Tag Archives: ddos

Turkish banks & government sites under ‘intense’ DDoS attacks on Christmas holidays

Turkey is suffering from a wave of cyber-attacks on financial and government websites which intensified over Christmas, resulting in the temporary disruption of credit card transactions. A video released this week and attributed to Anonymous vowed retribution for Ankara’s alleged ties with ISIS. The attacks on Turkish servers have been persistent in recent weeks, but on Christmas day Turkish banks suffered a website outage and reportedly saw sporadic disruption to credit card transactions. Isbank, Garanti and Ziraat Bank were among the targets, local media reported. “It is hard to determine where these attacks are coming from, with detailed work it will be understood whether these attacks are carried out by hackers or by certain groups” said the Minister of Communications Binali Yildrim. The DDoS attacks on Turkey’s “.tr” domain, Yildrim said were “serious” as they include domains of ministries, banks, and the military. The ministry asked Ankara’s Middle East Technical University (ODTU), which operates the “.tr” domain to step up security measures. ODTU’s analysis said that the attacks are coming from “organized sources” outside Turkey. Turkish Telecom, in a statement to Hurriyet daily, said that they are now on “24/7 defense” as they acknowledged facing “thousands of attacks.” Most Turkish institutions use Turk Telekom as their service provider. “The attacks are serious,” a spokesman for internet provider Turk Telekom, Onur Oz, told Reuters. “But the target is not Turk Telekom. Instead, banks and public institutions are under heavy attack.” The banking sector is one of the fastest growing areas of online services in Turkey and equates roughly to 1.5-2 billion transactions daily, according to Hurriyet. More than 85 percent of daily banking transactions in Turkey are carried out on digital platforms. “These attacks began two weeks ago but have intensified over the past two days,” said Burak Atakani, a network specialist from Istanbul Technical University. Some Turkish media outlets have speculated that the cyber-attacks might have been launched by Russia in retaliation to the downing of a Russian bomber by a Turkish fighter jet late in November over Syrian airspace. Meanwhile in a video, released this week allegedly by hacktivist collective Anonymous, hackers promised to take on the Turkish government over its alleged shady deals with Islamic State (IS, formerly ISIS/ISIL) terrorist organization. Anonymous especially threatened to bombard the banking sector. “Turkey is supporting Daesh [the Arabic name for IS] by buying oil from them, and hospitalizing their fighters. We won’t accept that [Recep Tayyip] Erdogan, the leader of Turkey, will help [IS] any longer,” says a video message from the group. “We will continue attacking your internet, your root DNS, your banks and take your government sites down. After the root DNS, we will start to hit your airports, military assets and private state connections. We will destroy your critical banking infrastructure.” Special Cyber government security units within the Information and Communication Technologies Authority (ICTA) and the Telecommunications Directorate (TIB) have been deployed to stop the attacks. “Turkey is not in a position to be powerless in the face of these attacks,” said Customs and Trade Minister, Bulent Tufenkci. “I think that we’ll have necessary response.” Source: https://www.rt.com/news/327119-turkey-banks-cyber-attacks/

Read More:
Turkish banks & government sites under ‘intense’ DDoS attacks on Christmas holidays

Xen Project blunder blows own embargo with premature bug report

Malicious guest could eat your virtual rigs from the inside The Xen Project has reported a new bug, XSA-169 , that means “A malicious guest could cause repeated logging to the hypervisor console, leading to a Denial of Service attack.”…

Link:
Xen Project blunder blows own embargo with premature bug report

Anonymous Claims Responsibility For 40 Gbps DDoS Attack on Turkish Servers

The online hacktivist Anonymous has claimed the responsibility for a massive 40Gbps DDoS attack on Turkish DNS Servers under NIC.tr — The reason behind the attack is that Turkey is allegedly supporting and aiding the Daesh or ISIS/ISIL terrorist group. In a video uploaded by Anonymous, the hacktivists said that their attack on Turkish servers was part of their ongoing operation #OpISIS. According to the video message, “We won’t accept that Erdogan, the leader of Turkey, will help ISIS any longer. The news media has already stated that Turkey’s Internet has been the victim of massive DDOS attacks . This lead Turkey to shut down it’s internet borders and deny anybody outside the country to access Turkish websites.” The hacktivists also warned the government that if Turkey didn’t stop aiding Daesh or ISIS the attacks will continue and target airports, banks, government and military servers. “If you don’t stop supporting ISIS, we will continue attacking your internet, your root DNS, your banks and take your government sites down. After the root DNS we will start to hit your airports, military assets and private state connections. We will destroy your critical banking infrastructure. Stop this insanity now Turkey. Your fate is in your own hands,” said Anonymous. The cyber attack on Turkish root DNS servers took place last week which forced 40,000 .tr domains to go offline. Though the targeted domains were back online they same day however the accesses to those sites was kept limited. The state of Turkey has been accused of aiding and buying oil from the Daesh terrorist group. Some also accuse Turkey of being a safe passage for the groups recruitment in Syria. Source: https://www.hackread.com/anonymous-40-gbps-ddos-attack-on-turkish-servers/

More:
Anonymous Claims Responsibility For 40 Gbps DDoS Attack on Turkish Servers

Xbox Live Suffers DDoS Disruption, Playstation Network May Be Next

A DDoS attack initiated by grey-hat hacker group Phantom Squad may have taken Microsoft’s Xbox Live online network offline for at least 3 hours today. If the hacker group’s threats are to believed, Sony’s PlayStation Network (PSN) may be next. Gamers, look away. This is going to make for painful reading. For the second time in two years, a hacker group may be disrupting two of the most popular gaming networks in the console gaming world, Xbox Live and the PlayStation Network. Hacked reported on the DDoS threats made by Phantom Squad a few days ago, after a series of tweets posted by the hacker group that also took credit for knocking Reddit offline recently. In a case of history repeating itself, the group is doing what infamous hacking group Lizard Squad did last year in December, disrupting gamers’ plans of going online with their consoles by taking down Xbox Live and PSN for several days last year. While the new group Phantom Squad threatened to take down the gaming networks during Christmas, Xbox Live suffered an outage in certain parts around the world for a few years today. To nobody’s surprise, Phantom Squad took credit for the outage. An update posted today on Xbox’s status website read: Hey Xbox members, are you having trouble purchasing or managing your subscriptions for Xbox Live? Are you also having an issue with signing into Xbox Live? We are aware of these issues and are working to get it fixed ASAP! Thank you for being patient while we work. We’ll post another update when more information becomes available. The message made no reference to any disruptions or DDoS attacks targeting the network although Microsoft nor Sony seldom acknowledge such attacks, even if they were bearing the brunt of such attacks. For now, Xbox Live Status shows all services are up and running and it is likely that Microsoft has found an IP range or two to block the DDoS requests flooding the servers, a common defense strategy against such attacks. Meanwhile, Phantom Squad has claimed that it will DDoS both gaming networks this Christmas Day. So we are going to DDoS Xbox&PSN on Christmas Day We Dont Joke We Are Always Watching Christmas Day PSN&Xbox This Is Not A Bluff #Phantom — PhantomSquad (@PhantomLair) December 18, 2015 The hacking group claims that the disruptions are to bring attention to the lack of cybersecurity in the gaming networks but gamers will argue the group is doing it simply to annoy a large population of console gamers looking to wind down and play games during the holidays. Hacked has previously reported on several disruptive malicious hackers, including those from Lizard Squad who have been arrested not long after their antics from Christmas last year. One of the suspects was arrested in the UK in January this year while another was apprehended as a part of a wider operation in March 2015. Hacked will keep you updated on this story as it unfolds in the week leading to Christmas. Source: https://hacked.com/xbox-live-suffers-ddos-disruption-playstation-network-may-next/

Read this article:
Xbox Live Suffers DDoS Disruption, Playstation Network May Be Next

‘Phantom’ menace threatens to down Xbox Live, PSN at Xmas

Hackers reveal plans to make children cry Last Christmas LizardSquad played Grinch with the holiday fun of gamers by knocking out XBox Live and smacking the PlayStation Network offline with a distributed denial-of-service (DDoS) attack.…

Read More:
‘Phantom’ menace threatens to down Xbox Live, PSN at Xmas

Web host Moonfruit defies Armada DDoS crew … by (temporarily) defeating itself

Move follows 45-minute attack last Thursday Web host Moonfruit last night began putting its systems back online after taking down customers’ sites in order to upgrade defences in the face of a threatened DDoS attack, with the firm blaming a recent assault (which prompted the self-takedown) on the Armada Collective crew.…

Originally posted here:
Web host Moonfruit defies Armada DDoS crew … by (temporarily) defeating itself

Moonfruit takes down thousands of sites after a DDoS attack

Moonfruit, a free website builder, has taken thousands of business and personal websites offline following a distributed denial of service (DDoS) attack. The company’s users are disappointed by the slow pace at which it has communicated the problem, and the way it’s being handled. The company said it had been threatened with a cyber-attack and had decided to make its customers’ websites unavailable for “up to 12 hours” to make infrastructure changes. In a statement on the Moonfruit website it was said that the company was actually attacked by a hacker group called the Armada Collective, which DDoSed the site for about 45 mintes. One business owner told the BBC it was “very bad timing”. Film-maker Reece de Ville said: “They have been slow to communicate via their website what is going on.” “I’m going to have hundreds of people finding my site today but not being able to access it. I could be losing out on a lot of money from potential clients, and they may not come back if they think the company has gone. It’s incredibly bad timing, especially for businesses selling Christmas cards and gifts on their website.” In an email to its customers, the company apologised for giving them “short notice” that their websites would be offline. “We have been working with law enforcement agencies regarding this matter and have spared no time or expense in ensuring we complete the work as quickly as possible,” the company’s director, Matt Casey, said in the official statement. Industry reaction Ron Symons, regional director at cyber security specialist A10 Networks said: “Moonfruit has responded in the best possible way to this threat by taking its services offline. As the attack it suffered last week shows, distributed denial of service (DDoS) is extremely difficult to prevent. More worryingly, DDoS attacks frequently act as smokescreens hiding more invasive attacks as hackers exploit unguarded system backdoors to steal sensitive data. “By making this bold decision to pre-empt another incident, Moonfruit stands a much better chance of protecting its clients’ private data. The shutdown may be inconvenient now, but by ensuring its infrastructure is equipped to deal with today’s increasingly powerful cyber attacks Moonfruit is acting in the best interests of those using its services.” SEE ALSO: Throwback Thursday: Why Apple is called Apple Dave Larson, Chief Operating Officer at Corero Network Security said: “Unfortunately, the sheer size and scale of hosting or data center operator network infrastructures and their massive customer base presents an incredibly attractive attack surface due to the multiple entry points and significant aggregate bandwidth that acts as a conduit for a damaging and disruptive DDoS attack. “As enterprises of all sizes increasingly rely on hosted critical infrastructure or services, they are placing themselves at even greater risk from these devastating DDoS attacks – even as an indirect target.” Source: http://www.itproportal.com/2015/12/14/moonfruit-takes-down-thousands-of-sites-after-a-ddos-attack/#ixzz3uLEOSJCP

Visit site:
Moonfruit takes down thousands of sites after a DDoS attack

Cyber criminals not to blame for all DDoS attacks, study shows

There is a real concern that many companies are being affected by the DDoS attacks commissioned by competitors, according to Kaspersky Lab Distributed denial of service (DDoS) attacks are associated with criminal activity, but not all those behind DDoS attacks are cyber criminals, research has revealed. Nearly half of more than 5,500 companies polled in 26 countries claimed to know the identity and motivation behind recent DDoS attacks, and 12% named competitors as the most likely culprits. This suspicion increases in the business services industry, with 38% of respondents in this sector believing their competitors were behind a DDoS attack, according to a survey by Kaspersky Lab and B2B International. However, 18% attributed recent DDoS attacks to criminals seeking to disrupt or distract while another attack took place; 17% to criminals seeking to disrupt their services for a ransom; 11% to political activists; and 5% to state-sponsored activities. The most popular motivation for the attacks is believed to be a ransom, cited by 27% of respondents in the manufacturing and telecoms sectors. “DDoS attacks are no longer just about cyber criminals seeking to halt a company’s operations,” said Evgeny Vigovsky, head of DDoS protection at Kaspersky Lab. “Businesses are becoming suspicious of each other, and there is a real concern that many companies – including small and medium ones – are being affected by the underhanded tactics of their competitors, which are commissioning DDoS attacks directly against them, damaging their operations and reputation,” he said. In the light of this trend, Vigovsky said all businesses should remain vigilant and fully understand the repercussions of a DDoS attack in terms of the potential financial and reputational damage. “It is wise not to pay a ransom, or to fall victim to cyber criminals or competitors. Ensure that you have the appropriate security measures in place to help manage the increased risk posed to your business from DDoS attacks,” he said. Looking ahead to 2016, security firms expect to see an increase in the tactic of using DDoS attacks to distract companies from other, more damaging malicious activity on their networks, such as data theft. The use of DDoS, or the threat of DDoS attacks, as a way of extorting money is also expected to continue and increase in the coming year. According to the study, 20% of companies with 50 employees or more reported that they have been the victim of at least one DDoS attack, with companies in the telecoms, financial services and IT sectors the most likely to be targeted. The study also revealed that 50% of DDoS attacks led to a noticeable disruption of services; 26% led to the loss of sensitive data; 24% led to services being completely unavailable; and 74% led to a noticeable disruption of service, which coincided with a different type of security incident, such as a malware attack, network intrusion or other type of attack. According to Kaspersky Lab, the average cost for recovering from a DDoS attack for companies of more than 1,500 employees is $417,000, and $53,000 for small and medium businesses (SMBs). Yet 56% of those polled thought that spending money to prevent or mitigate DDoS attacks in future would be worth the investment, 53% said their organisation knew how to mitigate or prevent DDoS attacks, and only 52% felt well-informed about DDoS attacks. Despite the cost and complexity of dealing with DDoS attacks, the Kaspersky Lab research said the average financial damage of a DDoS attack is significant, especially for SMBs, and is definitely higher than the cost of a service designed to reduce the effect of such attacks. “DDoS prevention is almost always a third-party service, and outsourcing this trouble to experts not only reduces the damage but also frees up IT personnel to deal with a probable complementary attack on a company infrastructure, which will have much worse consequences,” the report said. Source: http://www.computerweekly.com/news/4500260544/Cyber-criminals-not-to-blame-for-all-DDoS-attacks-study-shows

Taken from:
Cyber criminals not to blame for all DDoS attacks, study shows

OpTrump: Anonymous declares war on Donald Trump with DDOS attack following Muslim ban speech

Hacktivist group Anonymous has continued to add to its list of targets, with controversial US presidential candidate Donald Trump the latest in the crosshairs. Following Trump’s radical speech stating he wanted to ban Muslims from entering the US, Twitter accounts linked to the group declared war. The OpTrump campaign launched last night (9 December) with the first piece of business taking down Trump’s website www.trumptowerny.com for several hours by hitting it with a DDOS (distributed-denial-of-service) attack, which crashed the site. One Twitter user posted a picture of the hack, claiming the site was “almost down”. Anonymous posted a video online in response to Trump’s comments and warned of the repercussions of his words. “Donald Trump, it has come to our attention that you want to ban all Muslims from entering the United States. This policy is going to have a huge impact. This is what Isis wants. The more Muslims feel sad the more Isis feels they can recruit them. The more the United States appears to be targeting Muslims, not just radical Muslims you can be sure Isis will be putting that on their social media campaign,” said a masked member of the hacktivist group. While Anonymous has yet to officially claim responsibility for the DDOS attack, Twitter users showed full support of the group and its campaign. In the grand scheme of things this was a fairly tame attack, as the website is still running as normal at the time of writing, but it did serve as a digital slap to show this could be the first of many targeted operations against Trump. Anonymous is also busy taking on Islamic State by organising an official Isis Trolling Day called “Day of Rage” on 11 December, where it is encouraging an uprising of social media users to post content mocking the terror group. They issued a list of actions in a statement that includes reporting accounts of Isis sympathisers, posting mocking photos and use mocking hashtags. There will also be organised demonstrations held around the world. Source: http://www.ibtimes.co.uk/optrump-anonymous-declares-war-donald-trump-ddos-attack-following-muslim-ban-speech-1532739

Read more here:
OpTrump: Anonymous declares war on Donald Trump with DDOS attack following Muslim ban speech

Mysterious hackers attempting to bring down entire internet by DDoS-ing critical servers

Mysterious hackers are yet again trying to bring down the entire internet by bombarding crucial servers that support it with a gigantic, sustained distributed denial of service (DDoS) attack, which has caused webpages to load slowly in some locations. There are 13 internet root name servers in the world that run the internet, and these servers are responsible for helping your web browser to locate top-level domains such as .com, .org, .net or any country-specific top level domains like .uk, .fr, .sg, .de, .ae and .cn. The servers function as a sort of internet address book and they make up what is known as the domain name system (DNS) system. The 13 root name servers are run by independent organisations in the world, including ICANN, the US Army, the US Department of Defense, Nasa, Europe’s internet registry RIPE NCC, the University of Southern California, Japan’s Wide Project and Sweden’s Netnod. Network infrastructure solutions firm Verisign also operates two of them, namely the “A” and “J” root servers (the 13 servers are named in sequence after the alphabet from A-M). DDoS attack sent 5 million queries per second The 13 root name servers are run by independent organisations in the world, including ICANN, the US Army, the US Department of Defense, Nasa, Europe’s internet registry RIPE NCC, the University of Southern California, Japan’s Wide Project and Sweden’s Netnod. Network infrastructure solutions firm Verisign also operates two of them, namely the “A” and “J” root servers (the 13 servers are named in sequence after the alphabet from A-M). “The incident traffic saturated network connections near some DNS root name server instances. This resulted in timeouts for valid, normal queries to some DNS root name servers from some locations.” You might think that the servers would be knocked offline by that much traffic, but no, they were saved by the root server operators having enough additional servers on standby that were able to balance the load of traffic. Although the sustained cyberattack resulted in some real queries from users surfing the web timing out in some locations, there were no complaints that end-users were having severe internet problems, so the root server operators believe that the attack would have been “barely perceptible” and all anyone would have seen was a slight delay in loading webpages in some web browsers. The root name server operators also stated that since IP source addresses can be easily spoofed and the traffic flooded multiple anycast websites, it is impossible to trace the traffic back to its source, so we have no idea who was behind this. Only a government could have this much clout However, if you use logic, it would take a really powerful entity like a country’s government to have the resources to sustain a coordinated cyberattack that lasted 48 hours and was able to keep flooding the root name servers consistently with a high level of traffic at five million queries a second. This is not the first time this has happened either – on 21 October 2002 a DDoS attack campaign attacked the 13 root name servers for one hour, and on 6 February 2007 a DDoS attack was sustained for 24 hours. In the first incident, the attackers didn’t have enough traffic to fully flood the servers and take them offline, while the second incident saw two root servers suffer badly, while another two servers experienced heavy traffic. So who could it be? Is it a foreign government, a terrorist group or cybercriminals? Who knows, but they seem to be getting better at it. Source: http://www.ibtimes.co.uk/mysterious-hackers-are-trying-bring-down-entire-internet-by-ddos-ing-critical-servers-1532762    

Visit link:
Mysterious hackers attempting to bring down entire internet by DDoS-ing critical servers