DDoS Archive

The Greek government said Friday that the official state websites of the prime minister, the national police and fire service and several important ministries were briefly disabled by a cyberattack but have been restored.

Government spokesman Stelios Petsas said early Friday that the distributed denial-of-service or DDoS attack “led to the malfunction of certain websites.” He said “countermeasures” had been successfully implemented, but gave no further details.

Along with the prime minister’s website, targets in the attack late Thursday included the websites of the ministries of public order, interior, foreign affairs, and merchant marine, as well as the Greek Police and Fire Service.

It was the second cyberattack against government websites in less than a week. Responsibility for the first attack was claimed in an online post by a group of hackers who purported to be from Turkey. Greek officials have not commented on whether they consider that claim to be true.

Source: https://techxplore.com/news/2020-01-greece-websites-cyberattack.html

An American businessman who co-founded a cybersecurity company has admitted to hiring criminals to carry out cyber-attacks against others.

Tucker Preston, of Macon, Georgia, confessed to having paid threat actors to launch a series of distributed denial-of-service (DDoS) attacks between December 2015 and February 2016.

DDoS attacks prevent a website from functioning by bombarding it with so much junk internet traffic that it can’t handle visits from genuine users.

In a New Jersey court last week, 22-year-old Preston pleaded guilty to one count of damaging protected computers by transmission of a program, code, or command. Preston admitted to causing at least $5,000 of damage to the business he targeted.

“In or around December 2015, Preston arranged for an entity that engages in DDoS attacks to initiate attacks against a company. The entity directed DDoS attacks against the victim company, causing damage and disrupting the victim’s business,” wrote the Department of Justice in a statement released on January 16.

The count to which Preston pleaded guilty is punishable by a maximum penalty of 10 years in prison and a fine of up to $250,000 or twice the gross gain or loss from the offense.

US Attorney Craig Carpenito credited special agents of the FBI, under the direction of Special Agent in Charge Gregory W. Ehrie in Newark, New Jersey, with the investigation that led to Preston’s guilty plea.

The identity of the company that Preston paid criminals to attack has not been revealed, but Carpenito has confirmed that the targeted business had servers in New Jersey.

Preston co-founded the cloud-based internet security and performance company BackConnect Security LLC, which claims to be “the new industry standard in DDoS mitigation” and is currently online using an invalid certificate.

Preston was featured in the 2016 KrebsOnSecurity story “DDoS Mitigation Firm Has History of Hijacks,” which detailed how BackConnect Security LLC had developed the unusual habit of hijacking internet address space it didn’t own in a bid to protect clients from DDoS attacks.

Preston will reappear before the court on May 7 for sentencing.

Source: https://www.infosecurity-magazine.com/news/backconnect-founder-funded-ddos/

A man in the US who co-founded a service to protect sites from cyber-attackers has pleaded guilty to launching distributed denial of service (DDoS) attacks.

Tucker Preston is co-founder of BackConnect, a cyber-security firm that claimed to be “the new industry standard in DDoS mitigation”.

However, he was accused of arranging DDoS attacks targeting an unnamed firm.

A court document stated the attacks took place between 2015 and 2016.

News of the guilty plea was published online by Brian Krebs, a cyber-security expert and blogger.

During a DDoS attack, a website or online service is flooded with high levels of internet traffic in an attempt to cause disruption or take the target website or service offline.

Preston, of Georgia, had arranged for DDoS attacks against a company with servers in New Jersey, according to the US Department of Justice.

“The count to which Preston pleaded guilty is punishable by a maximum penalty of 10 years in prison and a fine of up to $250,000 or twice the gross gain or loss from the offence,” the Department said in a statement.

Preston is due to be sentenced in May.

Source: https://www.bbc.com/news/technology-51189386

Hackers target businesses with malware, for the sake of disrupting their operations, experts claim.

A third of all reported incidents against businesses were caused by ransomware, destructive malware and distributed denial of service (DDoS) attacks, according to cloud-delivered endpoint protection firm CrowdStrike.

The company’s latest cybersecurity report, argues that cybercriminals are increasingly seeing business disruption as their main attack objective.

It was also said that they were able to hide their activities from cybersecurity departments much longer – 95 days on average (up from 85 days a year ago). CrowdStrike believes that businesses still lack the technology they need to reinforce their defences, prevent being exploited and mitigate potential risks.

“As adversaries are stealthier than ever, with new attack vectors on the rise, we must remain agile, proactive and committed to defeat them, “commented Shawn Henry, chief security officer and president of CrowdStrike Services.

“They still seek the path of least resistance — as we harden one area, they focus on accessing and exploiting another.”

It added that hackers would often target third-party service providers to create a sort of a force multiplier for the attacks. Cloud infrastructure as a service (IaaS) is often targeted, and Macs are no longer ignored as a platform.

Patching vulnerable systems and software would mitigate many of these problems, but patching remains a pain point, as many organisations don’t have “basic cyber-hygiene”. Even the security systems they have are often not set up properly, and as such aren’t as effective as they could be.

“The failure to enable critical settings not only leaves organizations vulnerable but also gives them a false sense of security,” the report concludes.

Source: https://www.itproportal.com/news/business-disruption-is-now-a-bigger-cyber-threat/

Less overt than conventional military actions, cyberattacks can have dangerous consequences – especially when they target critical infrastructure systems controlled by the private sector.

Iran and other nations have waged a stealth cyberwar against the United States for at least the past decade, largely targeting not the government itself but, rather, critical infrastructure companies. This threat to the private sector will get much worse before it gets better and businesses need to be prepared to deal with it.

As in the days of pirates and privateers, much of our nation’s critical infrastucture is controlled by private companies and enemy nations and their proxies are targeting them aggressively.

The U.S.-Iran cyberconflict has simmered for years, but the current crisis boiled over with Iranian attacks on U.S. interests in Iraq that led to the Jan. 3 U.S. drone strike that killed a senior Iranian general and terrorist leader. Iran’s supreme leader threatened “harsh revenge,” but said Iran would limit those efforts to military targets.

 

But even before Iranian missiles struck U.S. military bases in Iraq on Jan. 7, pro-Iranian hackers reportedly attacked at least one U.S. government-related website, along with a number of private company sites. Of greater concern, a new report details significant recent efforts by Iran to compromise the U.S. electric, oil and gas utilities.

Iran, which has reportedly attacked Saudi Arabian energy production, is also capable, according to U.S. officials, of conducting “attacks against thousands of electric grids, water plants, and health and technology companies” in the U.S. and Western Europe. Disrupting those systems could cause significant damage to homes and businesses and, in the worst case, injuries and death.

Much of our targeted critical infrastructure is under the control of private companies. Without government protection – and in the absence of any agreed-upon rules of cyberwarfare – businesses are at high risk, and strict American criminal laws prohibit many forms of cyberself-defense by private companies. But there are straightforward measures companies can take both to protect themselves and to enhance our collective national cybersecurity.

WHAT WILL IRAN DO?

Though it’s impossible to predict with certainty the behavior of the Iranian regime and their many proxies, their cyberattacks likely will continue to go well beyond governmental systems, which are reasonably well defended. Iran and its supporters likely will focus on easier targets operated by private companies.

A recent U.S. Department of Homeland Security alert highlights Iran’s capabity and willingness to engage in multiple types of destructive cyberattacks over the last decade. According to indictments filed by the U.S. Department of Justice, as cited in the DHS alert:

  • Beginning as far back as 2011, Iran has conducted numerous Distributed Denial of Service (DDoS) attacks, sending massive amounts of internet traffic to knock websites offline. Iran’s DDoS attacks have targeted, among others, financial institutions, for whom the resulting downtime reportedly cost millions of dollars.
  • In 2013, one or more Iranians working for the country’s Revolutionary Guard illegally accessed the control system of a New York dam, although no direct damage apparently was done.
  • In 2014, Iran conducted an attack on the Sands Las Vegas Corporation, stealing customer credit card, Social Security and driver’s license numbers and wiping all data from Sands’ computer systems.
  • Between 2013 and 2017, hackers working on behalf of Iran’s Revolutionary Guard conducted a “massive” cybertheft operation targeting academic and intellectual property data, along with email information, from hundreds of universities, more than 45 companies, at least two federal agencies, at least two state governments and the United Nations.

It is possible that new efforts along these lines could be planned and timed to affect upcoming American elections. In addition, other countries could launch attacks and try to blame them on Iran, or vice versa.

NO CLEAR CYBER RULES OF ENGAGEMENT

For conventional and even nuclear warfare, nations have, over the centuries, agreed to rules of armed conflict. They’ve developed ways to signal their intentions to escalate or deescalate a conflict. The U.S. and Iran have, for now, deescalated their public military conflict, thanks to Iran warning of its missile attack and not killing or injuring anyone and the U.S. not taking any further military action.

But cyberspace remains the wild west, with few, if any, agreed-on rules of engagement or well-understood signaling mechanisms. This makes any ongoing cyberconflict between Iran and its enemies all the more dangerous, with critical infrastructure companies at risk of being caught in the crossfire.

Without government assistance, those companies are largely on their own in defending against Iranian or other foreign government attacks. Strict criminal laws severely restrict companies’ defensive options, prohibiting, for example, technologies to trace and destroy stolen data.

COLLECTIVE CYBERDEFENSE

All of that said, there are steps companies can take to protect themselves, not only from Iranian or other governmental attacks but against hacking by data thieves, ransomware gangs, corporate rivals, disgruntled employees or anyone else.

Vigilance and communication is key. Companies, particularly in critical infrastructure sectors such as energy, financial, telecommunications and health care, should stay in closer-than-usual touch with appropriate governmental bodies, including the Department of Homeland Security, the FBI and the appropriate cyber Information Sharing & Analysis Centers. ISACs can help companies quickly get threat intelligence from the government and report attacks that may have implications beyond a single company.

Businesses also should carefully check their systems for malware previously inserted maliciously to enable future attacks. They should, of course, scan their systems on an ongoing basis for viruses and other malicious code that could let hackers have unauthorized access to systems or data. Companies should alsosecurely back up their data, closely monitor data traffic on their networks, require workers to use multi-factor authentication when logging into IT resources, and provide cybersecuritiy training and awareness to employees.

Protecting our national and economic security from attack is in the hands of private citizens and companies in a way that hasn’t been true perhaps since British boat owners rescued their nation’s army from annihilation at Dunkirk in 1940. By taking reasonable cybersecurity measures, companies, and all of us individually, can not only help protect ourselves and our nation but, perhaps, even help to prevent a war.

 

Source: https://www.govtech.com/security/Cyberspace-Is-the-Next-Front-in-Iran-US-Conflict–and-Private-Companies-May-Bear-the-Brunt.html