Tag Archives: denial of service

Anonymous Legion claims attack on Minnesota courts website

The international activist hacker group Anonymous Legion is claiming responsibility for an attack on the Minnesota Judicial Branch’s website that rendered it unusable for most of Wednesday. State officials became aware of the “distributed denial-of-service” (DDoS) attack about 8 a.m. Wednesday, around the same time Anonymous Legion e-mailed the Star Tribune. “Servers have also been penetrated and data has been secured, contrary to what they will tell you,” said Anonymous Legion’s e-mail. “This will occur frequently.” The group said the act was executed “collectively, through a global attack.” It is known for DDOS attacks on government websites, among others. The attack is similar to ones that interrupted the site last December. Last year’s attacks were traced to Asia and Canada. The state did not say Wednesday whether the attacks may be linked. “We are in the process of communicating with the FBI Cyber Task Force about this incident,” Beau Berentson, a spokesman for the state court administration office, said in a written statement. The website (www.mncourts.gov), visited by thousands every day looking to access court resources and information, was taken offline as the attack was investigated. Access to the site was restored around 5:15 p.m. “We have no evidence that any secure data has been inappropriately accessed,” Berentson said. Other online resources linked through the website are still functioning, including eFiling and eService, the Court Payment Center and remote access to district and appellate court records. The website was down for several hours from Dec. 21 to 31 in the previous attacks. “In a DDOS attack, an outside entity attempts to overwhelm an online resource with so much network traffic that it is no longer accessible to legitimate users,” State Court Administrator Jeff Shorba said in a January statement about last year’s attacks. “During these attacks, the Minnesota Judicial Branch did not experience any form of data breach or inappropriate access to court records, nor is there any evidence to suggest that the attackers attempted to gain access to Judicial Branch records or information.” Those attacks were reported to the federal government and Canadian authorities. “DDoS attacks are becoming increasingly common against high-profile websites in both the public and private sectors,” Shorba said in January. “While we cannot prevent these attacks from being launched, the Minnesota Judicial Branch is now better prepared to respond to these types of attacks in the future.” Source: http://www.startribune.com/minnesota-courts-website-attacked-again-by-hackers/384003231/

Continue Reading:
Anonymous Legion claims attack on Minnesota courts website

Overwatch Servers Went Down After Alleged DDoS Attack

Infamous hacker group Lizard Squad is thought to be at it again, this time taking down Overwatch servers and leaving players unable to join and remain in a session. Over the past week, Blizzard has been experiencing some problems with Battle.net that have made it difficult for players to use the service as intended with games like Overwatch . Now, there’s word that these issues might have been caused by a DDoS attack launched by members of hacker group Lizard Squad. Some users are reporting that they are unable to log in to Battle.net. Others are able to enter, but find themselves kicked out of multiplayer matches in Overwatch for seemingly no reason. Ordinarily, issues like these would be brushed off as being part and parcel of the modern online experience. However, a suspicious tweet from a known Lizard Squad member has led to the group being implicated, according to a report from VG247. The above tweet is being taken as proof that Lizard Squad member AppleJ4ck was involved with the attack. Some Overwatch players responded to his post to vent their annoyance about the situation — to which AppleJ4ck responded, “in a way, I’m doing y’all a favor.” This is not the first time that Lizard Squad has targeted organizations within the video game industry. The group rose to prominence back in 2014, when a coordinated attack brought down the PlayStation Network and Xbox Live over Christmas, causing massive headaches for the companies involved. Of course, the attack was not an unmitigated success for the group, as the high-profile hack made Lizard Squad an immediate target for authorities. Just days later, a 22-year-old alleged to be a part of the organization was the subject of a raid by police in the United Kingdom. However, the strength of a group like Lizard Squad is the fact that they are spread all over the world. Individual members can be found and brought to justice, but it’s difficult to make a concerted attempt to stamp out its activity outright. If the situation is hard on the authorities, then it’s even more challenging for a company like Blizzard. The overwhelming popularity of Overwatch means its hard enough for the company to keep Battle.net afloat at the best of team, never mind when there are hackers on the prowl. Unfortunately, criminal elements like Lizard Squad are part and parcel of the modern online experience. Companies like Blizzard have to take these groups into consideration when operating a service like Battle.net — hackers have the power to ruin the experience for the rest of us, and the only defence is a robust level of security. Source: http://gamerant.com/overwatch-servers-down-ddos-attack-846/

More:
Overwatch Servers Went Down After Alleged DDoS Attack

Defending against DDoS-Day

It was tax time in Australia, 2014, and one Sydney tax agent, like many others across the country, was all-hands-on-deck as staff took endless calls and filled appointment diaries. The frantic pace was welcomed at the young firm, which prided itself on being hip, casual, and cool. The firm’s slick, mobile-friendly website and a good search engine ranking brought a decent rush of new clients to the firm each year. So when the site went on- and offline over the course of a week, phones stopped ringing and staff panicked. The firm was on the receiving end of a distributed denial-of-service (DDoS) attack from IP addresses out of Eastern Europe that overwhelmed the small business IT infrastructure. An email in the company’s generic inbox demanded that US$1,000 be wired to a Western Union account in order for the attacks to stop. “We called our tech guys and they tried to block it,” a senior tax accountant told CRN on condition of anonymity. “We called the cops, but no-one could fix it quickly enough so we paid.” The price was cheap compared to the damage wrought. And fears that the criminals would just ask for more money once the ransom was paid were unfounded; the attacks stopped abruptly and no more was heard from them. Booters and stressers When a dam threatens to breach, it helps to have a network of diversion channels where the water can flow away from the towns below. So it is that a wave of DDoS packets can be soaked up by throwing large networks in front of the target. The floods are becoming more common, but their nature is changing to something more efficient and dangerous than in previous years. Akamai’s latest release of the popular State of the Internet report for the last quarter of 2015 finds a 149 percent increase in total DDoS attacks and a 169 percent increase in infrastructure layer attacks over the same period in 2014. The “vast majority” of these attacks were from so-called booter or stresser providers, the DDoS-for-hire services that operate with a gossamer-thin veil of legitimacy for customers who pay hourly to monthly rates to point the attacks at their own infrastructure. Of course, many who use the services point the booters at rival businesses, governments and, notably, live-stream gaming video channels operated by rivals. These attacks have “increased dramatically”, Akamai says, compared to the preceding three months, with use of network timing attacks that power the booters up by 57 percent on the previous quarter. Such attacks abuse the network timing protocol so a small query generates a large response, which is redirected at a target. “Network Time Protocol amplification attacks have be used in large-scale DDoS attacks peaking shy of 400Gbps, but DNS amplification attacks have also been successfully used to cripple infrastructure and cause serious financial losses,” BitDefender senior threat analyst Adrian Liviu Arsene says. “One of the largest DDoS attack to date was reported to have reached around 500Gbps, although the standard is somewhere around 100Gbps.” Motive and intent Distributed denial-of-service is the second most likely digital attack to be familiar to the average pedestrian after viruses. The method of attack hit mainstream headlines some six years ago, when online activist group Anonymous brought down major websites, including Paypal, the Recording Industry Association of America and the sites of Canberra public agencies. Systematic arrests followed, bursting the bubble of those participants who thought safety in numbers would shield their IP addresses from being singled out by police. It signalled a fall in popularity of DDoS as a means of protest. The criminal undercurrent remains and here cash is king, but motivations still vary. Businesses use DDoS attacks to knock off rivals and criminals to send sites offline until a ransom is paid. Yet others use the digital flood as a diversion to distract security defenders and set off alarms while they hack into back-end systems. One group known as DDoS for Bitcoin, or DDoS4BC, is using the proven anonymity of the crypto-currency to extort companies through DDoS. It is a safer model for criminals than that which ripped through the Sydney tax accountancy, and considerably more expensive for victims. It is, as of January, known to have hit more than 150 companies around the world, first sending an extortion note demanding between AU$5,600 and a whopping AU$112,000 in Bitcoins before launching small DDoS attacks to demonstrate the group’s capabilities. For some victims, the DDoS may be short-lived and devoid of any apparent motive, according to Verizon Enterprise Solutions investigative response managing principal Ashish Thapar. “We have definitely seen DDoS on the rise and several of our partners are logging double the [usual] number of incidents,” Thapar says. “We are also seeing DDoS attacks bringing companies them to their knees but not entirely offline, which acts as a smokescreen for advanced persistent threat attacks at the back end.” That’s also something Secure Logic chief executive officer Santosh Devaraj has seen. The company hosts iVote, the electronic voting system for NSW, and last year bagged the $990,000 contract to operate it until 2020. “There are ‘DDoS for hire’ groups we’ve seen as part of monitoring iVote that may be trying to gain access to infrastructure at the back,” Devaraj says. “The real threat may not be the DDoS.” DDoS down under Australian businesses are less targeted than those overseas, experts agree, thanks in part to our smaller internet pipes. But with the NBN rolling out, DDoS Down Under is expected to become big. The midmarket is likely to be hit harder, BitDefender’s Arsene says. “Midmarket DDoS attacks are likely to rise as the chances of targets actually paying are higher than for other organisations,” he says. “[Criminals] specifically target midmarket companies that don’t have the technical resources to fend off such attacks.” Akamai chief strategist John Ellis agrees, saying extortionists “tend to hit the sites with a large online presence”. “For cyber adversaries, the [midmarket] provides a fantastic target,” Ellis adds. “A Sydney developer team that relies heavily in online app availability, for example, may have to seriously consider whether it rolls over and pays DDoS extortionists.” The attacks in Australia are, for now, fairly small. “We are seeing bigger DDoS attacks, but they’re nowhere near the size of attacks in the US,” says Melbourne IT cloud and mobile solutions general manager Peter Wright.  “It is partly because infrastructure and bandwidth limitations reduce the size of DDoS attacks. It is an attribute of infrastructure capacity and there is a risk that, as we broaden the pipes [as part of the National Broadband Network], it brings huge benefits but increases the risk profile as well.” Sinking feeling Big banks are smashed by DDoS attacks every day and largely do not bat an eyelid. Online gambling companies, too, across Australia are blasted during big sporting events. These top end of town players have expensive, tried-and-tested scrubbing mechanisms to largely neuter DDoS attacks, although some betting agencies are known to have regularly paid off attackers during the Melbourne Cup, treating it as a cost of business. The midmarket is not left to its own devices, however. Hosting providers like Melbourne IT and others offer DDoS protection against applications and services, while other companies have cheaper offerings for the budget market. “I am sympathetic to the midmarket, their need for bang-for-buck,” Ellis says. “The challenge for the midmarket is that they don’t have the money that they need… they should focus on business outcomes and partners who understand their business and design outcomes.” For Secure Logic’s Devaraj, DDoS mitigation comes down to a solid cyber security operations centre. “It is where I believe the industry should invest, rather than a particular technology.” Yet companies can use free or cheap DDoS protection from the likes of CloudFlare, or opt for do-it-yourself options that require hardening of security defences – something the average small technology shop may lack the ability to do. “There are DDoS sinkholes and capabilities with our cloud partners,” Wright says. “If a resource or function is hit, we can move workloads to other resources dynamically.” Arsene agrees. “Midmarket tech guys need to start by incorporating DDoS attack risks into their corporate security strategies. Using a secure and managed DNS that supports changing internet protocols on the fly is also recommended, as well as patching software vulnerabilities to mitigate application layer attacks.” Source: http://www.crn.com.au/feature/defending-against-ddos-day-419470/page1 http://www.crn.com.au/feature/defending-against-ddos-day-419470/page2

Read the original post:
Defending against DDoS-Day

Flaw in Juniper’s JunOS router software could cause DDoS flood

Juniper has disclosed that that a problem with the Junos router could enable DDoS attacks Juniper has admitted that a vulnerability in IPv6 processing on its Junos router OS could allow malicious packets to be sent to networks resulting in a DDoS attack on infrastructure. In an advisory, the firm said the flaw could enable a specially crafted “IPv6 Neighbor Discovery” (ND) packet to be accepted by the router rather than discarded. “The crafted packet, destined to the router, will then be processed by the routing engine (RE).  A malicious network-based packet flood, sourced from beyond the local broadcast domain, can cause the RE CPU to spike, or cause the DDoS protection ARP protocol group policer to engage. When this happens, the DDoS policer may start dropping legitimate IPv6 neighbors as legitimate ND times out,” the firm said. The firm added that this is similar to the router’s response to any purposeful malicious IPv6 ND flood destined to the router. “The difference is that the crafted packet identified in the vulnerability is such that the forwarding controllers/ASICs should disallow this traffic from reaching the RE for further processing,” according to the advisory. It said that following investigations, only its MX, PTX, and QFX products have been confirmed to experience this behaviour. Juniper added that no fix was presently available at the time of writing and neither was a complete workaround. “Security best current practices (BCPs) of filtering all ND traffic at the edge, destined to network infrastructure equipment, should be employed to limit the malicious attack surface of the vulnerability,” the firm advised. Rich Barger, chief intelligence officer at ThreatConnect, told SCMagazineUK.com that organisations should look to either filter the protocol or packet (if possible). “It looks as if Juniper has included edge firewall rules that can block the neighbour discovery packets as a means to buffer any vulnerable devices,” he said. Richard Cassidy, technical director EMEA at Alert Logic, said that this flaw represents a serious issue for organisations that “Dual Stack” networking with IPv6 and IPv4. He told SC that the issue was “essentially a DDoS attack, through a specially crafted IPv6 ND packet, that can be targeted at JunOS routers from remote attackers. It is fairly simple to identify router OS versions through scanning techniques, which of course leaves most organisations at risk at some level, given the prevalence of Juniper in networking infrastructures globally.” Alex Cruz Farmer, VP of cloud at Nsfocus, told SC that almost every network around the world is considering or planning IPv6 if they have not already. “With this in mind, it’s crucial that the protection is implemented now, to avoid this security hole being exploited in future.” Source: http://www.scmagazineuk.com/flaw-in-junipers-junos-router-software-could-cause-ddos-flood/article/501681/

Visit link:
Flaw in Juniper’s JunOS router software could cause DDoS flood

Anonymous DDoS and shutdown London Stock Exchange for two hours

Anonymous hacktivists take down the London Stock Exchange website for more than two hours as part of protest against world’s banks The online hacktivist group, Anonymous reportedly shut down the London Stock Exchange (LSE) website last week for more than two hours as part of a protest against world’s banks and financial institutions. According to the Mail on Sunday, the attack was carried out by Philippines unit of Anonymous on June 2 at 9am. Previous targets have included the Bank of Greece, the Central Bank of the Dominican Republic and the Dutch Central Bank. The newspaper says: “Anonymous claims the incident was one of 67 successful attacks it has launched in the past month on the websites of major institutions, with targets including the Swiss National Bank, the Central Bank of Venezuela and the Federal Reserve Bank of San Francisco.” A spokesperson for the LSE declined to comment on the incident, however, the attack most likely took the form of a distributed denial of service (DDoS) attack, meaning trading would not have been affected and no sensitive data would have been compromised. In the 24 hours before the LSE site went down, the group also claims that the attack on the LSE was the latest in a series that has also seen it target the websites of NYSE Euronext, the parent company of the New York Stock Exchange and the Turkey Stock Exchange, as part of a campaign called Operation Icarus. According to the newspaper, City of London Police said it was not informed that the LSE website had gone down and had no knowledge of the attack. However, the latest attack may not be a complete surprise. In a video posted to YouTube on May 4, a member of the amorphous group announced in that “central bank sites across the world” would be attacked as part of a month-long Operation Icarus campaign. The video statement said: “We will not let the banks win, we will be attacking the banks with one of the most massive attacks ever seen in the history of Anonymous.” By using a distributed-denial-of-service (DDoS) cyberattack, the group also successfully disrupted the Greek central bank’s website. In light of that event, a separate video was posted to YouTube on May 2. The masked individual representing Anonymous group said: “Olympus will fall. How fitting that Icarus found his way back to Greece. Today, we have continuously taken down the website of the Bank of Greece. Today, Operation Icarus has moved into the next phase.” The Anonymous spokesperson added: “Like Icarus, the powers that be have flown too close to the sun, and the time has come to set the wings of their empire ablaze, and watch the system their power relies on come to a grinding halt and come crashing down around them. We must strike at the heart of their empire by once again throwing a wrench into the machine, but this time we face a much bigger target – the global financial system.” Source: http://www.techworm.net/2016/06/anonymous-ddos-shutdown-london-stock-exchange-two-hours.html

Continue reading here:
Anonymous DDoS and shutdown London Stock Exchange for two hours

UK-Based Llyod’s Bank Sees Decrease in Cyberattacks

Swimming against the torrent of relentless headlines highlighting the lack of cybersecurity among banks, government agencies, and popular websites, the Lloyds Banking Group has seen an 80-90% drop in cyberattacks. The reason? “Enhanced” cybersecurity measures. While banks around the world begin to accept the uncomfortable reality wherein a $81 million cyber-heist is entirely plausible whilst relying on the global banking platform (SWIFT), one UK-based bank has seen a drop in cyber-attacks. UK-based Llyods Banking Group has seen a drop of between 80% to 90%, even though there has been an increase in cyberattacks targeting the UK this year. The revelation was made by Miguel-Ángel Rodríguez-Sola, the group director for digital, marketing & customer development. One of the most common attack vectors remain Distributed Denial of Service (DDoS) attacks. “There had been an increase in the UK in terms of cyber attacks between June and February this year,” Rodríguez-Sola stated. He added “However, over the last two months, I have had five-times less than at the end of last year.” Speaking to the Telegraph , he claimed a greater collaborative effort with law enforcement agencies. More notably, he spoke about the enabling of additional layers of cyber-defenses, without going into specifics. In statements, he said: We needed to re-plan our digital development to make sure that we put in new defences, more layers. [The number of cyberattacks] is now one-fifth or one-tenth of what it was last year. The news of a decrease in cyberattacks faced by the banking group comes during a time when a third bank was recently revealed to be a victim of the same banking group which was involved in a staggering $81 million dollar heist involving the Bangladesh Central Bank. Increasing reports of other member banks of the SWIFT network falling prey to cyberheists has spurred SWIFT to issue a statement, urging banks to report cybercrimes targeting member banks. Source: https://hacked.com/uk-based-llyods-bank-sees-decrease-cyberattacks/

View article:
UK-Based Llyod’s Bank Sees Decrease in Cyberattacks

Anonymous is 2016’s top trending hacktivist group

Anonymous emerges as the leader in 2016’s Trending Hacktivist Groups Anonymous continued to remain at the top in the top trending hacktivist group, says SurfWatch Labs based on the data collected on threat intelligence and social media hype. The hacktivist group was followed by Turk Hack Team (THT), New World Hacking (NWO), and Ghost Squad Hackers. In comparison to other years, the data shows that hacktivism has decelerated and lost its impetus but still has managed to cause enough damages to gather mainstream media attention. The government agencies were hit the most by hacktivism campaigns says the security firm with the most publicity having been created around the now-notorious COMELEC hack by Anonymous Philippines and Lulzsec Philippines, during which information for around 50 million Filipino voters were disclosed. Other than this incident, at the start of the year, the hacktivist groups created a lot of attention to their causes via the massive DDoS attack on BBC, the DDoS attacks on Donald Trump’s websites part of #OpTrump, the DDoS attacks on the Bank of Greece part of #OpIcarus, and the ones on Nissan part of #OpKillingBay. The Bank of Cyprus, the pulling down of ISIS Twitter profiles followed by the Belgium attacks, and the leak of data from NASA’s internal network were some of the other small hacktivism incidents that also managed to garner a lot of attention to causes and the groups behind them. During the first months of 2016, the top five hacktivism campaigns were #OpTrump, #OpKilling Bay, #OpWhales, #OpIsrael, and #OpAfrica. Since #OpIcarus was supposed to last for the entire month of May, it was not included in the list. However, the campaign is sure to become a support in Anonymous’ standard operations. Former big names such as the Syrian Electronic Army (SEA) and Lizard Squad seem to have disappeared with no or little activity from its members, points out SurfWatch Labs in its report. Looks like the SEA group members are perhaps busy avoiding getting arrested considering that the US has filed former charges against members of the group. Source: http://www.techworm.net/2016/05/anonymous-2016s-top-trending-hacktivist-group.html

See the original article here:
Anonymous is 2016’s top trending hacktivist group

Major DNS provider hit by mysterious, focused DDoS attack

Attack on NS1 sends 50 million to 60 million lookup packets per second. Unknown attackers have been directing an ever-changing army of bots in a distributed denial of service (DDoS) attack against NS1, a major DNS and traffic management provider, for over a week. While the company has essentially shunted off much of the attack traffic, NS1 experienced some interruptions in service early last week. And the attackers have also gone after partners of NS1, interrupting service to the company’s website and other services not tied to the DNS and traffic-management platform. While it’s clear that the attack is targeting NS1 in particular and not one of the company’s customers, there’s no indication of who is behind the attacks or why they are being carried out. NS1 CEO Kris Beevers told Ars that the attacks were yet another escalation of a trend that has been plaguing DNS and content delivery network providers since February of this year. “This varies from the painful-but-boring DDoS attacks we’ve seen,” he said in a phone interview. “We’d seen reflection attacks [also known as DNS amplification attacks] increasing in volumes, as had a few content delivery networks we’ve talked to, some of whom are our customers.” In February and March, Beevers said, “we saw an alarming rise in the scale and frequency of these attacks—the norm was to get them in the sub-10 gigabit-per-second range, but we started to see five to six per week in the 20 gigabit range. We also started to see in our network—and other friends in the CDN space saw as well—a lot of probing activity,” attacks testing for weak spots in NS1’s infrastructure in different regions. But the new attacks have been entirely different. The sources of the attacks shifted over the week, cycling between bots (likely running on compromised systems) in eastern Europe, Russia, China, and the United States. And the volume of the attacks increased to the 30Gbps to 50Gbps range. While the attacks rank in the “medium” range in total volume, and are not nearly as large as previous huge amplification attacks, they were tailored specifically to degrading the response of NS1’s DNS structure. Rather than dumping raw data on NS1’s servers with amplification attacks—where an attacker sends spoofed DNS requests to open DNS servers that will result in large blocks of data being sent in the direction of the target—the attackers sent programmatically generated DNS lookup requests to NS1’s name servers, sometimes at rates of 50 million to 60 million packets per second. The packets looked superficially like genuine requests, but they were for resolution of host names that don’t actually exist on NS1’s customers’ networks. NS1 has shunted off most of the attack traffic by performing upstream filtering of the traffic, using behavior-based rules that differentiate the attacker’s requests from actual DNS lookups. Beevers wouldn’t go into detail about how that was being done out of concern that the attackers would adapt their methods to overcome the filtering. But the attacks have also revealed a problem for customers of the major infrastructure providers in the DNS-based traffic management space. While the DNS specification has largely gone unchanged since it was created from a client perspective, NS1 and other providers have carried out a lot of proprietary modification of how DNS works behind the scenes, making it more difficult to use multiple DNS providers for redundancy. “We’ve moved a bit away from the interoperable nature of DNS,” Beevers said. “You can’t slave one DNS service to another anymore. You’re not seeing DNS zone transfers, because features and functionality of the [DNS provider] networks have diverged so much that you  can’t transfer that over the zone transfer mechanism.” To overcome that issue, Beevers said, “people are pulling tools in-house to translate configurations from one provider to another—that did work very well for some of our customers [in shifting DNS during the attack].” NS1, like some of its competitors, also provides a service that allows customers to run the company’s DNS technology on dedicated networks. “so if our network gets hit by a big DDoS attack, they can still have access.” Fixing the interoperability problem will become more urgent as attacks like the most recent one become more commonplace. But Beevers said that it’s not likely that the problem will be solved by a common specification for moving DNS management data. “DNS has not evolved since the ’80s, because there’s a spec,” he said. “But I do believe there’s room for collaboration. DNS is done by mostly four or five companies— this is one of those cases where we have a real opportunity because community is small enough and because the traffic management that everyone uses needs a level of interoperability.” As companies with big online presences push for better ways to build multi-vendor and multi-network DNS systems to protect themselves from outages caused by these kinds of attacks, he said, the DNS and content delivery network community is going to have to respond. Source: http://arstechnica.com/information-technology/2016/05/major-dns-provider-hit-by-mysterious-focused-ddos-attack/

Visit site:
Major DNS provider hit by mysterious, focused DDoS attack

DDoS-for-Hire Services Go Up on Fiverr for 5 Bucks

In a new wrinkle in cybercriminal business modeling, distributed denial of service (DDoS)-for-hire services are being offered on the popular website Fiverr—where, as its name suggests, various professional services are offered for $5. According to Imperva, DDoS-for-hire services are a widespread business for hackers, typically billing themselves as “stressor” services to “help test the resilience of your own server.” In reality, they’re renting out access to a network of enslaved botnet devices, (e.g., Trojan-infected PCs), which are used as a platform to launch DDoS attacks. And once a user hands over his money, the criminals don’t care whose servers are ‘stress tested.’ A year ago, Imperva’s survey of the 20 most common stressor services showed that the average price was $38 per hour, and went as low as $19. Recently, the SecureWorks Underground Hacker Marketplace Report showed that, on the bottom end, the cost of hiring such a service on the Russian underground dropped to just five dollars per hour. “The price tag made us think of Fiverr—a trendy online marketplace where various professional services are offered for five bucks?” Incapsula researchers said, in a blog. “Would DDoS dealers have the audacity to use this platform to push their wares? A quick site search confirmed that, in fact, they would.” Imperva reached out to see if the Fiverr offers were the innocent stress testers they claimed to be. “To do so, we created an account on Fiverr and asked each of the stressor providers the following question: Regarding the stress test, does the site have to be my own?” the researchers noted. “Most had the good sense to ignore our message. One suggested that we talk on Skype.” In the end, an offering with a skull and bones image that offered to “massive DDoS attack your website” responded, saying: “Honestly, you [can] test any site. Except government state websites, hospitals.” Imperva quickly contacted Fiverr to let them know about the misuse of their service—they responded and acted to remove the providers. “Fiverr’s decisive action should serve as an example to an online community that, by and large, has accepted the existence of illegal stressors as a fact of life,” the researchers noted. Source: http://www.infosecurity-magazine.com/news/ddosforhire-services-go-up-on/

More:
DDoS-for-Hire Services Go Up on Fiverr for 5 Bucks

Image shutterstock_387773863-300x300.jpg

Devices Infected With New Ransomware Versions Will Execute DDoS Attacks

A combination of Ransomware and DDoS attacks is heralding a new wave of cyber attacks against consumers and enterprises around the world. Security experts are concerned this may become a standard practice going forward; this is not good news by any means. Ransomware And DDoS Is A Potent Mix Over the past few years, ransomware attacks have become the norm rather than an exception. But the people responsible for these attack continue to improve their skills, and infected machines will now start executing distributed denial of service attacks as well. Not only will users not be able to access their files, but the device will also become part of a botnet attacking other computers and networks around the world. KnowBe4 CEO Stu Sjouwerman stated: “ Adding DDoS capabilities to ransomware is one of those ‘evil genius’ ideas. Renting out DDoS botnets on the Dark Web is a very lucrative business, even if prices have gone down in recent years. You can expect [bundling] it to become a fast-growing trend.” One of the first types of ransomware to embrace this new approach is Cerber, a Bitcoin malware strain which has been wreaking havoc for quite some time now. Attacks have been using “weaponized” Office documents to deliver malware to computers, which would then turn into a member of a botnet to DDoS other networks. While some people see this change as a logical evolution of ransomware attacks, this is a worrying trend, to say the least. Assailants can come up with new ways to monetize their ransomware attacks, even if the victim decides not to pay the fee. As long as the device is infected, it can be used to execute these DDoS attacks, which is a service worth the money to the right [wrong] people. A recent FireEye report shows how the number of Bitcoin ransomware attacks will exceed 2015 at the rate things are going right now. Now that DDoS capabilities are being added to the mix, it is not unlikely the number of infections will increase exponentially over the next few months. Moreover, removing the ransomware itself is no guarantee computer systems will not be used for DDoS purposes in the future, and only time will tell if both threats can be eliminated at the same time. Source: http://themerkle.com/devices-infected-with-new-ransomware-versions-will-execute-ddos-attacks/

View post:
Devices Infected With New Ransomware Versions Will Execute DDoS Attacks