DDoS DDoS Attack Specialist DDoS Attacks DDoS Defense DDoS Protection Specialist
Thai government websites hit by denial-of-service attack
October 2, 2015

Several Thai government websites have been hit by a suspected distributed-denial-of-service (DDoS) attack, making them impossible to access.

The sites went offline at 22:00 local time (15:00 GMT) on Wednesday. Access was restored by Thursday morning.

It appeared to be a protest against the government’s plan to limit access to sites deemed inappropriate.

Tens of thousands of people have signed a petition against the proposal they call the “Great Firewall of Thailand”.

The name is a reference to the so-called “Great Firewall of China” commonly used to refer to the Chinese government’s censorship over internet content.

‘Inappropriate websites’

A DDoS attack works by exceeding a website’s capacity to handle internet traffic. They are usually orchestrated by a program or bot.

But on Wednesday, calls went out on social media in Thailand encouraging people to visit the websites and repeatedly refresh them.

Among the targets were the site of the ministry of information, communications and technology (ICT) and the main government website thaigov.go.th.

ICT Deputy Permanent Secretary Somsak Khaosuwan said the site did not crash because of an attack but because it was overloaded by visitors checking to see whether and attack was happening, the Bangkok Post reports.

‘Single gateway’

Since seizing power, the Thai military government has increased censorship, blocked websites and criminally charged critics for comments made online.

News it was planning to set up a single government-controlled gateway as a “tool to control inappropriate websites and information flows from other countries” emerged last month.

Internet gateways are the point at which countries connect to the world wide web.

Analysis: Jonathan Head, BBC News, Bangkok

What are Thais angry about?

The cabinet had ordered a single gateway to be imposed in order to block “inappropriate websites” and control the flow of information from overseas. That the decision, made at a cabinet meeting on 30 June, was kept secret has caused more alarm.

Why does the government want a single gateway?

A statement by Minister for Information Uttama Savanayana that the decision was not yet final, and that the single gateway was only intended to reduce the cost of internet access. This was met with disbelief by many Thais, and then the shutdown of government websites.

Will the DDoS have any impact?

Thai netizens insist this is not an attack, but a form of civil disobedience. The military may still push ahead with its firewall, whatever the opposition. The need for control, as it confronts the task of managing a sensitive royal succession, will probably trump any concerns it may have for the digital economy.

Thailand used to have just a single gateway but slow internet speeds led to the liberalisation of the industry and today there are 10, operated by private and state-owned companies.

The apparent attack renewed the vibrant debate over the single gateway plan on social media, with many users declaring the end of privacy.

“Thailand is developing. Thailand is developing into North Korea,” one Twitter user said.

“I personally & professionally support free flow of information & fair competition on ICTs,” said Supinya Klangnarong from the National Broadcasting and Telecommunication Commissions (NBTC) on Facebook.

“Hope NBTC’s website won’t be attacked tonight. An open debate is definitely better than a cyber warfare. Voices of reason shall be heard.”

Source: http://www.bbc.com/news/world-asia-34409343

DDoS DDoS Attack Specialist DDoS Attacks DDoS Defense DDoS Protection Specialist
Hackers use DDoS attacks to distract you
September 16, 2015

Low-level persistent DDoS masks the real attack, warns report

Cybercriminals are using low-level DDoS attacks to mask malware injections, according to a report from information security services firm Neustar.

Half of the 800 executives surveyed for the report, titled North America and EMEA: The Continual Threat to Digital Brands for 2015, said they had suffered a DDoS attack in 2014 and early 2015, of which 80 per cent said they had suffered multiple attacks.

While 60 per cent of DDoS attacks still use heavy traffic to try and knock websites offline, 40 per cent are relatively small, at less than 5 Gbps, according to the report.

A total 36 per cent of executives surveyed said that, following a DDoS attack, they found malware installed in their systems. In the financial services sector, this rose to 54 per cent experiencing a DDoS of 4Gbps or less in strength and 43 per cent of all DDoS attacks leaving behind malware.

The results also show that companies in EMEA seem to be at greater risk both of DDoS attacks and subsequent malware injections. Of the almost 300 EMEA executives surveyes, 80 per cent said they had suffered a DDoS attack, of which 92 per cent reported a coinciding breach. Of that 92 per cent, two thirds experienced theft.

“These results really point to targeted attacks targeting a specific organisation for a specific purpose,” Margee Abrams, director of security services product marketing at Neustar told IT Pro.

Abrams said this also represents a particular, and recent, change of tactics.

“At the beginning of 2014, when we first did the report, we saw larger volumes of data in DDoS attacks and they would take the devices offline. Now what we’re seeing is, with these smaller volumes, they can keep the devices online so that they can do other things – they don’t want to totally saturate the device,” she said.

Mitigating an attack involves more than just the IT team as well, now.

“When a DDoS attack occurs, everyone, including the communications, marketing, risk and compliance teams are all mobilised, as well as IT, to mitigate it,” said Abrams. This is, potentially, in recognition of the brand damage an attack of this kind can do.

Businesses are continuing to fight back against the attackers at a technical level as well, though, with 73 per cent of those surveyed saying they are investing more in DDoS-specific protection and 46 per cent in hybrid technologies and counter-measures, which use both on-premise and cloud-based DDoS mitigation technologies to overcome attacks.

Source: http://www.itpro.co.uk/security/25288/hackers-use-ddos-attacks-to-distract-you

DDoS DDoS Attacks DDoS Defense DoS Attacks
Canadian, U.S. organizations focus of latest DDoS extortion campaign
September 11, 2015

Enterprises in Canada and the U.S. are increasingly being targeted by new distributed denial of service attacks from a Bitcoin extortionist group dubbed DD4BC, according to a new report from Akamai Technologies.

“The latest attacks – focused primarily on the financial service industry – involved new strategies and tactics intended to harass, extort and ultimately embarrass the victim publically,” Stuart Scholly, the content delivery provider’s senior vice-president and general manager of its security division, said in a statement.

No victim organizations were named.

Some attacks have been measured at up to 50 Gigabits per second.  Typically the group uses use of multi-vector DDoS attack campaigns, revisiting former targets and also incorporating Layer 7 DDoS in multi-vector attacks, specifically concentrating on the WordPress pingback vulnerability, the report says. This vulnerability is exploited to repeatedly send reflected GET requests to the target to overload the website. Akamai said its researchers have seen this attack method incorporated into DDoS booter suite frameworks.

Akamai has been tracking the group since some customers were targeted 12 months ago. Since April it identified 114 DD4BC attacks alone, including more aggressive measures that target brand reputation through social media.

The attacks initially started against organizations in North America and Asia, then shifted to Europe before focussing on companies in Korea, China, Australia, and New Zealand for a period.

But more recently the past year the group expanded its extortion and DDoS campaigns to target a wider array of business sectors – including financial services, media and entertainment, online gaming and retailers, the report says.  An attack start with an e-mail to a target that a low-level DDoS attack will be launched against the organization’s website. After that attack there is demand to pay Bitcoin within 24 hours to protect the company from a larger DDoS attack that would make its website inaccessible.

A typical recent email has the cheek to introduce the group to the victim by including a link to an April post by Akamai describing DD4BC

Akamai has seen initial demand requests averaging 10-20 bitcoin (the exchange rate is about US$230 per bitcoin), although it has been as much as 100 bitcoins.

To protect enterprises Akamai recommends CISOs deploy anomaly- and signature-based DDoS detection methods to identify attacks before a website becomes unavailable to users, distribute resources to increase resiliency and avoid single points of failure due to an attack and to implement Layer 7 DDoS mitigation appliances on the network in strategic locations to reduce the threat for critical application servers.

Bad news for CISOs: Akamai believes copycats will adopt DD4BC’s strategies.

Source: http://www.itworldcanada.com/post/canadian-u-s-organizations-focus-of-latest-ddos-extortion-campaign

DDoS DDoS Attack Specialist DDoS Attacks DDoS Defense
Teen nabbed after attacks on UK government and FBI sites
August 24, 2015

His lawyers claim that their client was only on the “periphery” of a conspiracy to take down UK government and FBI sites, but a UK teen who didn’t mind boasting online about those crimes now faces the possibility of jail time.

Charlton Floate, 19, of Solihull, England, already admitted to three counts of computer misuse under the Computer Misuse Act and three counts of possessing prohibited images at Birmingham Crown Court.

The attacks took place in January 2013, when Floate and a team of other cyber criminals crippled government sites with deluges of digital traffic sent from malware-infected computers.

Such computers are often called zombie computers, and they’re widely used in botnets to gang up on sites with what’s known as a distributed denial of service (DDoS) attack.

The gang managed to knock out the UK’s Home Office site – a heavily used site that provides information on passports and immigration among other things – for 83 minutes. The group also took down an FBI site – that allowed users to report crime – for over five hours.

The prosecutor, Kevin Barry, reportedly said that in November 2012, Floate carried out two test runs, remotely attacking the computers of two men in the US.

Floate uploaded a sexually explicit video to YouTube to “mock and shame” one of his victims, and he “taunted” the other victim about having control of his computer.

Modest, he was not – Floate also reportedly bragged about the government site attacks on Twitter and on a forum frequented by hackers.

Judicial officer John Steel QC rejected Floate’s legal team’s contention that he was on the “periphery” of the cyber gang, saying that evidence pointed to his actually being central to the crimes, including organizing the attacks.

He said Floate was “clearly a highly intelligent young man”, who had become an expert in computer marketing, had written a book on the subject, and succeeded in taking down an FBI.gov website – what he called the “Holy Grail” of computer crime:

A successful attack on the FBI.gov website is regarded by hackers as the Holy Grail of hacking. It was this which he attempted and, indeed, achieved.

He was the person who instituted such attacks and assembled the tools and personnel for doing so.

The Holy Grail it may be but in this case I beg to differ about how successful Floate was in getting his hands on it.

A DDoS attack isn’t a form of sophisticated lock picking, it’s just a noisy way to board the door shut from the outside.

Floate may well be bright but he stumbled once, and that’s all that investigators needed. Namely, he used his own IP address – he worked out of his mother’s home – to check up on how the attacks had gone.

Police traced the address to Floate’s mother’s home, where they seized Floate’s computer and mobile phone.

They also found evidence that he’d tried to recruit others into the gang and that he’d discussed possible weaknesses in certain websites as well as potential future targets – including the CIA and The White House.

Sentencing was adjourned until 16 October, pending a psychiatric report. Floate is currently remanded on conditional bail.

Steel said he hadn’t yet made up his mind about sentencing but added there’s “clearly potential for an immediate custodial sentence” and that Floate “should be mentally prepared for it.’

Source: https://nakedsecurity.sophos.com/2015/08/24/teen-nabbed-after-attacks-on-uk-government-and-fbi-sites/

DDoS DDoS Attack Specialist DDoS Attacks DDoS Defense DDoS Protection Specialist DoS Attacks
FBI Issues DDoS Attack Warning
August 4, 2015

The Internet Crime Complaint Center (IC3) has issued an alert regarding an increasing number of complaints from businesses hit by Distributed Denial of Service extortion campaigns via email. The FBI said it suspects multiple individuals are involved in these ransom plots.

In a typical extortion campaign, the targeted business receives an email threatening a DDoS attackon the company’s website unless it pays a ransom. Ransoms, which are usually demanded in Bitcoin form, vary in price.

The FBI, which established the IC3 in partnership with the National White Collar Crime Center, warned that the attacks are likely to expand to online industries and other sectors, especially those susceptible to suffering financial losses if they are taken offline.

According to the cybersecurity intelligence firm LIFARS, DDoS attacks overwhelm targeted websites with bogus traffic, preventing legitimate users from accessing the website. Businesses that rely on online sales and other types of web-based services are at risk of losing money after such an attack.

Victims that do not pay the ransom receive a subsequent, threatening email claiming that the ransom will significantly increase if the victim fails to pay within a given timeframe. Some businesses reported implementing DDoS mitigation services as a precaution.

Threats vary from disrupting a firm’s website, preventing customers from accessing it, to notifying victims that they will release personal data, which criminals obtain by hacking into the firm’s database.

Businesses that experienced a DDoS attack reported the incidents consisted primarily of Simple Discovery Protocol and Network Time Protocol reflection/amplification attacks, with an occasional SYN-flood and, more recently, a WordPress XML-RPC reflection/amplification attack. The attacks typically lasted one to two hours, with 30 to 35 gigabytes as the physical limit.

DDoS attacks are becoming increasingly potent and are some of the most frequent types of cybersecurity incidents – 18% of respondents cited the attacks in a U.S. State of Cybercrime Survey, a collaborative effort between PwC, CSO, the CERT Division of the Software Engineering Institute at Carnegie Mellon University and the U.S. Secret Service.

And, a Verisign report found that DDoS attacks against the financial services industry doubled during Q4 2014 to account for 15% of all attacks. During Q1 2015, 18% of DDoS attacks took place within the financial services industry.

Source: http://www.cutimes.com/2015/08/03/fbi-issues-ddos-attack-warning