Tag Archives: latest

Cybersecurity sectors adjust as DDoS attacks reach new heights

In this Help Net Security video, Andrey Slastenov, Head of Security Department at Gcore, discusses the findings of their latest report that provide insights into the current state of the DDoS protection market and cybersecurity trends. Key highlights from Q3–Q4 2023: The maximum attack power rose from 800 Gbps (1H 2023) to 1.6 Tbps. UDP floods constitute 62% of DDoS attacks. TCP floods and ICMP attacks remain popular at 16% and 12% respectively and SYN, … More ? The post Cybersecurity sectors adjust as DDoS attacks reach new heights appeared first on Help Net Security .

Follow this link:
Cybersecurity sectors adjust as DDoS attacks reach new heights

DDoS attackers continue to innovate, devising new threats and altering attack strategies

Corero Network Security has published the latest edition of its annual DDoS Threat Intelligence Report that compiles the trends, observations, predictions, and recommendations based on DDoS attacks against Corero customers during 2021. The report highlights that DDoS threats continue to grow in sophistication, size, and frequency. Yet 2021 also reveals changes in attacker behavior since the start of the pandemic including an increase of 297% in the use of OpenVPN reflections as a means of … More ? The post DDoS attackers continue to innovate, devising new threats and altering attack strategies appeared first on Help Net Security .

Visit link:
DDoS attackers continue to innovate, devising new threats and altering attack strategies

Sorry we shut you out, says Tutanota: Encrypted email service weathers latest of ongoing DDoS storms

Privacy-conscious biz insists on rolling its own mitigations, though Encrypted email biz Tutanota has apologised for accidentally shutting its own users out while fending off the latest of a series of distributed denial-of-service (DDoS) attacks.…

More here:
Sorry we shut you out, says Tutanota: Encrypted email service weathers latest of ongoing DDoS storms

Why a massive DDoS attack on a blogger has internet experts worried

Someone on the internet seems very angry with cybersecurity blogger Brian Krebs. On 20 September, Krebs’ website was hit with what experts say is the biggest Distributed Denial of Service (DDoS) attack in public internet history, knocking it offline for days with a furious 600 to 700 Gbps (Gigabits per second) traffic surge. DDoS attacks are a simple way of overloading a network router or server with so much traffic that it stops responding to legitimate requests. According to Akamai (which had the unenviable job of attempting to protect his site last week), the attack was twice the size of any DDoS event the firm had ever seen before, easily big enough to disrupt thousands of websites let alone one. So why did someone expend time and money to attack a lone blogger in such a dramatic way? Krebs has his own theories, and the attack follows Krebs breaking a story about the hacking and subsequent takedown of kingpin DDoS site vDOS, but in truth nobody knows for certain and probably never will. DDoS attacks, large and small, have become a routine fact of internet life. Many attacks are quietly damped down by specialist firms who protect websites and internet services. But the latest attack has experts worried all the same. Stop what you’re doing DDoS attacks first emerged as an issue on the public internet in the late 1990s, and since then have been getting larger, more complex and more targeted. Early motivations tended towards spiteful mischief. A good example is the year 2000 attacks on websites including Yahoo, CNN and Amazon by ‘MafiaBoy’, who later turned out to be 15-year old Canadian youth Michael Calce. Within weeks, he was arrested. Things stepped up a level in 2008 when hacktivist group Anonymous started an infamous series of DDoS attacks with one aimed at websites belonging to the Church of Scientology. By then, professional cybercriminals were offering DDoS-for-hire ‘booter’ and ‘stresser’ services that could be rented out to unscrupulous organizations to attack rivals. Built from armies of ordinary PCs and servers that had quietly been turned into botnet ‘zombies’ using malware, attacks suddenly got larger. This culminated in 2013 with a massive DDoS attack on a British spam-fighting organization called Spamhaus that was measured at a then eye-popping 300Gbps. These days, DDoS is now often used in extortion attacks where cybercriminals threaten organizations with crippling attacks on their websites unless a ransom is paid. Many are inclined to pay up. The Krebs effect The discouraging aspect of the Krebs attack is that internet firms may have thought they were finally getting on top of DDoS at last using techniques that identify rogue traffic and more quickly cut off the botnets that fuel their packet storms. The apparent ease with which the latest massive attack was summoned suggests otherwise. In 2015, Naked Security alumnus and blogger Graham Cluley suffered a smaller DDoS attack on his site so Krebs is not alone. Weeks earlier, community site Mumsnet experienced a DDoS attack designed to distract security engineers as part of a cyberattack on the firm’s user database. At the weekend, Google stepped in and opened its Project Shield umbrella over Krebs’ beleaguered site. Project Shield is a free service launched earlier in 2016 by Google, specifically to protect small websites such as Krebs’ from being silenced by DDoS attackers. For now it looks like Google’s vast resources were enough to ward off the unprecedented attack, but it’s little comfort to know that nothing short of the internet’s biggest player was the shield that one simple news site needed. With criminals apparently able to call up so much horsepower, the wizards of DDoS defence might yet have to rethink their plans – and fast. Source: https://nakedsecurity.sophos.com/2016/09/29/why-a-massive-ddos-attack-on-a-blogger-has-internet-experts-worried/

View post:
Why a massive DDoS attack on a blogger has internet experts worried

Attackers prefer lower-bandwidth DDoS attacks

Analyzing customer data, Corero found that attackers are continuing to leverage sub-saturating DDoS attacks with increasing frequency, using shorter attack durations to evade legacy cloud DDoS scrubbi…

Excerpt from:
Attackers prefer lower-bandwidth DDoS attacks

DDoS attack downs Twitch on news of Amazon acquisition

Just hours after Amazon announced a $970m deal to acquire Twitch, the live video platform for gamers was taken offline temporarily by a distributed denial of service (DDoS) attack. Twitch is the latest in a string of online gaming platforms to be hit by DDoS attacks that have been linked to several groups, including Lizzard Squad, jihadist group Islamic State, and Anonymous. At the weekend, Sony’s PlayStation Network was knocked offline and several others experienced disruptions, including Microsoft’s Xbox Live and Blizzard’s Battle.net. DDoS attacks are commonly used by competitors or activists to take services offline using a variety of techniques that make services impossible to reach. The reason for the DDoS attack on Twitch is unknown, but industry pundits have speculated that it may be linked to concerns about the acquisition by Amazon. Commenting on the weekend disruptions, Dave Larson, CTO at Corero Network Security, said the drivers for launching DDoS attacks are far ranging and difficult to pinpoint in many cases. “Anyone can become a victim at any time and, as the attacks continue to become stronger, longer and more sophisticated, businesses that rely on their online web applications as a revenue source cannot become complacent,” he said. Larson said the latest DDoS attacks underscore the importance of including a DDoS first line of defence as a component of network security architecture. Lancope chief technology officer TK Keanini said that while DDoS was once a resource held by a few of the elite groups on the net, this method of attack is now available to anyone as it is offered as a service. “If you know where to look, and you have some crypto currency in hand, just point and shoot,” he said. According to Keanini, any business connected to the internet is likely to be targeted by a DDoS attack at some point. “But game networks have to work harder than most to remain secure as they are incredibly attractive targets. “Not only are they high profile, with any disruption making the news, but given all the in-game commerce, credit card and personal information is kept up to date and can be monetised by these cyber criminals,” he said. Source: http://www.computerweekly.com/news/2240227573/DDoS-attack-downs-Twitch-on-news-of-Amazon-acquisition

See the original post:
DDoS attack downs Twitch on news of Amazon acquisition

Chinese Linux Trojan makes the jump to Windows – DDoS attacks largely aimed within China

A CHINESE TROJAN , one of the few to be written for the Linux operating system, has seemingly made the jump to Windows. First reported in May by Russian anti-malware software house Dr Web, the original malware known as “Linux.Dnsamp” is a Distributed Denial of Service (DDoS) Trojan, which, according to the company blog, transfers between Linux machines, altering the startup scripts, collecting and sending machine configuration data to the hackers’ server and then running silently waiting for orders. Now it appears that the same hackers have ported the Trojan to run in Windows as “Trojan.Dnsamp.1? The Windows version gains entry to the system under the guise of a Windows Service Test called “My Test 1?. It is then saved in the system folder of the infected machine under the name “vmware-vmx.exe”. When triggered, just like its Linux counterpart, the Trojan sends system information back to the hackers’ central server and then awaits the signal to start a DDoS attack or start downloading other malicious programs. Fortunately, the vast majority of the attacks using this method were aimed at other Chinese websites, which were attacked 28,093 times, but Dr Web warns that US websites came second with nine percent of attacks. Although the threat of malware is an everyday hazard to most computer users, to find an attack on Linux is much rarer, and to find any kind of malware that has been ported from one operating system to another is almost unheard of. In June, RSS reader service Feedly, note app Evernote and streaming music service Deezer all suffered DDoS attacks. Google is working on Project Shield, an initative designed to help smaller web servers fight off DDoS attacks. Source: http://www.theinquirer.net/inquirer/news/2361245/chinese-linux-trojan-makes-the-jump-to-windows

Follow this link:
Chinese Linux Trojan makes the jump to Windows – DDoS attacks largely aimed within China

Popcorn Time Hit By Massive DDoS Attack

A major fork of the popular Popcorn Time project is currently being subjected to a massive DDoS attack. The whole project has been hit, from the site hosting its source through to its CDN, API and DNS servers. The team tells TorrentFreak that the attack amounts to 10Gbps across their entire network. Every year sees periods when sites in the file-sharing sector are subjected to denial of service attacks. The attackers and their motives are often unknown and eventually the assaults pass away. Early in 2014 many torrent sites were hit, pushing some offline and forcing others to invest in mitigation technology. In May a torrent related host suffered similar problems. Today it’s the turn of the main open source Popcorn Time fork to face the wrath of attackers unknown. TorrentFreak spoke with members of the project including Ops manager XeonCore who told us that the attack is massive. “We are currently mitigating a large scale DDoS attack across our entire network. We are currently rerouting all traffic via some of our high bandwidth nodes and are working on imaging and getting our remaining servers back online to help deal with the load,” the team explain. The attack is project-wide with huge amounts of traffic hitting all parts of the network, starting with the site hosting the Popcorn Time source code. Attack on the source code site – 980Mbps Also under attack is the project’s CDN and API. The graph below shows one of the project’s servers located in France. The green shows the normal traffic from the API server, the blue represents the attack. Attack on the France API server – 931Mbps Not even the project’s DNS servers have remained untouched. At one point two of three DNS servers went down, with a third straining under almost 1Gbps of traffic. To be sure, a fourth DNS server was added to assist with the load. Attack on the Dutch DNS server – peaking at 880Mbps All told the whole network is being hit with almost 10Gbps of traffic, but the team is working hard to keep things operational. “We’ve added additional capacity. Our DNS servers are currently back up and running but there is still severe congestion around Europe and America. Almost 10Gbps across the entire network. Still working on mitigating. API is still online for most users!” they conclude. Nobody has yet claimed responsibility for the attack and it’s certainly possible things will remain that way. Only time will tell when the attack will subside, but the team are determined to keep their project online in the meantime. Source: http://torrentfreak.com/popcorn-time-hit-by-massive-ddos-attack-140814/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Torrentfreak+%28Torrentfreak%29

Read More:
Popcorn Time Hit By Massive DDoS Attack

Attacker could use default defibrillator password to launch DDoS attack

Jay Radcliffe freaked out the medical community in 2011 when he revealed how insulin pumps could be hacked to deliver a fatal dose of insulin (pdf). Yet at a medical device security and privacy roundtable discussion at Black Hat, Radcliffe said “it would be far easier and more likely for an attacker to sneak up behind him and deliver a fatal blow to his head with a baseball bat,” than hack his insulin pump to kill him. He did discuss hacking implantable medical devices. There are no known cases of hacking a pacemaker in anything other than fiction, but if an attacker remotely hacked a pacemaker, no one is going to dig into the death. It would be called a heart attack and that would be the end of it because “there’s no process in place right now that checks these implanted medical devices for failure or malicious activity.” Rapid7 point out, “Security often just isn’t on the radar at all for the manufacturers, the pharmaceutical regulators, or even the medical professionals that work with them.” The term “medical device” could mean a broad range of things from pacemakers to “MRI machines and echo-cardiograms and computers in the hospital running Windows XP. Mobile apps and health-related consumer-focused applications could also be considered under this broad umbrella.” John Pescatore, who previously worked at the NSA and at the U.S. Secret Service before joining SANS, released a whitepaper based on a survey about Internet of Things security. Medical machinery and personal implanted medical devices are considered to be part of the IoT. After all, people can use SHODAN to find fetal heart monitors if they are so inclined. Pescatore wrote: Internet-connected computing capabilities related to smart building and industrial control systems and medical devices were the most commonly cited concerns after consumer devices. While these type of devices don’t receive much hype with respect to the IoT in the press, the use of embedded computing in those devices (versus layered operating systems and applications in PCs and servers that IT is accustomed to managing and securing) will cause major breakage in existing IT management and IT security visibility, vulnerability assessment, configuration management and intrusion prevention processes and controls. SANS also looked at cyberthreat intelligence provided by Norse and then published a whitepaper about “Widespread Compromises Detected, Compliance Nightmare on Horizon.” Norse analyzed over 100 terabytes of daily traffic and determined there were 49,917 unique malicious events, 723 unique malicious source IP addresses and 375 U.S.-based compromised health care-related organizations. “There are many reasons why these findings are cause for alarm,” wrote Barbara Filkins. One example was: “The sheer volume of IP addresses detected in this targeted sample can be extrapolated to assume that there are, in fact, millions of compromised health care organizations, applications, devices and systems sending malicious packets from around the globe.” Those aren’t the only threats. If a person was in cardiac arrest, a defibrillator could be used to save that person’s life. But what if someone who was not authorized to use or to tweak the defibrillator settings, did so? That may be unlikely, but not impossible. Default usernames and passwords for medical devices are problematic and are “often overlooked endpoints;” they “can be easily procured by an Internet search on ‘type of device’ plus ‘default password’.” Yesterday, the National Vulnerability Database published two advisories regarding ZOLL Defibrillators. The accompanying documents from the manufacturer describe how to change default configurations on the devices. CVE-2013-7395 states: “ZOLL Defibrillator / Monitor X Series has a default (1) supervisor password and (2) service password, which allows physically proximate attackers to modify device configuration and cause a denial of service (adverse human health effects).” CVE-2007-6756 states: “ZOLL Defibrillator / Monitor M Series, E Series, and R Series have a default password for System Configuration mode, which allows physically proximate attackers to modify device configuration and cause a denial of service (adverse human health effects).” So who is responsible for deploying the fix? The FDA guidance suggests that both hospitals and manufacturers are responsible for vulnerability management. Yet Radcliffe said that makes the problem of deploying patches even more murky. He explained that “if there is a bug in an MRI machine, the hospital will have to pay to have the manufacturer come in and update all the affected machines. Of course, the hospital could install the updates themselves, but they run the risk of losing their warranty. The hospital could also decide they don’t have the budget available to pay to have the patches installed and merely wait.” Those defibrillators are not the only machines that with default passwords that potentially pose a risk. “Most devices have no security applications on them at all. Anyone can just get in and manipulate whatever they want,” stated an unnamed hospital chief information security officer in a McKinsey Report. Forbes looked into how a network-attached printer using the defaults of “admin” and “12345” for a password could be a “near perfect and silent entry point” for hackers. Lastly, Radcliffe addressed how more security on medical devices could cause patients to have less privacy. For example, if a person with an implantable medical device were to die, then “who can look at a log of his or her health before death? That’s a serious privacy concern, but what if it helps doctors find issues with IMDs, or detect evidence of foul play such as hacking?” Source: http://www.networkworld.com/article/2464010/microsoft-subnet/attacker-could-use-default-defibrillator-password-to-launch-denial-of-service.html

View post:
Attacker could use default defibrillator password to launch DDoS attack

DOSarrest Adds New DDoS Protection Node in Singapore

DOSarrest Internet Security announced today that they have expanded their DDoS protection cloud into Asia, with a new DDoS mitigation node in Singapore. The new node will work in conjunction with their existing nodes in New York, Los Angeles and London and will have the same connectivity as the others, including multiple 10 Gb/Sec uplinks to multiple carriers. Jag Bains, CTO at DOSarrest states “Having a presence in Asia allows our existing client base to cache and serve traffic closer to Asian visitors for increased performance as well as enabling us to provide excellent web performance and DDoS protection to customer’s servers located in Asia.” Bains adds “The system is incredibly scalable; this also allows us to offer a higher level of protection to all customers due to the added firepower of a new node in the region. Also the additional nodes will allow us to introduce new features and services in the coming month.” Mark Teolis, GM at DOSarrest says “We have a number of initiatives underway in the region and this will help cement these opportunities” Source: http://www.marketwired.com/press-release/dosarrest-adds-new-ddos-protection-node-in-singapore-1937355.htm

See more here:
DOSarrest Adds New DDoS Protection Node in Singapore