Firm explains but security folk not appy with clarifications Weird things are afoot with NordVPN’s app and the traffic it generates – Reg readers have spotted it contacting strange domains in the same way compromised machines talk to botnets’ command-and-control servers.…
Read this article:
There’s NordVPN odd about this, right? Infosec types concerned over strange app traffic
Necurs botnet spreads ransomware carried in Office documents The ever-vigilant folk at the Internet Storm Centre (SANS) have spotted yet another campaign trying to drop the Locky ransomware using compromised Word files.…
Visit link:
New phishing campaign uses 30-year-old Microsoft mess as bait
Is it the alt-right or anti-fascists? Most likely the latter Web hosting biz DreamHost has been largely crippled today by a distributed denial of service attack, bringing down most of its services.…
Read the original:
DreamHost smashed in DDoS attack: Who’s to blame? Take a guess…
The developers of this new botnet are inspired by Mirai success. In a blog post by CloudFlare, it has been revealed that the US West Coast is likely to become the target of yet another huge DDoS attack but this time it will be conducted with a different botnet than Mirai that was using during Dyn DNS attack which forced sites like Twitter, Amazon, PayPal etc to go offline for hours. The content delivery network states in the blog post that the company has been observing the overflow of traffic from about two weeks. It seems to be coming from a single source. Seemingly, someone was firstly testing their abilities with a 9-to-5 attack schedule and then the attack pattern was shifted to 24 hours. This new botnet is either equal or superior to the Mirai botnet. After observing the heavy attack traffic that literally peaked at 172MBPS, which means about a million data packets per second or 400 gigabits per second, CloudFlare concluded that the botnet was being turned on and off by some person who was busy with a 9-to-5 job. In the blog post, CloudFare wrote: “The attack started at 1830 UTC and lasted non-stop for almost exactly 8.5 hours, stopping at 0300 UTC. It felt as if an attacker ‘worked’ a day and then went home.” For about a whole week, the same attacker was observed to be sending data packets in huge proportions every day. Then the schedule was abruptly changed since the attacker was working on a 24-hour basis. This hints at the fact that the attacking mechanism was taken over by another, much-organized group. It is worth noting that the attack traffic wasn’t launched via Mirai botnet; the attackers are using a different kind of software with different methods like “”very large L3/L4 floods aimed at the TCP protocol.” The company also noted that the attacks are now focused on locations that are smaller and fall within the jurisdiction of the US West Coast. The revelation arrived soon after the special cyber-security commission of the White House issued recommendations and delivered the paper to the president. In the recommendations, it was urged that effective actions are required to mitigate and/or eliminate threats involving botnets. The report issued by the White House’s Commission on Enhancing National Cyber-security basically highlights the vulnerable nature of cyber-security nowadays with the emergence of sophisticated DDoS attacks methods like Mirai botnet that has been causing havoc lately. The 100-page long report contained recommendations regarding how the US government should tackle this issue. The bottom line was that the issue was much severe than it seems on paper and there is a lot needed to be done as soon as possible or else the situation will go out of hands. The report has identified six imperatives and there are 16 recommendations along with 53 Action Items aimed at countering the threat. The crux of the report and the commission’s research is that the US government and the private sector must collaborate and work closely to devise ways for handling cyber-security related issues and vulnerabilities along with developing programs for handling such problems in future. Source: https://www.hackread.com/new-mirai-like-botnet-ddos-attack/
See more here:
New Botnet is Attacking the US West Coast with Huge DDoS Attacks
TAIPEI, Taiwan — First Securities (?????) was blackmailed on Thursday by hackers who threatened to completely disable its trading system with DDoS (distributed denial-of-service) attacks. The hackers asked the brokerage firm to pay 50 bitcoins (approximately NT$940,000), in an email that they sent to First Securities at around 10 a.m. on Thursday. Local newspaper Apple Daily cited an unnamed source as saying that a DDoS attack came at around 11 a.m., stopping all electronic trades. First Securities President Yeh Kuang-chang (???) confirmed that they received the blackmail email but stressed that the firm’s trading system was only slowed down but not disabled by the attacks as reported. The firm has activated a reserve system and, while a small number of investors were affected by the attacks, the system was not paralyzed, Yeh said. He said he believed the situation would be resolved by Friday. Yeh said the firm had reported the incident, which he said had caused no losses to the firm, to the authorities or to the investigation bureau. Yeh also stressed that while the firm had yet to ascertain the origin of the hackers, he had preliminary ruled out the possibility that Thursday’s DDoS attacks were related to the ATM heist aimed at its sister institution — First Commercial Bank — in July. ATMs at 41 First Bank branches were hacked in the incident, with over NT$80 million believed to have been stolen. Seventeen suspects from six countries have been identified in the heist, which involved an international crime ring. The Taiwan Stock Exchange (TWSE) issued a statement at 6 p.m. saying that First Securities suffered from an unknown online attack beginning at 10:50 a.m. and was not able to immediately recover its electronic trading system. The TWSE advised investors to use other forms of trading. TWSE Vice President Chien Lih-chung (???) said the TWSE had informed other securities firms and that no other firms had reported similar blackmail or system problems. Source: http://www.chinapost.com.tw/taiwan/national/national-news/2016/09/23/479195/Hackers-threaten.htm
Read More:
Hackers threaten First Securities with DDoS attacks
The company measured threats faced by its customers during a roughly one-year time period, seeing a 211 percent year-over-year increase in attacks. More commonly known as DDoS attacks, they are designed to flood servers with artificial internet traffic that causes access interruption to websites or network systems. The firm largely attributed this apparent growth to the establishment of several botnet operations — which serve as a platform to automate and increase attack volume — and malicious actors’ ability to access greater bandwidth to help generate and use such weapons. Dark Web dealers are using these botnets, according to Imperva, to offer more effective cyber tools to would-be customers. “The amount of traffic, or bandwidth, that is able to be generated and used as a weapon is at an all-time high. This is likely the result of more compromised machines with higher bandwidth,” Imperva Vice President Tim Matthews told FedScoop. In short, hackers are able to launch denial of service attacks by manipulating a hosting provider to re-route IP addresses towards a preferred server. Those DDoS attacks recorded by Imperva — recorded between March 2015 and April 2016 — targeted a diverse range of clients. Even so, all of the attacks similarly aimed to disrupt each organization’s digital operations at one of two distinct levels: application or network. To be clear, an application-based DDoS effectively works to discontinue online access to a specific property, like a website or software service, rather than an entire network. Because app-based DDoS attacks are by nature less expansive, they typically leverage less traffic. In the past, DDoS-ing an entire network has presented a challenge for hackers due to the sheer artificial traffic required to pull it off. But Imperva’s new report suggests that botnets are significantly changing this dynamic; making it easier for individual operations to disrupt larger segments of the internet. Another worrisome trend in the DDoS arena, spotted by Imperva, is that when a target gets hit once, it should prepare for another wave. Data shows that 40 percent of affected targets were attacked more than once, while 16 percent were targeted more than five times. In the past, DDoS attacks have been used to distract an organization from a more malicious data breach, leading to the possible exfiltration of valuable data like customer finances and personal records. Here’s what a DDoS looks like via a data visualization by cybersecurity firm Norse : Source: http://fedscoop.com/ddos-attacks-up-211-percent-august-2016
Read the article:
“The amount of traffic, or bandwidth, that is able to be generated and used as a weapon is at an all-time high.,” said one expert.
magnoliareporter.com experienced some technical issues on Friday. Our website is hosted by a service known as TownNews.com , which hosts and provides technical assistance to thousands of media-oriented websites across the country. TownNews.com was hit by a directed denial of service (DDoS) attack on Friday afternoon. This mainly manifested itself by making it difficult for us — and hundreds of other websites — to access our servers and make changes. People may have had difficulty accessing our website during that time. We do not think that our thousands of daily visitors have anything to worry about as TownNews.com technology responded immediately. That said, it is probably a good thing that we are not president of the United States. To us, hackers present a clear and present danger to the security of the United States, which has our permission to deal with them with extreme prejudice. North Korea is bent out of shape over the pending deployment by South Korea of the U.S.-made Terminal High Altitude Defense System, or THAAD. THAAD launchers and fire control systems are made in East Camden. North Korea’s military said in a statement that, “There will be physical response measures from us as soon as the location and time that the invasionary tool for U.S. world supremacy, THAAD, will be brought into South Korea are confirmed. It is the unwavering will of our army to deal a ruthless retaliatory strike and turn (the South) into a sea of fire and a pile of ashes the moment we have an order to carry it out.” Ohhhhhhh. We’re scared. Seriously, how many submarines, cruisers, aircraft carriers, bombers and drones are circling offshore North Korea, ready to unleash hell at any given moment? And that’s just the U.S. military. That sea of fire and pile of ashes looks a lot like future downtown Pyougyang to us. The Magnolia School District website is having a makeover. We’ll let you know when the site is up and running. Looking for more widely spread drought conditions when the new report comes out later this week. We’re expecting more abnormally dry conditions in South Arkansas. Patrick Posey died Saturday at his home near Benton, LA. Posey and his wife, Susan, performed much of the mural restoration work around the square a few years ago. Some fool vandalized highway signs in the Walkerville area on during the weekend, but the hate speech written on them was cleaned up. Our new online poll asks for your opinion about the state of race relations in Columbia County – whether they are better, worse or about the same as a decade ago. Another question might be what each of us, as individuals, is doing to make things better. Five years ago, we reported that Walkerville Cumberland Presbyterian Church was dedicating a new manse. A year ago, we reported that Betsy Production was drilling an oil well on the SAU campus. Vice President Aaron Burr shot and mortally wounded former Treasury Secretary Alexander Hamilton in a duel on this date in 1804. Author E.B. White was born on this date in 1899. George Gershwin died on this date in 1937. Source: http://www.magnoliareporter.com/news_and_business/mike_mcneills_diary/article_733b45f8-4720-11e6-9e2d-97f7f136ad46.html
Taken from:
Mike McNeill’s Diary for Monday, July 11, 2016: Fighting off the DDoS
Analyzing customer data, Corero found that attackers are continuing to leverage sub-saturating DDoS attacks with increasing frequency, using shorter attack durations to evade legacy cloud DDoS scrubbi…
Excerpt from:
Attackers prefer lower-bandwidth DDoS attacks
Eighty-one percent of health care executives say that their organizations have been compromised by at least one malware, botnet, or other cyber-attack during the past two years, and only half feel tha…
Excerpt from:
81% of healthcare organizations have been compromised
Neustar surveyed IT professionals from across EMEA to understand the impact of DDoS attacks. 40 percent of companies estimate hourly losses of over £100,000 at peak times during a DDoS outage,…
Read more here:
Half of companies under DDoS attack have critical data stolen