Tag Archives: ddos

100+ DDoS events over 100GB/sec reported this year

Arbor Networks released global DDoS attack data derived from its ATLAS threat monitoring infrastructure. The data shows an unparalleled number of volumetric attacks in the first half of 2014 with over…

Read More:
100+ DDoS events over 100GB/sec reported this year

DoJ provides update on Gameover Zeus and Cryptolocker disruption

The Justice Department filed a status report with the United States District Court for the Western District of Pennsylvania updating the court on the progress in disrupting the Gameover Zeus botnet an…

Original post:
DoJ provides update on Gameover Zeus and Cryptolocker disruption

‘Political’ DDoS Attacks Skyrocket in Russia

Commercial hackers in Russia are giving way to politically motivated cyber criminals targeting ideological enemies, a new study said Wednesday. The most powerful DDoS attacks on Russian websites in the first six months of 2014 were triggered by the political crisis in Ukraine, digital security company Qrator Labs revealed. February’s Olympic Games in Sochi also prompted a spike in DDoS attacks, said the study, as reported by Bfm.ru news website. Hacker attacks in Russia have generally decreased in quantity, but have become more powerful compared with the first six months of 2013, the report said. About 2,700 distributed denial-of-service (DDoS) attacks occurred during the first six months of 2014, compared with 4,400 over the same period last year, Bfm.ru said. But the number of powerful attacks upward of 1 Gbps increased five times to more than 7 percent of the total, the report said, citing Qrator Labs digital security company. Some of the attacks peaked at 120 to 160 Gbps, the report said. Attack time also grew significantly, with DDoS strikes lasting up to 91 days, compared with 21 days in the first half of 2013. Average botnet size tripled from 136,000 to 420,000 machines per attack. This indicates ideological motivation on behalf of the attackers, who, unlike criminal hackers attacking websites for money, have more time at their disposal, Qrator Labs was quoted as saying. The media made the list of prime DDoS targets along with payment systems and real estate websites. Last season, Forex websites and online stock exchanges accounted for the “absolute majority” of the attacks, the study said, without providing exact figures. Source: http://www.themoscowtimes.com/news/article/political-ddos-attacks-skyrocket-in-russia/503226.html

Read More:
‘Political’ DDoS Attacks Skyrocket in Russia

Facebook scuttles 250k-strong crypto-currency botnet

As noose tightens, VXer pleades: ‘Stop breaking my ballz’ Facebook has taken down a Greek botnet that at its peak compromised 50,000 accounts and infected 250,000 computers to mine crypto-currencies, steal email and banking details and pump out spam.…

See more here:
Facebook scuttles 250k-strong crypto-currency botnet

Dispelling the myths behind DDoS attacks

Distributed Denial of Service (DDoS) attacks are quickly becoming the preferred method for cyber attackers to wreak havoc on the internet. With a recent spate of attention grabbing headlines focused o…

Continue reading here:
Dispelling the myths behind DDoS attacks

June – The month of DDoS attacks

The list of DDoS attacks in the month of June has made for grim reading. High-profile sites have been targeted by extortion demands, online games got disrupted and at least one company was put out of business as a direct result. While it’s tempting to look for a single cause at the root of this apparent tsunami of distributed denial-of-service activity, the reality is considerably more complex. Online activism, the profit motive and even potential nation-state activity contributed to June’s high volume of DDoS attacks. The only commonality, in fact, may be the ease with which DDoS attacks can be launched. Experts like Molly Sauter, an academic and author of the forthcoming book The Coming Swarm, say that the process is childishly simple. “Literally, if you have a credit card and if you’re bored, it could be anyone,” Sauter told Network World. “It’s so easy to rent a botnet – most of them are out of Russia – and you can rent one for stupid cheap, and then deploy it for a couple of hours, and that’s really all you need to target a major site like Feedly or Evernote.” Sauter’s research focuses on the socio-political aspects of technology. She highlights the attacks, earlier in June, on websites connected to the World Cup’s sponsors and backers, which used the iconography of Anonymous. “I’m seeing a lot of Anonymous-oriented DDoS actions,” she said. Anonymous, according to Sauter, is a useful “brand” for politically motivated DDoS attacks, allowing groups to identify themselves with a particular flavor of political thought, despite no organizational connection to other activists. But the highest-profile attacks in the U.S. this June were not politically motivated – the DDoS attempts that took down RSS reader Feedly and note-taking and personal organization service Evernote drew big headlines, and Feedly, at least, was asked for ransom by its attackers. Feedly didn’t pay up, and, according to Forrester principal analyst Rick Holland, that’s probably for the best. “There’s no guarantee that they’re not going to continue to DDoS you,” he said. “It’s like regular extortion – you start paying people off and then, suddenly, they’re going to keep coming back to you every month.” Holland stopped short of urging a blanket refusal to pay off DDoS extortionists, however, saying that companies need to decide their own cases for themselves, in close consultation with their legal teams. He doesn’t know of any companies that have paid a DDoS ransom, but said that it wouldn’t surprise him to learn that it has happened. “I wouldn’t be surprised if people have gotten DDoS, it didn’t go public, they paid a ransom and that was that, but I have not specifically had those conversations,” he said. IDC research manager John Grady said that the increasing primacy of online services means that extortion-based DDoS attacks are becoming a more serious threat. “When there are direct ties from resource availability to revenue, targeting availability is a quick way to get someone’s attention,” he said. Grady echoed both Sauter’s point about the general cheapness of botnets and Holland’s argument that paying the ransom doesn’t make a company proof against further attacks. What’s more, he said, the growing power of some types of attack swings the balance of power further in favor of the attackers. “Increasingly, the ease of amplifying attacks through DNS or NTP, which can ramp traffic up in the hundreds of gigabit range that we’ve seen become common, gives attacks real economies of scale,” Grady said. Research from Forrester shows that, in addition to volumetric attacks like DNS and NTP (which essentially flood targets with unwanted data), targeted application-level attacks have been on the rise. Application-level incidents had been seen by 42% of DDoS victims surveyed in a 2013 report – just shy of the 44% that suffered volumetric attacks. Moreover, 37% used some combination of techniques. According to a report from Infonetics, that trend has prompted increasing attention for application-level mitigation technology. “An increasing number of application-layer attacks, which older DDoS detection and mitigation infrastructure can’t identify and block, are forcing companies to make new investments in DDoS solutions,” wrote principal security analyst Jeff Wilson in December. What this means is that a DDoS attack, whether it’s motivated by politics or money, is an increasingly unequal struggle. Attack techniques have become easier, cheaper and more powerful at the same time as their effects have become more damaging – and defensive measures have failed to keep pace. “The cost of entry is very low for the attackers and the cost to defend is very high for the targets,” said Holland. He said that the best defense may be to simply be as forewarned as possible, and to make plans in advance for potential DDoS incidents. Many businesses haven’t even considered the potential ramifications of a DDoS. Source: http://www.networkworld.com/article/2449855/security0/bloody-june-what-s-behind-last-month-s-ddos-attacks.html

Continue reading here:
June – The month of DDoS attacks

Week in review: DDoS attacks becoming more effective, and how to build trust between business and IT

Here's an overview of some of last week's most interesting news, articles and interviews: Gathering and using threat intelligence In this interview, Tomer Teller, Security Innovation Manager at…

Read More:
Week in review: DDoS attacks becoming more effective, and how to build trust between business and IT

eToro’s Website down Due to Malicious DDOS Attacks, Functionality Restored

Thursday has turned out to be somewhat of a more busy day for social trading platform eToro than usual. According to a company statement, the company’s service has been under attack by a malicious group of attackers since 07:12 GMT. After numerous complaints by customers of the firm, a thorough statement has been provided by eToro’s CEO, Yoni Assia. “I am sure that by now, most of you are already aware of the fact that our platform was under attack by a malicious group of hackers. I realize that many of you may be frustrated, angry, or simply worried following the unusual service interruptions that happened on Thursday, July 3rd and I wanted to contact you personally to apologize and explain what happened. Since 07:12 GMT, July 3rd, eToro has been the target of a criminal DDoS attack – a technique used by hackers to take an internet service offline by overloading its servers. (To read more about DDoS attacks:http://en.wikipedia.org/wiki/Denial-of-service_attack). I believe the choice to attack today was not a random one, as both you and eToro have been gearing up for today for the better part of the week. We had everything in place for you to experience a great day of trading, with the NFP announcement. I speak for everyone at eToro when I say that we deeply regret that this experience was denied you. We have robust systems in place to deal with such instances; however the scale of this particular attack caused our platform to experience significant downtime. All your personal data, including billing information, financial information and personal details is secure. More than that, throughout today we offered several alternatives for those of you who wanted to close a position, in order to give you as much control as was possible with regard to your portfolio. The status right now is that we were successful in restoring all of our services. Regrettably, as with attacks such as this, we might see more interruptions in the next few days. It is my personal goal to make sure you receive the best experience possible and I guarantee that all of us here at eToro are working around the clock to make sure this is exactly what you get. Our technical and service teams are at your disposal and are working non-stop to help each and every one of you resolve any issue affecting your personal account.” Update: On Friday morning in Europe, users have been reporting troubles with website and app functionality, and issues with logging in. Around 9BST, the status of the website was updated by the company, with eToro stating that currently it’s up and running, despite still being under attack. According to a company spokesperson, the malicious attempts are now blocked before they can affect eToro’s community. Source: http://forexmagnates.com/etoros-website-down-due-to-malicious-ddos-attacks-restored-only-to-go-dark-again/#sthash.PWXi3f61.dpuf

Continued here:
eToro’s Website down Due to Malicious DDOS Attacks, Functionality Restored

Could Cookies Be Used to Launch DoS Attacks?

Giant cookies could be used to create a denial of service (DoS) on blog networks, says infosec researcher Bogdan Calin. Such an attack would work by feeding users cookies with header values so large that they trigger web server errors. Calin created a proof of concept attack against the Google Blog Spot network after a customer reported problems with internal security testing. In his subsequent tests, he found that if one sends many cookies to a browser, sets them to never expire and includes pointers to a blog network’s root domain, the user won’t ever be able to see any blogs on the service. Victims can tell if supersized cookies have been stuffed down their browser’s throats when 400 errors such as “Your browser sent a request that this server could not understand. Size of a request header field exceeds server limit” appear. Sydney security bod Wade Alcorn (@WadeAlcorn) said the attack would work if custom cookies could be set. “This attack, denial-of-service by cookies, sets many long cookies, forcing the browser to create a very long request [that] is too long for the server to handle, and simply returns an error page,” Alcorn said. “The vulnerable browser won’t be able to visit that origin until the cookies are cleared. “When a browser visits one of these [user-controlled] subdomains it will allow a cookie to be set on the parent domain [which] means that when a denial-of-service by cookies attack is launched, the victim browser will not be able to visit the parent domain or any of the subdomains.” For an application to be vulnerable it must provide an opportunity for the attacker to set custom cookies in the victim’s browser, Alcorn pointed out. Chrome users were not affected when perusing Blog Spot but were on other unnamed domains. Alcorn said a Google security rep told him the risk was a problem for web browser developers to fix, rather than a lone web app providers, and welcomed ideas that could squash the vector. Source: http://www.theregister.co.uk/2014/07/02/monster_cookies_can_nom_nom_nom_all_the_blogs/

Read this article:
Could Cookies Be Used to Launch DoS Attacks?