Deputy Director Mark Giuliano, US National Intelligence Director James Clapper, and President Barack Obama’s Senior Advisor on science and technology John Holdren. The group is also responsible for hacking the JABS US national arrests database. They also leaked details for 2,400 US government officials, 80 Miami police officers, 9,000 DHS employees, and 20,000 FBI staffers. Back in February, the group’s leader, a sixteen-year-old boy, was arrested in East Midlands, England. Source: http://news.softpedia.com/news/anonymous-announces-opsilence-month-long-attacks-on-mainstream-media-504760.shtml

See the article here:
Anonymous Announces #OpSilence, Month-Long Attacks on Mainstream Media

DDoS Attacks via TFTP Protocol Become a Reality After Research Goes Public

Almost three months after researchers from the Edinburgh Napier University published a study on how to carry out reflection DDoS attacks by abusing TFTP servers, Akamai is now warning of real-life attacks. Akamai SIRT, the company’s security team, says its engineers detected at least ten DDoS attacks since April 20, 2016, during which crooks abused Internet-exposed TFTP servers to reflect traffic and send it tenfolds towards their targets, in a tactic that’s called a “reflection” (or “amplification”) DDoS attack. The crooks sent a small number of packets to TFTP servers, which contained various flaws in the protocol implementation, and then sent it back multiplied to their targets. The multiplication factor for TFTP DDoS attacks is 60, well above the regular average for reflection DDoS attacks, which is between 2 and 10. First instances of TFTP reflection DDoS attacks fail to impress Akamai says the attacks they detected employing TFTP servers were part of multi-vector DDoS attacks, during which crooks mixed different DDoS-vulnerable protocols together, in order to confuse their target’s IT department and make it harder to mitigate. Because the attack wasn’t pure, it never reached huge statistical measurements. Akamai reports the peak bandwidth was 1.2 Gbps and the peak packet volume was 176,400 packets per second. These are considered low values for DDoS attacks, but enough to consume the target’s bandwidth. Akamai SIRT says they’ve seen a weaponized version of the TFTP attack script circulating online as soon as the Napier University study was released. The crooks seem to have misconfigured the attack script The attack script is simple and takes user input values such as the victim’s IP, the attacked port, a list of IP addresses from vulnerable, Internet-available TFTP servers, the packet per second rate limit, the number of threads, and the time the script should run. In the attacks it detected, Akamai says the crooks ignored to set the attacked port value, and their script send out traffic to random ports on the target’s server. Back in March, Napier University researchers said they’ve found over 599,600 publicly open servers that had port 69 (TFTP) open. Akamai warns organizations to secure their TFTP servers by placing these servers behind a firewall. Since the 25-year-old TFTP protocol doesn’t support modern authentication methods, there is no good reason to have these types of servers exposed to the Internet. Source: http://news.softpedia.com/news/ddos-attacks-via-tftp-protocol-become-a-reality-after-research-goes-public-504713.shtml#ixzz4AH801pER

More:
DDoS Attacks via TFTP Protocol Become a Reality After Research Goes Public

How visibility can help detect and counter DDoS attacks

It’s been proven that preventive medical strategies are more cost-effective for treatment and better solutions to support long-term health than reactive medical measures. Anticipating issues and preparing for and supporting healthy systems is simply more logical than troubleshooting and fixing things when they go wrong. The same concept has been successfully used in IT security for years and it should be no different when planning for DDoS attacks. But despite their relatively predictable nature and … More ?

See original article:
How visibility can help detect and counter DDoS attacks

UK-Based Llyod’s Bank Sees Decrease in Cyberattacks

Swimming against the torrent of relentless headlines highlighting the lack of cybersecurity among banks, government agencies, and popular websites, the Lloyds Banking Group has seen an 80-90% drop in cyberattacks. The reason? “Enhanced” cybersecurity measures. While banks around the world begin to accept the uncomfortable reality wherein a $81 million cyber-heist is entirely plausible whilst relying on the global banking platform (SWIFT), one UK-based bank has seen a drop in cyber-attacks. UK-based Llyods Banking Group has seen a drop of between 80% to 90%, even though there has been an increase in cyberattacks targeting the UK this year. The revelation was made by Miguel-Ángel Rodríguez-Sola, the group director for digital, marketing & customer development. One of the most common attack vectors remain Distributed Denial of Service (DDoS) attacks. “There had been an increase in the UK in terms of cyber attacks between June and February this year,” Rodríguez-Sola stated. He added “However, over the last two months, I have had five-times less than at the end of last year.” Speaking to the Telegraph , he claimed a greater collaborative effort with law enforcement agencies. More notably, he spoke about the enabling of additional layers of cyber-defenses, without going into specifics. In statements, he said: We needed to re-plan our digital development to make sure that we put in new defences, more layers. [The number of cyberattacks] is now one-fifth or one-tenth of what it was last year. The news of a decrease in cyberattacks faced by the banking group comes during a time when a third bank was recently revealed to be a victim of the same banking group which was involved in a staggering $81 million dollar heist involving the Bangladesh Central Bank. Increasing reports of other member banks of the SWIFT network falling prey to cyberheists has spurred SWIFT to issue a statement, urging banks to report cybercrimes targeting member banks. Source: https://hacked.com/uk-based-llyods-bank-sees-decrease-cyberattacks/

View article:
UK-Based Llyod’s Bank Sees Decrease in Cyberattacks