DDoS DDoS Defense Denial of Service DoS Attacks Stop DDoS Stop DDoS Attacks Stop Hackers
Hacks of Swedish military used in 2013 attacks on US banks
April 11, 2016

Hacks Of Swedish Military Used In 2013 Attacks On US Banks

STOCKHOLM – Swedish military computers were hacked and used in an attack that knocked out the web pages of as many as 20 major US banks and financial institutions in 2013, the armed forces said on Monday.

Military spokesman Mikael Abramsson said that a server in the Swedish defence system had a flaw that was exploited by hackers to carry out the attacks, confirming a report in the Swedish daily DN.

“The hacking attack was a kind of wake-up call for us and forced us to take very specific security steps to prevent such a thing from happening again,” he said.

“We cannot be more specific about the new security measures we put in place, but such an attack could not happen again.”

The servers were used in a so-called DDoS (distributed denial of service) attack, which pounded the websites of US financial institutions such as Citigroup, Capital One and HSBC with overwhelming requests for information.

At the time, the attack, which began in 2012 and continued for months, was one of the biggest ever reported.

US officials blamed Iran, suggesting it was in retaliation for political sanctions and several earlier cyber attacks on its own systems.

Many other vulnerable servers in locations throughout the world were used in the attack, and together they created an Internet traffic jam so powerful that it knocked out the banks’ websites.

“We normally have a good eye on our stuff. This mistake is about the human factor,” Dan Eriksson, IT security expert with the Swedish armed forces, told DN.

DDoS attacks have long been a basic hacker weapon but they have typically involved the use of armies of personal computers tainted with viruses and coordinated to make simultaneous requests at targeted websites.

In 2013, attackers infected datacentres used to host services in the Internet “cloud” and commandeered massive computing power around the world to back the DDoS attacks, security experts said.

US-based Neustar, which protects companies from such attacks, said they can cost financial institutions as much as $100,000 an hour … sometimes for several days

Source: https://www.enca.com/technology/hacks-swedish-military-used-2013-attacks-us-banks

Block DDoS DDoS Denial of Service Denial of Service Attack Stop DDoS Stop Hackers
Bill Gates/bot malware family used to launch DDoS attacks
April 8, 2016

Bill Gates/bot malware family used to launch DDoS attacks – SC Magazine  

The Bill Gates/bot family of malware continues to be used to facilitate distributed denial of service (DDoS) attacks, allowing bad actors to seize full control of infected systems, according to a threat advisory from Akamai’s Security Intelligence Research Team (SIRT), which ranked the risk factor as “high.”

The researchers noted that the attack vectors in the toolkit of the malware, which was revealed on a Russian website in 2014, include ICMP flood, TCP flood, UDP flood, SYN flood, HTTP Flood (Layer7), and DNS query-of-reflection flood.

“This malware is an update and reuse of the Elknot’s malware source code,” the advisory said. “Over the years, the botnets composed of it have grown, and today’s botnets are launching significantly large attacks.”

Akamai’s SIRT believes the malware, like the XOR botnet, originated in Asia, with attackers “using the same methods for infection, which are primarily SSH brute force attempts for root login credentials.” Previous reports, the researchers said, had the infection methods including an ElasticSearch Java VM vulnerability.

“The botnet targets are the same as the XOR botnet, most of which are hosted in Asia and online gaming institutions,” the advisory noted.

In Q4 2015, Akamai SIRT noted that the XOR C2 had become inactive, presumably as part of a takedown operation. With XOR C2 out of commission, the attackers began to take aim at the same target list, using BillGates Botnet to launch DDoS attacks.

Researchers said that after the malware had decrypted its configuration file, “execution jumps directly to the malware’s main functionality, which first checks the value of the g_GatesTypes global variable.” Depending on the value, determined by the filename and path of execution, the malware performs one of four functions.

Once the initial phases have been completed, resulting in the malware being rooted in the system, the malware runs a “multi-threaded” MainProcess function “responsible for opening communication with the C2 server(s), parsing commands, and launching DDoS attacks,” the advisory said.

The most popular payloads observed by the team SYN and DNS Floods.

Attack campaigns, which vary from many to hundreds of Gbps, are aimed at Asia-based organizations, mostly in the gaming and entertainment sector.

While the malware can spoof source addresses from infected machines, Akamai SIRT said more commonly the source in the attacks it observed were infected machines. “This is likely due to an inability to route spoofed traffic from the infected host’s network,” the advisory said.

Source: http://www.scmagazine.com/asian-firms-in-gaming-and-entertainment-targeted-by-bill-gatesbot-malware/article/488128/

DDoS Denial of Service Denial of Service Attack DoS Attacks Stop DDoS Stop DDoS Attacks Stop Hackers
Massive application-layer attacks could defeat hybrid DDoS protection
April 7, 2016

Massive application-layer attacks could defeat hybrid DDoS protection | PCWorld

Security researchers have recently observed a large application-layer distributed denial-of-service attack using a new technique that could foil DDoS defenses and be a sign of things to come for Web application operators.

The attack, which targeted a Chinese lottery website that used DDoS protection services from Imperva, peaked at 8.7Gbps. In a time when DDoS attacks frequently pass the 100Gbps mark, 8.7Gbps might not seem much, but it’s actually unprecedented for application-layer attacks.

DDoS attacks target either the network layer or the application layer. With network-layer attacks, the goal is to send malicious packets over different network protocols in order to consume all of the target’s available bandwidth, essentially clogging its Internet pipes.

However, with application-layer attacks, which are also known as HTTP floods, the goal is to consume the computing resources — CPU and RAM — that a Web server has at its disposal to process requests. When their limit is reached, the server will stop answering to new requests, resulting in a denial-of-service condition for legitimate clients.

Unlike network-layer attacks, HTTP floods don’t normally rely on the size of the sent data packets to do damage, but rather on the number of requests that need to be processed by the targeted Web application. Until now, even the largest HTTP floods, which generated over 200,000 requests per second, didn’t end up consuming more than 500Mbps, because the packet size of every request was very small.

Most companies build their infrastructure so that an application can handle a maximum of 100 requests per second. Unless these applications are protected by an anti-DDoS service that identifies and filters bogus requests, it’s easy to disrupt them, according to researchers from Imperva.

Defending against network-layer attacks usually involves routing all traffic destined for a protected network through the network infrastructure of a DDoS mitigation provider. The provider scrubs the traffic of malicious packets and only forwards the legitimate ones to the customer’s network.

On the other hand, protecting against application-layer attacks is often done through a special-purpose hardware appliance that sits on the customer’s own network in front of the Web server.

This type of hybrid DDoS protection — cloud-based network-layer defense combined with on-premise application-layer defense — can be ineffective when facing massive HTTP floods like the 8.7Gbps one recently encountered by Imperva.

That attack was launched from a botnet made up of computers infected with the Nitol malware that sent legitimate HTTP POST requests mimicking the Web crawler of the Baidu search engine. The requests, 163,000 per second, attempted to upload randomly-generated large files to the server, resulting in the attack’s unusually large bandwidth footprint.

“Application layer traffic can only be filtered after the TCP connection has been established,” the Imperva researchers said in a blog post. “Unless you are using an off-premise mitigation solution, this means that malicious requests are going to be allowed through your network pipe, which is a huge issue for multi-gig attacks.”

This means the network-layer DDoS mitigation service will let the packets through to be inspected by the customer’s on-premise appliance designed to protect the application layer. However, those packets won’t even reach the appliance because they will generate more traffic than the customer’s Internet uplink will be able to handle. It’s like hiding a network-layer attack behind an application-layer one.

“Granted, some of the larger organizations today do have a 10 Gb burst uplink,” the Imperva researchers said. “Still, perpetrators could easily ratchet up the attack size, either by initiating more requests or by utilizing additional botnet resources. Hence, the next attack could easily reach 12 or 15 Gbps, or more. Very few non-ISP organizations have the size of infrastructure required to mitigate attacks of that size on-premise.”

For organizations in certain industries like finance, there’s no easy answer to fighting off such high-bandwidth application-layer attacks. Their Web applications need to use HTTPS to encrypt data in transit and they need to terminate those HTTPS connections inside their own infrastructure to be in compliance with regulatory requirements regarding the protection of financial and personal data.

Therefore, the application-layer DDoS protection that relies on inspecting the requests after they’ve been decrypted also needs to happen within their own infrastructure.

Source: http://www.pcworld.com/article/3052164/massive-application-layer-attacks-could-defeat-hybrid-ddos-protection.html

DDoS DDoS Attacks Defend Against DDoS Denial of Service DoS Attacks Stop DDoS Stop Hackers
Major cyber-security breaches discovered locally
April 6, 2016

Major cyber-security breaches discovered locally  

Block DDoS DDoS Attack Specialist Defend Against DDoS Denial of Service Attack Stop DDoS Stop Hackers
Could the Election Be Hacked?
April 1, 2016

Could the Election Be Hacked?

With the surge in data breaches over the past several years, the prevailing wisdom is that no online data is completely safe from hackers. Banks, governments, insurance companies and small businesses globally have lost billions of dollars to cybercrime.

Last year, the top security breaches affected something more precious than personally identifiable information. Data breaches included the most intimate details and actions in life — with the loss of millions of records containing biometrics like fingerprints, career backgrounds, family relationships, secret liaisons, hospital records and much more.

Which leads to the big question that’s being asked with renewed fervor: Could the 2016 presidential election be disrupted, or somehow manipulated, via unauthorized computer hacking or denial of service attacks?

Related situations have come up several times in the past year. Concerns were raised following the Iowa caucuses in February after a new Microsoft vote-tallying app failed in certain parts of the state. The Des Moines Register reported these troubles: “Too many accounts have arisen of inconsistent counts, untrained and overwhelmed volunteers, confused voters, cramped precinct locations, a lack of voter registration forms and other problems.” Still, no hacker “foul play” was insinuated.

After the hanging chads from the Florida election in November 2000 and the dozens of nationwide contested elections over the past decade, no one wants to wake up to a huge cybermess that involves the word “hacking” on Nov. 9, 2016. Therefore, this election tampering issue has been raised by commentators from both ends of the political spectrum. The Huffington Post mentioned six ways hackers could disrupt an election, including hacking a voting machine, shutting down the voting system or election agencies, and deleting or changing election records.

Meanwhile, Fox News proclaimed that “ballot machines are easy targets.” Pointing to a report by the Commonwealth Security and Risk Management Directorate for the Virginia Information Technologies Agency, experts recently insisted that old technology could impact election results.

A 2015 report from the Brennan Center for Justice said that in this year’s election, 43 states will use electronic voting machines that are at least 10 years old and reaching the end of their expected lifespan. A member of the U.S. Election Assistance Commission told the report’s authors, “We’re getting by with Band-Aids.”

So what efforts are being made to ensure a safe and reliable election count? In 2012, CountingVotes.org looked at election preparedness state-by-state. The answer is that every state has taken specific actions to ensure that public trust and integrity in the voting process is maintained.

The Verified Voter Foundation’s news service outlines these actions in the 50 states, including technology upgrades and process changes in each state. For example, in Michigan: “Secretary of State Ruth Johnson issued the following statement regarding the governor’s budget proposal announced today that calls for $10 million in state support to help local communities buy new election equipment: ‘I appreciate Gov. Snyder’s commitment to upgrading our state’s aging election equipment. I look forward to working with lawmakers now to win their support for this reasonable plan, and I encourage city and township leaders to offer their support as well.’”

Few experts are predicting widespread problems on Election Day 2016. And yet, hacker activity affecting the vote count in a few key districts in a small subset of states could swing a tight election race in one direction or the other.

The risk of election problems in 2016 should certainly get more attention as a result of aging technology and the growing breadth and depth of global cyberthreats. Nevertheless, state government election professionals have overcome difficult challenges in past years. Excellent teams in each state are working hard to ensure that this year will be no different.

The bottom line is we know there have been and will be hacker attempts to disrupt elections. We shall soon know if our people, process and technology can succeed again in 2016. I’m betting on the good guys.

Source: http://www.govtech.com/Could-the-Election-Be-Hacked.html