DDoS DDoS Attack Specialist DDoS Attacks DDoS Defense DDoS Protection Specialist Stop DDoS Stop DDoS Attacks Stop Hackers
Russian telecom giant repels DDoS attacks on country’s 5 largest financial institutions
December 9, 2016

Russian telecom giant Rostelecom has thwarted DDoS-attacks on the five largest banks and financial institutions in the country, the company said in a statement.

All the attacks were recorded on December 5, 2016, the longest of them lasting for over two hours, Rostelecom said on Friday.

“The analysis of the attack sources carried out by Rostelecom specialists revealed that the traffic was generated from the home routers of users who are usually referred to IoT devices,” Muslim Medzhlumov, director of the Cybersecurity Center for Rostelecom, said in a statement, published on the company’s website.

“A distinctive feature of the attacks was that they were organized with the help of devices that support the CWMP Management Protocol (TR-069). A few weeks ago, a serious vulnerability was revealed in the implementation of this protocol on a number of devices from different manufacturers, which allows attackers [to] organize DDoS-attacks. At the beginning of last week, the largest German operator Deutsche Telecom was subjected to an attack on users’ home devices, as well as the Irish provider Eircom,” he explained.

The Russian Federal Security Service (FSB) reported on December 2 that it had received intelligence of foreign intelligence services preparing large-scale cyber-attacks in Russia in the period starting from December 5, 2016, aimed at destabilizing Russia’s financial system and the activities of a number of major Russian banks.

A RIA Novosti source close to the Central Bank reported that the Bank of Russia recorded several attacks on December 5 on the site of VTB Bank Group.

On Tuesday, Russian President Vladimir Putin signed into effect an updated doctrine on information security. It states that the limitless flow of information has a negative impact on international security, as it can be employed to pursue geopolitical and military goals, thus favoring organized crime, extremists and terrorists.

The doctrine notes that Russian government agencies, scientific centers, and military industries are being targeted by foreign intelligence services by means of electronic and cyber surveillance.

To counter threats and challenges in the information environment, Russia will build “strategic deterrents” and step up efforts to “prevent armed conflicts that stem from the use of IT.”

The doctrine also instructs government agencies to strengthen critical information infrastructure to protect against cyber and computer network attacks.

Source: https://www.rt.com/news/369738-ddos-attacks-russia-banks/

Block DDoS DDoS DDoS Attack Specialist DDoS Attacks DDoS Defense DDoS Protection Specialist Stop DDoS Stop DDoS Attacks Stop Hackers
A Turkish hacker is giving out prizes for DDoS attacks
December 8, 2016

But the DDoS software comes with a hidden backdoor

A hacker in Turkey has been trying to encourage distributed denial-of-attacks by making it into a game, featuring points and prizes for attempting to shut down political websites.

The DDoS platform, translated as Surface Defense in English, has been prompting other hackers in Turkey to sign up and score points, according to security firm Forcepoint which uncovered it.

Users that participate will be given a tool known as Balyoz, the Turkish word for Sledgehammer, that can be used to launch DDoS attacks against a select number of websites.

For every ten minutes they attack a website, the users will be awarded a point, which can then be used to obtain rewards. These prizes include a more powerful DDoS attacking tool, access to bots designed to generate revenue from click fraud,  and a prank program that can infect a computerand scare the victim with sounds and images.

 The DDoS platform has been promoted on Turkish hacking forums, and the attack tool involved is designed to only harass 24 political sites related to the Kurds, the German Christian Democratic Party — which is led by Angela Merkel — and the Armenian Genocide, and others.

The maker of the DDoS platform also tightly regulates the way users play. For example, the DDoS attack tool given to the participants is designed to run on only one machine, preventing it from being used on multiple computers. This is done to ensure fairness during the competition, according to Forcepoint.

However, it’s not exactly an efficient way to launch a DDoS attack, which are typically done with armies of infected computers that can number in thousands or more.

It’s unclear how many participants the DDoS platform managed to recruit or if it managed to take down any websites. But Forcepoint noticed that the DDoS attack tool given to the participants also contains a backdoor that will secretly install a Trojan on the computer.

The backdoor will only execute on a participant’s machine if they’ve been banned from the competition. Its goal is probably to enslave the computerand form a botnet to launch additional DDoS attacks, Forcepoint said.

The hacker behind the DDoS platform is believed to go by the handle “Mehmet” and is possibly based in the Turkish city of Eskisehir, according to evidence found in Forcepoint’s investigation.

Although the DDoS attacks are geared at political websites, the participants involved the competition might not be ideologically motivated, and instead could just want access to the hacking tools, Forcepoint said.

Source: http://www.pcworld.com/article/3148270/security/a-turkish-hacker-is-giving-out-prizes-for-ddos-attacks.html

DDoS DDoS Attack Specialist DDoS Attacks DDoS Defense DDoS Protection Specialist Stop DDoS Stop DDoS Attacks Stop Hackers
Cloud infrastructure attacks to increase in 2017, predicts Forcepoint
December 7, 2016

The cloud offers organizations a number of benefits, from simple off-site storage to rent-a-server to complete services. But 2017 will also see cloud infrastructure increasingly the target of attacks, with criminals lured by the data stored there and the possibility of using it to launch distributed denial of service attacks.

That’s one of the predictions for the new year from security vendor Forcepoint.

Hacking a cloud provider’s hypervisor would give an attacker access to all of the customers using the service, Bob Hansmann, Forcepoint’s director of security technologies, told a Webinar last week. “They’re not targeting you, they may not even know you exist until they get into the infrastructure and get the data. Then they’re going to try to maximize the attack” by selling whatever data is gained.

Also tempting attackers is the bandwidth cloud providers have, to possibly be leveraged for DDoS attacks.

As attacks on cloud infrastructure increase it will be another reason why CISOs will be reluctant to put sensitive data in the cloud, he said, or to limit cloud use to processing but not storing sensitive data.

CIOs/CISOs have to realize “the cloud is a lie,” he said. “There is no cloud. Any cloud services means data is going to someone’s server somewhere. So you need to know are they securing that equipment the same way you’re securing data in your organization … are the personnel vetted, what kind of digital defences do they have?”

“You’re going to have to start pushing your cloud providers to meet compliance with the regulations you’re trying to be compliant with,” he added. That will be particularly important for organizations that do business in Europe with the coming into force next year of the European Union’s new General Data Protection Regulation (GDPR)

So answering questions such as now long does a cloud service hold the organization’s data, is it backed up securely, are employees vetted, is there third party certification of its use of encryption, how is it protected from DDoS attacks are more important than ever.

Other predictions for next year include:

–Don’t fear millennials. At present on average they are they second largest group (behind boomers) in most organizations. They do increase security risk because as a tech-savvy group they tend to over-share information – particularly through social media. So, Hansmann says, CISOs should use that to their advantage.

“Challenge them to become security-savvy. Put in contests where employees submit they think are spam or phishing attacks, put in quarterly award recognitions, or something like that. Challenge them, and they will step up to the challnge. They take pride in their digital awareness.”

Don’t try to make them feel what they do is wrong, but help them to become better. “They will be come a major force for change in the organiztion, and hopefully carry the rest of the organization with them.”

–the so-called Digital Battlefield is the world. That means attackers can be nation-states as well as criminals. But CISOs should be careful what they do about it.

Some infosec pros – and some politicians – advocate organizations and countries should be ready to launch attacks against a foe instead of being defensive. But, Forcepoint warns, pointing the finger is still difficult, with several hops between the victim and attacker. “The potential for mis-attribution and involving innocents is going to grow,” Hansmann said.

“Nations are going to struggle with how do they ensure confidence in businesses, that they are a safe and secure place to do business with or through — and yet not over-react in a way that could cause collateral damage.”

–Linked to this this the threat that will be posed in 2017 by automated attacks. The widespread weaponization of autonomous hacking machines by threat actors will emerge next year, Forcepoint says, creating an arms race to build autonomous patching. “Like nuclear weapons technology proliferation, weaponized autonomous hacking machines may greatly impact global stability by either preventing national defense protocols being engaged or by triggering them unnecessarily,” says the company.

–Get ready for the Euopean GDPR. It will come into effect in May, 2018 and therefore next year will drive compliance and data protection efforts. “We’ve learned compliance takes a long time to do right, and to do it without disrupting your business.” Organizations may have to not only change systems but redefine processes, including training employees.

CIOs need to tell business units, ‘We’re here to support you, but if you’re going to run operations through the EU this regulation is going to have impact. We need to understand it now because will require budgeting and changes to processes that IT doesn’t control,’ said Hansmann.

–There will be a rise in what Forcepoint calls “corporate-incentivized insider abuse.’ That’s shorthand for ‘employees are going to cheat to meet sales goals.’

The result is staff falsifying reports or signing up customers signed up for services they didn’t order. Think of U.S. bank Wells Fargo being fined $185 million this year because more than 2 million bank accounts or credit cards were opened or applied for without customers’ knowledge or permission between May 2011 and July 2015. Over 5,000 staff were fired over the incidents.

If organizations don’t get on top of this problem governments will regulate, Hansmann warned.

Source: http://www.itworldcanada.com/article/cloud-infrastructure-attacks-to-increase-in-2017-predicts-forcepoint/389001

DDoS DDoS Attack Specialist DDoS Attacks DDoS Defense DDoS Protection Specialist Stop DDoS
New Botnet is Attacking the US West Coast with Huge DDoS Attacks
December 6, 2016

The developers of this new botnet are inspired by Mirai success.

In a blog post by CloudFlare, it has been revealed that the US West Coast is likely to become the target of yet another huge DDoS attack but this time it will be conducted with a different botnet than Mirai that was using during Dyn DNS attack which forced sites like Twitter, Amazon, PayPal etc to go offline for hours.

The content delivery network states in the blog post that the company has been observing the overflow of traffic from about two weeks. It seems to be coming from a single source. Seemingly, someone was firstly testing their abilities with a 9-to-5 attack schedule and then the attack pattern was shifted to 24 hours. This new botnet is either equal or superior to the Mirai botnet.

After observing the heavy attack traffic that literally peaked at 172MBPS, which means about a million data packets per second or 400 gigabits per second, CloudFlare concluded that the botnet was being turned on and off by some person who was busy with a 9-to-5 job.

In the blog post, CloudFare wrote:

“The attack started at 1830 UTC and lasted non-stop for almost exactly 8.5 hours, stopping at 0300 UTC. It felt as if an attacker ‘worked’ a day and then went home.”

For about a whole week, the same attacker was observed to be sending data packets in huge proportions every day. Then the schedule was abruptly changed since the attacker was working on a 24-hour basis. This hints at the fact that the attacking mechanism was taken over by another, much-organized group.

It is worth noting that the attack traffic wasn’t launched via Mirai botnet; the attackers are using a different kind of software with different methods like “”very large L3/L4 floods aimed at the TCP protocol.”

The company also noted that the attacks are now focused on locations that are smaller and fall within the jurisdiction of the US West Coast.

The revelation arrived soon after the special cyber-security commission of the White House issued recommendations and delivered the paper to the president. In the recommendations, it was urged that effective actions are required to mitigate and/or eliminate threats involving botnets.

The report issued by the White House’s Commission on Enhancing National Cyber-security basically highlights the vulnerable nature of cyber-security nowadays with the emergence of sophisticated DDoS attacks methods like Mirai botnet that has been causing havoc lately.

The 100-page long report contained recommendations regarding how the US government should tackle this issue. The bottom line was that the issue was much severe than it seems on paper and there is a lot needed to be done as soon as possible or else the situation will go out of hands.

The report has identified six imperatives and there are 16 recommendations along with 53 Action Items aimed at countering the threat. The crux of the report and the commission’s research is that the US government and the private sector must collaborate and work closely to devise ways for handling cyber-security related issues and vulnerabilities along with developing programs for handling such problems in future.

Source: https://www.hackread.com/new-mirai-like-botnet-ddos-attack/

Block DDoS DDoS DDoS Attack Specialist DDoS Attacks DDoS Defense DDoS Protection Specialist Stop DDoS Stop DDoS Attacks
Cybercriminals use DDoS as smokescreen for other attacks on business
December 6, 2016

Distributed Denial of Service (DDoS) attacks are sometimes used by cybercriminals to distract businesses while hackers sneak in through the back door, a survey from Kaspersky Lab and B2B International suggests.

Over half of businesses questioned (56%) are confident that DDoS has been used as a smokescreen for other kinds of cybercrime, and of those business respondents, a large majority (87%) reported that they had also been the victim of a targeted attack.

The Kaspersky Lab IT Security Risks 2016 study showed that when businesses have suffered from cybercrime, DDoS has often been part of the attack tactics (29%). For example, a worrying quarter (26%) of businesses that have suffered data loss as a result of a targeted attack, named DDoS as one of the contributing vectors. Overall, 56% of business representatives surveyed believed that the DDoS attacks their companies had experienced were a smokescreen or decoy for other criminal activities.

Kirill Ilganaev, Head of Kaspersky DDoS Protection, explained why DDoS attacks may appeal to cybercriminals as part of their tactics. He said, “DDoS prevents a company from carrying on its normal activities by putting either public or internal services on hold. This is obviously a real problem to businesses and it is often ‘all hands on deck’ in the IT team, to try and fix the problem quickly, so the business can carry on as before. DDoS can therefore be used not only as an easy way to stop the activity of a company, but also as a decoy to distract IT staff from another intrusion taking place through other channels.”

The study found that when DDoS attacks have been used by cybercriminals as a smokescreen, businesses also faced threats such as losses and exploits through mobile devices (81%), the actions of other organizations (78%), phishing scams (75%) and even the malicious activity of internal staff (75%). The majority (87%) were also victims of targeted attacks.

Ilganaev continued, “The research shows us that DDoS attacks are often aligned with other threats. Businesses therefore need to be aware of the full threat landscape, and prepared to deal with multiple types of criminal activity at any one time. Failure to do this could increase the collateral damage, on top of already significant losses caused by downtime and the resulting impact on reputation. Businesses need to use a reliable DDoS protection service to reduce the risk of DDoS and help staff concentrate their efforts on protecting the business from any threats that can be hidden as a result.”

Source: http://www.networksasia.net/article/cybercriminals-use-ddos-smokescreen-other-attacks-business.1480989900