Tag Archives: ddos

Census 2016 site falls to DDoS attack: ABS

As widely expected, the Census web site fell over last night — but the ABS has said it was with a little help from external players. The Australian Bureau of Statistics has continued its run of outs, scoring an own goal in the Census main event last night, after the agency claimed the site crashed thanks to four denial of service attacks. “The 2016 online Census form was subject to four Denial of Service attacks of varying nature & severity,” the ABS said on Twitterthis morning. “The first three caused minor disruption but more than 2 million Census forms were successfully submitted and safely stored. After the fourth attack, just after 7:30pm, the ABS took the precaution of closing down the system to ensure the integrity of the data.” “Steps have been taken during the night to remedy these issues, and we can reassure Australians that their data are secure at the ABS.” The agency said it would provide an update at 9am Wednesday. The ABS has launched a joint investigation with the nation’s defence intelligence agency into the assault, which ramped up on Tuesday evening as most of the population was going online to complete the survey. “It was an attack,” chief statistician David Kalisch told ABC radio on Wednesday. “It was quite clear it was malicious.” The source of the attacks is unknown but Kalisch said they came from overseas. On Tuesday, Opposition Leader Bill Shorten said that once the Census is completed, the Australian government needs to discuss with parliamentthe increasing retention of names and address data, and the reasons it is being kept. “I think we need to have a good, long look at the whole process to make sure we’re not asking for information we don’t need,” he said. “And to reassure ourselves that what information that is stored, is stored securely.” The Opposition Leader said politicians committed to boycotting the Census were grandstanding. The intrusions will put a spot light on the federal government’s AU$240 million cyber security strategy and the security of government resources online. The ABS confirmed last week that its IBM-developed online Census forms would not be able to handle names with accents or ligatures. The agency later removed a claim made by it that it was rated by the Australian National Audit Office as being in its “Cyber Secure Zone”. Source: http://www.zdnet.com/article/census-2016-site-falls-to-ddos-attack/

More:
Census 2016 site falls to DDoS attack: ABS

About 170 DDoS attacks were launched on the government bodies of Ukraine in last six months.

A representative of the State Service of Special Communications and Information Protection of Ukraine told this to Secretary of the National Security and Defence Council Oleksandr Turchynov, Ukrayinska Pravda reports. “About 15,000 events of information security events, including 170 DDoS attacks, were launched on the government bodies of Ukraine in last six months,” the representative said. According to him, “14 central executive authorities have been already connected to the State Centre for Cyber Protection, and the works to connect another 12 bodies are ongoing.” Source: http://www.ukrinform.net/rubric-crime/2062435-170-ddos-attacks-launched-on-ukrainian-government-bodies-in-six-months.html

More:
About 170 DDoS attacks were launched on the government bodies of Ukraine in last six months.

If two countries waged cyber war on each another, here’s what to expect

Imagine you woke up to discover a massive cyber attack on your country. All government data has been destroyed, taking out healthcare records, birth certificates, social care records and so much more. The transport system isn’t working, traffic lights are blank, immigration is in chaos and all tax records have disappeared. The internet has been reduced to an error message and daily life as you know it has halted. This might sound fanciful but don’t be so sure. When countries declare war on one another in future, this sort of disaster might be the opportunity the enemy is looking for. The internet has brought us many great things but it has made us more vulnerable. Protecting against such futuristic violence is one of the key challenges of the 21st century. Strategists know that the most fragile part of internet infrastructure is the energy supply. The starting point in serious cyber warfare may well be to trip the power stations which power the data centres involved with the core routing elements of the network. Back-up generators and uninterruptible power supplies might offer protection, but they don’t always work and can potentially be hacked. In any case, backup power is usually designed to shut off after a few hours. That is enough time to correct a normal fault, but cyber attacks might require backup for days or even weeks. William Cohen, the former US secretary of defence, recently predicted such a major outage would cause large-scale economic damage and civil unrest throughout a country. In a war situation, this could be enough to bring about defeat. Janet Napolitano, a former secretary at the US Department of Homeland Security, believes the American system is not well enough protected to avoid this. Denial of service An attack on the national grid could involve what is called a distributed denial of service (DDoS) attack. These use multiple computers to flood a system with information from many sources at the same time. This could make it easier for hackers to neutralise the backup power and tripping the system. DDoS attacks are also a major threat in their own right. They could overload the main network gateways of a country and cause major outages. Such attacks are commonplace against the private sector, particularly finance companies. Akamai Technologies, which controls 30% of internet traffic, recently said these are the most worrying kind of attack and becoming ever more sophisticated. Akamai recently monitored a sustained attack against a media outlet of 363 gigabits per second (Gbps) – a scale which few companies, let alone a nation, could cope with for long. Networks specialist Verisign reports a shocking 111% increase in DDoS attacks per year, almost half of them over 10 Gbps in scale – much more powerful than previously. The top sourcesare Vietnam, Brazil and Columbia. Number of attacks Verisign Scale of attacks Verisign Most DDoS attacks swamp an internal network with traffic via the DNS and NTP servers that provide most core services within the network. Without DNS the internet wouldn’t work, but it is weak from a security point of view. Specialists have been trying to come up with a solution, but building security into these servers to recognise DDoS attacks appears to mean re-engineering the entire internet. How to react If a country’s grid were taken down by an attack for any length of time, the ensuing chaos would potentially be enough to win a war outright. If instead its online infrastructure were substantially compromised by a DDoS attack, the response would probably go like this: Phase one: Takeover of network : the country’s security operations centre would need to take control of internet traffic to stop its citizens from crashing the internal infrastructure. We possibly saw this in the failed Turkish coup a few weeks ago, where YouTube and social media went completely offline inside the country. Phase two: Analysis of attack : security analysts would be trying to figure out how to cope with the attack without affecting the internal operation of the network. Phase three: Observation and large-scale control : the authorities would be faced with countless alerts about system crashes and problems. The challenge would be to ensure only key alerts reached the analysts trying to overcome the problems before the infrastructure collapsed. A key focus would be ensuring military, transport, energy, health and law enforcement systems were given the highest priority, along with financial systems. Phase four. Observation and fine control : by this stage there would be some stability and the attention could turn to lesser but important alerts regarding things like financial and commercial interests. Phase five. Coping and restoring : this would be about restoring normality and trying to recover damaged systems. The challenge would be to reach this phase as quickly as possible with the least sustained damage. State of play If even the security-heavy US is concerned about its grid, the same is likely to be true of most countries. I suspect many countries are not well drilled to cope with sustained DDoS, especially given the fundamental weaknesses in DNS servers. Small countries are particularly at risk because they often depend on infrastructure that reaches a central point in a larger country nearby. The UK, it should be said, is probably better placed than some countries to survive cyber warfare. It enjoys an independent grid and GCHQ and the National Crime Agency have helped to encourage some of the best private sector security operations centres in the world. Many countries could probably learn a great deal from it. Estonia, whose infrastructure was disabled for several days in 2007 following a cyber attack, is now looking at moving copies of government data to the UK for protection. Given the current level of international tension and the potential damage from a major cyber attack, this is an area that all countries need to take very seriously. Better to do it now rather than waiting until one country pays the price. For better and worse, the world has never been so connected. Source: http://theconversation.com/if-two-countries-waged-cyber-war-on-each-another-heres-what-to-expect-63544

Visit site:
If two countries waged cyber war on each another, here’s what to expect

DDoS Attacks: Cybercriminals Are More Homegrown Than You Think

Researchers from the FBI and a private security company say many of the distributed denial of service attacks emanate from the West.  BLACK HAT USA – Las Vegas – The stereotype of the seedy cybercriminal from Russia or Eastern Europe may no longer be valid. FBI agent Elliott Peterson told Black Hat attendees this morning that when it comes to the most recent DDoS attacks, the vast majority come from North America, Western Europe and Israel. And many are 16 to 17-years of age or in their mid-20s. “Many use their nicknames on Skype or Twitter and they are heavy users of social media,” said Peterson. Peterson and Andre Correa, cofounder of Malware Patrol, shared much of their recent research on DDoS attacks at a briefing session here this morning. They focused much of their research on amplification and reflection attacks, booters/stressers and IoT and Linux-based botnets. Peterson said the amplification and reflection attacks get a good rate of return: a hacker can send one byte and get 200 in return. The bad threat actors now sell amplification lists that criminals can easily buy over commercial web interfaces. The booters and stressers are inexpensive, they cost roughly $5 to $20 a month and require very little technical knowledge for the criminal to deploy. And on the IoT front, botnets are creating scanning hosts for default credentials or vulnerabilities. A bot is then automatically downloaded and executed. Over the past several months, Peterson and Correa have compiled more than 8 million records. They said last month, the leading DDoS type was SSDP at Port 1900. “This was kind of interesting since most people may think that NTPs were the leading cause of DDoSs, but they scored much lower because many NTP servers have been patched of late,” said Correa. Peterson said some of the criminals are just total scam artists. “They just take your money and don’t do the attack,” he said. “On the other hand, there are also some sophisticated players offering turnkey DDoS services. They provide attack scripts, amp lists and good customer service, sometimes up to six people on hand. Other findings: most attacks are in the 1-5 Gbps range, with the highest DDoS observed at 30 Gbps. Source: http://www.darkreading.com/attacks-breaches/ddos-attacks-cybercriminals-are-more-homegrown-than-you-think-/d/d-id/1326508

See more here:
DDoS Attacks: Cybercriminals Are More Homegrown Than You Think

Cybersecurity: Financial Institutions Fret over DDoS Attacks

Financial institutions, especially the banks, are getting more worried about the increasing rate of a new cyber attack called Distributed Denial of Service (DDoS), that has caused huge financial losses running into billions of naira to banks. Financial institutions expressed worries about further loss of funds to DDoS attacks at a security forum organised by MainOne and Radware in Lagos this week and called for technology solutions that would address the threat. During a panel session, Head, Infrastructure Services at Skye Bank, Mr. Tagbo Nnoli, said banks suffered major attacks last year from DDoS attacks on banks and that since then, the banks started seeking solutions to address the issue. Aside DDoS attacks, Nnoli said banks also suffered attacks from phishing and social engineering last year, resulting to huge financial losses. Head, Industry Security Services, Nigeria Inter-Bank Settlement System (NIBBS), Mr. Olufemi Fadairo, who confirmed that banks suffered huge financial losses to cyber attacks last year, however said the rate of losses due to online attacks, were beginning to reduce in 2016, following proactive measures taken by the Central Bank of Nigeria (CBN) and the NIBSS to address financial losses to cyber attacks. According to Fadairo, “NIBSS tries to protect organisations and in the past five years, there has been improvement on financial security. We do benchmarking to find out any disruption of a normal pattern of an organisation. By January 2016, we discussed about DDoS attacks on banks where 63 per cent of banks said such attacks would increase, if not mitigated on time.” Following the threat, we decided to focus on data companies like MainOne that provides data solution for the financial sector, Fadairo said. The Chief Information Security Officer at MainOne, Mr. Chidi Iwe, however raised the hopes of financial institutions at the forum, when he revealed that MainOne had partnered RadWare, a global security company to mitigate DDoS attacks in the country’s financial sector, by redirecting organisation’s traffic to the MainOne DDoS mitigation platform, from where it keeps organisation data fully protected at all times and maintaining the normal operations of organisations on-premises infrastructure. He said the service could detect and mitigate zero-day attack within 18 seconds. According to Iwe, over 50 per cent of enterprise companies globally, suffered DDoS attacks at the end of 2015, and Nigerian businesses are growing in recent yeas and the focus of attacks is gradually shifting to the Nigerian space. Although he said most attacks were not reported publicly in the past, but that there has been over 600 per cent growth in reporting attacks in Nigeria in recent times, based on CBN regulation. Two weeks ago, there was DDoS Attacks in Nigeria. Attacks have caused organisations over $500 billion in recent years, and DDoS attacks are predicted to be on the rise, Iwe said. He however assured financial institutions that the security solution service agreement it signed with Radware in 2016, would address insecurity issues with DDoS attacks. MainOne solution therefore monitors DDoS attacks and create alert for the company using the solution, he said, while listing the benefits of the solution to include online reporting, which allows customers to log online to find out what the trends are. The MainOne solution also offers training for customers in partnership with Radware to boost customer experience. He said capital expenditure CAPEX and operational expenditure OPEX, are completely eliminated by the solution. The Security Solution Architect at Radware, Mr. Eran Danino, while explaining how DDoS operates, said it first attacks firewalls, destroys it before replicating itself into other components. He said most organisations are not ready to mitigate DDoS attack because they either have saturated internet pipes, or they lack the security skills to detect and mitigate attacks. “What we do at Radware is to mitigate the attacks, just as the attackers change their attacking plans regularly,” Danino said. He explained that there was need for organisations to choose the best protection and draw up a checklist to find out the assets that must be protected first. He said Radware uses two approaches to mitigate DDoS attacks, through hybrid solution and full cloud service solution by protecting data from the cloud. Source: http://www.thisdaylive.com/index.php/2016/08/04/cybersecurity-financial-institutions-fret-over-ddos-attacks/

Read the original:
Cybersecurity: Financial Institutions Fret over DDoS Attacks

Overwatch,’ ‘Warcraft’ Servers Sidelined By DDoS Attack From Hacking Group PoodleCorp

Blizzard was hit with a DDoS attack that made its servers inaccessible, disrupting gameplay for Battle.net users on Aug. 2. Someone from Blizzard’s customer support team posted on the Battle.net forums to acknowledge the attack, saying network engineers are on the case, working to address the issue. The problem has since been resolved, but according to a tweet from Blizzard’s North American customer support team, reports of World Server Down in  World of Warcraft  are being investigated. In a tweet, hacker group PoodleCorp claimed responsibility for the DDoS attack. It’s not clear who is PoodleCorp exactly, but some Battle.net users have surmised that some of the hacking group’s members could be players who were recently banned from  Overwatch , and thus now out for revenge. Whoever they are, PoodleCorp appears to be a busy group. A day before the DDoS attack on Blizzard, the hackers apparently took on  Pokémon GO , marking their second takedown of the mobile game after first attacking it on July 16. Pokémon GO  servers were also down for several hours on July 17, but OurMine, another hacking group, took the credit for that attack. In an interview via Twitter DM, PoodleCorp’s leader, @xotehpoodle, told Mic that they targeted  Pokémon GO  because it’s popular right now. Also, they’re doing what they’re doing because nobody can stop them. “We do it because we can, nobody can stop us and we just like to cause chaos,” said the hacking group’s head, who added that their botnet is worth more than Niantic. Over the summer, PoodleCorp also claimed responsibility for hacking  League of Legends  and popular YouTubers. Earlier in June, Blizzard also experienced a major outage as another DDoS attack took out its servers. Twitter user AppleJ4ck, said to be tied to hacking group Lizard Squad, claimed responsibility for the attack and mocked Blizzard, saying the attack was part of some “preparations.” As PoodleCorp has claimed responsibility for the most recent outage, does that mean that there’s more to come given what AppleJ4ck’s been preparing for has not come to fruition? In the past, Lizard Squad had been connected to disruptions on Microsoft’s Xbox Live and Sony’s PlayStation Network. When angry gamers swarmed the hackers’ Twitter accounts, PoodleCorp and AppleJ4ck replied with similar messages, saying anyone who gets upset over a game should get a life and that they’re doing everyone a favor by knocking them offline. Source: http://www.techtimes.com/articles/172361/20160803/overwatch-warcraft-servers-sidelined-by-ddos-attack-from-hacking-group-poodlecorp.htm

Follow this link:
Overwatch,’ ‘Warcraft’ Servers Sidelined By DDoS Attack From Hacking Group PoodleCorp

123-Reg drowns in ongoing DDoS tsunami

Data centre target of attack of 30+ Gbps Beleaguered web host 123-Reg has suffered a “huge scale” distributed denial of service (DDoS) attack to its data centre – knocking the Brit outfit’s website offline and a number of users’ services. The attack began this morning and is still ongoing but no performance-related issues have been reported since the traffic was rerouted. The Register understands that the outfit experienced a DDoS attack of 30-plus Gbps to its data centre, with its protection systems kicking in within seconds of the attack being detected. Consequently the business redirected traffic through its secondary “DDoS protection platform” in Germany, which doubled its capacity. No servers were offline, although customers experienced intermittent connection issues such as our website, control panel, email or websites. A 123-Reg spokeswoman said: “At about 10:10am we received a huge scale DDoS attack to our data centre. “Our protection systems kicked in immediately and the attack was contained by 10:40am. We apologise for any intermittent connection issues to our services that some of our customers may have experienced during this time.” Back in November, internet provider Eclipse was hit by a DDoS attack. ® Source: http://www.theregister.co.uk/2016/08/02/123reg_suffers/

Read More:
123-Reg drowns in ongoing DDoS tsunami

DDoS attacks increase 83%, Russia top victim

DDoS attacks increased 83 percent to more than 182,900 attacks in the second quarter of the year, according to Nexusguard. The newest report shows that Russia has become the No. 1 victim country. Starlink – a Russian ISP supporting small, medium and large enterprises – received more than 40 percent of the DDoS attacks measured over a two-day period. This targeted DNS attack also pushed the mean average DDoS duration to hours instead of minutes, … More ?

Read the original:
DDoS attacks increase 83%, Russia top victim

MIT Faced 35 DDoS Attacks in the First Six Months of 2016

Attackers targeted the servers of the Massachusetts Institute of Technology (MIT) 35 times in the first six months of the year, according to a threat advisory released by Akamai, a content delivery network and cloud services provider headquartered in Cambridge, Massachusetts. The biggest of these incidents was a DDoS attack that lasted a day, starting on June 7, that peaked at 295 Gbps and 58.6 million packets per second, combining different vectors such as DNS reflection, SYN flood, UDP fragment, PUSH flood, TCP flood, and UDP flood. Compared to other attacks recorded globally in the first six months, according to Arbor Networks, this MIT DDoS attack is one of the 46 such attacks that went over the 200 Gbps limit, with the absolute record being 597 Gbps . Kaiten botnet behind massive 295 Gbps attack Akamai believes that this attack took place at the hands of a botnet powered by the Kaiten malware. Prior to the 295 Gbps DDoS attack, MIT suffered an 89.35 Gbps attack as well. Attackers targeted multiple IPs in MIT’s network and used a combination of 14 different DDoS flood types. Akamai says that 43 percent of these attacks used protocols susceptible to DDoS reflection flaws that amplified the attacker’s traffic. The company detected 18,825 different sources of reflected traffic, with the most located in China. China’s presence on any DDoS source list should not be a surprise by now to anyone since the country is the source of much of today’s vulnerable equipment that gets connected online, a source ready for the taking for any determined hacker. DDoS attacks are on the rise The same Arbor Networks reports cites an overall increase in terms of DDoS attacks globally, a trend which has continued in July as well. Just this week, we reported on DDoS attacks against WikiLeaks , after announcing it would release emails from Turkey’s main political party; against the Rio de Janeiro court that banned WhatsApp in Brazil; Steemit social network ; the Philippines government websites ; Pokemon GO servers ; the HSBC bank ; and against the US Congress , US Library of Congress, and the US Copyright Office. Source: http://news.softpedia.com/news/mit-faced-35-ddos-attacks-in-the-first-six-months-of-2016-506542.shtml

See the original post:
MIT Faced 35 DDoS Attacks in the First Six Months of 2016

Massive DDoS Attack Shut Down Several Pro-ISIS Websites

A team of attackers shut down several ISIS aka Daesh websites against terrorist attacks in Nice and Middle Eastern countries! Terrorism has no religion that’s why whenever a terrorist attack is carried out the victims are innocent people irrespective of race or religion. Hackers and DDoSers, on the other hand, are well aware of the enemy and that’s why recently an attacker going by the handle of ”Mons” conducted a series of DDoS attacks using NetStresser tool just a couple of days ago. The reason for targeting these sites was to protest against the sudden increase of terrorist attacks in France and Middle Eastern countries. In a conversation with HackRead, Mons said that he also got assistance from the owner of BangStresser , the famous DDoSing tool which was allegedly used to shut down BBC’s servers and Donald Trump’s website in one of the largest DDoS attacks ever. However, the attack on pro- ISIS websites varied from 50 Gbps to 460 Gbps. Mons further stated that ”We worked together to take down several ISIS websites. This is for obvious reasons. We want to help in any way we can to weaken their influence that threatens and, to some length, literally destroys our very democracy and human rights. Especially after the recent attacks in France and Arabic countries, our wrath has grown. This war needs to be fought on many fronts, and we try to cover one of them.” Here is a screenshot showing the list of targeted websites along with tweets that show earlier attacks on pro-ISIS sites. Upon checking the history on some targeted sites we can confirm the sites were spreading violent content along with terrorist ideology however at the time of publishing this article some sites were restored while some were listed for sale. This is not the first time when attackers have targeted pro-ISIS platforms. In the past, Anonymous did not only conduct cyber attacks but also exposed companies hosting those sites  — Anonymous had also blamed  CloudFlare for protecting terrorists’ websites  from DDoS attacks but the company had denied the allegations. Source: https://www.hackread.com/ddos-attack-on-pro-isis-websites/

See the article here:
Massive DDoS Attack Shut Down Several Pro-ISIS Websites