Tag Archives: ddos

Several bugs detected in IBM Java Runtime could lead to DDoS attacks

Multiple vulnerabilities that could enable a remote attacker to launch a denial-of-service attack have been detected in the IBM Runtime Environment Java Technology Edition v6, according to an IBM Security Bulletin posted on Tuesday. The integrated software is used by Tivoli Composite Application Manager for SOA, a platform which provides management for services, applications and middleware. These bugs, which include the vulnerability popularly known as “SLOTH,” were reported by IBM when it updated Java SDK in January 2016. “The TLS protocol could allow weaker than expected security caused by a collision attack when using the MD5 hash function for signing a ServerKeyExchange message during a TLS handshake,” the bulletin stated. Employing man-in-the-middle techniques, a saboteur could exploit this flaw to mimic a TLS server and glean credentials, IBM wrote. No workarounds or mitigations have yet been provided. Source: http://www.scmagazine.com/several-bugs-detected-in-ibm-java-runtime/article/475405/

Follow this link:
Several bugs detected in IBM Java Runtime could lead to DDoS attacks

Roses are red, violets are blue, Valentine’s Day means DDoS for you

Net scum target florists on day of commercialised romance Net scum have bashed florists with distributed denial of service attacks over Valentine’s Day in a bid to extract ransoms, security analysts say.…

Continue Reading:
Roses are red, violets are blue, Valentine’s Day means DDoS for you

Valentine’s Day Inspires DDoS Attacks Against Online Florists

Security vendor Imperva says it has observed a sharp increase in automated bot traffic directed at florist sites. Cyber criminals have shown a consistent tendency to exploit major news and seasonal events to slip phishing and other malicious attacks past unwary victims. And so it is with this Valentine’s Day as well. Florists apparently have been receiving a lot of attention, of the unwanted variety, from online criminals, security vendor Imperva reported this week. All 34 of the company’s florist customers have experienced a sharp spike in traffic to their sites over the last few days. While some of the traffic is to be expected, considering the rush to order flowers for Valentine’s Day — a lot of it is not. According to Imperva, more than nine in 10 of the florist sites witnessed a sudden surge in bot traffic between February 5 and February 11. In about 23% of the cases, the spike in bot traffic was dramatic enough to cause problems. Contrary to what some might expect, the attack traffic did not appear to be opportunistic in nature. Rather, it looked as if the florists were being individually targeted in denial-of-service campaigns apparently designed to extort money from them. Sponsor video, mouseover for sound One of Imperva’s florist customers reported receiving a ransom note, while another experienced an application-layer denial of service attack, Imperva said. In the case of the latter victim, the company’s Content Distribution Network (CDN) provider interpreted the botnet traffic as regular user sessions, resulting in the site exceeding its contracted cache capacity. This in turn caused the CDN to route the attack traffic through its own origin servers, resulting in their site going down under DDoS traffic. A screenshot published on Imperva’s blog shows that some of the Web application attacks had originated in the United Kingdom, though one appeared to be from Latvia. Somewhat surprisingly, attackers were still going after old vulnerabilities such as Shellshock in an attempt to breach systems belonging to their targets, according to Imperva. Florists can mitigate the threat by monitoring their traffic for unexpected behavior, like heavier than normal traffic spikes, or visits from unfamiliar IP addresses. “Any unusual activity could be ‘dry runs’ by attackers foreshadowing an imminent full-blown attack,” Imperva said. The company also urged florists to monitor Twitter and sites such as Pastebin.com for chatter hinting at a potential attack on their sites. The sudden spike in malicious traffic directed at online florists reflects a common tendency among cyber crooks to escalate malware campaigns and attacks around seasonal events and major news happenings. Earlier this year, mobile network protection vendor Adaptive Mobile reported on a series of picture message spam campaigns on the Kik messenger service that were timed to coincide with seasonal events. The spam messages involved the use of images belonging to well-known brands to try and get recipients to follow links to malicious websites. What was noteworthy was the fact that each campaign was tied to a specific event. For instance, one of the Kik spam campaigns was launched around Halloween, and featured an image message purportedly from Amazon. Another campaign around Thanksgiving involved spam featuring spoofed McDonalds images, while one in the days preceding Cyber Monday featured BestBuy-related spam. While the campaign was not technically very sophisticated, the effort put into creating individual picture messages purporting to be from major brands, suggested a specialist campaign, Adaptive Mobile had noted. Source: http://www.darkreading.com/endpoint/valentines-day-inspires-ddos-attacks-against-online-florists-/d/d-id/1324312

Read the original:
Valentine’s Day Inspires DDoS Attacks Against Online Florists

Denying the deniers: how to effectively tackle DDoS attacks

DDoS as an attack vector is on the rise: here’s how to stop it from stopping your business. Distributed Denial of Service (DDoS) attacks maybe as old as the hills but they continue to be a popular, and highly effective, attack vector for hackers. In the past couple of months alone we have seen a persistent  DDoS attack  on the UK academic computer network JANET, which was swiftly followed by one against cloud hosting company Linode, leading to service interruptions at DNS infrastructure and data centers across the U.S. and the U.K. Indeed, recent research released by Arbor Networks in its  Annual Worldwide Infrastructure Security Report  stated that DDoS attacks are on the rise, with half of the 354 global respondents’ data centers suffering DDoS attacks – a 33% increase from 2014. DDoS attacks have increased in frequency for some time – giving hackers a relatively uncomplicated method to bring a website down or disrupt a web service. Although DDoS attacks do not involve the stealing of data, they can be highly damaging in other ways, not least by affecting the trust and reputation that a company has among its customers. This can lead to financial damage through lost customers and lost business. Moreover, DDoS attacks can be used as a diversionary smokescreen for more aggressive attacks, as was the case with the recent  TalkTalk breach. So what can organisations do to help protect themselves against the threat of DDoS and mitigate the effects of such attacks? The first step is being able to quickly detect that you are under attack, and having a procedure in place to deal with it. Illegitimate traffic can be hard to distinguish from legitimate traffic, but the typical signs of a DDoS attack are a sharp increase in traffic to your website followed by a slowing down of performance (there are services that can continuously monitor your website’s responsiveness from an external point of view, such as Dynatrace and SolarWinds.) Once a DDoS attack is underway, you have a number of options in terms of dealing with the bombardment: ISP blocking and scrubbing – It is advisable to deal with the attack in an environment that’s removed from your network, to prevent it from affecting other areas of network performance. If you suffer a DDoS attack contact your internet service provider, as many offer DDoS protection services such as blocking the originating IP addresses or ‘scrubbing’ malicious packets. They will also probably have greater bandwidth than you and are therefore likely to be able to deal with the attack more efficiently and effectively. Blackholing – A common response to a DDoS attack is to simply route all website traffic into a black hole, thus taking the website offline until the attack ceases. The problem with this approach is that it blocks all traffic, both good and bad, which basically means that the hacker has achieved their objective. Routers and firewalls – You can set up routers and firewalls policies to filter non-critical protocols, block invalid IP addresses and shut off access to specific high-risk segments of your network in the event of an attack. However, be aware that these techniques are somewhat ineffective against more sophisticated attacks that use spoofing or valid IP addresses. Content delivery network – Using a content delivery network to create replicas of your website for customers in different locations can help reduce the impact of the DDoS attack as well as make the extra DDoS related traffic easier to combat. Anti-DDoS technology – Many of the leading firewall appliance vendors offer specialised anti-DDoS modules, that can be deployed at the perimeter of your network or data center, which are designed to detect and filter malicious traffic. However, these are not automated and need to be constantly managed and updated by your operations team. While there is no single ‘silver bullet’ solution that can stop a DDoS attack in its tracks once the traffic starts hitting your website, you can lessen its impact on your business by using a combination of the methods I’ve outlined here. As DDoS continues to be used as a cyber-weapon against websites and online resources, organisations should ensure that they have a response plan in place that includes these mitigation techniques, to help deny attempted denial-of-service attacks. Source: http://www.information-age.com/technology/security/123460891/denying-deniers-how-effectively-tackle-ddos-attacks#sthash.HM41ehWS.dpuf

Continue Reading:
Denying the deniers: how to effectively tackle DDoS attacks

Mystery hacker pwns Dridex Trojan botnet… to serve antivirus installer

Ah, great. Ave AV Part of the distribution channel of the Dridex banking Trojan botnet may have been hacked, with malicious links replaced by installers for Avira Antivirus.…

View original post here:
Mystery hacker pwns Dridex Trojan botnet… to serve antivirus installer

Mystery hacker hijacks Dridex Trojan botnet… to serve antivirus installer

Ah, great. Ave AV Part of the distribution channel of the Dridex banking Trojan botnet may have been hacked, with malicious links replaced by installers for Avira Antivirus.…

Link:
Mystery hacker hijacks Dridex Trojan botnet… to serve antivirus installer

HSBC Calls In Cops To Chase DDoS Attackers Who Took Online Banking Down

HSBC said today it was working with local police to find those who disrupted its online banking services with a denial of service attack, as customers complained of not being able to access their accounts. The attack was made even more painful for customers as the last Friday of the month is a traditional payday in the UK, the home of HSBC. Little information was provided by HSBC other than a terse statement over Twitter: “HSBC UK internet banking was attacked this morning. We successfully defended our systems. “We are working hard to restore services, and normal service is now being resumed. We apologise for any inconvenience.” A spokesperson told the BBC a denial of service attack was the cause of the downtime. A subsequent tweet revealed the police had been contacted: “HSBC is working closely with law enforcement authorities to pursue the criminals responsible for today’s attack on our Internet banking.” HSBC was hit by a distributed denial of service (DDoS), where infected machines fire an overwhelming number of data packets at a server to stop it working, most recently in 2012. That time the Anonymous hacktivist crew was believed to have carried out the hit. DDoS attacks in general have been causing havoc in recent months, as criminals have tried to extort targets, threatening to knock businesses offline unless a ransom was paid. Encrypted email provider ProtonMail was criticised for paying a ransom of $6,000 in Bitcoin at the end of 2015 to a DDoS extortionist crew called the Armada Collective. That group targeted other secure email providers Hushmail, Runbox and VFEMail. Anti-DDoS provider Arbor Networks reported earlier this month that the record for DDoS power hit a new peak in 2015, hitting 500Gbps. Numerous organizations had reported attacks in the 400Gbps-500Gbps range throughout 2015, Arbor noted. With so much power, and such easy money to be made with extortion attacks, no business appears immune from DDoS downtime. Professor Alan Woodward, a security expert from the University of Surrey, said an attack capable of taking down an entity like HSBC would need to be big. “In addition we’re seeing the emergence of techniques that mean that these attacks are circumventing some of the systems put in place to mitigate agains these attacks,” Woodward said. He also warned DDoS has been used as a “smokescreen” for other malicious activity in the past. “They want to tie up the technical departments, of which there is obviously a finite number, so that they might miss some unusual activity that would give away the fact that the hackers are breaches the corporate boundary.” Source: http://www.forbes.com/sites/thomasbrewster/2016/01/29/hsbc-ddos-downtime/2/#4eea0f825126 http://www.forbes.com/sites/thomasbrewster/2016/01/29/hsbc-ddos-downtime/#109a8cc451c2

Taken from:
HSBC Calls In Cops To Chase DDoS Attackers Who Took Online Banking Down

Two Arrested in DDoS Attacks Linked to Online Gambling Site Extortion

Last month’s arrest in Bosnia and Herzegovena of two individuals connected to the cyber-crime group DD4BC have been definitely linked to a series of DDoS extortion attacks over the past 18 months, many of which were targeted at online-gambling firms.  PokerStars and Betfair are among the various companies to have been targeted by the extortionists, who typically sought modest and largely-anonymous payments made in Bitcoins in exchange for ceasing the attacks. The DD4BC group, an acronym for DDoS (Distributed Denial of Service attack) For BitCoins, is a loosely organized group of online hackers and thieves who have congregated in some of the Internet’s darker, more anonymous holes.  The group’s widespread members share information and online weaponry in their attempts to extract payments from their targets.  Failure to provide payoffs by the group’s targeted victims typically results in intermittent and ongoing DDoS attacks, designed to flood the victim’s servers with meaningless online traffic, making normal business impossible. The arrests of the two unidentified individuals was announced by Europol earlier this month, with one of the two individuals described as being a leader of the informal DD4BC group.  These initial arrests were part of an international operation dubbed Operation Pleaides. According to the Netherlands-based Europol, which is the official intelligence agency of the European Union, “The action was initiated as part of a global law enforcement response against the criminal organisation. Key members of the organised network were identified in Bosnia and Herzegovina by the UK Metropolitan Police Cyber Crime Unit (MPCCU) which provided vital information to the investigation. Police authorities from Australia, France, Japan, Romania, the USA, Switzerland and INTERPOL supported the coordinated activities. “Operation Pleiades resulted in the arrest of a main target and one more suspect detained,” the Europol statement added. “Multiple property searches were carried out and an extensive amount of evidence was seized,” indicating that more arrests of DD4BC members are likely in the coming weeks and months.  The actual “Operation Pleiades” action was initiated in Austria and included Europol’s European Cybercrime Centre (EC3) and the Joint Cybercrime Action Taskforce. The operation slowly unwound the ghostly online tracks of the extortionists by examining “blockchain” entries for Bitcoin transactions related to the DDoS threats, plus other data linked to the group’s activities.  Bitcoin-based transactions are anonymous but not perfectly transparent, and can often be traced back to their originators using secondary means. The DD4BC attacks, which appear to have started in early 2014, have targeted several different business and government sectors.  Victims range from online gambling firms to Bitcoin exchanges and mining groups, to online banking and payment processors.  Even some government institutions have been targeted. Online-poker market leader PokerStars was confirmed as one the DD4BC extortion attempts in April 2015, amid information on the DD4BC attacks assembled by Arbor Networks, the security division of NetScout Systems, Inc.  Massachusetts-based NetScout appears to have assisted international authorities in identifying the perpetrators behind the hundreds of DD4BC attacks. In addition to PokerStars, Betfair is almost certainly another of the DD4BC group’s victims.  Betfair was also targeted last April in a DDoS attack strong enough to knock both its betting exchange and fixed-odds sportsbook offline.  The attack on the “unnamed online casino” (likely Betfair) began in earnest on April 10th, following an initial probing attack launched the day before, along with a demand for payment. The information amassed by Arbor Networks also includes many of the threats e-mailed by DD4BC members to their intended victims.  Here’s the e-mail that was sent to the “unnamed” casino company (likely Betfair), immediately following attacks against Stars and online payment processor NETeller: From: DD4BC Team [mailto:dd4bct@gmail.com] Sent: 10 April 2015 02:07 PM To Subject: Re: DDOS ATTACK! Hitting pokerstars.com at the moment. Good luck if you think you can stop what they can’t. But you still have time. On Thu, Apr 9, 2015 at 3:46 PM, DD4BC Team wrote: Hello, To introduce ourselves first: https://blogs.akamai.com/2014/12/dd4bc-anatomy-of-a-bitcoin-extortion-campaign.html http://bitcoinbountyhunter.com/bitalo.html http://cointelegraph.com/news/113499/notorious-hacker-group-involved-in-excoin-theft-owner-accusesccedk-of-withholding-info Or just google “DD4BC” and you will find more info. Recently, we were DDoS-ing Neteller. You probably know it already. So, it’s your turn! is going under attack unless you pay 20 Bitcoin. Pay to 18NeYaX6GCnibNkwyuGhGLuU2tYzbxvW7z Please note that it will not be easy to mitigate our attack, because our current UDP flood power is 400-500 Gbps, so don’t even bother. Right now we are running small demonstrative attack on your server. Don’t worry, it will stop in 1 hour. It’s just to prove that we are serious. We are aware that you probably don’t have 20 BTC at the moment, so we are giving you 48 hours to  get it and pay us. We do not know your exact location, so it’s hard to recommend any Bitcoin exchanger, so use Google. Current price of 1 BTC is about 250 USD. IMPORTANT: You don’t even have to reply. Just pay 20 BTC to 18NeYaX6GCnibNkwyuGhGLuU2tYzbxvW7z – we will know it’s you and you will never hear from us again. We say it because for big companies it’s usually the problem as they don’t want that there is proof that they cooperated. If you need to contact us, feel free to use some free email service. But if you ignore us, and don’t pay within 48 hours, long term attack will start, price to stop will go to 50 BTC and will keep increasing for every hour of attack. ONE MORE TIME: It’s a one-time payment. Pay and you will not hear from us ever again! Variations on the same extortion letter were sent to several other victims; this sample was distinct with the specific mentions of PokerStars and NETeller.  In addition to those two firms and the likely inclusion of Betfair, several other online-gambling companies are known to be targets of the group.  Those companies include Nitrogen Sports, Malta-based NRR Entertainment Ltd. (including slottyvegas.com and betatcasino.com), Betbtc.com, Redbet.com and others. It is also likely that last July’s DDoS attacks against several New Jersey (U.S.) online sites were the work of DD4BC extortionists.  Though those attacks are not referenced in the ASERT compilation, the July attacks are also outside the date range of most of the earlier attacks included in that report.  When the New Jersey attacks occurred, NJ Division of Gaming Enforcement director David Rebuck stated this about the perpetrator: “He’s a known actor. He’s done this before.” While DD4BC seems likely to be peeled open by international invetigators, DDoS-based extortion attempts aren’t going to go away.  The reason is that the tools needed to launch such attacks are too cheaply and commonly available to would-be cyber-attackers.  As a result, the best defense remain vigilance, rapid response… and robust Internet connectivity. According to Wil van Gemert, Europol’s Deputy Director of Operations, “Law enforcement and its partners have to act now to ensure that the cyberspace affecting nearly every part of our daily life is secure against new threats posed by malicious groups. These groups employ aggressive measures to silence the victims with the threat of public exposure and reputation damage. Without enhanced reporting mechanisms law enforcement is missing vital means to protect companies and users from recurring cyber-attacks. Police actions such as Operation Pleiades highlight the importance of incident reporting and information sharing between law enforcement agencies and the targets of DDoS and extortion attacks.” Source: http://www.flushdraw.net/news/misc/two-arrested-in-ddos-attacks-linked-to-online-gambling-site-extortion/

Excerpt from:
Two Arrested in DDoS Attacks Linked to Online Gambling Site Extortion

World’s Largest DDoS Attack Breaks Records, Clocks At Massive 500 Gbps

In its latest Worldwide Infrastructure Security Report, Arbor Networks reports on the biggest distributed denial of service attack, which had a whopping load of 500 Gbps. The previous largest DDoS attack was of “only” 300 Gbps. It involved young aspiring hacker Seth Nolan-Mcdonagh, who temporarily took down SpamHaus’ webpage. In some cases, the attacks are carried out by state-funded organizations instead of individuals. Last year, GitHub went down after it suffered a DDoS attack, and the main suspect was China, which has a tumultuous history with the software repository. The programming website was even blocked by the Chinese authorities for a short amount of time. The yearly Arbor survey uses data from hosts, mobile service providers and service providers. The survey, which ran until November 2015, got the results based on the 354 global participants who answered questions on network safety specifically about protocols used for reflection/amplification. “The largest attack reported by a respondent this year was 500Gbps, with other respondents reporting attacks of 450Gbps, 425Gbps, and 337Gbps,” the report states. This marks a worrying trend among top-end size DDoS attacks, which get more ambitious every year. The security firm has the numbers to back this statement up. In the previous report, Arbor discovered that one-fifth of respondents got slammed with attacks that topped 50 Gbps. This year’s survey shows a hefty increase, as a quarter of respondents talk of attacks that go more than 100 Gbps. While only five respondents found evidence of DDoS attacks topping 200 Gbps, there were many reports of attacks between 100 and 200 Gbps. Arbor Networks points out that cloud-based services are increasingly becoming tempting targets, as they now make up 33 percent of attacks. Another staple of last year’s hacking attempts is the exploitation of weaknesses in the network time protocol. Reflection and amplification attacks can easily make use of the soft spots in the security infrastructure, leading to significant damages. As a countermeasure, servers keep receiving updates and security patches that should (in theory) keep them safe from attackers who gain a large response to a small query and use it towards a target of their choosing. “[S]ecurity is a human endeavor and there are skilled adversaries on both sides,” Darren Anstee, chief security technologist at Arbor Networks, says. An interesting shift exists in the DDoS attackers’ motivation: the perpetrators no longer seem to find joy in hacktivism or vandalism. Unlike in previous years, extorting the victims and banking on the vulnerabilities of network systems now seem to be the prevalent reasons. In order to accomplish this, they use multi-vector simultaneous attacks which plow through applications, services and infrastructure. A vast majority of respondents identified application-layer DDoS attacks, which targeted DNS services instead of Web servers. Looking at the larger picture, multi-vector attacks counted for 56 percent of customer outages, up from 42 percent in the previous year. More than 50 percent of the respondents told Arbor that DDoS attacks go after the inline firewalls and bring down the internet connectivity. Arbor explains that these devices are the first to fall in case of a DDoS attack and underlines that being inline can greatly add to network latency. Source: http://www.techtimes.com/articles/128260/20160127/worlds-largest-ddos-attack-breaks-records-clocks-at-massive-500-gbps-worldwide-infrastructure-security-report.htm

View article:
World’s Largest DDoS Attack Breaks Records, Clocks At Massive 500 Gbps