Tag Archives: enterprise

Sad-sack Anon calling himself ‘Mr Cunnilingus’ online is busted for DDoSing ex-bosses

Electronics tutor’s taunts come back to haunt him An electronics technician pleaded guilty on Wednesday to orchestrating distributed denial of service (DDoS) attacks on a former employer and other organizations – and to unlawfully possessing a firearm as a former felon.…

Link:
Sad-sack Anon calling himself ‘Mr Cunnilingus’ online is busted for DDoSing ex-bosses

OK, OK, MIRA-I DID IT: Botnet-building compsci kid comes clean

Jha rule-breaker and pals confess IoT gadget hack crimes, now facing the slammer A former New Jersey college student has copped to helping create and run the massive Mirai DDoS botnet.…

More here:
OK, OK, MIRA-I DID IT: Botnet-building compsci kid comes clean

New phishing campaign uses 20-year-old Microsoft mess as bait

Necurs botnet spreads ransomware carried in Office documents The ever-vigilant folk at the Internet Storm Centre (SANS) have spotted yet another campaign trying to drop the Locky ransomware using compromised Word files.…

Link:
New phishing campaign uses 20-year-old Microsoft mess as bait

New phishing campaign uses 30-year-old Microsoft mess as bait

Necurs botnet spreads ransomware carried in Office documents The ever-vigilant folk at the Internet Storm Centre (SANS) have spotted yet another campaign trying to drop the Locky ransomware using compromised Word files.…

Visit link:
New phishing campaign uses 30-year-old Microsoft mess as bait

UK lotto players quids in: Website knocked offline by DDoS attack

It could be you* The UK National Lottery has apologised for a website outage that left money in their pockets of punters unable to play games on Saturday evening.…

Read the article:
UK lotto players quids in: Website knocked offline by DDoS attack

DDoS Extortionist Copycats Continue To Hound Victims

It has been a while sine I wrote about this subject (or about anything at all for that matter) but, it occurred to me to today that the distributed denial of service (DDoS) extortionist issue is a problem that needs to be talked about again. Over the last couple years there have been a lot of websites come under attack from miscreants armed with all manner of distributed denial of service platforms and tools. Often these attackers would first launch an attack and then contact the victim company to say “check your logs to see we’re for real”. Once their bonafides were established they would then demand a sum of money to be paid in bitcoin or suffer the “wrath” of their DDoS attack that was more often that naught was severely oversold. There have been examples of criminal outfits like DD4BC who were true to their word when they made a threat. They would in fact follow through on their threat of an attack. This came to an unceremonious end a year ago when one of the main ne’er do wells was arrested by Europol. More often than naught however, these extortion gangs turn out to be little more than confidence tricksters. One such example was the Armada Collective. This was a criminal outfit that did little more than threaten targets but, with one lone exception, never followed through on the threats they made. Mind you, they did end up making a tidy sum of money from their victims. What this did accomplish was to set a precedent that has given rise to the copycat attackers. A prime example of this was an in an email that I received from a friend. His organization was threatened by a copycat group that were masquerading as the Armada Collective. Basically using the name as a hex sign. A brand name that could be used to possibly intimidate an organization. Here is a redacted version of the email that he provided to me. From: Armada Collective Sent: Subject: ATTENTION: Ransom request!!! FORWARD THIS MAIL TO WHOEVER IS IMPORTANT IN YOUR COMPANY AND CAN MAKE DECISION! We are Armada Collective. All your servers will be DDoS-ed starting Wednesday (Jun 29 2016) if you don’t pay 5 Bitcoins @ [Bitcoin wallet address redacted] When we say all, we mean all – users will not be able to access sites host with you at all. If you don’t pay by Wednesday, attack will start, price to stop will increase by 5 BTC for every day of attack. If you report this to media and try to get some free publicity by using our name, instead of paying, attack will start permanently and will last for a long time. This is not a joke. Our attacks are extremely powerful – sometimes over 1 Tbps per second. So, no cheap protection will help. Prevent it all with just 5 BTC @ [Bitcoin wallet address redacted] Do not reply, we will probably not read. Pay and we will know its you. AND YOU WILL NEVER AGAIN HEAR FROM US! Bitcoin is anonymous, nobody will ever know you cooperated. While people might not be aware that an organization had in fact cooperated, as per their email, they would be setting a horrible example. The more that companies pay extortionists like this the more emboldened that the criminals would become. This could potentially become a lucrative endeavor for the criminals. At the time of this writing 1 bitcoin was valued at roughly $628 USD. At a bare minimum there would be 5 bitcoin per email above, they would be raking in at least $3000 USD for each successful attack. Not bad for the cost of an email. If you are the recipient of an email like this, seek help to protect your enterprise. Do not feel compelled to pay the attackers. You have no guarantees that they won’t return. Source: http://www.forbes.com/sites/davelewis/2016/09/08/ddos-extortionist-copycats-continues-to-hound-victims/#2c6d7a7b4d06

Read this article:
DDoS Extortionist Copycats Continue To Hound Victims

Are your competitors organizing DDoS attacks against you?

According to recent research from Kaspersky Lab and B2B International, nearly half (48 per cent) of the companies surveyed believe they know the identity and motivation of those behind recent DDoS att…

View article:
Are your competitors organizing DDoS attacks against you?

How to sabotage DDoS-for-hire services?

We all know the damage that DDoS-for-hire services can inflict on websites and organizations behind them. What is less known is that a simple move like making PayPal seize the accounts through whic…

View the original here:
How to sabotage DDoS-for-hire services?

Revisiting takedown wins: Are users in the developing world getting left behind?

We have all seen the headlines: another botnet dismantled, and we can all rest easy that the threat that has been plaguing us for all those years is now no longer an issue. After the headlines, howeve…

See the original article here:
Revisiting takedown wins: Are users in the developing world getting left behind?