Look out for traffic to and from these IP addresses and ports Once again, a hundred thousand or more home routers have been press-ganged into a spam-spewing botnet, this time via Universal Plug and Play (UPnP).…
See more here:
Spammer scum hack 100,000 home routers via UPnP vulns to craft email-flinging botnet
Before it amplifies DDoS attacks Universal Plug ‘n’ Play, that eternal feast of the black-hat, has been identified as helping to amplify denial-of-service attacks.…
Read the original post:
UPnP joins the ‘just turn it off on consumer devices, already’ club
But no Daily Stormer please Cloudflare made its name proxying traffic for web servers, on network ports 80 (HTTP) and 443 (HTTPS), as a defense against denial of service attacks and their ilk.…
More:
Cloudflare promises to tend not two, but 65,535 ports in a storm
Electronics tutor’s taunts come back to haunt him An electronics technician pleaded guilty on Wednesday to orchestrating distributed denial of service (DDoS) attacks on a former employer and other organizations – and to unlawfully possessing a firearm as a former felon.…
Link:
Sad-sack Anon calling himself ‘Mr Cunnilingus’ online is busted for DDoSing ex-bosses
Companies are not ready to protect themselves against DDoS, with four in ten (39%) businesses unclear about the most effective protection strategy to combat this type of attack, according to research from Kaspersky Lab. A lack of knowledge and protection is putting businesses at risk of grinding to a halt. DDoS attacks can quickly incapacitate a targeted business’s workflow, bringing business-critical processes to a stop. However, the research found that nearly a fifth (16%) of businesses are not protected from DDoS attacks at all, and half (49%) rely on built-in hardware for protection. This is not effective against the increasing number of large-scale attacks and ‘smart’ DDoS attacks which are hard to filter with standard methods. Large-scale cyberattacks are now commonplace, such as the recent attack on telecommunications provider StarHub, which faced a high-profile DDoS attack in October last year. Hackers are also showing a preference for DDoS attacks, with the proliferation of IoT devices today. As IoT devices have weak security protocols, they are easy targets for hackers to launch DDoS attacks from. As IoT devices are forecasted to hit 21 billion in 2020, each potential entry point into an organisation increases vulnerability to DDoS attacks. Many businesses are in fact aware that DDoS is a threat to them – of those that have anti-DDoS protection in place, a third (33%) said this was because risk assessments had identified DDoS as a potential problem, and one in five (18%) said they have been attacked in the past. For some, compliance, rather than awareness of the security threat, is the main driver, with almost half (43%) saying regulation is the reason they protect themselves. The problem for businesses is that, in many cases, they may assume they’re already protected. Almost half (40%) of the organizations surveyed fail to put measures in place because they think their Internet service provider will provide protection, and one in three (30%) think data center or infrastructure partners will protect them. This is also not always effective, because these organizations mostly protect businesses from large-scale or standard attacks, while ‘smart’ attacks, such as those using encryption or imitating user behavior, require an expert approach. Moreover, the survey found that a third (30%) fail to take action because they think they are unlikely to be targeted by DDoS attacks. Surprisingly, one in ten (12%) even admit to thinking that a small amount of downtime due to DDoS would not cause a major issue for the company. The reality is that any company can be targeted because such attacks are easy for cybercriminals to launch. What’s more, the potential cost to a victim can reach millions. “As we’ve seen with the recent attacks, DDoS is extremely disruptive, and on the rise,” says Kirill Ilganaev, Head of Kaspersky DDoS Protection at Kaspersky Lab. “When hackers launch a DDoS attack, the damage can be devastating for the business that’s being targeted because it disables a company’s online presence. As a result business workflow comes to a halt, mission-critical processes cannot be completed and reputations can be ruined. Online services and IT infrastructure are just too important to leave unguarded. That’s why specialized DDoS protection solution should be considered an essential part of any effective protection strategy in business today.” Source: http://www.networksasia.net/article/39-businesses-not-ready-protect-themselves-against-ddos.1486046674
See original article:
39% of businesses not ready to protect themselves against DDoS
The increase in connected devices could make 2017 a banner year for cyber attacks. A report by global professional services company Deloitte said that Distributed Denial of Service (DDoS) attacks will grow in size and scale in 2017, thanks in part to the growing multiverse of connected things. According to Deloitte’s annual Technology, Media and Telecommunications Predictionsreport, DDoS attacks will be more frequent, with an estimated 10 million attacks in total over the next 12 months. DDoS attacks are no new phenomena. The potential impact on an organization from this category of cyber threat should never be underestimated, Deloitte said. The report said that the size of DDoS attacks has increased year-on-year. Between 2013 and 2015, the largest attacks did not exceed 500 gigabits per second. In 2016, there were two attacks that exceeded one terabit per second. Over the next 12 months, the average attack size is forecast to be between 1.25- and 1.5 GBs per second, with at least one per month exceeding 1 TB per second. On a basic level, the success of DDoS attack is focused on making a website or network resource—a server, for example—unusable. This scenario is achieved by creating a flood of Internet traffic from multiple sources that are launched simultaneously. The website or resource is then overwhelmed, resulting in a suspension of service or access. For example, an ecommerce website that is hit by a DDoS attack would be unable to sell its products until the attack was contained. At the same time, any exposed vulnerabilities could produce a knock-on effect and take other organizations or websites down with it. “DDoS attacks are the equivalent of hundreds of thousands of fake customers converging on a traditional shop at the same time,” the report said. “The shop quickly becomes overwhelmed. The genuine customers cannot get in and the shop is unable to trade as it cannot serve them.” Connected Devices Are An Easy Target There are several methods for creating this type of chaos but the most common are botnets and amplification attacks. A DDoS attack generated through a botnet accesses hundreds of thousands of connected devices that have been told to act in disruptive manner via malicious code. An amplification attack also uses malicious code by instructing a server to generate multiple fake IP addresses that are then sent to a website—known as “spoofing”—which then overwhelm that service. Both of these approaches are widely known, although it is the botnet that has become more prevalent. Irrespective of how widespread the impact is on an organization or network, Deloitte said that three concurrent trends will escalate the potential for DDoS attacks in 2017—the Internet of Things, widely available malware and high bandwidth speeds. The prime culprit will be the Internet of Things. Connected devices are notoriously insecure and ripe for being taken over by a third party. The standard way to gain remote access to a device is through a user ID or password, but some people may not be aware that a device’s firmware offers hackers a way in, Deloitte said. Deloitte said: The majority of users are familiar with the need to change user ID and passwords before using a device for the first time, and at regular intervals thereafter. But approximately half a million of the billions of IoT devices worldwide—a small proportion of the total, but a relatively large absolute number—reportedly have hard-coded, unchangeable user IDs and passwords. In other words, they cannot be changed, even if the user wants to. Hard-coded user IDs and passwords are not an issue provided that a third party doesn’t know what they are. The problem is that they can be easy to find. The Internet Of Things Is Always Exploitable Anyone with a degree of programming knowledge can sift through a device’s firmware to discover what these IDs and passwords are, the report said. In addition, a compromised Internet of Things device may not show any signs of being compromised to its owner, especially if there is no obvious deterioration in performance. Theoretically, millions of devices could be affected without their owners having any idea that the device was part of a botnet, Deloitte said. Consumer confidence in the Internet of Things is aligned with how secure a connected device is, confidence that can be shattered if that device can be exploited with little effort. For example, the cyber attack on October 21, 2016, that affected the Dyn network was attributed to a botnet that used Internet-connected devices to take down numerous high-profile services that included Twitter, Amazon.com, Spotify, Comcast, Fox News and PayPal. Thousands of connected devices were used in this attack, which is now accepted as one of the largest of its kind to date. Any company or organization that has a presence on the Internet should be aware that DDoS attacks are not going to stop anytime soon. The report cited several sectors that should be alert to the impact that a successful DDoS attack could have including (but not limited to) retailers with a high proportion of online revenue, video streaming services, financial or professional service companies and online video games providers. “Some organizations may have become a little blasé about DDoS attacks, however these attacks are likely to increase in intensity in 2017 and beyond, and the attackers are likely to become more inventive,” said Deloitte. “Unfortunately, it may never be possible to relax about DDoS attacks. The DDoS genie is out of the bottle, and is unlikely to pop back in.” Source: https://arc.applause.com/2017/01/27/ddos-iot-vulnerability-asssessment/
Taken from:
Assessing The Massive Security Vulnerability Of The Internet Of Things
The cloud offers organizations a number of benefits, from simple off-site storage to rent-a-server to complete services. But 2017 will also see cloud infrastructure increasingly the target of attacks, with criminals lured by the data stored there and the possibility of using it to launch distributed denial of service attacks. That’s one of the predictions for the new year from security vendor Forcepoint. Hacking a cloud provider’s hypervisor would give an attacker access to all of the customers using the service, Bob Hansmann, Forcepoint’s director of security technologies, told a Webinar last week. “They’re not targeting you, they may not even know you exist until they get into the infrastructure and get the data. Then they’re going to try to maximize the attack” by selling whatever data is gained. Also tempting attackers is the bandwidth cloud providers have, to possibly be leveraged for DDoS attacks. As attacks on cloud infrastructure increase it will be another reason why CISOs will be reluctant to put sensitive data in the cloud, he said, or to limit cloud use to processing but not storing sensitive data. CIOs/CISOs have to realize “the cloud is a lie,” he said. “There is no cloud. Any cloud services means data is going to someone’s server somewhere. So you need to know are they securing that equipment the same way you’re securing data in your organization … are the personnel vetted, what kind of digital defences do they have?” “You’re going to have to start pushing your cloud providers to meet compliance with the regulations you’re trying to be compliant with,” he added. That will be particularly important for organizations that do business in Europe with the coming into force next year of the European Union’s new General Data Protection Regulation (GDPR) So answering questions such as now long does a cloud service hold the organization’s data, is it backed up securely, are employees vetted, is there third party certification of its use of encryption, how is it protected from DDoS attacks are more important than ever. Other predictions for next year include: –Don’t fear millennials. At present on average they are they second largest group (behind boomers) in most organizations. They do increase security risk because as a tech-savvy group they tend to over-share information – particularly through social media. So, Hansmann says, CISOs should use that to their advantage. “Challenge them to become security-savvy. Put in contests where employees submit they think are spam or phishing attacks, put in quarterly award recognitions, or something like that. Challenge them, and they will step up to the challnge. They take pride in their digital awareness.” Don’t try to make them feel what they do is wrong, but help them to become better. “They will be come a major force for change in the organiztion, and hopefully carry the rest of the organization with them.” –the so-called Digital Battlefield is the world. That means attackers can be nation-states as well as criminals. But CISOs should be careful what they do about it. Some infosec pros – and some politicians – advocate organizations and countries should be ready to launch attacks against a foe instead of being defensive. But, Forcepoint warns, pointing the finger is still difficult, with several hops between the victim and attacker. “The potential for mis-attribution and involving innocents is going to grow,” Hansmann said. “Nations are going to struggle with how do they ensure confidence in businesses, that they are a safe and secure place to do business with or through — and yet not over-react in a way that could cause collateral damage.” –Linked to this this the threat that will be posed in 2017 by automated attacks. The widespread weaponization of autonomous hacking machines by threat actors will emerge next year, Forcepoint says, creating an arms race to build autonomous patching. “Like nuclear weapons technology proliferation, weaponized autonomous hacking machines may greatly impact global stability by either preventing national defense protocols being engaged or by triggering them unnecessarily,” says the company. –Get ready for the Euopean GDPR. It will come into effect in May, 2018 and therefore next year will drive compliance and data protection efforts. “We’ve learned compliance takes a long time to do right, and to do it without disrupting your business.” Organizations may have to not only change systems but redefine processes, including training employees. CIOs need to tell business units, ‘We’re here to support you, but if you’re going to run operations through the EU this regulation is going to have impact. We need to understand it now because will require budgeting and changes to processes that IT doesn’t control,’ said Hansmann. –There will be a rise in what Forcepoint calls “corporate-incentivized insider abuse.’ That’s shorthand for ‘employees are going to cheat to meet sales goals.’ The result is staff falsifying reports or signing up customers signed up for services they didn’t order. Think of U.S. bank Wells Fargo being fined $185 million this year because more than 2 million bank accounts or credit cards were opened or applied for without customers’ knowledge or permission between May 2011 and July 2015. Over 5,000 staff were fired over the incidents. If organizations don’t get on top of this problem governments will regulate, Hansmann warned. Source: http://www.itworldcanada.com/article/cloud-infrastructure-attacks-to-increase-in-2017-predicts-forcepoint/389001
Read More:
Cloud infrastructure attacks to increase in 2017, predicts Forcepoint
Distributed Denial of Service (DDoS) attacks are sometimes used by cybercriminals to distract businesses while hackers sneak in through the back door, a survey from Kaspersky Lab and B2B International suggests. Over half of businesses questioned (56%) are confident that DDoS has been used as a smokescreen for other kinds of cybercrime, and of those business respondents, a large majority (87%) reported that they had also been the victim of a targeted attack. The Kaspersky Lab IT Security Risks 2016 study showed that when businesses have suffered from cybercrime, DDoS has often been part of the attack tactics (29%). For example, a worrying quarter (26%) of businesses that have suffered data loss as a result of a targeted attack, named DDoS as one of the contributing vectors. Overall, 56% of business representatives surveyed believed that the DDoS attacks their companies had experienced were a smokescreen or decoy for other criminal activities. Kirill Ilganaev, Head of Kaspersky DDoS Protection, explained why DDoS attacks may appeal to cybercriminals as part of their tactics. He said, “DDoS prevents a company from carrying on its normal activities by putting either public or internal services on hold. This is obviously a real problem to businesses and it is often ‘all hands on deck’ in the IT team, to try and fix the problem quickly, so the business can carry on as before. DDoS can therefore be used not only as an easy way to stop the activity of a company, but also as a decoy to distract IT staff from another intrusion taking place through other channels.” The study found that when DDoS attacks have been used by cybercriminals as a smokescreen, businesses also faced threats such as losses and exploits through mobile devices (81%), the actions of other organizations (78%), phishing scams (75%) and even the malicious activity of internal staff (75%). The majority (87%) were also victims of targeted attacks. Ilganaev continued, “The research shows us that DDoS attacks are often aligned with other threats. Businesses therefore need to be aware of the full threat landscape, and prepared to deal with multiple types of criminal activity at any one time. Failure to do this could increase the collateral damage, on top of already significant losses caused by downtime and the resulting impact on reputation. Businesses need to use a reliable DDoS protection service to reduce the risk of DDoS and help staff concentrate their efforts on protecting the business from any threats that can be hidden as a result.” Source: http://www.networksasia.net/article/cybercriminals-use-ddos-smokescreen-other-attacks-business.1480989900
See original article:
Cybercriminals use DDoS as smokescreen for other attacks on business
Major internet services including Twitter, Spotify and Amazon suffered service interruptions and outages on Friday as a US internet provider came under a cyber attack. The internet service company Dyn, which routes and manages internet traffic, said that it had suffered a distributed denial of service (DDoS) attack on its domain name service shortly after 1100 GMT. The service was restored in about two hours, Dyn said. The attack meant that millions of internet users could not access the websites of major online companies such as Netflix and Reddit as well as the crafts marketplace Etsy and the software developer site Github, according to media reports. The website Gizmodo said it had received reports of difficulty at sites for media outlets including CNN, The Guardian, Wired, HBO and People as well as the money transfer service PayPal. Dyn, which is headquartered in New Hampshire, said the attack went after its domain name service, causing interruptions and slowdowns for internet users. “This morning, October 21, Dyn received a global DDoS attack on our Managed DNS infrastructure in the east coast of the United States,” Scott Hilton, executive vice president for products at Dyn, said in a statement. “We have been aggressively mitigating the DDoS attack against our infrastructure.” The company said it was continuing to investigate. A map published by the website downdetector.com showed service interruptions for Level3 Communications, a so-called “backbone” internet service provider, across much of the US east coast and in Texas. Amazon Web Services, which hosts some of the most popular sites on the internet, including Netflix and the homestay network Airbnb, said on its website that users experienced errors including “hostname unknown” when attempting to access hosted sites but that the problem had been resolved by 1310 GMT. Domain name servers are a crucial element of internet infrastructure, converting numbered Internet Protocol addresses into the domain names that allow users to connect to internet sites. Distributed denial of service or DDoS attacks involve flooding websites with traffic, making them difficult to access or taking them offline entirely. Attackers can use them for a range of purposes, including censorship, protest and extortion. The loose-knit hacktivist network Anonymous in 2010 targeted the DNS provider EveryDNS among others in 2010 as retribution for denying service to the anti-secrecy organization WikiLeaks. “The internet continues to rely on protocols and infrastructure designed before cyber security was an issue,” said Ben Johnson, a former engineer at the National Security Agency and founder of the cybersecurity company Carbon Black. He said that growing interconnection of ordinary devices to the internet, the so-called “internet of things,” increased the risks to networks. “DDoS, especially with the rise of insecure IOT devices, will continue to plague our organizations. Sadly, what we are seeing is only the beginning in terms of large scale botnets and disproportionate damage done.” Source: http://phys.org/news/2016-10-twitter-spotify-websites-ddos.html
Read the article:
Twitter, Amazon, other top websites shut in cyber attack
‘There will be more attacks today,’ attacker proudly tells El Reg The website for Greater Manchester Police was targeted by two Distributed Denial of Service (DDoS) attacks yesterday, which rendered the site unavailable for more than two hours. The operators of two Twitter accounts have claimed responsibility.…
Original post:
Greater Manchester plod site targeted by nuisance DDoS attack