Tag Archives: infrastructure

Top tip, hacker newbs: Don’t use the same Skype ID for IoT bot herding and job ads

To be fair, the kid is only 13 A teenage tearaway with a passion for building botnets was apparently caught using the same Skype ID he used for hacking activities when applying for jobs.…

See the original article here:
Top tip, hacker newbs: Don’t use the same Skype ID for IoT bot herding and job ads

Russian admits being Ebury botnet herder, now jailed for 46 months

Malware used to take down Linux Foundation and make millions A Russian man has been imprisoned for 46 months after admitting to using the Ebury malware to create a massive botnet for fun and profit.…

Read the original post:
Russian admits being Ebury botnet herder, now jailed for 46 months

‘Application DDOS’ that target expensive APIs worry Netflix

Attackers can look legit while hitting APIs that make the most work for an app Netflix has identified denial of service threat to microservices architectures that it’s labelled “application DDOS”.…

See more here:
‘Application DDOS’ that target expensive APIs worry Netflix

It’s 2017, and UPnP is helping black-hats run banking malware

Pinkslipbot malware copies Conflicker for C&C channel Another banking malware variant has been spotted in the wild, and it’s using UPnP to pop home routers to expose unsuspecting home users, recruited as part of the botnet.…

Read the article:
It’s 2017, and UPnP is helping black-hats run banking malware

Internet hygiene still stinks despite botnet and ransomware flood

Millions of must-be-firewalled services sitting wide open Network security has improved little over the last 12 months – millions of vulnerable devices are still exposed on the open internet, leaving them defenceless to the next big malware attack.…

More here:
Internet hygiene still stinks despite botnet and ransomware flood

DDoS attack brings Qatar’s Al Jazeera website to its knees

Hacking attempts come amid diplomatic crisis in the Gulf Qatar-based news network Al Jazeera yesterday said it was being targeted with systematic hacking attempts.…

Original post:
DDoS attack brings Qatar’s Al Jazeera website to its knees

How to Identify a DDoS Attack

DDoS stands for Distributed-Denial-of-Service. It basically means that a surge of information cuts you off from your network i.e. your server or your web host, disallowing access to web services. In recent times, a series of DDoS attacks have taken place, which is proven but the statistics put together by Arbor Networks’ 12th Annual Worldwide Infrastructure Security Report (WISR). The report indicates that incidences of DDoS attacks have risen 44% compared to last year. In fact, 53% of the service providers that were surveyed mentioned that 53 percent they are seeing more than 21 DDoS attacks per month, up from 44 percent last year. It is important to know if your network is under an attack, and take the necessary correction steps. Especially if you are an online business, a DDoS attack can wreak havoc, stopping your operations completely. An attack is initiated by sending a flood of traffic to your server or web host, thereby, eating into your available bandwidth and server resources. In effect, the original user, which is you, are left without access to web services. In extreme situations, the server may crash too. In fact, the attack is not launched from one source, making it difficult to track down a single IP in computer and data logs. The attacker generally infects user networks, including personal computers, mobiles, and IoT devices and so on, through his or her malware-infected machines. That is where the complexity of identifying a DDoS attack arises- it can quickly spiral into large proportions. Also, a DDoS attack can strike without warning, most hackers do not believe in sending threats before carrying out the hack. It may look like your website server or hosting domain is down, while in reality it may be a DDoS attack. Even elaborate server tests may just indicate a high traffic, which may appear normal. Hence it is important to be on the vigil and consider that you may indeed, be under a DDoS attack: Here are the key clues to look out for: An IP address makes x requests over y seconds, many times consistently, or IP addresses may repeat frequently: If you spot this behaviour for specific IPs, you can direct traffic from those IPs to specific NULL routes. This will bypass your servers. At the same time, make it a point to whitelist some of the valid IPs. Your server responds with a 503 error citing a service outage: Windows allows you to schedule alerts when a specific event happens in Event Viewer. Allocate a task to an event (such as errors or warnings). Similarly, allocate a task to a 503 event by opening Event Viewer, right clicking on the event, and set up a configuration to send an email to an administrator or to a team of people. Loggly can help you with this in case of multiple servers. Ping requests time out: Move beyond manually pinging servers to test response. A number of web pinging services are available, such as, UpTimeRobot, Pingdom, Mon.itor.us, InternetSeer, Uptrends and others. You can configure the frequency at which you want your site to ping from world-over. If a time out occurs, it is reported back to you or your team. Logs show a huge spike in traffic: Loggly can be used as a lookout for DDoS attacks. It not only shows traffic spikes but also their occurrence date and time, their originating servers and user errors. The logs and alerts can be designed to be more specific, for example, base your alerts on a combination of events and traffic spikes, so as to do away with false alerts. It is not practically possible for any human to keep looking out for these signs. One must automate notification systems. Loggly is a useful tool that can send these alerts to external messaging platforms too, such as Slack, or Hipchat. Of course, it is important that you learn how to perfectly configure an alert, to catch the right indicators, at the same time avoiding an overload of alerts. Source: http://www.readitquik.com/articles/networking-2/a-guide-to-identify-ddos-attack/

View article:
How to Identify a DDoS Attack

Cloud infrastructure attacks to increase in 2017, predicts Forcepoint

The cloud offers organizations a number of benefits, from simple off-site storage to rent-a-server to complete services. But 2017 will also see cloud infrastructure increasingly the target of attacks, with criminals lured by the data stored there and the possibility of using it to launch distributed denial of service attacks. That’s one of the predictions for the new year from security vendor Forcepoint. Hacking a cloud provider’s hypervisor would give an attacker access to all of the customers using the service, Bob Hansmann, Forcepoint’s director of security technologies, told a Webinar last week. “They’re not targeting you, they may not even know you exist until they get into the infrastructure and get the data. Then they’re going to try to maximize the attack” by selling whatever data is gained. Also tempting attackers is the bandwidth cloud providers have, to possibly be leveraged for DDoS attacks. As attacks on cloud infrastructure increase it will be another reason why CISOs will be reluctant to put sensitive data in the cloud, he said, or to limit cloud use to processing but not storing sensitive data. CIOs/CISOs have to realize “the cloud is a lie,” he said. “There is no cloud. Any cloud services means data is going to someone’s server somewhere. So you need to know are they securing that equipment the same way you’re securing data in your organization … are the personnel vetted, what kind of digital defences do they have?” “You’re going to have to start pushing your cloud providers to meet compliance with the regulations you’re trying to be compliant with,” he added. That will be particularly important for organizations that do business in Europe with the coming into force next year of the European Union’s new General Data Protection Regulation (GDPR) So answering questions such as now long does a cloud service hold the organization’s data, is it backed up securely, are employees vetted, is there third party certification of its use of encryption, how is it protected from DDoS attacks are more important than ever. Other predictions for next year include: –Don’t fear millennials. At present on average they are they second largest group (behind boomers) in most organizations. They do increase security risk because as a tech-savvy group they tend to over-share information – particularly through social media. So, Hansmann says, CISOs should use that to their advantage. “Challenge them to become security-savvy. Put in contests where employees submit they think are spam or phishing attacks, put in quarterly award recognitions, or something like that. Challenge them, and they will step up to the challnge. They take pride in their digital awareness.” Don’t try to make them feel what they do is wrong, but help them to become better. “They will be come a major force for change in the organiztion, and hopefully carry the rest of the organization with them.” –the so-called Digital Battlefield is the world. That means attackers can be nation-states as well as criminals. But CISOs should be careful what they do about it. Some infosec pros – and some politicians – advocate organizations and countries should be ready to launch attacks against a foe instead of being defensive. But, Forcepoint warns, pointing the finger is still difficult, with several hops between the victim and attacker. “The potential for mis-attribution and involving innocents is going to grow,” Hansmann said. “Nations are going to struggle with how do they ensure confidence in businesses, that they are a safe and secure place to do business with or through — and yet not over-react in a way that could cause collateral damage.” –Linked to this this the threat that will be posed in 2017 by automated attacks. The widespread weaponization of autonomous hacking machines by threat actors will emerge next year, Forcepoint says, creating an arms race to build autonomous patching. “Like nuclear weapons technology proliferation, weaponized autonomous hacking machines may greatly impact global stability by either preventing national defense protocols being engaged or by triggering them unnecessarily,” says the company. –Get ready for the Euopean GDPR. It will come into effect in May, 2018 and therefore next year will drive compliance and data protection efforts. “We’ve learned compliance takes a long time to do right, and to do it without disrupting your business.” Organizations may have to not only change systems but redefine processes, including training employees. CIOs need to tell business units, ‘We’re here to support you, but if you’re going to run operations through the EU this regulation is going to have impact. We need to understand it now because will require budgeting and changes to processes that IT doesn’t control,’ said Hansmann. –There will be a rise in what Forcepoint calls “corporate-incentivized insider abuse.’ That’s shorthand for ‘employees are going to cheat to meet sales goals.’ The result is staff falsifying reports or signing up customers signed up for services they didn’t order. Think of U.S. bank Wells Fargo being fined $185 million this year because more than 2 million bank accounts or credit cards were opened or applied for without customers’ knowledge or permission between May 2011 and July 2015. Over 5,000 staff were fired over the incidents. If organizations don’t get on top of this problem governments will regulate, Hansmann warned. Source: http://www.itworldcanada.com/article/cloud-infrastructure-attacks-to-increase-in-2017-predicts-forcepoint/389001

Read More:
Cloud infrastructure attacks to increase in 2017, predicts Forcepoint

Twitter, Amazon, other top websites shut in cyber attack

Major internet services including Twitter, Spotify and Amazon suffered service interruptions and outages on Friday as a US internet provider came under a cyber attack. The internet service company Dyn, which routes and manages internet traffic, said that it had suffered a distributed denial of service (DDoS) attack on its domain name service shortly after 1100 GMT. The service was restored in about two hours, Dyn said. The attack meant that millions of internet users could not access the websites of major online companies such as Netflix and Reddit as well as the crafts marketplace Etsy and the software developer site Github, according to media reports. The website Gizmodo said it had received reports of difficulty at sites for media outlets including CNN, The Guardian, Wired, HBO and People as well as the money transfer service PayPal. Dyn, which is headquartered in New Hampshire, said the attack went after its domain name service, causing interruptions and slowdowns for internet users. “This morning, October 21, Dyn received a global DDoS attack on our Managed DNS infrastructure in the east coast of the United States,” Scott Hilton, executive vice president for products at Dyn, said in a statement. “We have been aggressively mitigating the DDoS attack against our infrastructure.” The company said it was continuing to investigate. A map published by the website downdetector.com showed service interruptions for Level3 Communications, a so-called “backbone” internet service provider, across much of the US east coast and in Texas. Amazon Web Services, which hosts some of the most popular sites on the internet, including Netflix and the homestay network Airbnb, said on its website that users experienced errors including “hostname unknown” when attempting to access hosted sites but that the problem had been resolved by 1310 GMT. Domain name servers are a crucial element of internet infrastructure, converting numbered Internet Protocol addresses into the domain names that allow users to connect to internet sites. Distributed denial of service or DDoS attacks involve flooding websites with traffic, making them difficult to access or taking them offline entirely. Attackers can use them for a range of purposes, including censorship, protest and extortion. The loose-knit hacktivist network Anonymous in 2010 targeted the DNS provider EveryDNS among others in 2010 as retribution for denying service to the anti-secrecy organization WikiLeaks. “The internet continues to rely on protocols and infrastructure designed before cyber security was an issue,” said Ben Johnson, a former engineer at the National Security Agency and founder of the cybersecurity company Carbon Black. He said that growing interconnection of ordinary devices to the internet, the so-called “internet of things,” increased the risks to networks. “DDoS, especially with the rise of insecure IOT devices, will continue to plague our organizations. Sadly, what we are seeing is only the beginning in terms of large scale botnets and disproportionate damage done.” Source: http://phys.org/news/2016-10-twitter-spotify-websites-ddos.html

Read the article:
Twitter, Amazon, other top websites shut in cyber attack

DDoS Attacks Up by 75 Percent in Q2 2016

The largest attack detected in the second quarter peaked at 256 Gbps, according to Verisign. According to the Verisign DDoS Trends Report for the second quarter of 2016, the number of distributed denial of service (DDoS) attacks increased by 75 percent year over year. The average peak attack size in the second quarter was 17.37 Gbps, an increase of 214 percent over Q2 2015. Fully 75 percent of attacks peaked over 1 Gbps, and 32 percent exceeded 10 Gbps. The largest and fastest DDoS attack detected by Verisign in Q2 2016 peaked at 256 Gbps for about 15 minutes before settling in at more than 200 Gbps for almost two hours. Sixty-four percent of DDoS attacks detected in Q2 2016 employed multiple attack types, indicating that DDoS attacks continue to increase in complexity.  Forty-five percent of DDoS attacks targeted the IT services industry, followed by financial services (23 percent) and the public sector (14 percent). The Kaspersky DDoS Intelligence Report for Q2 2016 found that 77.4 percent of resources targeted by DDoS attacks were located in China. The three most targeted countries for Q2 2016 were China, South Korea and the U.S. While most attacks lasted no more than four hours, 8.6 percent lasted 20-49 hours, and 4 percent last 50-99 hours. The longest DDoS attack in Q2 2016 lasted for 291 hours (12.1 days), a significant increase over the previous quarter’s maximum of 8.2 days. Over 70 percent of all attacks detected by Kaspersky in Q2 2016 were launched from Linux botnets, almost twice the number for the previous quarter. Just under 70 percent of all command and control (C&C) servers were located in South Korea, followed by China (8.1 percent), the U.S. (7.1 percent), Russia (4.5 percent) and Brazil (2.3 percent). And the Nexusguard Q2 2016 Threat Report states that the number of DDoS attacks increased by 83 percent to more than 182,900 attacks in the second quarter. The most targeted countries seen by Nexusguard were Russia, the U.S. and China. “We were surprised to see an increase in DDoS attacks this quarter, especially as hackers experiment with ransomware, phishing schemes and other data-grabbing methods for monetary gain,” Nexusguard chief scientist Terrence Gareau said in a statement. “Organizations can expect cyber attacks to continue growing in frequency this year, especially with more attention on the Summer Olympics and the November election season in the U.S.” “The results from this quarter also show how important it is to not only protect your website, but also to plan for new payloads and attacks on your infrastructure,” Gareau added. Source: http://www.esecurityplanet.com/network-security/ddos-attacks-up-by-75-percent-in-q2-2016.html

See the original article here:
DDoS Attacks Up by 75 Percent in Q2 2016