Tag Archives: ddos

WordPress USED AS ZOMBIE in DDoS attacks

Tens of thousands of vulnerable WordPress sites have been co-opted into a server-based botnet being used to run DDoS attacks. More than 160,000 legitimate WordPress sites were abused to run a large HTTP-based (layer 7) distributed flood attack against a target, which called in cloud security firm Sucuri for help. Security experts discovered that the attack traffic was coming from WordPress sites with pingbacks enabled on blog posts, which is on by default. Pingbacks allow automatic backlinks to be created when other websites link to a page on a WordPress blog. The problem can be fixed by installing a simple plugin, as explained by Sucuri CTO and OSSEC Founder Daniel Cid in a blog post. “Any WordPress site with Pingback enabled (which is on by default) can be used in DDOS attacks against other sites,” Cid explains. “Note that XML-RPC is used for pingbacks, trackbacks, remote access via mobile devices and many other features you’re likely very fond of. But, it can also be heavily misused.” Sean Power, security operations manager for DOSarrest, a DDoS mitigation technology services firm, said the attack relied on exploiting vulnerabilities in old versions of WordPress. This type of issue has been known about since 2007 and the specific problem abused in the latest run of attacks was fixed more than a year ago in a WordPress core release in January 2013. “Attackers exploited a vulnerability in the core WordPress application and therefore it could be used for malicious purposes in DDoS attacks,” Power explained. “The fix for this feature was actually released in the 3.5.1 version of WordPress in January 2013 and would be picked up by most good vulnerability scanners. “This is a prime example of how users aren’t regularly performing updates to their websites, because if they were, we wouldn’t still be seeing DDoS attacks being carried out by websites taking advantage of this old flaw,” Power added. WordPress is an open source blogging platform and content management system (CMS) that’s used by millions of websites across the interwebs. Source: http://www.theregister.co.uk/2014/03/12/wordpress_vuln_creates_botnet_army/

View the original here:
WordPress USED AS ZOMBIE in DDoS attacks

MUM’s WordPress recipe blog USED AS ZOMBIE in DDoS attacks

Well, it’s statistically reasonably likely. Just update to 3.8.1, OK? Tens of thousands of vulnerable WordPress sites have been co-opted into a server-based botnet being used to run DDoS attacks.…

View post:
MUM’s WordPress recipe blog USED AS ZOMBIE in DDoS attacks

Over 162,000 WordPress sites exploited in DDoS attack

DNS and NTP servers are not the only publicly accessible resources that can be misused to amplify DDoS attacks. Sucuri CTO Daniel Cid revealed details of a recent incident in which they received a …

Original post:
Over 162,000 WordPress sites exploited in DDoS attack

DDoS Attacks Still a Significant Threat

It’s an attack vector that’s been around ever since the Internet became a valuable business tool. Distributed Denial of Service, of DDoS, attacks are still one of the most prevalent threats facing businesses today. There are reports suggesting that DDoS attacks are on the rise and that the Internet’s DNS infrastructure – critical for the operation of the Internet – remains vulnerable and a significant target. Jag Bains, the CTO at DOSarrest Internet Security, spoke to us about DDoS attacks and what can be done to mitigate their impact. When we spoke with Michael McKinnon from AVG at the Tech Leaders forum in Queensland earlier this year, he said “So much damage is being done, for example, through spoof traffic. If most major network providers were responsible enough to stop traffic from leaving their networks that they knew were coming from IP addresses they weren’t responsible for then we would have spoof traffic on the Internet and cut down networks responsible for this kind of damage”. I asked Bains what could be done to prevent DDoS attacks from being a viable attack vector and whether there was a benefit for network operators to not block the attacks. “They’re not doing it from a revenue opportunity. One guy’s server is compromised for a few days and it flips out a huge bill. But, it’s too much of a headache [for telcos] to make it a revenue stream’” said Bains. “The big guns behind some of these attacks are occurring out of data centres that have compromised servers or hosting networks with compromised servers,” he added. Although it is possible to block spoof packets coming from a network, this would not be as straightforward as it sounds. Bains suggested that there would be significant cost. “It comes at a CPU cost to your routers. You’re dealing with high traffic volumes that might create a different type of bottleneck,” said Bains. I challenged Bains on this, noting that Moore’s Law will take this year’s bottleneck and make it insignificant in a short time. In fact, if we’d taken action like this against DDoS attacks a decade ago there would be little need to suffer these attacks. “Let’s say we did that and it might help to stem these tidal wave attacks. But that doesn’t mean DDoS would have been thwarted. One of the most interesting things in the DDoS arena is the rise of application attacks coming from legitimate sources,” he said. As well as their use to cripple companies and use as a form of ransomware – it’s not unknown for gambling operators in unregulated markets to use DDoS attacks to either cripple or ransom their competition – they can be used to manipulate financial markets. According to Bains the recent Mount Gox attack, that resulted in losses of hundreds of millions of dollars of Bitcoin, was at least partly a DDoS attack. “Hammering the exchange affected stability. Prices lowered and couldn’t come back up and they were using it to influence the peaks and troughs,” he said. “It’s a tool that’s crude in its intentions but highly effective”. Bains’ company, DOSarrest claims to have a solution. Their software can shift the traffic from a DDoS attack to a server environment that is specifically designed to deal with the attack. “All users have to do is change their DNS record to point to one of our IPs. We’re able to take the DOS attack out of hosting the network, bring it to a topology or infrastructure that is groomed specifically for that only”. What’s clear is that DDoS attacks are here to stay and that there is no silver bullet that will prevent their occurrence. However, it is possible to mitigate the damage they can do. Source: http://www.cso.com.au/article/540163/ddos_attacks_still_significant_threat/?fp=4&fpid=959105

View the original here:
DDoS Attacks Still a Significant Threat

Over 160,000 legitimate WordPress sites used for DDoS attack

Distributed Denial of Service (DDoS) attacks aren’t new and 2013 was one of the worst years when it comes to such attacks that too through the use of large botnets and / or specialised DDoS tools; however, use of legitimate WordPress blogs and sites to carry out such attacks is something that isn’t widespread, but is becoming a trend lately. According to Sucuri Research over 162,000 legitimate WordPress blogs and sites were a part of huge DDoS attacks on one of its client’s website. The attacker(s) used WordPress websites as indirect amplification vectors through a simple one line command. “Any WordPress site with XML-RPC enabled (which is on by default) can be used in DDOS attacks against other sites”, notes Sucuri CTO and OSSEC Founder Daniel Cid in a blog post. Cid explained that the DDoS attack was a large layer 7 HTTP-based distributed flood attack through which the perpetrators forced legit WordPress sites to send out thousands of requests per second to the victim’s servers. All the GET requests being sent to victim’s servers had a random value that bypassed their caching mechanism thereby forcing to load the whole page on every request, which killed the server quickly. “One attacker can use thousands of popular and clean WordPress sites to perform their DDOS attack, while being hidden in the shadows, and that all happens with a simple ping back request to the XML-RPC file” revealed Cid. Cid provides a couple of workarounds to ensure that your WordPress site isn’t DDoSing someone else’s site. First is to disable the XML-RPC (pingback) functionality from your site. This can be done by removing the xmlrpc.php or disabling the notifications in your blog’s settings. However, the thing is as soon as you upgrade your WordPress, the file come right back. Another solution is that users use some cloud based security solution or proxy site that will ensure that such misuse is prohibited. “This is a well known issue within WordPress and the core team is aware of it, it’s not something that will be patched though. In many cases this same issue is categorized as a feature, one that many plugins use, so in there lies the dilemma”, concludes Cid. Source: http://www.techienews.co.uk/977737/160000-legitimate-wordpress-sites-used-ddos/

Read this article:
Over 160,000 legitimate WordPress sites used for DDoS attack

Mt. Gox hit by massive DDoS attacks

Mt. Gox K.K., the collapsed trading platform for the bitcoin digital currency, came under so-called distributed denial of service (DDoS) attacks aimed at shutting its servers by overloading them with massive volumes of data in early February, it has been learned. Also between February and earlier this month, bitcoin exchanges in Canada and Slovenia were hit by similar attacks, indicating such cyber-attacks have been launched on a global scale. According to sources, the Tokyo-based Mt. Gox was struck by cyber-attacks aimed at stealing bitcoins beginning Feb. 7 by exploiting security shortfalls in its system. Separately, it came under major DDoS attacks, with the system accessed 150,000 times per second. The attacks mostly from servers in the United States and Europe continued for several days. The company suspended bitcoin withdrawals on Feb. 10. DDoS attacks often hijack a large number of computers with viruses. According to the sources, perpetrators often launch such attacks to steal data when a company tries to mend defects in its system. Although the DDoS attacks failed to shut down Mt. Gox’s system, subsequent attacks targeted flaws in its system, stealing a massive amount of bitcoins. In mid-February, a Slovenian bitcoin exchange temporarily suspended trading due to a system glitch caused by cyber-attacks. A Canadian bitcoin exchange announced that it has lost 896 bitcoins, the equivalent of ¥60 million, due to cyber-attacks, while another exchange reported that more than 12 percent of its bitcoin holdings was stolen. “[The attacks] are probably launched by multiple hackers who want to boast they broke into the bitcoin systems,” said Tetsutaro Uehara, a professor of information security at Ritsumeikan University. “DDoS attacks can be done without high-level hacking techniques. It is possible that copycats turned their eyes on other exchanges after weaknesses in Mt. Gox’s system were found.” One week after Mt. Gox filed for bankruptcy protection, the bitcoin community is still puzzled over what exactly caused the company to go under. What are believed to be in-house documents of Mt. Gox, including a draft detailing the purported theft, are circulating on the Internet. Around Feb. 25, before the company suspended business, English documents titled “Crisis Strategy Draft” reporting 744,408 bitcoins had been stolen were posted on the Internet. The damage was almost the same as the figure cited by the company when it collapsed. Earlier this month, a self-proclaimed Russian hacker posted audio recordings of alleged conversations between Mt. Gox Chief Executive Officer Mark Karpeles and a Japanese megabank official, who urged him to close the company’s account in the bank. According to sources, the recordings are believed to be genuine. The “Russian hacker” also posted the design chart of the Mt. Gox computer system. A ‘genuine geek’ Source: http://the-japan-news.com/news/article/0001103726

More:
Mt. Gox hit by massive DDoS attacks

DDoS Attacks May Be Entering a New Era

It seems cybercriminals are no longer content just to bring down Web sites with their distributed denial-of-service (DDoS) attacks. Now, these cybercrooks are demanding ransom from Web site owners to call off their DDoS assaults, leaving victims between a rock and a hard place — either pay up or watch their sites go dark. Distributed denial-of-service (DDoS) attacks are booming, and may be reaching new levels that include more blackmail. According to recent reports, we could be entering a new phase of site attacks. Prolexic, a security firm, issued a report this month that said attacks in general, in particular DDoS, were up 32 percent in the last year over 2012. DDoS attacks generally utilize networks of hijacked computers, which then bombard targeted Web sites with requests that overwhelm them, causing the sites to crash. While such attacks have been common for years, new benchmarks are appearing. In February, security firm Cloudfare reported that it recently helped protect one of its clients against the largest DDoS attack on record. The unnamed Web site, according to Cloudfare, was subjected to 400 gigabytes per second, nearly a third larger than the 2013 attack on antispam Web site Spamhaus. The Spamhaus attack, also fended off by Cloudfare, had been the largest on record to that point. $300 Ransom Last month, domain registration company Namecheap reported it had been assaulted by a coordinated attack on 300 of its registered sites. This week, social networker Meetup.com said attackers demanded a $300 ransom in exchange for calling off a DDoS attack. The site refused, and was brought down for several days, including over the Oscars weekend when many Meetup users scheduled get-togethers. In a blog post, CEO Scott Heiferman said that his company did not want to negotiate with criminals, especially since the low ransom demand apparently meant the attackers were amateurs who might be encouraged to engage in more such efforts. Reportedly, such ransom demands, especially when no user confidential data is involved, are not uncommon but are not frequently made public. A New Era Has Dawned Lawrence Orans, research vice president at industry research firm Gartner, told us that we may indeed be in a new era. He said, “[The] DDoS attack landscape changed in September, 2012, when attackers began to launch attacks using botnets of compromised servers, instead of botnets of compromised PCs.” He added that these server botnets enabled attackers to launch more powerful attacks, and the key event in that month occurred when cyberattacker group Izz Ad-Din Al Qassam “started to launch attacks, using botnets of servers, against major North American banks.” A report late last year from the Ponemon Institute said that nearly 20 percent of U.S. data center outages resulted from organized attacks on Web sites. Orans noted that DDoS attacks can span from several hours to several days, and ISPs are currently charging “a 15 percent premium over bandwidth costs to offer a ‘clean pipe’ service to monitor and mitigate against DDoS attacks.” Some estimates peg the average cost of a DDoS outage at about $630,000. To counter this, Orans said that enterprises in verticals commonly targeted for DDoS attacks “should consider specialty DDoS mitigation providers,” or DDoS mitigation services provided by ISPs. Source: http://www.toptechnews.com/news/DDoS-Attacks-Entering-a-New-Era/story.xhtml?story_id=0120013PJXVC

Original post:
DDoS Attacks May Be Entering a New Era

26-year-old hacker responsible for massive DDoS-attacks sentenced in Russia

A man was sentenced to probation after being convicted for Distributed Denial of Service (DDoS) attacks as a result of Group-IB and the The Ministry of the Interior (MVD) collaboration work. Group-IB assisted in the investigation, collection, preservation and identification of digital evidence. The criminal business owner turned out to be a 26-year-old resident of the Sayansk-city, Irkutsk region. The reason for the investigation was an attack on a large financial corporation, which owns several banks. Since the recourse to the Group-IB up to the moment of the attacker arrest there were record-breaking short terms – all of the work was done within a month. The criminal used underground hacking forums to find clients by posting advertisements for DDoS services. Russians, citizens of  the CIS, Britons and many others ordered his services regularly. Group-IB’s evidence said a man used the Dragon botnet to launch the attacks. In autumn 2012, authorities had arrested the suspect in Sayansk, Ziminsk district. During the investigation, the accused pleaded guilty and showed detailed process of launching cyber-attacks. Group-IB computer forensic experts proved the guilt of the arrested in committing a series of cybercrimes.  A Sayansk city court judge rendered a guilty verdict against 26-year-old man for unauthorized access to computer information and was condemned to two years of conditional sentence. The Group-IB experienced experts explained that such attacks are common now as a result of unfair competition between companies. “Commercial organizations should think about DDoS protection,” said Dmitry Volkov, Head of the Group-IB Investigation Department. “However, if the incident has already occurred, the Group-IB is ready to conduct a full and independent investigation and find the attacker using forensic methods and tools.” Source: http://www.digitaljournal.com/pr/1776830#ixzz2vCwNMKJi

Continued here:
26-year-old hacker responsible for massive DDoS-attacks sentenced in Russia

Cisco patches enterprise wireless vulns

Everything from DoS to device access Cisco has issued patches and mitigation instructions for 16 of its wireless products, to take care of a number of denial of service vulnerabilities and one unauthorised access vulnerability.…

See the original article here:
Cisco patches enterprise wireless vulns

Image 354ef7ad7bf2ce23a1f152437e4c3d18.png

Why is Meetup Site Down? Hacker Attempts to Extort $300 From CEO Scott Heiferman

The Meetup site is down after a hacker attempted to extort $300 from the site’s CEO Scott Heiferman. The social networking site was the victim of a DDoS attack that was allegedly paid for by one of Meetup’s competitors. The attack began on Thursday when CEO Scott Heiferman received an email that reads: Date: Thu, Feb 27, 2014 at 10:26 AM Subject: DDoS attack, warning A competitor asked me to perform a DDoS attack on your website. I can stop the attack for $300 USD. Let me know if you are interested in my offer. As soon as Heiferman received the email, the attack began and overwhelmed Meetup’s servers. The site went down and stayed that way for nearly 24 hours. The success of the site being back up was short-lived as Meetup was hit again and again with numerous DDoS attacks over the course of the weekend. Why is Meetup Site Down? Hacker Attempts to Extort $300 From CEO Scott Heiferman – photo from Twitter Stating his reasons for not paying the hacker behind the attack, Heiferman wrote on Meetup’s blog: We chose not to pay because: 1. We made a decision not to negotiate with criminals. 2. The extortion dollar amount suggests this to be the work of amateurs, but the attack is sophisticated. We believe this lowball amount is a trick to see if we are the kind of target who would pay.  We believe if we pay, the criminals would simply demand much more. 3. Payment could make us (and all well-meaning organizations like us) a target for further extortion demands as word spreads in the criminal world. 4. We are confident we can protect Meetup from this aggressive attack, even if it will take time. As of right now, the site is still down as the Meetup team continues to secure its servers. When users attempt to log onto the site, they are met with the following error message: Over the past several days, Meetup has suffered a prolonged denial of service (DDoS) attack, resulting in intermittent service outages for our website and apps. We’re working urgently to bring Meetup back and restore full functionality. We appreciate your patience. Heiferman encourages all Meetup users to stay informed by receiving updates via Twitter, Facebook or the company’s blog. Why is Meetup Site Down? Hacker Attempts to Extort $300 From CEO Scott Heiferman. Source: http://americanlivewire.com/2014-03-03-meetup-site-down/

Taken from:
Why is Meetup Site Down? Hacker Attempts to Extort $300 From CEO Scott Heiferman