When the waters finally calmed, Blizzard took to Twitter with the following message. That’s because some nefarious individuals launched a DDOS attack on the service. In fact, all of Blizzard’s U.S. servers were down for an extended period last night. Sony and Microsoft undergo similar attacks on a regular basis and are especially prone to such attacks during the holidays. GAMING SERVICES were hit with a distributed denial-of-service (DDoS) attack that forced users to eat Cheetos while not screaming at total strangers. This isn’t the first time the group has attacked a gaming company. Blizzard has suffered an attack on its servers that halted access to many of its games. By about 11:45 p.m., Blizzard sent out the above tweet giving gamers the all clear to jump back online. Given some of the realm stability issues caused by the service interruptions, there may be some log loss when loot is dropped or crafting occurs. A DDoS attack targeting game developer Blizzard’s servers has disrupted gamers from logging into popular games such as Diablo 3 and World of Warcraft. From the looks of it, a Blizzard employee’s Outlook account was hacked which lead to personal information and contact lists with information about other Blizzard employees being found. Maybe the hacking group felt their fellow gamers were being wronged (they weren’t) and this was their grand form of retaliation. They have teased that they have “more to come” without explaining what they plan to do next. Source: http://sacredheartspectrum.com/2016/04/blizzards-battle-net-hit-with-major-ddos-attack/
Details of a new, high-impact vulnerability known as BadLock have been revealed, affecting Samba, the standard Windows interoperability suite of programs for Linux and Unix. As the researchers who discovered it noted, “we are pretty sure that there will be exploits soon after we publish all relevant information.” Fortunately, patches have been released today, and admins would behoove themselves to update their systems immediately. The vulnerability was discovered by Stefan Metzmacher, a member of the international Samba Core Team, working at SerNet on Samba. He reported the bug to Microsoft and has been working closely with the computing giant to fix the problem. The research team said that the security vulnerabilities can be mostly categorized as man-in-the-middle or denial of service attacks. The several MITM attacks that the flaw enables would permit execution of arbitrary Samba network calls using the context of the intercepted user. So for instance, by intercepting administrator network traffic for the Samba AD server, attackers could view or modify secrets within an AD database, including user password hashes, or shutdown critical services. On a standard Samba server, attackers could modify user permissions on files or directories. As far as DDoS, Samba services are vulnerable to a denial of service from an attacker with remote network connectivity to the Samba service. While there are several proof of concept (PoC) exploits that researchers have developed, they’re not releasing them to the public, nor are they going into detail on what the vulnerability entails or arises from. Red Hat researchers offered a bit more on the flaw: It is “a protocol flaw in the DCE/RPC-based SAMR and LSA protocols used in the Microsoft Windows Active Directory infrastructure. DCE/RPC is the specification for a remote-procedure call mechanism that defines both APIs and an over-the-network protocol. The Security Account Manager (SAM) Remote Protocol (Client-to-Server) provides management functionality for an account store or directory containing users and groups. The protocol exposes the “account database” for both local and remote Microsoft Active Directory domains. The Local Security Authority (Domain Policy) Remote Protocol is used to manage various machine and domain security policies. This protocol, with minor exceptions, enables remote policy-management scenarios. Both SAMR and LSA protocols are based on the DCE 1.1 RPC protocol.” These protocols are typically available to all Windows installations, as well as every Samba server. They are used to maintain the Security Account Manager database, which applies to all roles (for example, standalone, domain controller or domain member). The flaw thus gives attackers a way to insert themselves into that communications chain, and go on to execute a MiTM or DDoS attack. The BadLock researchers announced weeks ago that they would be making this announcement and releasing patches, drawing not a little derision for hyping the situation—especially since they went so far as to develop a logo. But the researchers said that they were simply making use of the hash-taggable name to get people interested, talking about it and ready to patch. “Like Heartbleed, what branded bugs are able to achieve is best said with one word: Awareness,” the researchers noted. “It is a thin line between drawing attention to a severe vulnerability that should be taken seriously and overhyping it. This process didn’t start with the branding—it started a while ago with everyone working on fixes. The main goal of this announcement was to give a heads up. Vendors and distributors of Samba are being informed before a security fix is released in any case. This is part of any Samba security release process.” Source: http://www.infosecurity-magazine.com/news/badlock-opens-door-for-sambabased/
Electronic Tribulation Army has anger management problems Oklahoma man Benjamin Earnest Nichols faces up to 10 years jail in a United States federal prison and a US$250,000 fine after pleading guilty to launching a distributed denial of service attack against security consultancy mccrewsecurity.com .…
“Anonymous” vows to carry on its annual assaults on Israeli infrastructure linked to its #OpIsrael campaign on April 7, 2015 — However, it seems more hype than harm The first attacks in connection with #OpIsrael occurred in 2013, wherein some divisions of the Anonymous hackers mutually launched multiple organized cyber-attacks against Israeli websites on the eve of the Holocaust Remembrance Day, on April 8. From 2013 onwards, the group carried out such attacks consistently same date every year, and in a recent video statement, it has pledged to continue these attacks in 2016. However, this year, Holocaust Remembrance Day is on May 4, but the attacks will still occur on April 7. Israel has planned a hackathon on ironically the same day: In recent years, these cyber attacks contained DDoS attacks, database leaks, website defacements, and social media account hijacking but aAfter the recent spasms against Ukraine’s electrical power grid, this year, the Israeli government has also arranged a hackathon with over 400 participants who will take on against the potential cyber-attack on the country’s power grid, transportation system, and government IT networks. This potential threat based hackathon is also scheduled for today. History of some high-profile cyber attacks against Israel: 1. In 2013, Israel’s major traffic tunnel was hit by a cyber-attack, causing huge financial damages. 2. In 2014, Izz al-Din al-Qassam Brigade of Hamas successfully hacked the ongoing transmission of famous Israeli Channel 10 and replaced it with images of wounded Palestinian families. 3. In April 2015, several computer networks belonging to the Israeli military were penetrated by Arabic-speaking hackers under a four-month spying campaign by using provocative images of IDF’s women soldiers. 4. In January 2016, Israeli power authority network was hit by a sophisticated ransomware. 5. In February 2016, pro-Hezbollah hackers took over country’s security camera systems. Data leak and DDoS attacks conducted by Anonymous and pro-Palestinian hackers: The hacktivists are already targeting Israeli government and civilian websites. In the latest attacks, hundreds of government-owned websites have been under DDoS attacks forcing them to stay offline. There are several tweets containing Pastebin links in which attackers are claiming to dump credit card data of several Israeli citizens. One hacktivist group going with the handle of RedCult has leaked a list of about 1000 alleged Facebook users from Israel containing emails and their clear-text passwords. The websites that have been taken offline include Israel Defense Forces, Israeli ministry of justice, Israeli Immigration, Israel Police Department, Israel Airport Authority, Israeli ministry of justice, rights and services for Holocaust survivors and other top government websites. Source: https://www.hackread.com/anonymous-cyber-attack-on-israel/
XOR botnet authors migrate to using BillGates malware Over the past six months, security researchers from Akamai’s SIRT team have observed a shift in the cyber-criminal underground to using botnets created via the BillGates malware to launch massive 100+ Gbps DDoS attacks. The BillGates malware is a relatively old malware family aimed at Linux machines running in server environments. Its primary purpose is to infect servers, link them together in a botnet controlled via a central C&C server, which instructs bots to launch DDoS attacks at their targets. The malware has been around for some years and due to its (irony-filled) name is probably one of the most well-known Linux-targeting malware families. Former XOR botnet operators reverted to using BillGates A BillGates botnet is capable of launching Layer 3, 4, and 7 DDoS attacks. More accurately it supports ICMP floods, TCP floods, UDP floods, SYN floods, HTTP floods and DNS reflection floods. According to Akamai’s Security Intelligence Research Team (SIRT), ever since the XOR DDoS botnet , also Linux-based, has been neutralized a few months back, hacking outfits have switched to the BillGates botnet for their attacks. While not as powerful as the XOR botnet, which was capable of launching 150+ Gbps attacks, BillGates attacks can go over 100 Gbps when needed. Moreover, as Akamai noticed, the hacking crew that deployed the XOR botnet has also switched to using BillGates malware, the CDN and cyber-security provider seeing DDoS attacks on the very same targets the XOR botnet crew was previously attacking. Most BillGates DDoS attacks targeted Asian online gaming servers DDoS attacks launched with this botnet have were seen targeting Asia-based companies and their digital properties, mostly located in online gaming. Besides the original XOR crew, the malware has been used to build different botnet by multiple gangs and has even been used as the base for other Linux-based DDoSing malware. The BillGates malware is available for purchase on underground hacking forums, and it comes in the form of a “malware builder” which allows each crew to generate its own strand, that can run on different C&C servers. Last June , Akamai observed a similar spike in DDoS attacks coming from botnets built with the BillGates malware. Source: http://news.softpedia.com/news/ddos-attacks-with-billgates-linux-malware-intensify-502697.shtml
Imperva has recently witnessed a new type of DDoS attack they believe might become a go-to for cyber criminals looking to take sites and services down. The attack was an application layer DDoS attack, aimed at exhausting a target server’s RAM and CPU resources. But unlike previous ones they have seen, this one was “ginormous.” “While deadly to servers, application layer attacks are not especially large in volume. Nor do they have to be, as … More ?
A nonymous’s repeated attacks on Donald Trump since December of 2015 have made hacker harassment a part of everyday conversation. Today, the United States Department of Justice handed down a sentence to a member of the Electronik Tribulation Army (ETA) that shows just how severe the punishment for those types of hacks can be. Benjamin Earnest Nichols, a 37-year-old ETA member from Oklahoma City, pled guilty to intentionally causing damage with a distributed denial of service (DDoS) attack on mcgrewsecurity.com in 2010. Nichols hasn’t been sentenced yet, but faces a maximum of 10 years in federal prison and a $250,000 fine. It’s the DDoS attack that put Nichols in court, but the list of other things he admits to doing range from costly to downright dirty: causing $6,500 in losses to McGrew Security because of a downed website, making disparaging remarks and insulting McGrew (owner of the attacked website and security service), photoshopping images of McGrew, and sending sex toys to McGrew’s home. The exact type of sex toys were not mentioned in the U.S. Attorney’s Office press release. Regardless, it’s the type of behavior hacking groups have made a name doing. It’s also behavior that the U.S. DOJ plans on stopping. McGrew became a target of the ETA because of his role in the arrest of Jesse McGraw, the leader of the hacker group, back in 2009. McGraw was arrested after he installed malware and a remote-access program on dozens of computers at the North Central Medical Plaza in Dallas. He planned to use the medical computers for a DDoS attack on a rival hacker group, but was stopped before anything came of his tampering. He was sentenced to nine years in federal prison in 2011. It was one of the first major cybercrime sentences given, and the hacking community still mentions the decision’s importance. After McGraw’s arrest, Nichols and two other ETA members turned their eyes on McGrew. “They set up a website in my name to pose as me, and put up embarrassing content or things they though would embarrass me, including a call-to-action to buy sex toys, and fake pornographic images,” McGrew told Wired in 2010. “They harvest email addresses from the university I work at and emailed it out to those.” McGrew was a key witness against McGraw, so the FBI got involved. They raided Nichols’ home because his actions were “affecting a potential witness in an official proceeding,” the search warrant affidavit read. The search warrant lists Nichols as going by the names “thefixer25,” ”fixer,” “fix,” ”c0aX,” and “ballsdeep.” Witness intimidation is a federal crime. The ETA responded by posting the following on its website: “On the 23rd of June 2010 the Federal Bureau of Investigation issued search warrants on ETA members. All their computers and electronic devices have been taken for forensic investigation…. We are not terrorists, we are freedom fighters and cyber protesting is not illegal.” Back in 2009, when McGraw was arrested, ETA members were hyper aware of how they could be next. When Nichols was asked if he was still in the ETA in an email from another member, he responded: “Right now admissal (sic) of any kind like that is certainly what some douchebag prosecutor would like. I cannot give you that answer when you ask me outright, however.” Nichols also said that he wiped his computers. Turns out he didn’t wipe them well enough, and can look forward to big time for his hacking crimes. It’s a message from the DOJ to the hacking community that it surely won’t ignore. Source: https://www.inverse.com/article/13891-hacker-faces-10-years-for-ddos-attacks-and-sex-toy-pranks-in-doj-crack
A quarter of all companies risk their business-critical systems due to a lack of anti-DDoS protection according to new research by Kaspersky Lab. It’s the kind of absence that can cause enterprises massive financial loss and reputational damage and, according to the research, more than half of companies feel that investing in protection against DDoS attacks is justified. About the same number of survey respondents from telecoms (82 percent) and finance (78 percent) think anti-DDoS protection is an important cyber-security requirement for infrastructure. Just shy of a quarter (24 percent) of respondents don’t use DDoS protection or only use it part of the time (41 percent). Only 34 percent of companies are fully protected against the threat. A majority of companies with no anti-DDoS protection are the ones attacked the most often such as media (36 percent), healthcare and education (both 31 percent). A quarter of companies stated that the stability of business-critical systems is a priority for their organisation, however only 15 percent plan to implement anti-DDoS protection in the near future. “It’s important to take DDoS attacks seriously as they can be just as damaging to a business as any other cyber-crime, especially if used as part of a bigger targeted attack. Organisations must understand that protection of the IT infrastructure requires a comprehensive approach and continuous monitoring, regardless of the company’s size or sphere of activity,” said Russ Madley, head of B2B at Kaspersky Lab. Source: http://www.scmagazineuk.com/over-half-of-companies-feel-investment-in-ddos-protection-is-justified/article/487567/
With a business model dependent on 100% uptime for their online customers, the last thing SaaS companies can afford is a DDoS attack. Read this DDoS eBook from Incapsula and find out: Why SaaS companies are such a popular target for DDoS attacks What are the costs and risks of DDoS attacks to your business What are the steps SaaS companies can take to defend themselves. How does Incapsula work? Once activated through a simple … More ?
The websites of Novosti-Armenia (newsarmenia.am) and ARKA (arka.am) news agencies came Tuesday under heavy DDoS-attacks, hampering access to these resources for half an hour. An inquiry found that the attacks were carried out from Russian IP addresses, but this does not mean that the order came from that country. The administrations of both websites have managed to eliminate the problem. DDoS attack is short for Distributed Denial of Service Attack. DDoS is characterized by an explicit attempt by attackers to prevent legitimate users of a service from using that service. There are two general forms of DoS attacks: those that crash services and those that flood services. The most serious attacks are distributed and in many or most cases involve forging of IP sender addresses so that the location of the attacking machines cannot easily be identified, nor can filtering be done based on the source address. Source: http://arka.am/en/news/technology/novosti_armenia_and_arka_news_agencies_come_tuesday_under_heavy_dddos_attacks/