Tag Archives: defend against ddos

CERT issues cyber attack warning for India

Malware Reaper is acquiring internet-connected devices for coordinated attack, say State Cyber Police Mumbai: The Maharashtra Cyber Department is in the process of issuing a State-wide advisory outlining steps to prevent potential targets from falling prey after the New Delhi-based Computer Emergency Response Team (CERT) said it has received intelligence inputs about a massive cyber attack on several countries, including India. The CERT is the country’s central cyber security agency. Maharashtra Cyber Police officers confirmed to The Hindu that the attack would be similar to the Distributed Denial of Service (DDOS) attack that hit the State last year. In July 2016, The Hindu had reported how small and medium Internet Service Providers were under attack from unknown parties, who were pinging their servers incessantly to the point where the servers crashed, denying service to their clients and causing loss of revenue. According to sources, the imminent DDOS attack, which is believed to be on a much larger scale, is being readied using malware known by two names, Reaper and IoTroop, and is currently taking over thousands of machines connected to the internet to be used for a synchronised attack on the target servers. Maharashtra IG (Cyber) Brijesh Singh said, “Mirai had acquired five lakh devices. The Reaper malware has already affected two million devices worldwide, and is acquiring 10,000 devices per day. It seems to be targeting CCTV camera systems and Digital Video Recorders connected to the internet.” Bot attack A Cyber Police officer said, “It’s difficult to say at this point exactly who the targets are, but we have enough information to indicate that machines connected to the internet, including cell phones, laptops, CCTV cameras and other devices, are susceptible. A large number of such machines are being hacked and turned into bots as we speak. Our cyber intelligence network indicates a lot of abnormal behaviour on the internet, consistent with hacking of devices.” A bot, or robot, is an automated programme. In this kind of cyber attack, hackers use malware to infect devices to turn them into bots that do their bidding. Sources said the perpetrators of Reaper are currently creating a huge network of bots, called a botnet in cyberspeak. In October 2016, a malware known as Mirai had executed multiple DDOs attacks on servers of Dyn, a leading domain name service provider, affecting several popular websites including Twitter, Netflix and Reddit. Cyber Police officers said Reaper is amassing bots on a much larger scale than Mirai. “Once the botnet is ready as per the perpetrators’ requirements, they simply have to command the bots to ping servers of the target all at once, resulting in a server crash. Depending on the size of the company or industry targeted, it will result in massive losses of revenue.” A possible way to execute the attack would be that the bots are pre-programmed to strike on a particular day. This possibility is also being probed, officers said. Superintendent of Police Balsing Rajput, Maharashtra Cyber Police, confirmed that intelligence inputs about Reaper have been received. “We are working on the information and will soon be coming out with an advisory regarding the same.” Source: Malware Reaper is acquiring internet-connected devices for coordinated attack, say State Cyber Police Mumbai: The Maharashtra Cyber Department is in the process of issuing a State-wide advisory outlining steps to prevent potential targets from falling prey after the New Delhi-based Computer Emergency Response Team (CERT) said it has received intelligence inputs about a massive cyber attack on several countries, including India. The CERT is the country’s central cyber security agency. Maharashtra Cyber Police officers confirmed to The Hindu that the attack would be similar to the Distributed Denial of Service (DDOS) attack that hit the State last year. In July 2016, The Hindu had reported how small and medium Internet Service Providers were under attack from unknown parties, who were pinging their servers incessantly to the point where the servers crashed, denying service to their clients and causing loss of revenue. According to sources, the imminent DDOS attack, which is believed to be on a much larger scale, is being readied using malware known by two names, Reaper and IoTroop, and is currently taking over thousands of machines connected to the internet to be used for a synchronised attack on the target servers. Maharashtra IG (Cyber) Brijesh Singh said, “Mirai had acquired five lakh devices. The Reaper malware has already affected two million devices worldwide, and is acquiring 10,000 devices per day. It seems to be targeting CCTV camera systems and Digital Video Recorders connected to the internet.” Bot attack A Cyber Police officer said, “It’s difficult to say at this point exactly who the targets are, but we have enough information to indicate that machines connected to the internet, including cell phones, laptops, CCTV cameras and other devices, are susceptible. A large number of such machines are being hacked and turned into bots as we speak. Our cyber intelligence network indicates a lot of abnormal behaviour on the internet, consistent with hacking of devices.” A bot, or robot, is an automated programme. In this kind of cyber attack, hackers use malware to infect devices to turn them into bots that do their bidding. Sources said the perpetrators of Reaper are currently creating a huge network of bots, called a botnet in cyberspeak. In October 2016, a malware known as Mirai had executed multiple DDOs attacks on servers of Dyn, a leading domain name service provider, affecting several popular websites including Twitter, Netflix and Reddit. Cyber Police officers said Reaper is amassing bots on a much larger scale than Mirai. “Once the botnet is ready as per the perpetrators’ requirements, they simply have to command the bots to ping servers of the target all at once, resulting in a server crash. Depending on the size of the company or industry targeted, it will result in massive losses of revenue.” A possible way to execute the attack would be that the bots are pre-programmed to strike on a particular day. This possibility is also being probed, officers said. Superintendent of Police Balsing Rajput, Maharashtra Cyber Police, confirmed that intelligence inputs about Reaper have been received. “We are working on the information and will soon be coming out with an advisory regarding the same.” Source: http://www.thehindu.com/news/cities/mumbai/cert-issues-cyber-attack-warning-for-india/article19920037.ece

Read the original post:
CERT issues cyber attack warning for India

DDoS Attack Pulls Down Bitcoin Gold Website

Ever since the initiation of the hard-fork resulting into a new cryptocurrency – Bitcoin Gold (BTG) – from the bitcoin blockchain, the BTG website has been constantly under DDoS attacks and has not resumed operations ever since. Earlier in the day, a new hard fork in the Bitcoin blockchain network gave rise to a new cryptocurrency Bitcoin Gold (BTG) and ever since then the official website has been constantly under DDoS attacks. This new hard-fork which resulted into a derivative cryptocurrency of the popular Bitcoin, has been aimed for establishing a fair platform different from the Bitcoin network which is alleged to have been dominated by large companies. The existing bitcoin mining process requires high-end powerful computing hardware which is quite a lot expensive and certainly not affordable to ordinary miners. As a result the mining process is said to have got centralised into the hands of large companies. With Bitcoin Gold, the miners aim to democratise the mining process by bringing Bitcoin’s inherent value proposition of having a decentralised mode of operation. The first step of the Bitcoin Gold initiation was to take a “snapshot” of the bitcoin blockchain while creating a replica with new set of rules. Moreover, the BTG technical team has decided to release the cryptocurrency absolutely free for all those who are holding bitcoins at the time of fork. Soon after the process was initiated the BTG developer team had started reporting issues pertaining to DDoS attacks on the website. And even hours after the initiation process the attacks seem to have stopped nowhere denying enthusiasts to keep any track of the newly generated BTG cryptocurrency. Adding to the woes, the additional fact is that the new blockchain hasn’t turned public yet and the explorer and tracking tools have not been released yet. Owing to the controversial and divisive nature of cryptocurrency projects such as the Bitcoin Gold, the denial-of-service attacks have been a common phenomenon in occurrence. Jack Liao, LightningAsic CEO, who is said to be the brain behind the BTG’s creation has been quite vocal and critical about the existing mining process of Bitcoins targeting several companies which are profiting from the mining process. His open criticism could possibly be a reason for such attacks. However, in addition to this, there are other reasons attributed to the cause of criticism for Bitcoin Gold. Few developer channels are quite skeptical about BTG using a process in which the BTG will be privately created before being publicly available as an open-source project. Another cause of concern with the Bitcoin Gold is that it has not solved the risk of a “replay attack” which could possibly increase transaction complications when two completely incompatible version of the bitcoin blockchain will be unable to distinguish from each other. At the press time Bitcoin Gold (BTG) is trading at $262, according to the CoinMarketCap Index. The price of Bitcoin (BTC) took a slight hit after the hard fork, losing more than $300 of its all-time max value of  $6,000 per-coin. The Bitcoin Gold is still in the development process and we have yet to hear any official from its developer technical team regarding the future plans and its modus operandi. Source: https://www.coinspeaker.com/2017/10/24/ddos-attack-pulls-bitcoin-gold-website/

See the original article here:
DDoS Attack Pulls Down Bitcoin Gold Website

Czech Parliamentary Election Websites Hit by Cyberattacks

The Czech statistical office has reported DDoS (Distrubuted Denial of Service) attacks on websites related to the recent parliamentary elections during the vote count. A number of websites of the Czech statistical office (CZSO) have been subject to cyberattacks during the counting of votes in the Czech parliament’s lower house election, Petra Bacova, the CZSO spokeswoman, told Sputnik Sunday. “The websites related to the parliamentary elections — volby.cz and volbyhned.cz — have temporary failed to function due to DDoS attacks [Distributed Denial of Service] during the vote count on Saturday. These attacks have not affected the overall progress of the election,” Bacova said. The police along with the Czech National Cyber and Information Security Agency have already launched an investigation into the attacks. “Thanks to the rapid response, the attacks on the both aforementioned servers have been neutralized, while the work of the websites has been resumed,” Bacova said. The Czech Republic held an election to the lower house of the parliament on Friday-Saturday. The centrist ANO political party won the election, receiving 29.64 percent of votes. Czech President Milos Zeman stated that he was ready to appoint Andrej Babis, ANO’s leader, as Czech prime minister. Source: https://sputniknews.com/europe/201710231058456317-czech-election-hit-cyberattack/

Follow this link:
Czech Parliamentary Election Websites Hit by Cyberattacks

New Mirai-Like Malware Targets IoT Devices

Security researchers are warning about malware that’s been enslaving routers, webcams and DVRs across the world to create a giant botnet capable of disrupting the internet. The malware, called Reaper or IoTroop, isn’t the first to target poorly secured devices. But it’s doing so at an alarmingly fast rate, according to security firm Check Point, which noticed the malicious code last month. The malware has infected “hundreds of thousands” of devices, said Maya Horowitz, threat intelligence group manager at Check Point. Reaper brings up memories of malware known as Mirai, which formed its own giant botnet in 2016 and infected over 500,000 IoT devices, according to some estimates. It then began launching a massive distributed denial-of-service (DDoS) attack that disrupted internet access across the US. Reaper could be used to launch a similar attack, Check Point researchers said. The good news is the infected bots haven’t launched any DDoS campaigns. Instead, they’re still focused on enslaving new devices. Researchers at security firm Qihoo 360 also noticed the Reaper malware, and found evidence it was trying to infect at least 2 million vulnerable devices. Reaper even borrows some source code from Mirai, though it spreads itself differently, Qihoo said. Unlike Mirai, which relies on cracking the default password to gain access to the device, Reaper has been found targeting around a dozen different vulnerabilities found in products from D-Link, Netgear, Linksys, and others. All these vulnerabilities are publicly known, and at least some of the vendors have released security patches to fix them. But that hasn’t stopped the mysterious developer behind Reaper from exploiting the vulnerabilities. In many cases, IoT devices will remain unpatched because the security fixes aren’t easy to install. Who may have created the malware and what their motives are still isn’t known, but all the tools needed to make it are actually available online, Horowitz said. For instance, the source code to the Mirai malware was dumped on a hacking forum last year. In addition, data about the vulnerabilities Reaper targets can be found in security research posted online. “It’s so easy to be a threat actor when all these public exploits and malware can be just posted on GitHub,” she said. “It’s really easy to just rip the code, and combine, to create your own strong cyber weapon.” Unfortunately, little might be done to stop the Reaper malware. Security experts have all been warning that poorly secured IoT devices need to be patched, but clearly many haven’t. “This is another wakeup call” for manufacturers, Horowitz said. Source: https://www.pcmag.com/news/356926/new-mirai-like-malware-targets-iot-devices

Read the original post:
New Mirai-Like Malware Targets IoT Devices

Android malware on Google Play grows botnets, launches DDoS attacks

The Sockbot malware has made its way into at least eight Apps in the Google Play Store with the intent of adding devices to botnets and performing DDoS attacks. Symantec researchers said the malicious apps have each been downloaded between 600,000 and 2.6 million times respectively and has primarily targeted users in the United States although infections have been spotted in Russia, Ukraine, Brazil, and Germany, according to an Oct 18 blog post. One of the malicious apps poses as an app that will allow users to modify their Minecraft characters. The app uses a SOCKS proxy mechanism and is commanded to connect to an ad server and launch ad requests. “This highly flexible proxy topology could easily be extended to take advantage of a number of network-based vulnerabilities, and could potentially span security boundaries,” the post said. “In addition to enabling arbitrary network attacks, the large footprint of this infection could also be leveraged to mount a distributed denial of service (DDoS) attack.” Researchers contacted Google Play on Oct. 6 and the malicious apps have since been removed from the store. To prevent downloading similar malicious apps users should keep software updated, refrain from downloading apps from unfamiliar sites, only install apps from trusted sources, and pay close attention to the permissions requested by an app. Users should also install mobile security apps and make frequent backups of data. Source: https://www.scmagazine.com/sockbot-malware-adds-devices-to-botnets-executes-ddos-attacks/article/701189/

Visit site:
Android malware on Google Play grows botnets, launches DDoS attacks

What is cyber terrorism?

How is cyber terrorism defined and how likely is an attack? Everyone is familiar with what “terrorism” means, but when we stick the word “cyber” in front of it, things get a bit more nebulous. Whereas the effects of real-world terrorism are both obvious and destructive, those of cyber terrorism are often hidden to those who aren’t directly affected. Also, those effects are more likely to be disruptive than destructive, although this isn’t always the case. Cyber terrorism incidents One of the earliest examples of cyber terrorism is a 1996 attack on an ISP in Massachusetts. Cited by Edward Maggio of the New York Institute of Technology and the authors of Internet: A Historical Encyclopedia, Volume 2 , a hacker allegedly associated with the white supremacist movement in the US broke into his Massachusetts-based ISP after it prevented him from sending out a worldwide racist message under its name. The individual deleted some records and temporarily disabled the ISP’s services, leaving the threat “you have yet to see true electronic terrorism. This is a promise” While this is a clear example of a cyber-terrorist incident carried out by a malicious, politically motivated individual that caused both disruption and damage, other frequently listed examples fit less clearly into the category of “terrorism”. For example, while attacks that have taken out emergency services call centres or air-traffic control could be considered cyber terrorism, the motivation of the individuals is often unclear. If a person caused real-life disruption to these systems, but had no particular motivation other than mischief, would they be classed as a terrorist? Perhaps not. Similarly, cyber protests such as those that occurred in 1999 during the Kosovo against NATO’s bombing campaign in the country or website defacements and DDoS attacks are arguably online versions of traditional protests, rather than terrorism. Additionally, in the case of civil war, if one side commits a cyber attack against the other then it can be said to be more of an act of war – or cyber war – than one of cyber terror. Again, where there is a cold war between nations, associated cyber attacks could be thought of as sub-conflict level skirmishes. Indeed, the FBI defines cyber terrorism as “[any] premeditated, politically motivated attack against information, computer systems or computer programs, and data which results in violence against non-combatant targets by sub-national groups or clandestine agents”. Under this definition, very few of the tens-of-thousands of cyber attacks carried out every year would count as cyber terrorism. The future of cyber terrorism As the number of connected devices increases, the likelihood of a more destructive cyber terrorist incident – something on a par with an attack in the physical world – becomes increasingly possible. The security industry is full of stories and proofs of concept about hacking medical devices, with two particularly famous demonstrations being given by New Zealander Barnaby Jack. This opens up the possibility for targeted assassinations or mass-scale killings carried out remotely and potentially across borders. Similarly, there are concerns self-driving vehicles could be turned into remote-controlled missiles and used in an attack, although the counter argument is that such vehicles will make the roads safer in the face of terrorists driving conventional vehicles into crowds. Another possible style of cyber terrorism is disruption of infrastructure in a way that could potentially endanger life. For example, in 2016 an unknown actor caused a disruption that saw two apartment buildings in Finland lost hot water and heating for a week in the dead of winter. In locations as cold as Finland, actions like this could cause illness and death if widespread and sustained. Nevertheless, the likelihood is most serious cyber attacks will be acts of cyber warfare, rather than cyber terrorism, as nation states have larger and more sophisticated resources at hand. Source: http://www.itpro.co.uk/security/29726/what-is-cyber-terrorism

See the original post:
What is cyber terrorism?

Cybersecurity: into the data breach

Cybersecurity has become a significant issue as attacks are increasing. In the new payments ecosystem, where third-party developers can directly interact with banks’ customers, data privacy and security become paramount, according to the World Payments Report 2017 by Capgemini and BNP Paribas . A significant issue to address as the new payments ecosystem evolves is that of cybersecurity. During the past few years, cyberattacks and crimes have increased across the globe, with corporate and financial institution entities, large and small, targeted. The price of increasing collaboration among industry stakeholders in the new payments ecosystem could be an increase in cyber security vulnerabilities. To alleviate this risk, corporates are increasingly turning to their banks for advice on how to strengthen their infrastructures against cyber attacks. To ensure the highest levels of cybersecurity and the security of infrastructures in the new payments ecosystem, each stakeholder must assess security across all the data sources and points of collaboration. The need for robust cyber security solutions to cater to all forms of cyberthreats has never been greater for corporate treasurers as new technologies proliferate and collaboration increases. Of prime importance for corporates in developing defence mechanisms is awareness of potential cyber security risks, regular updating of security profiles and continuous training of employees. This is because attacks perpetrated by cybercriminals are unpredictable in both timing and nature. The vulnerabilities stakeholders face include cyber security, data privacy, data breaches, and payments fraud. The utmost vigilance is required to protect organisations against cyber attacks and all stakeholders, including regulators, must be more proactive regarding cybersecurity, with ownership of the issue taken to prevent attacks. In the new payments ecosystem, third-party developers can directly interact with a partner banks’ customers, raising questions about data privacy and security. In an increasingly networked ecosystem, identifying the source of attack will be a challenge. Verizon’s 2017 Data Breach Investigations Report found that security incidents and data breaches affect both large and small financial organisations almost equally. However, the security of larger banks is difficult to compromise as they invest more in cyber security solutions. Smaller banks, which do not have the same access to resources, are more prone to cyberattacks. A fraud survey by the Association for Financial Professionals and JP Morgan found that the highest levels of fraud in 2016 were perpetrated via cheques. However, there was a surge in wire transfer fraud, from 27 per cent in 2014 to 46 per cent in 2016. An increasing number of cyber security breaches are causing significant losses for banks and corporates across the world. Among recent incidents, in February 2016, a cyberheist at Bangladesh Central Bank resulted in a loss of $81 million and prevented another $850 million worth of transactions from being processed on the Swift network. Similarly, in May 2016 cybercriminals hacked the Swift system and stole $9 million from Ecuadorian bank Banco del Austro. In May 2017, the WannaCry ransomware attack affected more than 150 countries and 200,000 computers, as attackers demanded each of those affected to pay up to $300 worth of bitcoins to unlock their systems. In a survey for World Payments Report , bank executives ranked distributed denial of service (DDoS) attacks and customer payments fraud as the main security challenges they face. Also of concern were the high levels of card fraud, which place a significant cost burden on banks. The increasing adoption of digital offerings in transaction banking is also giving rise to higher levels of payments fraud, making cyber security a top priority for banks and corporates. Customer payments fraud is the top ranked concern for financial technology companies and other survey respondents. This group is much less likely to view DDoS attacks as a threat; data breaches due to hacking attacks was of more concern, as was internal fraud. While banks are investing significantly in cybersecurity solutions, there are still many risks at the corporate level that they cannot manage. Corporates must, therefore, step up their own efforts to manage cybersecurity risk and not leave it all to the banks. They should upgrade their internal systems, train their staff, and review their partners’ systems. The idea of a cyberattacker as a lone figure hacking into systems is now obsolete. Cyberattacks are perpetrated by entities that are set up like companies, with project managers, key performance indicators and operations. Attacks to compromise corporates and banks are designed to be multi-staged, with two main objectives: commercial gain and industry espionage. In general, the funds received via attacks go into the coffers of the organisation, while the intelligence gained during an attack will be used by perpetrators to gain a business advantage. Attacks can happen at any time, and over time, therefore all corporates should be vigilant and on constant guard against attacks. So serious are the growing cyberattack and data breach problems that regulators across the globe should move from their present reactive approach to a more proactive one. Stringent regulations and fines to strengthen cybersecurity laws are required from regulators. Many regulations related to this are, however, still in the inception stage. Europe has relatively the most mature cybersecurity and data privacy laws, with recent initiatives including the Electronic Identification and Trusted Service which was launched in 2016. Effective cybersecurity requires organisations to efficiently and quickly identify, mitigate and manage cyber risks and incidents. All stakeholders are taking measures to strengthen the security of transactions against potential cyber threats. Banks and other stakeholders have three options available to them: collaborating with financial technology companies, making investments in advanced technologies and monitoring tools, and strengthening internal governance to ensure seamless compliance. Collaboration with fintechs This is occurring in several areas including secure authentication and authorisation, account onboarding, identity verification and anti-money laundering. Examples include India’s Yes Bank and FortyTwoLabs’ development of multi-factor authentication tool PI-Control, which enables users to apply for internet banking access, pay bills, transfer funds, seek loans, make remittances and undertake other card transactions. Rabobank in the Netherlands is working with Signicat to provide digital identity solutions that can be easily integrated using API technology. As banks increasingly collaborate with fintechs and regtechs, due diligence, adherence to industry standards and participating in the development of new industry standards has become critical. Investment in advanced technologies and monitoring tools Blockchain technology is still in a nascent stage, with its potential as an enabler of digital identity and payment transaction security still being tested. Banks can leverage the technology to differentiate themselves in the provision of digital identity, authentication and know your customer services. Banks are investing in projects that combine advanced cryptography that supports private or permitted use of blockchain technology with transaction security elements that provider greater transaction visibility. To ensure the highest levels of cybersecurity and transaction security, all the ecosystem participants must assess security from multiple sources in the network. Common security standards and protocols when developing and investing in new technologies and monitoring tools will be increasingly important as collaboration increases. With a common network governing the interfaces between banks and third-party providers, various groups are developing network-based security standards to ensure a secure environment is built around the dynamic payments ecosystem. The ability to respond to cyber threats or attacks in real-time is hampered by legacy security systems. Traditional security monitoring typically identified and reacted to cyber threats in isolation. A modern approach identifies specific unusual patterns or behaviour and alerts operational teams to anomalous activity. Advanced machine learning algorithms are the logical next step as response mechanisms in the event of a threat. Artificial intelligence (AI) systems are being piloted globally, yet legal issues regarding accountability for the actions of such systems persist. Contextualisation of threats (linking the threat to the business and not just to technology) is needed to identify the source and understand the objective behind any attack. Another useful approach is risk-based authentication (RBA) to detect the risk profile of transaction banks and retailers. Using RBA and analytics processes, banks can create a threat matrix of fraud profiles to triangulate the threat instances to their origin and be able to proactively block fraudulent traffic. Behavioural analytics, AI, machine learning and threat matrix can help to continuously monitor the ecosystem network and provide threat intelligence. Banks can undertake various activities such as continuously checking all systems for possible threats, observing markets, scenario simulation, examination of previous attacks, monitoring activities and applications, and establishing a payments control centre to permanently monitor payments and identify exceptional situations. Robust internal governance A robust governance model and standards are imperative for seamless functioning of the new payments ecosystem. Banks and treasurers need to interact with central authorities and regulators to share feedback, which in turn will help to improve compliance. Banks and treasurers are increasingly collaborating with regtechs to ensure compliance. Industry stakeholders must establish common data, technical, legal, functional, and security standards for robust governance. Firms will be well served if they can ensure that security systems have multiple layers to withstand ‘flood’ attacks. To ensure a foolproof system, firms should identify the data needs of all stakeholders before finalising the controls to put in place. With the onset of General Data Protection Regulation (GDPR) and revised Payment Services Directive (PSD2) in the EU, the focus on compliance with data privacy and security has increased. Firms must install a dedicated team to continuously review and update security policies. Additionally, stakeholders should work with the local regulatory authorities to understand the complexity of different regional legal requirements and expectations for each country. Firms must ensure mandatory data privacy and security training is conducted at regular intervals. Educating employees on potential threats and ensuring they keep their systems updated would have prevented, or greatly reduced the impact of, events such as the WannaCry ransomware attack. Source: http://www.bankingtech.com/1019032/cybersecurity-into-the-data-breach/

View article:
Cybersecurity: into the data breach

Dark Web Marketplaces Go Down In Reported Mass DDoS Attack

There seems to be some turbulence going on in the murky world of the dark web, with four of its major drug marketplaces unexpectedly going offline, reports said. The dark web is a section of the internet where people contact each other anonymously without the fear of being monitored. It is usually used by criminals to sell drugs, chemicals, weapons, child abuse images and even offer assassination services. Websites The Trade Route, Tochka, Wall Street Market and Dream Market, were down without any notification or clarification from the sites’ administrators. According to some users of such markets, this might either be a DDoS attack by a hacker or a large scale action by law enforcement authorities.                     However, there are more chances of the former happening than the latter. Some dark web users have also started complaining of botnet attacks.           Another farfetched theory is that this is scam by a bunch of drug dealers — taking off with the money of their clients while not providing them with the required merchandize. With no notification or clarification from the sites’ administrators, the exact reason for the sudden disappearance of such marketplaces remains unclear. However, a user going by the name Automoderator commented on a the subreddit /r/DarkNetMarketNoobs that the WallStreetMarket is not listed currently, as it is facing “very serious issues” and warned others to avoid it all costs. Some other users on the subreddit say that the Dream Market has been working fine on all its mirrors, but, however its main site is down. At the time of writing, the marketplaces were still down, according to dark web marketplace tracker deepdotweb. Many sites on the dark web are also run by law enforcement — the Australian Police ran one of the world’s biggest child porn sites on the dark web between October 2016 and September 2017, called Child’s Play, in an effort to nab pedophiles. The police grabbed the administrator access from two cyber criminals — Benjamin Faulkner and Patrick Falte and started administering the sites. Police even posted more child porn on the site in an effort to convince the viewers that the site had not been taken over by the authorities. By the time they shut down the site, police were able to nab more than 90 pedophiles in Australia and 900 across the world. In case, the marketplaces were being taken over by law enforcement to nab drug traffickers and child porn purveyors, it might be a different case. However the development has many dark web users in a state of paranoia and many users have posted on Reddit reminding other users of such busts. Such attacks on dark web markets in the past have usually begun with large-scale DDoS attacks. In July, a massive trans-continental sting saw two of the dark web’s biggest sites at the time, AlphaBay and Hansa, being taken down. Law enforcement agencies claimed they were able to collect incriminating information on hundreds of buyers and vendors, going as far as threatening to prosecute them. Source: http://www.ibtimes.com/dark-web-marketplaces-go-down-reported-mass-ddos-attack-2601105

See the original article here:
Dark Web Marketplaces Go Down In Reported Mass DDoS Attack

DDoS Attacks Cause Train Delays Across Sweden

DDoS attacks on two separate days have brought down several IT systems employed by Sweden’s transport agencies, causing train delays in some cases. The incidents took place early in the mornings of Wednesday and Thursday, October 11 and 12, this week. The first attack hit the Sweden Transport Administration (Trafikverket) on Wednesday. According to local press, the attack brought down the IT system that manages train orders. The agency had to stop or delay trains for the time of the attack. Trafikverket’s email system and website also went down, exacerbating the issue and preventing travelers from making reservations or getting updates on the delays. The agency used Facebook to manage the crisis and keep travelers informed. Road traffic maps were also affected, an issue that lingers even today, at the time of publishing, according to the agency’s website. Three Swedish transportation agencies targeted Speaking to local media, Trafikverket officials said the attack was cleverly aimed at TDC and DGC, the agency’s two service providers, but they were both aimed in such a way to affect the agency’s services. Trafikverket was able to restore service in a few hours, but the delays affected the entire day’s train operations. While initially, some might have thought this was a random incident, the next day, a similar DDoS attack hit the website of another government agency, the Sweden Transport Agency (Transportstyrelsen), and public transport operator Västtrafik, who provides train, bus, ferry, and tram transport for parts of Western Sweden. Cyber-warfare implications In perspective, both incidents give the impression of someone probing various parts of Sweden’s transportation system to see how the country would react in the face of a cyber-attack and downtime. The DDoS attacks come a week after a report that Russia was testing cyber-weapons in the Baltic Sea region. In April 2016, Swedish officials blamed Russia for carrying out cyber-attacks on the country’s air traffic control infrastructure that grounded flights for a day in November 2015. Source: https://www.bleepingcomputer.com/news/security/ddos-attacks-cause-train-delays-across-sweden/

Read More:
DDoS Attacks Cause Train Delays Across Sweden

Nginx with Stream Module Dynamic Upstream CNAME

In the age on scalable web applications , many organizations turn to cloud-based server hosting to dynamically add additional servers during peak usage, or attain redundancy by having multiple geographic web -server locations. One of the methods used for this is DNS CNAME resolution. Using this option with various cloud hosting providers that support it can allow the following: 1) Load Balancing. The CNAME DNS record can be configured to respond to requests with more then one IP Address, allowing load balancing of multiple origin servers, dynamically scaled by the cloud hosting providers DNS service. 2) Global Server Load Balancing. The cloud hosting DNS can provide different record results in different geographic areas of the world. This can be achieved based on Geo-Location or other methods. 3) Fail-over redundancy. Since the CNAME record is controlled by the cloud provider, upon failure of one data center, all records pointing to a geographic location which has failed can be automatically switched to the remaining data-center. Is there a way Nginx can perform Dynamic DNS resolution, for CNAME or other records used as Upstreams/Origins? Reverse proxies have been a core component of our service since 2007, to say we are experienced in this area is an understatement. Which is why when a customer of ours was having trouble configuring their open-source Nginx to use cnames for their load balancing configuration, they came to us to see if we had any advice or ideas (one of the many benefits being part of a fully managed DDoS mitigation service). The challenge the customer was facing, and which some of you Nginx administrators may be aware of, is that the open-source version of Nginx does not have a built in dynamic DNS resolver. Essentially it will only resolve domains initially on web-server “start”, and “reload”, but will not update the record if a DNS record changes during running operation. After doing some research on various forums and testing in our labs, we identified that in order to use open-source Nginx to dynamically resolve domains, one would have set the domain in a variable, which would then cause Nginx to resolve the domain in the variable dynamically, and according to Nginx’s DNS Cache/TTL . The variable is then used in the “proxy_pass” directive to send the visitor to the correct origin without requiring a reload to be kept up to date. **There is a problem with using the above workaround for Nginx’s “Stream” module; The “Set” directive does not exist. If you attempt to perform the same method on a TCP Pass-through using Nginx Stream, you will find that since the ‘set $variable “value”; ‘ method is not available within Nginx Stream. The previous method cannot be used. Is there a way to perform dynamic DNS resolution within open-source Nginx’s stream module, or is a 3rd party module that could be used? Although there is a “stream-lua-nginx” module by Openresty team being developed that could be used for such a purpose, we are not aware of any free 3rd party Dynamic DNS resolution modules that work with Stream. There is however a way to use essentially the same method as used with the Nginx HTTP Proxy, by using the Nginx Stream Map directive. Above is the relevant configuration file snippet. **This configuration snippet requires that you have a base nginx.conf configuration already setup. Included in the example are the portions of the configuration that should be present within the Nginx “stream” directive. ***Please keep in mind the following facts: 1) Fail-over / Load Balancing behavior works differently then standard Nginx upstreams. Instead of using Nginx upstream load balancing or Passive health-checks, Load Balancing and Redundancy should be handled by the CNAME DNS service itself; Nginx “Upstream” directives are not used in this case, so there is no way to mark a server as down. Since there is more then one worker process in any deployed configuration, Round Robin DNS , where a Nameserver lookup returns more then one resulting record can be used to perform load balancing. 2) Each Nginx “Worker” will perform DNS lookups for requests handled by that worker. This means that if you have 20 worker processes , all 20 will be performing DNS lookups and caching the results , holding the results in memory for the DNS Cache/TTL configured using the Nginx “resolver” directive. You may want to use a local DNS server or caching resolver in order to lower the number of DNS queries made. Scott Girbav DOSarrest Internet Security Senior Network Security Engineer Source: https://www.dosarrest.com/ddos-blog/nginx-with-stream-module-dynamic-upstream-cname/

See the article here:
Nginx with Stream Module Dynamic Upstream CNAME