Tag Archives: world

Russian national pleads guilty to building now-dismantled IPStorm proxy botnet

23K nodes earned operator more than $500K – and now perhaps jail time The FBI says it has dismantled another botnet after collaring its operator, who admitted hijacking tens of thousands of machines around the world to create his network of obedient nodes.…

Continue Reading:
Russian national pleads guilty to building now-dismantled IPStorm proxy botnet

Plane-tracking site Flight Radar 24 DDoSed… just as drones spotted buzzing over Azerbaijan and Armenia

That’s one way of poking the world’s eyes out for a few hours Popular plane-tracking website Flight Radar 24 has been the victim of multiple DDoS attacks over the past few days – and though the site’s operators haven’t attributed blame, some have wondered if a regional conflict may have been the cause.…

See original article:
Plane-tracking site Flight Radar 24 DDoSed… just as drones spotted buzzing over Azerbaijan and Armenia

Tools for DDoS attacks available for free online

Distributed Denial of service or popularly known as DDoS attacks once again came to the limelight in 2016. From the attacks on Dyn servers whose architecture translates domain names into numeric addresses, hacker group Anonymous launching a DDoS campaign against Donald Trump under the banner of #OpTrump, to DDoS-for-hire service called LizardStresser using IoT botnets launching attacks on websites related to the Rio Olympics’ to hackers using 24,000 computers from around 30 countries to launch attacks on five Russian banks in early November. A DDoS attack is perpetrated by people who try and make an organizations website or services temporarily unavailable by suddenly increasing the amount of traffic from various sources to the end server.(read computers or even IoT devices from across the world). Moreover, there are many freely available tools available online for free and many hackers even sell DDoS services on Darkweb marketplaces like Alphabay, Valhalla etc. “You do not have to be a specialized hacker. Anyone nowadays can buy these services and tools by paying a small amount of money to bring down certain websites or completely put a company’s infrastructure in disarray. You can even run the attacks for weeks,” says Rahul Tyagi,Vice President – Training at Lucideus. Some of the common methods used to launch a DDoS attack are TCP connection attacks, volume attacks, fragmented attacks and application based attacks. TCP connection attacks are used against most of the end users available connections which include servers, firewalls and even load balancers. While Fragmented attacks destroy the victims system by sending TCP fragments, app attacks take down a server by using botnets. All of these can enable by tools freely available online. Let’s look at some of them. LOIC (Low Orbit Ion Canon) LOIC or popularly known as Low orbit Ion Canon is one of the more popular tools available on internet. It is primarily used to initiate a DOS attack on servers across the world by sending TCP, UDP requests to the compromised server. Even a beginner can use this tool and all he has to do enter the IP address of the victim server. This tool was earlier used by the infamous hacker group Anonymous for some of their attacks. But before you can get any ideas, just remember, this tool does not protect the hosts IP address so agencies looking out for you can trace the attack’s origin. XOIC This is another easy to use DOS attacking tool for the beginners. You can just input the IP address of or th selected ports and can be used against websites which do not generate a huge amount of traffic. HOIC HOIC or known as High Orbit Ion Cannon is an effective tool which uses booster scripts which allow users to make lists of victim IP addresses and helps the attackers remain anonymous and difficult to tracked down. It is still used by Anonymous for DDoS attacks worldwide. The tool claims it can flood up to 256 websites at once. Slowloris Slowmoris was developed by a gray hat hacker called “RSnake” which creates a slow HTTP request by sending the requests in HTTP requests in small packets in the slowest manner possible so that the victim server is forcefully made to wait for the requests. This way if multiple requests are send to the server, it will not be able to handle genuine requests. Pyloris This uses the same Slowmoris method. This tool directly attacks the service and not the hardware. Apart from these, there are many other tools available online like OWASP Switchblade, DAVOSET, GoldenEye HTTP DoS Tool, THC-SSL-DOS, DDOSIM – Layer 7 DDoS Simulator among others. All these tools are freely available online for downloads for anyone out there. Considering how mundane most cyber secuirty agencies are in dealing with attacks of such nature, there is lots which is needed to be done to defend against such DDoS attacks. Source: http://tech.economictimes.indiatimes.com/news/technology/tools-for-ddos-attacks-available-for-free-online/56297496

More:
Tools for DDoS attacks available for free online

Pokémon Go Servers Suffer Downtime, Possibly Due to DDoS Attacks

With server issues, Pokémon Go players may have had trouble catching much this weekend and it wasn’t merely due to the tremendously popular game crashing a lot on account of a massive new roll-out. A hacker group has claimed responsibility for the server outage, with DDoS attacks. A hacking group known as PoodleCorp has claimed responsibility for Pokémon Go servers crashing on Saturday, an attack which coincided with a roll-out of the tremendously popular game in 26 new countries. While its claim is yet to be verified, the hacking group has notable targeted several YouTube profiles, including the most followed YouTuber of them all, Pewdiepie. The claim was made via a social media post [1] on PoodleCorp’s Twitter account: PokemonGo #Offline #PoodleCorp The group also re-tweeted another post from the supposed leader of the group, who implied that another bigger attack was also coming. The poster wrote [2] : Just was a lil test, we do something on a larger scale soon . Several users took to social media to complain about the outage during a time when the gaming phenomenon is catching on like wildfire around the world, sending Nintendo share prices skyrocket by 86% in a week’s time. I’m really pissed off that Pokémon Go is down because a group of killjoys decided it would be fun to hack the servers and take them offline. — Meg Bethany Read (@triforcemeg) July 16, 2016 Pokemon GO got DDoS ‘d and DDOS became a trending topic lmao Earlier this week, a security researcher discovered a potentially major security flaw [4] win the application. The augmented reality game has captured the imagination of people around the world, wherein players capture virtual Pokemons before collecting and using them to battle other Pokemons captured by other players. Released on July 7, ten days ago, the application has already been downloaded over 10 million times on Apple and Android devices. A new roll-out saw the game now available in 34 countries, including Australia, the United States and almost all of Europe. Source: http://need-bitcoin.com/pokemon-go-servers-suffer-downtime-possibly-due-to-ddos-attacks/

Visit site:
Pokémon Go Servers Suffer Downtime, Possibly Due to DDoS Attacks

IoT Devices Are Being Hacked By Lizard Squad To Execute DDoS Attacks

People who have been following the tech news may recall the name Lizard Squad. This hacker collective has been a major pain in the neck for computer users all over the world. But it looks like they are changing tactics. Instead of relying on computer botnets, they are now enslaving other internet-connected devices to wreak more havoc. Lizard Squad Is Still On The Scene While most people agree the Internet of Things is a magnificent concept, it also poses a significant security risk. The majority of Internet-connected devices is not equipped with proper security precautions. In theory, any device connected to the internet can be hacked and taken over by malicious individuals. That seems to what Lizard Squad is showcasing already. The collective has been making a name for itself by using compromised computers to execute DDoS attacks around the world. But it looks like the Internet of Things is their new favorite target as of late. With millions of connected devices to choose from, creating a botnet has never been easier. Over the past few months, Lizard Squad hacked CCTV cameras and webcams all over the world to execute its DDoS attacks. Targets ranged from banks to governments, and gaming sites to ISPs. Albeit internet-connected devices are not always as powerful as a computer, they are much easier to control remotely. Plus, a lot of less-powerful devices combined can still pack quite the punch. Top put this into perspective, some of the recent Lizard Squad attacks managed to drive 400 Gbps of data to specific websites and servers. That is quite a lot of computer requests to bring down any network, or at least cripple it severely. Interestingly enough, it remains unknown whether or not Lizard Squad is trying to force targets to pay up to get rid of the attacks altogether. These attacks paint a worrisome picture for the future of Internet of Things security, though. The vast majority of devices will need to be made a lot more secure before they are actively used on the Internet. Computers are not safe from harm, either, though, as hacker collectives will try to exploit any weakness in any device. Source: http://themerkle.com/iot-devices-are-being-hacked-by-lizard-squad-to-execute-ddos-attacks/

More:
IoT Devices Are Being Hacked By Lizard Squad To Execute DDoS Attacks

A Massive Botnet of CCTV Cameras Involved in Ferocious DDoS Attacks

All clues lead back to Chinese DVR vendor TVT A botnet of over 25,000 bots lies at the heart of recent DDoS attacks that are ferociously targeting business around the world. More exactly, we’re talking about massive Layer 7 DDoS attacks that are overwhelming Web servers, occupying their resources and eventually crashing websites. US-based security vendor Sucuri discovered this botnet, very active in the last few weeks, and they say it’s mainly composed of compromised CCTV systems from around the world. Their first meeting with the botnet came when a jewelry shop that was facing a prolonged DDoS attack opted to move their website behind Sucuri’s main product, its WAF (Web Application Firewall). Botnet can crank out attacks of 50,000 HTTP requests per second Sucuri thought they had this one covered, just as other cases where companies that move their sites behind their WAF block the attacks, and eventually the attacker moves on to other targets. Instead, they were in for a surprise. While the initial attack was a Layer 7 DDoS with over 35,000 HTTP requests per second hitting the server and occupying its memory with garbage traffic, as soon as the attackers saw the company upgrade their website, they quickly ramped up the attack to 50,000 requests. For Layer 7 attacks, this is an extraordinarily large number, enough to drive any server into the ground. But this wasn’t it. The attackers continued their assault at this high level for days. Botnet’s nature allowed attacks to carry out attacks at higher volumes Usually, DDoS attacks flutter as the bots come online or go offline. The fact that attackers sustained this high level meant their bots were always active, always online. Sucuri’s research into the incident discovered over 25,513 unique IP addresses from where the attacks came. Some of these were IPv6 addresses. The IPs were spread all over the world, and they weren’t originating from malware-infected PCs, but from CCTV systems. Taiwan accounted for a quarter of all compromised IPs, followed by the US, Indonesia, Mexico, and Malaysia. In total, the compromised CCTV systems were located in 105 countries. Top 10 locations of botnet’s IPs The unpatched TVT firmware comes back to haunt us all Of these IPs, 46 percent were assigned to CCTV systems running on the obscure and generic H.264 DVR brand. Other compromised systems were ProvisionISR, Qsee, QuesTek, TechnoMate, LCT CCTV, Capture CCTV, Elvox, Novus, or MagTec CCTV. Sucuri says that all these devices might be linked to Rotem Kerner’s investigation, which discovered a backdoor in the firmware of 70 different CCTV DVR vendors . These companies had bought unbranded DVRs from Chinese firm TVT. When informed of the firmware issues, TVT ignored the researcher, and the issues were never fixed, leading to crooks creating this huge botnet. This is not the first CCTV-based botnet used for DDoS attacks. Incapsula detected a similar botnet last October. The botnet they discovered was far smaller, made up of only 900 bots . Source: http://news.softpedia.com/news/a-massive-botnet-of-cctv-cameras-involved-in-ferocious-ddos-attacks-505722.shtml#ixzz4CsbxFc4A

Read More:
A Massive Botnet of CCTV Cameras Involved in Ferocious DDoS Attacks

Week in review: Blackhole 2.0 is out, Windows 8 users open to Flash exploits, and botnet C&Cs hidden in the Tor network

Here's an overview of some of last week's most interesting news and articles: Apache HTTP Server set to ignore IE10's Do Not Track request Microsoft's decision to make Internet Explorer 10 in Wi…

View article:
Week in review: Blackhole 2.0 is out, Windows 8 users open to Flash exploits, and botnet C&Cs hidden in the Tor network