DoS Attacks Archive

The development of the telecommunications infrastructure in Central Asia has increased the online presence of the region dramatically. It has also exposed cybercrime weaknesses. Unfortunately, there has been little education and development of regional expertise around the dangers of information technology. Central Asia as a whole is now facing a growing threat from attacks by cyber-criminal gangs.

2018 digital use in Central Asia 

Responding to this increasing threat governments in the region have made it a priority to protect their countries online data. In a September 2017 speech to the Kazakh Majlis President Nursultan Nazarbaev stated,

“In the last three years alone, the volume of illegal online content has increased 40-fold. This means that we need a reliable cyber-shield for Kazakhstan. We cannot put off the creation of [this shield], we must protect the interests of our country, our culture and our values,”

Currently, only Uzbekistan, Kazakhstan and Kyrgyzstan have made significant inroads into this arena.  All three have engaged in the development of comprehensive legal and regulatory frameworks for cybersecurity. Moreover, they have established and adopted “kontseptsiya” or concept papers for the creation of national cybersecurity strategies’. One example of this being the successful Kazakhstan Cyber Shield. They have also formed Computer Emergency Response Teams or CERTs (CERT-KZ, UZ-CERT, CERT.KG. ).

Additionally, Uzbekistan and Kazakhstan have created dedicated cyber programs at national universities with the intention of training information and cyber experts on domestic CERT agencies. Both governments are now capable of repelling the majority of daily cyber attacks that occur. As Ruslan Abdikalikov, Deputy Chairman of the Committee for Information Security of the Ministry of Defence and Aerospace Industry of Kazakhstan stated at the 2018 SOC-FORUM conference,

“Cyber attacks are fixed every second and their number is growing. We fixed 1 billion of such attacks in 2016. There were 20bn attacks on Kazakhstan last year, on the state information structures. Nobody knows how many attacks business faces. The attacks on the Government increased by 20 times over the past year […] but we protect ourselves from them.”

Cybercrime and Hackmail

Central Asia currently has one of the highest global rates of cyber-criminal activities. This comes despite efforts improving the region’s capacity to deal with cyber attacks or cyber terrorism. Kazakhstan, thanks to its attractive financial situation and high number of internet users, has faced significant issues with cybercrime.  Statistics indicate that it has had the highest rate of cyber infiltration in Central Asia since 2010. At the same time, 85% of internet users have been compromised. In the past year alone, the Kazakh National Security Committee (KNB) announced that 63,000 attacks have occurred. This shows an increase of 38,000 since 2017.

Zeroing in on Kazakhstan’s financial sector, cyber-criminals have not just hacked accounts, but also bank machines and payment terminals. The lion’s share of the attacks has consisted of viruses and phishing attacks. These compromise devices to either generate spam or participate in Distributed Denial of Service (DDoS) attacks. Cyber-criminals have also used compromised machines to launch DDoS attacks. These typically demand that the victim pay a ransom for the attack to stop.

A prime example was Kazakhstan’s Alfa-Bank in 2017. According to Alfa-Bank IT specialist Yevgeny Nozikov, the hackers sought their reward in the form of a ransom. The bank had to pay a sum, in exchange for the hackers to unblock the IT systems. In another case of cyber extortion in March 2012, the owner of a Kyrgyz entertainment website suffered several days of DDoS attacks. A hacker sent a blackmail message warning that the attacks would continue if the owner chose not to pay.

Kyrgyzstan’s 24.kg news agency also noted that the country experiences high amounts of commercial cyber attacks. According to sources, 776 websites belonging to various commercial companies, individuals and government agencies had been hacked in 2017.

What experts say

On average, 20 websites are successfully hacked every five days in the country, while every tenth website is hacked repeatedly. Government officials and cyber-experts throughout Central Asia argue that this is due to the lack of awareness of cybersecurity in the general public.

This point was reiterated by the Kaspersky Lab Cybersecurity Index. The Index demonstrates that in countries like Kazakhstan and Uzbekistan, many users not particularly concerned about the need for any protective cyber measures. As Laziz Buranov, a department head from Uzbekistan’s Information Security Centre (TsOIB), explained to Caravansei,

“Last year, 493 .uz domain sites were subjected to hacker attacks. They were hacked for various reasons. In the majority of cases, the site owners themselves were at fault — they […] used infected and vulnerable software.”

According to Kaspersky Labs many private users and businesses in Kazakhstan and Uzbekistan even utilise pirated software such as unprotected copies of old Windows operating systems for their online activities. Thereby placing at risk all online activities, thanks to the lack of information technology expertise and cybersecurity in the public domain. This lack of expertise means that Central Asia as a whole is extremely attractive to cyber-criminals gangs who view these weaknesses as an invitation to stay.

Is Central Asia a CyberCrime Haven?

In Kazakhstan during the past two years, the criminal cyber gang Cobalt has established itself thanks to the lack of cybersecurity. According to Arman Abdrasilov, Director at TsARKA,  the Astana-based Center for Cyberattack Analysis and Research, Kazakh security experts have seen a rise in the number of domestic computers being hijacked by Cobalt malware. They point to the use of hacked Kazakh servers in the 2016 attack on the Bangladesh Bank. The attack resulted in $81 million worth of loss. This evidence demonstrates the criminal gang has set up shop in Central Asia.

Emerging in 2013, Cobalt is “One of the world’s most dangerous hacker groups […] which specializes in hacking into bank accounts,” stated Abdrasilov. The group first targetedRussian banks with phishing emails. These emails contained programmes that would enable them to gain access to password-protected archives. In turn, this gave them remote access to ATMs, which would then deliver cash to waiting accomplices. Since 2017, the group has branched out from Eastern Europe and Southeast Asia to Europe and North America. According to Europol, Cobalt has attacked banks in 40 countries and caused losses of more than $1.1 billion.

In Central Asia, cybercrime poses a significant risk to banking and financial institutions. Lack of knowledge, expertise and protective procedural training among employees make them vulnerable to attacks like those mentioned above. Authorities are yet to get a handle on dealing with these crimes. Governments are struggling to respond to the attacks. In Kazakhstan, for example, only 3% of online crimes are ever prosecuted.

Risks are Significant

Like a dog chasing its own tail, Central Asian governments are at something of an impasse with their cyber-readiness. While rapidly trying to catch up to the fast-paced global cyber environment, governments have focused heavily on the state IT infrastructure. They have not allocated enough time to educate or develop IT and cyber-knowledge in the general population. While the state apparatus is cyber-ready, the general public is still vulnerable to cybercrimes.

To redress this issue, the governments of the region should look beyond their borders for expertise in developing nation-wide cybersecurity information awareness programmes and domestic information technology specialists. Allies like Russia and China could provide these, as both are regarded at the forefront of cybersecurity. However, engaging help from their usual partner states is also fraught with danger in the current international climate. Both China and Russia are in an expansionist phase. They are utilising any opportunity that may arise to help them advance their own foreign agenda, as illustrated in Ukraine and the South China Sea. This leaves Central Asian countries little option but to develop domestic expertise from other sources, like America and India.

The problem here is that it will take time to develop expertise on a domestic level. Training information technology specialist and cybersecurity experts is an intensive task. Countries like Uzbekistan are now seeking to redress this issue and are implementing programs to right this crucial flaw in their cyber-readiness. It will be several years before these students are cyber-ready. Countries like Kazakhstan, though, are still attracting cyber-criminals at an increasing pace due to the lack of general cybersecurity infrastructure and knowledge at a grassroots level.

Once established, it can be difficult to remove cyber-criminal gangs without allocating significant resources to the task. These are resources the region does not yet possess. While many Central Asian governments are trying to fast track their cyber-readiness, the rapid evolution of malware and cyber threats means they are currently well behind in meeting this threat and will be for the foreseeable future.

Source: https://globalriskinsights.com/2019/04/central-asia-cybercrime-land/

DDoS attacks sized 100Gbps and higher exploded in Q1 2019, with 77% of all attacks targeting two or more vectors.

Distributed Denial of Service (DDoS) attacks are increasing in size and frequency, as multi-vector exploits become more of the norm in hacker’s efforts to distract and confuse security teams, while damaging their businesses, according to a Wednesday report from Neustar Research.

Attacks sized 100Gbps and higher increased by 967% in Q1 2019 compared to Q1 2018, the report found. The largest attack measured—587Gbps—was more than 70% larger than the biggest attack in the same period in 2018 (345Gbps).

While the largest DDoS attacks experienced the most growth, smaller attacks also increased exponentially, according to the report. Attacks under 5Gbps increased by 257% in the last year.

This year’s attacks use a variety of ports and protocols to locate and exploit vulnerabilities, and change their form over the course of the attack, the report noted. More than three-quarters (77%) of attacks in Q1 2019 targeted two or more vectors, and 51% targeted three or more, the report found.

Targeted subnets and classless inter-domain routing (CIDR) blocks to slow or stop network traffic was one highly disruptive DDoS threat, according to the report.

While a number of tools on the market can help businesses ward off these attacks, none can replace the effectiveness of having cybersecurity professionals on staff, the report noted.

“Today’s artificial intelligence and machine learning technologies enable us to identify anomalous traffic and patterns, correlate data across systems, and perform behavioral analytics on users and entities, said Rodney Joffe, Neustar Senior Vice President, Technologist and Fellow. “But none of these systems function without professionals who know how to deploy them, interpret their data, identify the existence and location of problems, and mitigate them.”

Source: https://www.techrepublic.com/article/major-ddos-attacks-increased-967-this-year/

On Monday, Europol said it was closing in on more than 250 customers of Webstresser.org and other DDoS-for-hire services. In April, authorities took down the site for letting buyers knock websites offline.

If you were a big buyer of DDoS attacks, you may be in trouble. Police in Europe plan to go after customers of Webstresser.org, a major DDoS-for-hire website it shut down last year

On Monday, Europol said it was closing in on more than 250 customers of Webstresser.org and other DDoS-for-hire services. “Actions are currently underway worldwide to track down the users of these Distributed Denial of Service (DDoS) attacks,” the agency added.

In April, Europol shut down Webstresser.org for letting buyers knock websites offline. For as little as $18.99 a month, the site offered access to DDoS attacks, which can overwhelm an IP address or website with enough internet traffic to disrupt access to it.

Webstresser.org was believed to be the world’s largest market for DDoS-for-hire services, according to Europol. Before its shutdown, the site helped launch 4 million attacks. It had also attracted 151,000 registered users under the guise of selling “server stress testing” services.

Now all those customers are in danger of facing potential prosecution. That’s because authorities have uncovered a “trove of information” on Webstresser.org’s users.

“In the United Kingdom, a number of webstresser.org users have recently been visited by the police,” Europol said in its announcement. “UK police are also conducting a number of live operations against other DDoS criminals.”

Although police have typically focused on targeting the sellers of DDoS attacks, Europol said law enforcement is ramping up activities to crack down on buyers as well. Last month, US federal investigators also warned they were going after customers of DDoS-for-hire websites.

“Whether you launch the DDoS attack or hire a DDoS service to do it for you, the FBI considers it criminal activity,” FBI Assistant Director Matthew Gorham said in December. “Working with our industry and law enforcement partners, the FBI will identify and potentially prosecute you for this activity.”

Source: https://www.pcmag.com/news/366214/europol-crackdown-targets-ddos-attack-buyers

While ransomware attacks declined in 2018, cryptominers dominated the malware landscape and impacted 37 per cent organisations worldwide, Israel-based cybersecurity solutions provider Check Point Software Technologies said in a report here on Tuesday.

According to “Check Point’s 2019 Security Report”, despite a fall in the value of all cryptocurrencies, 20 per cent of the companies continued to be hit by cryptomining attacks every week.

In 2018, cryptominers occupied the types of top four most prevalent malware.

On the other hand, ransomware usage fell sharply in 2018, impacting just 4 per cent of organisations globally.

“From the meteoric rise in cryptomining to massive data breaches and DDoS attacks, there was no shortage of cyber-disruption caused to global organisations over the past year,” Peter Alexander, Chief Marketing Officer of Check Point Software Technologies, said in a statement.

“These multi-vector, fast-moving, large-scale ‘Gen V’ attacks are becoming more and more frequent, and organisations need to adopt a multi-layered cybersecurity strategy that prevents these attacks from taking hold of their networks and data.
“The 2019 Security Report offers knowledge, insights and recommendations on how to prevent these attacks,” he added.

The report examines the latest emerging threats against various industry sectors, and gives a comprehensive overview of the trends observed in the malware landscape, in emerging data breach vectors, and in nation-state cyber-attacks.

Mobiles were found as a moving target. Over 30 per cent of organisations worldwide were hit by mobile malware, with the leading three malware types targeting the Android OS.

2018 saw several cases where mobile malware was pre-installed on devices, and apps available from app stores that were actually malware in disguise, the report said.

Bots were the third most common malware type, with 18 per cent of organisations hit by bots which are used to launch DDoS attacks and spread other malware. Bot infections were instrumental in nearly half (49 per cent) of organisations experiencing a DDoS attack in 2018.

The report is based on data from Check Point’s ThreatCloud intelligence — a collaborative network for fighting cybercrime which delivers threat data and attack trends from a global network of threat sensors — over the last 12 months.

It is also based on a new survey of IT professionals and C-level executives that assesses their preparedness for today’s threats.

Source: https://economictimes.indiatimes.com/news/international/business/cryptomining-impacted-37-organisations-worldwide-in-2018/articleshow/67639012.cms

 

If a week is a long time in politics, as former British Prime Minister Harold Wilson observed, a year in cyber security can seem like an eternity. But despite the rapid changes, many things remain constant. We can always expect cyber criminals to embrace new technology as fast as legitimate businesses do, and to use it to launch new types of attacks that are ever more damaging and harder to defend against.

DDoS attacks are a case in point. In April 2018, the UK’s National Crime Agency named DDoS as the leading threat facing businesses. The Agency noted the sharp increase in attacks on a range of organisations during 2017 and into 2018, and advised organisations to take immediate steps to protect themselves against the escalating threat.

DDoS gets bigger, stronger, smarter

This warning was timely, as through late 2017 and into 2018, DDoS attacks got much larger – and that trend is showing no signs of slowing down. In Q3 of 2018, the average DDoS attack volume more than doubled compared to Q1, from 2.2 Gbps to 4.6 Gbps according to Link11´s latest DDoS Report. These attack volumes are far beyond the capacity of most websites, so this is an alarming trend. Compared to Q2, the total number of attacks also grew by 71% in Q3, to an average of over 175 attacks per day.

Attacks also got more sophisticated. 59% of DDoS incidents in Q3 of 2018 used two or more attack vectors, compared with 46% in Q2. Meanwhile, a highly targeted and strategic approach to DDoS attacks was observed as the year went on; our operation centre saw DDoS attacks on e-commerce providers increase by over 70% on Black Friday (23 November) and by a massive 109% on Cyber Monday (26 November) compared with the November average. Attacks are focusing on specific sectors, with the aim of causing more disruption.

DDoS as a service

At the same time, these larger, more sophisticated DDoS attacks are easier for criminals to launch than ever before too, from DDoS-as-a-Service provider. Perhaps the best known of these, Webstresser.org was selling multi-gigabit DDoS attacks on the Darknet for as little as $11 per attack before it was shut down by police in early 2018. Webstresser’s services were used in early 2018 to bring online services from several Dutch banks and numerous other financial and government services in the Netherlands to a standstill. Customers were left without access to their bank accounts for days.

Other services have sprung up to take Webstresser’s place, offering DDoS by the hour for $10, and by the day at bulk discount rates of $200. No expertise is required: just enter your (stolen) credit card details, and the domain you want to target. Even cloud services can be knocked offline, with very little money and little to no technical expertise required to launch an attack.

Web application attacks

Another increasingly targeted component of organisations’ IT estates during 2018 was web applications. 2018 saw high-profile breaches affecting tens of millions of customers from several high-profile companies in the travel and financial sectors. The aim of these attacks is to exfiltrate sensitive data for re-use or resale, with the attackers seeking to exploit weaknesses in the application itself, or the platform it is running on to get access to the data.

2019: predictions and protection

So as 2018 saw attacks growing in volume and complexity, what attacks can we expect to see in 2019?

We have already seen how versatile botnets are for crypto-mining and sending spam – this will extend into DDoS attacks too. Botnets benefit from the ongoing rapid growth in cloud usage and increasing broadband connections as well as the IoT, and the vulnerabilities that they address are on the protocol and application level and are very difficult to protect using standard network security solutions. Bots in public cloud environments can also propagate rapidly to build truly massive attacks.

Attack tactics, for which SSL encryption have long since ceased to be a defence, will gain even more intelligence in the coming months. The only possible answer to this can be defence strategies that cover machine learning and artificial intelligence, which can process large data streams in real time and develop adaptive measures. Highly-targeted attacks, such as those on web applications, will also continue because the rewards are so high – as we’ve seen from the 2018 data breaches we touched on earlier.

Also, 2019 could be the year in which a hacktivist collective or nation-state will launch a coordinated attack against the infrastructure of the internet itself. The 2016 DDoS attack against hosting provider Dyn showed that a single attack against a hosting provider or registrar could take down major websites. DDoS tools and techniques have evolved significantly since then, creating a very real risk of attacks that could take down sections of the Web – as shown by the attack which targeted ISPs in Cambodia. Other forms of critical infrastructure are also vulnerable to DDoS exploits, as we saw in 2018’s attack on the Danish rail network.

In conclusion, tech innovations will continue to accelerate and enable business, and cyber criminals will also take advantage of those innovations for their own gain. With more and more business taking place online, dependence on a stable internet connection rises significantly. Likewise, revenues and reputation are more at risk than ever before. Therefore, organisations must be proactive and deploy defences that can keep pace with even new, unknown threats – or risk becoming the next victim of increasingly sophisticated, highly targeted mega-attacks.

Source: https://www.information-age.com/the-ddos-landscape-123478142/