DDoS Protection Specialist Archive

A part of the AfterDawn network was unreachable for 1-2 hours this morning (around 10:00 AM Eastern Time, 15:00 GMT). The outage was caused by a Distributed Denial of Service (DDoS) attack towards our servers that saturated the downlink of our rack cabinet. Most of the English language sites were available again within an hour, but much of the international sites were unreachable for nearly two hours.

DDoS attack a considerable amount if traffic is directed at a server or servers in an attempt to bring down the server or the network infrasturcture. In our case the 1GBps network link of the rack cabinet couldn’t handle all the incoming traffic. In response the traffic to the affected services was blackholed.

The attack did not cause security issues with our services.

We would like to apologize for the inconvenience caused by the outage.

Source: http://www.afterdawn.com/news/article.cfm/2014/01/11/ddos_attack_brings_a_brief_outage_to_afterdawn

Malvertising is a consistent challenge which can see reputable websites having frames infected to serve up any matter of attack.

 

After Yahoo beat down malicious advertisements which redirected users to the “Magnitude” exploit kit, which was enabled following the infection of a third party, Sean Power, security operations manager at DOSarrest, said that the problem is that many banner ad companies allow JavaScript or other code inside the advert.

 

“This is something we have seen before. In our case it was an advertising campaign that included a DDoS attack against one of our customers,” he said. “For companies allowing these ads on their website, the ads should be sanitised before displaying to the public.”

 

Power said that businesses should find a balance of risk versus profit to deal with this type of attack, and techniques could range from simply “trusting that all ads are malware free” to digitally signing each ad and only showing the ones that have been verified as malware free.
He also said the responsibility should lie with the ad company to sanitise all of its ads;  although he pointed out all of the bad press will be focused on the site displaying the ads (in this case Yahoo).  “No one is going to take kindly to a “not my responsibility” attitude when they got a virus after visiting your site,” Power concluded.

 

“As with any other business relationship – do your due diligence. Find out if the ad company allows code to be inserted in the ads.  Anytime your business relationships have the ability to directly alter your customer’s experience, they should be part of your security review,” he said.

 

Also hit by malicious adverts was video-sharing website Dailymotion, which according to research by Invincea delivered a malicious executable file as a ruse to “clean” their “infected” machine. Visitors were automatically redirected via Javascript to a website that distributed the fake infection warning, and this then automatically serves up the fake anti-virus.

 

Luis Corrons, technical director of PandaLabs, told IT Security Guru that adverts can lead to exploit kits and that has happened a number of times in the past. “In this kind of attack, the site serving the malicious advert has not been compromised, so I won’t say the responsibility to sanitise the ads lies directly with them,” he said.

 

“However, it is in the company’s own interest to protect people using their website. The company serving the ads is the one that should hold most of the responsibility, as it is their platform the one being abused.”

Source: http://www.itsecurityguru.org/responsibility-malvertising-lies-advert-platform-website/

New study reveals breadth — and apparent success — of the typical advanced persistent threat (APT)-type attack

Advanced persistent threat (APT)-style attacks may be even more pervasive than thought: Organizations have suffered on average of nine such targeted attacks in the past 12 months, a new study finds.

Even more chilling: Nearly half of those organizations say the attackers successfully stole confidential or sensitive information from their internal networks, according to a new report by the Ponemon Institute called “The State of Advanced Persistent Threats,” which was commissioned by Trusteer. Ponemon surveyed 755 IT and IT security professionals who have had firsthand experience with prevention or detection of targeted attacks on their organizations.

In line with previous reports from other sources, Ponemon found that it took victim organizations painfully long periods of time to even discover they had been hit by these attacks. On average, these attacks went undiscovered for 225 days — a delay respondents attribute to a lack of sufficient endpoint security tools and lean internal resources. According to the Verizon Data Breach Investigations Report (DBIR) released in August, organizations typically don’t discover that they’ve been breached for months and even years after the fact — and nearly 70 percent of them learn from a third party.

But in a dramatic shift from the Verizon report, the new Ponemon study found that most organizations say they are seeing a decline in “opportunistic” or random, nontargeted attacks and an increase in targeted ones. Some 67 percent say opportunistic attacks have not increased in the past 12 months, while 48 percent say targeted attacks have either rapidly increased or increased in same period. The survey defines opportunistic attacks as those where the attackers “have a general idea of what or whom they want to compromise” and only hack them if they encounter exploitable vulnerabilities. “In contrast, targeted attacks are those in which attackers specifically choose their target and do not give up until this target is compromised,” according to the report.

Verizon’s DBIR, meanwhile, found that 75 percent of all confirmed data breaches last year were the result of financially motivated cyberattacks, while 20 percent were cyberespionage for stealing intellectual property or other information for competitive purposes.

The divergent data here could be a function of organizations becoming more aware of targeted attacks, notes George Tubin, senior security strategist at Trusteer, an IBM company. “As the industry becomes more mature and defining our terms better of what’s opportunistic versus targeted, we’re getting some clarity,” he says.

Cyberespionage actors are getting stealthier, encrypting their malware to evade detection, for example, he says.

Nearly 70 percent of organizations say zero-day malware attacks are their biggest threats, and 93 percent say malware was the method of attack employed by the APT actors who targeted them. Half say those attacks originated via phishing.

Anti-malware and intrusion detection systems (IDS) are mostly no match for exploits and malware, according to the report. Some 76 percent of respondents say exploits and malware got past their AV software, and 72 percent say they got past their IDS.

IDS, IPS, and AV are the top three tools these organizations have in place for detecting targeted attacks. Around 60 percent say opportunistic attacks are easier to prevent than targeted ones, and 46 percent say they are easier to detect.

Java and Adobe Reader — two majorly exploited applications — are the biggest thorns in the sides of organizations when it comes to patching. Some 80 percent say Java is the hardest to keep updated with the latest patches; 72 percent, Reader; and 65 percent, Microsoft Windows. “Sixty-four percent say their company continued to operate one or more of these applications in the production environment knowing that vulnerabilities exist and a viable security patch was available but was not implemented,” the report says. And 73 percent say: “If I could, I would discontinue using Java.”

And not surprisingly, the root of much of the APT troubles in these organizations is lack of budget. Nearly 70 percent say their budgets are inadequate for fighting APTs, and 31 percent say they have sufficient in-house resources.

Trusteer’s Tubin says the actual numbers of APT targeted attacks per year, as well as the percentage of successful ones that exfiltrate information, are probably even higher than the Ponemon report shows. “Newer attack techniques that bypass detection technologies are not being picked up,” he says. This stuff is very stealthy … it sits on the network for a very long time, so it’s very likely these companies have additional APTs going on that they just haven’t discovered yet.”

Source: http://www.darkreading.com/attacks-breaches/businesses-suffer-an-average-of-9-target/240164400#!

A pair of cyber-extortionists who attempted to blackmail a Manchester-based online casino with threats of unleashing a debilitating denial of service attack have been jailed for five years and four months.

Piotr Smirnow, 31, of Tawerny, Warsaw, Poland, and Patryk Surmacki, 35, of Szezecin, Poland, pleaded guilty at Manchester Crown Court to two offences each of blackmail and one offence of computer hacking: unauthorised acts on computers contrary to the Computer Misuse Act 1990.

Both men were sentenced on Wednesday to five years and four months in prison following a complex investigation that climaxed in a successful sting at a plush Heathrow Airport hotel.

The case centred on two victims, one of which owns a Manchester-based online casino business and the other a USA-based chief exec of an internet software platform that hosted a multitude of on-line companies.

Smirnow and Surmacki, programmers who worked in the online gaming business and knew their target through their professional interactions approached him with a “business proposition”. The offer of a meeting was initially decided before the two meet their intended victim and demanded half the stake in his £30m online business under the threat of using a Kiev, Ukraine-based hacker to “take down” the online casino’s servers, effectively preventing it from trading, unless their demands were met.

When the “offer” was rebuffed an online assault was launched in early August for around five hours, costing the casino an estimated $15,000 in the process. After this the owner of the business who provided the platform for the online casino site and other firm offered to mediate, and spoke with the hackers via Skype before agreeing to a meeting at Heathrow.

This third-party (whose business suffered collateral damage from the initial attack) contacted police who set up a sting operation that captured the cybercrooks’ admission of organising the original denial of service attacks and related threats. “The pair claimed they’d shown their power and it wouldn’t stop until the internet source codes for his business were handed over,” a police statement on the case explains. “The CEO refused to provide them so they both became annoyed and said they were now ‘going to war’.”

The duo were arrested by police who had captured the whole exchange on video as soon as the meeting broke up.

A Greater Manchester Police statement on the case, including extensive quotes from investors and other relevant parties along with a video clip from the sting – can be found here. GMP was assisted by the National Crime Agency and the Crown Prosecution Service throughout the operation.

Detective Inspector Chris Mossop, of the Serious Crime Division, said Smirnow and Surmacki’s “greed was ultimately their downfall as they failed to reckon with the victims’ bravery in the face of extreme intimidation”. “This was a very complex, dynamic investigation that centred on an emerging global cyber-threat. Denial of service attacks have become increasingly common offences in recent years and can have a devastating effect on the victim’s on-line business,” he added.

The Manchester victim welcomed the decision of the court to sentence Smirnow and Surmacki to a lengthy jail terms. “I am grateful for the assistance to me provided by the police in this matter,” he said. “This case made me fear for my personal safety as well as for the future of my business, which is why I felt compelled to take action against the perpetrators of this crime. No one should have to succumb to blackmail and this sentence should act as a warning to those involved in cyber-extortion that the police and the courts will view this type of conduct very seriously.”

Source: http://www.theregister.co.uk/2013/12/19/casino_cyber_extortionists_jailed/

This week Anonymous, the notorious hacktivist group stepped up to take credit for an attack that took some Microsoft services offline for some time.  Found in a post on Pastebin, the group released how a DDoS attack had been launchedat some Japanese Microsoft (Domain) Websites and Servers.  This probably translates to some sort of DNS target.  Nonetheless there was an unintentional affect as the operation “did not go down as planned”.  The attack caused a number of Microsoft’s online services at least in Japan to go down for some time.  Though the outage affected such a wide number of the company’s services, the amount of time it was down was said to be brief.

A couple days ago a DDoS attack was launched at Japanese Microsoft(Domain) Websites and Servers.

We are sorry to report that the Japanese Microsoft Websites and Servers did not go down as planned.
Although something did go down.
We took the pretty much the entire Microsoft domains down.
That includes sites such as:
Hotmail.com
MSN.com
Live.com
outlook.com
Microsoft.com

The DDoS attack was launched in response to Taiji…Operation KillingBay OR #OpKillingBay

Although We are sorry for any inconvenience We caused you Microsoft…It’s the thought that counts right?

For the record Microsoft, We love the “XBOX-One”  and the games it offers (CODGhost)

As you can see the attacks were launched and intended as a response to Taiji or Operation Killing Bay.  This protest is an objection to an interesting topic that calls for dolphin slaughter in the village of Taiji, Japan. This six-month long open season on dolphin slaughter started on September 1st.  The cause against this slaughter has picked up a lot of awareness in recent years, but has been somewhat dwarfed this year in light of the continuing saga of the Fukushima meltdown.  Anonymous announced their intent in a previous PasteBin post:

  1. We are Anonymous…
  2.  Cruelty has existed since the beginning of the known World,
  3.  But it has never existed so openly as it is in Taiji, Japan.
  4.  Each year over 20,000 dolphins are slaughtered. The annual revenue from the slaughtered dolphins is            well into the the Million$$$.
  5.  The Japanese Government would not allow the dolphins to be slaughtered, If it wasn’t supported other Organizations, Companies & Governments.

It also reads that despite the unintentional outage, the hacktivists will strike their targets again “It’s the thought that counts right”.

Anonymous’ targets when they do return could be any number of parties.  As they described in their statement –

The Japanese Government would not allow the dolphins to be slaughtered, If it wasn’t supported other Organizations, Companies & Governments.
These Organizations, Companies & Governments include:
IMATA
WAZA
SeaWorld
FedEx
Thailand Gov.
Turkish Gov.
Egyptian Gov.
Vietnam Gov.
UAE Gov.
This is only a small portion of the supporters of the Taiji slaughter: Not including the Millions of people who vist SeaWorld, Zoo’s, Aquariam parks and other parks and resorts…

DDoS attacks are a major threat and ongoing concern in cybersecurity, and something that can be projected to be a continued threat in 2014.  As we continue to talk to industry leaders about 2014 and beyond, DDoS figures to be a major element of discussion. 

Source: http://siliconangle.com/blog/2013/11/30/oops-anonymous-ddos-attack-accidentally-takes-microsoft-services-down/