Tag Archives: ddos news

DDoS Extortion – Biting the DDoS Bullet

It started with a five minute long DDoS attack which established that the cybercriminals meant business and could cause impact, this small sample attack stopped all business for five minutes. They then sent an email demanding payment of the ransom in bitcoins within 48 hours, otherwise a second and far more damaging DDoS attack would ensue and the ransom amount would be raised. This type of attack: ‘DDoS Extortion’ has become increasingly popular during the past year and the official guidance to companies who find themselves in a DDoS Extortion situation, as recently reiterated by the FBI, is: Do Not Pay the ransom but rather focus efforts at strengthening DDoS mitigation. The ‘target’ in this case was a leading ecommerce corporation and downtime was not an option both in terms of possible transaction loss and equally importantly reputational damage. The company had already invested in multi-layered DDoS mitigation strategy.  The five-minute outage caused by the extortionists had senior IT management under pressure and they knew that serious financial loss as well as impact to their reputation was possible. “DDoS mitigation does not boil down to one device that ‘bites the DDoS bullet’” DDoS Testing Testing DDoS mitigation systems is done by generating traffic which simulates real DDoS attacks in a completely monitored and controlled manner. Control is key because DDoS mitigation does not boil down to one device that ‘bites the DDoS bullet’ but is rather a chain of devices that need to be configured much like an orchestra in order to work in complete harmony. Testing this way allows a company to verify that each element of their DDoS mitigation systems is working as expected and that together they are configured for optimal protection. DDoS testing typically impacts the tested environment and therefore is conducted during maintenance windows to ensure minimal disruption to ongoing operations. This means the company’s key team members are usually all on site and because maintenance windows usually last 3-5 hours – time is of the essence. For this reason effective DDoS testing allows for: i.    Quickly switching from one type of test to another once you have evaluated how the environment responds to a test (there are numerous types of tests ranging from Layer 3, Layer 4  to Layer7), and ii.    Ramping up test bandwidth to simulate a realistic load level We received a call on Saturday afternoon describing the ransom scenario and possibilities of a large attack and our SOC team was at the customer’s premises the following morning. “It’s all about knowing which attacks to simulate and getting as many of them done, in as little time as possible. You know that clock is ticking..” Our ‘Emergency BaseLine DDoS Testing’ as we have come to call it, is comprised of the following three stages: 1.    Reconnaissance – Working with the company to understand as much as possible about relevant subnets and foot-printing the environment with port scanning and DNS enumeration. 2.    Testing – Simulating a variety of tests to identify points of failure 3.    Troubleshooting & Hardening – Resolving immediate critical issues and troubleshooting the necessary network points to have a DDoS mitigation defense ready for the threatened attack. Source: http://blog.mazebolt.com/?p=590

Read this article:
DDoS Extortion – Biting the DDoS Bullet

Labour Party website DDoS’d by ruly democratic mob

Corbyn camp urges us to ‘get registering’ – we couldn’t agree more, Jeremy The intermineable registration process for voters for the new Labour Party leader’s election did not terminate this noon, as was planned, due to the party website dropping offline, following an effective, if accidental, DDoS attack from a flood of well-meaning visits generated by eager, if incredibly tardy, new supporters. The party website now informs visitors that “this morning we understand that some people have had problems trying to join or register as a supporter of the Labour Party. We are extending the deadline to join or register and be able to vote in the Leadership elections until 3pm.” If you are experiencing problems with the website, you can also register as a supporter with a £3 text. Text SUPPORT to 78555 and wait for a further text tomorrow on how to complete registration. According to the Guardian – which is live-Tweeting the event, now for another three hours – the party’s fear of entryists has resulted in “at least three of the camps” getting “in touch with each other to discuss their concerns about the running of the contest”. No accounts connected to Corbyn’s opponents have tweeted about the extension. Source: http://www.theregister.co.uk/2015/08/12/labour_party_wesbite_ddosd_by_mob_wanting_to_vote_for_new_leader/

Continue reading here:
Labour Party website DDoS’d by ruly democratic mob

Revisiting takedown wins: Are users in the developing world getting left behind?

We have all seen the headlines: another botnet dismantled, and we can all rest easy that the threat that has been plaguing us for all those years is now no longer an issue. After the headlines, howeve…

See the original article here:
Revisiting takedown wins: Are users in the developing world getting left behind?

Hackers hid Carphone Warehouse breach with DDoS smokescreen – report

Crims aim to cause just enough chaos to get in and out Hackers reportedly swamped Carphone Warehouse with junk traffic as a smokescreen, before breaking into systems and stealing the personal details of 2.4m customers .…

Read the article:
Hackers hid Carphone Warehouse breach with DDoS smokescreen – report

Hackers are blackmailing banks with threats of DDoS attacks

Hackers are threatening banks and other financial institutions with Distributed Denial of Service (DDoS) attacks if they don’t pay them tens of thousands of dollars, according to various reports More than 100 companies were threatened, according to MarketWatch, which cited a Federal Bureau of Investigation (FBI) agent. Among the companies being targeted were big banks and brokerages in the financial sector. A DDoS attack is when a hacker floods a website with traffic, forcing it offline. It is usually done with the help of multiple compromised systems, which are often infected with a Trojan. Richard Jacobs, assistant special agency in charge of the cyber branch at the FBI’s New York office, told MarketWatch these threats have been coming in since April. He added that in some cases, the companies have paid up. These companies end up facing further trouble as hackers know that they are willing to engage. “There are some groups who typically will go away if you don’t pay them, but there’s no guarantee that’s going to happen,” Jacobs says. He says not all targets have experienced actual attacks. Companies are willing to pay large sums of money, as DDoS attacks could see them lose even more. A DDoS attack could see a company lose more than $100,000 an hour, according to Neustar, a Sterling, Va.-based information services and analytics company. Jacobs says the FBI does not advise or direct firms as to whether or not to pay the attackers or let their websites go down. “How important is that access to that website to your business? They have to make their own calls,” Jacobs says. “If you’re a discount broker and that’s the only way your customers can trade, that would be a concern. If it’s just a website that’s used for general news and information, maybe it’s not so difficult to have it down for an hour or two.” Yaroslav Rosomakho, Principal Consulting Engineer EMEA at Arbor Networks commented: “The fact hackers are planning on taking down websites with DDoS attacks unless organisations pay large sums of money is testament that hackers are becoming increasingly ruthless. Hackers’ activities against internet services of financial institutions are on the rise, since these services are an absolutely critical part of daily business. “Hackers realise that DDoS can be as disruptive as other more traditional attack methods and, unfortunately, still many organisations do not pay enough care to availability protection of their services and infrastructure. “Our research shows that DDoS attacks are continuing to grow in size, complexity and frequency with nearly half of businesses experiencing DDoS attacks last year. As attack size increases, so does the complexity of the hacker’s toolkit. “To ensure protection from these threats, organisations must have multi-layered DDoS protection in place, using both cloud and network-perimeter components to protect from stealthy application layer, state exhaustion and large volumetric attacks.” Source: http://www.itproportal.com/2015/07/31/hackers-threaten-banks-with-ddos-ask-for-ransom/

Read the original:
Hackers are blackmailing banks with threats of DDoS attacks

DDoS attacks rage on, primarily impacting U.S. and Chinese entities

Organizations in the U.S. and China should be especially aware of distributed denial-of-service (DDoS) attacks, as more than half of them in Q2 of this year were aimed at the two countries. Kaspersky Lab’s “DDoS Intelligence Report Q2 2015” found that from April until the end of June this year, DDoS attacks impacted 79 countries, with most, 77 percent, affecting only 10 countries. In addition to China and the U.S., South Korea, Canada, Russia and France accounted for a large portion of attacks. The cybersecurity company defined a single attack as an incident during which there was “no break in botnet activity lasting longer than 24 hours.” If the same entity was attacked by the same botnet but with a 24 hour gap in activity, the two incidents would be considered separat e. The longest attack recorded during this past quarter lasted 205 hours, or eight and a half days. The peak number of attacks clocked in at 1,960 on May 7, and the low, at 73 attacks, occurred on June 25. The popularity of these attacks stems from the ease with which they can be arranged, said Andrey Pozhogin, senior product marketing manager at Kaspersky Lab North America, in emailed comments to SCMagazine.com. “Today, it is much easier to launch a DDoS attack,” he wrote. “Suddenly, you don’t have to be an expert in the field – all the power and potential damage is available to you with a few clicks. It’s also relatively cheap to commission a DDoS attack.” He noted that some online services charge as little as $50 for an attack that can cause serious damage to a company’s reputation, as well as financial losses. An average DDoS attack can range in cost to a company, depending on its size, anywhere from $52,000 to $444,000, Pozhogin said. As far as days of the week to be attacked, Sunday was the most popular day, accounting for 16.6 percent of them, and Tuesday was the least popular with 12.1 percent. Even as companies attempt to beef up their protection, it’s nearly impossible to stay ahead of the attackers and their tools. “As long as a company continues to focus on its core business it will not be able to match the resources poured into bypassing outdated protection and staying ahead of the attackers,” Pozhogin said. That said, cybersecurity firms’ technology can assist in keeping attackers at bay and enterprises’ sites running, he reminded. Source: http://www.scmagazine.com/kaspersky-lab-releases-q2-ddos-report/article/431034/

View article:
DDoS attacks rage on, primarily impacting U.S. and Chinese entities

DDoS Attack Temporarily Shuts Down International ‘DOTA 2? Tournament

The International  DOTA 2  tournament is underway, but a reported DDoS attack forced Valve to suspend the matches for several hours. The tournament has had several Internet-related problems since it began, but commentators confirmed that a DDoS attack was indeed to blame for today’s outage. It’s a funny thing that even an official Valve tournament, with all the top players in the world on the same stage, still needs to deal with all the same outage problems that average gamers have to deal with all the time. There is no LAN mode for DOTA 2. We’ve contacted Valve for comment and will respond with any update. The matches are up and running again. A DDoS is a rudimentary form of hack where people overwhelm a given server with a gigantic number of false requests, rendering it unable to respond. DDoS attacks and other Internet tomfoolery are a an unfortunate side effect of video games in general: virtual vandals have a habit of knocking down everything from smaller PC games to PSN and Xbox Live. Video games have an outsize presence amongst the young and internet-savvy, making them an ideal, if monumentally annoying, target for coordinated groups and lone actors alike. The international DOTA 2 tournament carries with it a record $18 million prize purse, raised through crowd-funding and in game purchases. It’s a landmark purse for eSports, carrying with it the sort of legitimacy that only outsize rewards for obsessive skill can provide. You can watch the proceedings below on the live Youtube stream, though Valve also provides a newcomers stream with explanation and commentary for people who don’t know the ins and outs of the game. It’s complicated, no doubt, but then again, so is football. Source: http://www.forbes.com/sites/davidthier/2015/08/04/ddos-attack-temporarily-shuts-down-international-dota-2-tournament/

Read More:
DDoS Attack Temporarily Shuts Down International ‘DOTA 2? Tournament

Curriculum Protests: DDoS attacks launched on official, pan-blue Web sites

In what it said was support for the ongoing curriculum protests, hacker group Anonymous Asia yesterday launched a third wave of distributed denial of service (DDoS) attacks against the Web sites of two political parties and a government ministry. The Web sites of the New Party, Chinese Nationalist Party (KMT), the KMT Taipei branch office and the Ministry of Economic Affairs were attacked for more than an hour. According to reports by Storm Media Group, Anonymous launched its first wave of DDoS attacks under the name “Anonymous #Op Taiwan” on Friday last week by locking down the Presidential Office and Ministry of Education Web sites for five hours. A notice released by the group said: “We are everywhere and nowhere. Taiwan’s police are not exempt [from our attacks], and all police must take responsibility for this incident. We cannot permit the use of violence or pepper spray on peacefully demonstrating people. When you hurt the Taiwanese people, revenge will be sought. We cannot forget, support us and the corrupt officials will be afraid of us. Taiwan’s government, expect us.” On Sunday, the group launched a second wave of DDoS attacks against the Ministry of Education, the Ministry of National Defense, the National Academy of Educational Research and CtiTV, a television station generally sympathetic toward the KMT, the report said. In a Facebook post on Sunday, New Party Chairperson Yok Mu-ming (???) said the DDoS attacks were serious national security concerns. “Do we not see China as our enemy and try to prevent Beijing hacking our Web sites? What I’m seeing now is like the opening salvoes of a Taiwanese civil war,” Yok said. Yok called on the public to put pressure on the Presidential Office and National Security Bureau to look into the attacks and find out who was behind them. “We must know if the motives are against curriculum changes or if there are other ulterior motives,” he said. Shortly after Yok’s Facebook post the New Party Web site was hacked. Anonymous Asia said on Facebook: “Yok Mu-ming, are you looking for us? Here we come.” Anonymous Asia is a loose coalition of hackers and Internet activists. The group describes itself as “an internet gathering” with “a very loose and decentralized command structure that operates on ideas rather than directives” and has been known for high-profile public DDoS attacks on government, religious, and corporate Web sites. Source: http://www.taipeitimes.com/News/taiwan/archives/2015/08/04/2003624588

More here:
Curriculum Protests: DDoS attacks launched on official, pan-blue Web sites

FBI Warns of Increase in DDoS Extortion Scams

Online scammers constantly are looking for new ways to reach into the pockets of potential victims, and the FBI says it is seeing an increase in the number of companies being targeted by scammers threatening to launch DDoS attacks if they don’t pay a ransom. The scam is a variation on a theme, the familiar ploy of either holding a victim’s data for ransom or threatening some kind of attack if a ransom isn’t paid. Ransomware gangs have been running rampant in recent years, using various kinds of malware to encrypt victims’ data and then demand a payment, usually in Bitcoin, for the encryption key. The scam that the FBI is warning about isn’t as intrusive as that, but it can be just as damaging. The attackers in these cases are emailing people inside organizations and demanding that they pay a ransom or face a DDoS attack. “Victims that do not pay the ransom receive a subsequent threatening e-mail claiming that the ransom will significantly increase if the victim fails to pay within the time frame given. Some businesses reported implementing DDoS mitigation services as a precaution,” an alert from the FBI says. The FBI says that it believes there are several people involved in these scams and they anticipate that they will expand the number of industries that they’re targeting in the near future. Organizations that haven’t paid the ransom have in some cases been hit with the threatened DDoS attacks, but the FBI said they typically don’t last very long. “Businesses that experienced a DDoS attack reported the attacks consisted primarily of Simple Discovery Protocol (SSDP) and Network Time Protocol (NTP) reflection/amplification attacks, with an occasional SYN-flood and, more recently, WordPress XML-RPC reflection/amplification attack. The attacks typically lasted one to two hours, with 30 to 35 gigabytes as the physical limit,” the FBI alert says. There have been high-profile incidents like this in the recent past. Basecamp, a project management console, was hit with such an attack in 2014 when attackers tried to blackmail they company and then hit it with a DDoS attack. Source: https://threatpost.com/fbi-warns-of-increase-in-ddos-extortion-scams/114092#sthash.2CvEua2m.dpuf

See the original article here:
FBI Warns of Increase in DDoS Extortion Scams