DDoS Archive

Nearly 90 percent of healthcare organizations were slammed by a breach in the past two years.

The 911 call has come in loud and clear for the healthcare industry: nearly 90% of all healthcare organizations suffered at least one data breach in the past two years with an average cost of $2.2 million per hack.

Despite heightened awareness and concern among the healthcare industry over its ability to thwart cybercrime, insider mistakes, and ransomware attacks, healthcare budgets for security have either dropped or remained the same in the past year, according to the newly released Sixth Annual Benchmark Study on Privacy & Security of Healthcare Data by the Ponemon Institute. Some 10% of budgets have declined, and more than half have remained static, and most believe they don’t have the budget to properly protect data.

The Ponemon report, commissioned by ID Experts, estimates that data breaches cost the healthcare industry some $6.2 billion, as some 79% of healthcare organizations say they were hit with two or more data breaches in the past two years, and 45%, more than five breaches. Most of those exposed fewer than 500 data records, and thus don’t get reported to the US Department of Health and Human Services nor are revealed to the media. Ponemon surveyed 91 healthcare organizations, mainly healthcare providers, and 84 healthcare business partner organizations, including pharmaceutical companies, IT and service providers, and medical device makers, and broke down the findings accordingly.

Healthcare’s security woes have been well-documented over the past year. Even before the infamous recent wave of ransomware attacks on hospitals, there were plenty of red flags that healthcare was a ripe target for cybercrime, and even cyber espionage: there were massive breaches at Anthem and other insurers, as well as UCLA Health and earlier this year, 21st Century Oncology. A study last year by Raytheon and Websense found that healthcare organizations are twice as likely to suffer a data breach than those in other industries. And according to Trend Micro’s analysis of Privacy Rights Clearinghouse data, healthcare organizations suffered more breaches than any other industry sector between 1995 and 2005 — with some 27% of all breaches.

Not surprisingly, healthcare organizations also have been failing in their application security programs and practices as well. According to the Building Security In Maturity Model (BSIMM) study published in October, BSIMM6, healthcare organizations scored much lower than their counterparts in the financial services, independent software vendor, and consumer electronics industries, when it comes to securing their applications.

The most commonly exposed data in healthcare breaches are medical records, followed by billing and insurance records, and payment information. Some 64% of attacks targeted medical files and billing and insurance records, up from 45%. Nearly 40% of healthcare organizations and 26% of their business partners say they know of medical identity theft incidents affecting their patients and customers, but 64% of healthcare organizations don’t offer credit protection services for victims, and 67% of business partners don’t have procedures in place to correct errors in medical records—a gap that could be life-threatening in the case of an identify thief using a patient’s medical information for fraudulent purposes, the Ponemon report notes.

“There seems to be increasing awareness that medical identify theft is one of the results” of attacks, says Rick Kam, president and co-founder of ID Experts. “What’s bad is that healthcare organizations aren’t putting in the resources to help those [issues]. Medical identity theft includes a patient’s prescriptions, diagnosis, blood type” and other information that if compromised could risk a patient’s health or life, he says.

Cybercrime-based attacks remain the number one cause of data breaches, and they were up 5% to 50% this year, the report says. The rest were rooted in insider woes: 41% via a lost or stolen device and 36% via an “unintentional” employee act. Around 13% cite a malicious insider attack.

While respondents were surveyed last year prior to the big ransomware attacks on hospitals, ransomware was top of mind. Distributed denial-of-service (DDoS) attacks are the biggest worry of healthcare organizations (48%), followed by ransomware (44%), malware (41%), phishing (32%), advanced persistent threats (16%), rogue software (11%), and password attacks (8%).

Meanwhile, healthcare organizations are well aware they lack cybersecurity staff and talent to keep up with cyber threats. ID Experts’ Kam says there are some 20,000 vacant data security positions open in the healthcare sector, which exacerbates the problem of flat budgets and rising breaches.

The talent resource issue was echoed late last year by Jim Routh, chief information security officer at Aetna Global Security and chairman of the NH-ISAC, the healthcare industry’s threat information-sharing exchange. Routh, whose firm was one of the 10 healthcare firms to participate in the BSIMM6 study on software security, noted that healthcare firms typically lack security staff and resources, despite a growing awareness of the importance of software security programs.

Source:  http://www.darkreading.com/threat-intelligence/healthcare-suffers-estimated-$62-billion-in-data-breaches/d/d-id/1325482

The Anonymous hacker collective has declared resurgence of its attack scheme of 2011 it named Operation Icarus that launched an onslaught of assaults against the banks in Wall Street. Currently, it has targeted servers of the apex bank in Greece, which the bank lately substantiated. The attack forced the bank to withdraw its presence from the Web this Tuesday. The offline remained for some minutes.

An officer of the central bank in an interview to Reuters said the assault spanned some minutes; however, the security systems of the bank addressed it successfully. The denial-of-service (DoS) assault affected just the bank’s website.

During 2011, Anonymous’ Operation Icarus appeared as prime news when it attacked banks at Wall Street. In a YouTube video by the collective, Anonymous announces the approaching fall of Olympus. The collective tells about the resurgence of Icarus some days past, and that it has effectively shut down Bank of Greece’s website, adding the attack is a sign of a 30-day onslaught’s beginning on worldwide central bank websites.

The attack campaign targeted the Greek central bank first. Representatives of the bank said it wasn’t beyond some minutes and they were sure about it having remained watchful over their bank’s website too; however, the following day, there was a new development when one fresh series of assaults hit the bank disabling the website spanning a minimum of 6 hours.

Nonetheless, the collective plans to fry an even bigger fish as it states within the YouTube video, and also within one sequence of statements posted on the Internet. Softpedia.com posted this online dated May 4, 2016.

The Anonymous hacktivist group indicated that they felt it necessary to come down right in the banking empire’s heart via repeating their tactic of tugging into the system; however, at the present instance the group faced one far prominent target – the worldwide system of finance. That target was the Bank of England and the New York Stock Exchange, it stated.

Notably, the hacktivist collective is no longer as effective in disrupting targets as it was during its peak time in the Arab Spring of 2010.

Source:  http://www.spamfighter.com/News-20259-Anonymous-to-Strike-World-Banks-Targets-Bank-of-Greece-First.htm


After earlier this year declaring “total war” against U.S. Republican presidential candidate Donald Trump, the hacktivist group Anonymous is now threatening global banks with 30 days of distributed denial-of-service attack disruptions.

As a preview, on May 2, the group claimed to have disrupted the website of Greece’s central bank. “Olympus will fall. A few days ago we declared the revival of Operation Icarus. Today we have continuously taken down the website of the Bank of Greece,” the group said in the video posted on You Tube and delivered in the classic Anonymous style via a disembodied, computerized voice.

“This marks the start of a 30-day campaign against central bank sites across the world,” it adds. “Global banking cartel, you’ve probably expected us.”

Of course, banks have previously been targeted en masse by DDoS attackers. Beginning in 2012, for example, attacks waged by a group calling itself the “Izz ad-Din al-Qassam Cyber Fighters” continued to disrupt U.S. banks’ websites as part of what it called “Operation Ababil.” In March, the Justice Department unsealed indictments against seven Iranians – allegedly working on behalf of the Iranian government – accusing them of having waged those attacks. Regardless of who was involved, it’s unclear if Anonymous could bring similar DDoS capabilities to bear for its Operation Icarus.

A Central Bank of Greece official, who declined to be named, confirmed the May 2 DDoS disruption to Reuters, though said the effect was minimal. “The attack lasted for a few minutes and was successfully tackled by the bank’s security systems. The only thing that was affected by the denial-of-service attack was our website,” the official said. Greek banks have been previously targeted by DDoS extortionists, demanding bitcoins.

“It would have been better if no disruption occurred, but it is good that the attack – if that is what caused the disruption – was handled so quickly,” says information security expert Brian Honan, who’s a cybersecurity expert to the EU’s law enforcement intelligence agency, Europol.

A “World Banking Cartel Master Target List” published by Anonymous to text-sharing site Pastebin early this month lists the U.S. Federal Reserve, as well as Fed banks in Atlanta, Boston, Chicago, Dallas, Minneapolis, New York, Philadelphia, Richmond and St. Louis. Also on the target list are websites for the International Monetary Fund, the World Bank as well as 158 central banks’ websites. In a related video missive issued March 31, Anonymous urged its members to “take your weapons and aim them at the New York Stock Exchange and Bank of England,” promising that “this is the operation to end all others.”

The planned Anonymous operation follows elements of the collective earlier this year declaring “total war” against Trump, and on April 1 temporarily disrupting several of Trump’s websites, The Hill reports. Since then, of course, Trump has become the only Republican presidential candidate left standing after his massive win in this week’s Indiana primary.

Banks: Beware DDoS Threats

While the Anonymous bark doesn’t always equal its bite, in the wake of this alert, “banks in the United Kingdom, United States and Latin America should be very prepared” against potential attacks, says Carl Herberger, vice president of security for DDoS-mitigation and security firm Radware.

“In the same vein as someone yelling ‘bomb’ at an airport or fire at a movie theater, cyber-attack threats – whether idle or not – are not to be taken lightly,” he says, although he adds that the number of threatened DDoS attacks outweighs the quantity of actual attacks.

Herberger says in light of the new threat, all banks should review their DDoS defense plans, keeping in mind that DDoS attackers do continue to refine their tactics, as seen in the disruption of Geneva-based encrypted email service ProtonMail.

“As the attacks on ProtonMail in November 2015 have demonstrated … attackers change the profile of their attacks frequently and leverage a persistent and advanced tactic of revolving attacks geared to dumbfound detection algorithms,” he says, dubbing such tactics “advanced persistent DoS.”

Maintain a DDoS Defense Plan

Security experts have long recommended that all organizations have a DDoS defense plan in place. The U.K.’s national fraud and cybercrime reporting center, ActionFraud, for example, recently issued the following advice to all organizations:

  • Review: “Put appropriate threat reduction/mitigation measures in place,” tailored to the risk DDoS disruptions would pose to the organization.
  • Hire: If DDoS attacks are a threat, seek professional help. “If you consider that protection is necessary, speak to a DDoS prevention specialist.”
  • Prepare: All organizations should liaise with their ISP in advance of any attack. “Whether you are at risk of a DDoS attack or not, you should have the hosting facilities in place to handle large, unexpected volumes of website hits.”

DDoS Extortions Spike

The guidance from ActionFraud, released April 29, also warned that the center has recently seen a spike in DDoS extortion threats from an unnamed “online hacking group” demanding the equivalent of $2,250 to call off their planned attack.

“The group has sent emails demanding payment of 5 bitcoins to be paid by a certain time and date. The email states that this demand will increase by 5 bitcoins for each day that it goes unpaid,” ActionFraud’s alert states. “If their demand is not met, they have threatened to launch a [DDoS] attack against the businesses’ websites and networks, taking them offline until payment is made.”

ActionFraud advises targeted organizations: “Do not pay the demand.” That echoes longstanding advice from law enforcement agencies globally. ActionFraud also urges organizations to keep all copies of DDoS extortion emails – including complete email headers – as well as a complete timeline for the threats and any attacks, and to immediately report threats or attacks to authorities.

Investigators say that keeping complete records – including packet-capture logs – is essential for helping to identify perpetrators. Or as ActionFraud advises: “Keep a timeline of events and save server logs, web logs, email logs, any packet capture, network graphs, reports, etc.”

Masquerading as Armada Collective?

CloudFlare, a DDoS mitigation firm, reports that related attacks began in March and have been carried out under the banner of Armada Collective, as well as potentially Lizard Squad, although it’s not clear if those groups are actually involved.

It’s also unclear if the threatened DDoS disruptions have ever materialized. “We’ve been unable to find a single incident where the current incarnation of the Armada Collective has actually launched a DDoS attack,” CloudFlare CEO Matthew Prince says in a blog post. “In fact, because the extortion emails reuse bitcoin addresses, there’s no way the Armada Collective can tell who has paid and who has not. In spite of that, the cybercrooks have collected hundreds of thousands of dollars in extortion payments.”

Source: http://www.bankinfosecurity.com/anonymous-threatens-bank-ddos-disruptions-a-9085

Source:  http://www.ddosattacks.net/anonymous-threatens-bank-ddos-disruptions/


The first DDoS attacks part of #OpIcarus targeted the Central Bank of Greece, which were followed only after a few days by similar attacks against the Central Bank of Cyprus.

Shortly after that, the number of attacks seems to have exploded, now coming from all directions and from multiple Anonymous divisions such as Ghost Squad Hackers.

The operation’s official Twitter account, @Op_Icarus reported this weekend about DDoS attacks on the Central Bank of the Dominican Republic (the only site still down at the time of writing), the Guernsey Financial Services Commission, the Dutch Central Bank, and the Central Bank of Maldives.

A day later, hacking news magazine HackRead also reported about attacks on the Central Bank of Kenya and the National Bank of Panama.

Ghost Squad Hackers member s1ege tweeted about a DDoS attack on the Central Bank of Bosnia and Herzegovina, while Anonymous member BannedOffline also tweeted about similar attacks on the Central Bank Of Mexico.

Rounding up all casualties, in less than a week, Anonymous hackers have now DDoSed their way through ten of the 160 banks they’ve listed in an online manifesto, which also includes big names such as US Federal Reserve Bank, the World Bank, the IMF, the New York Stock Exchange, and Bank of England.



The Islamic State group’s cyber-war capabilities are unsophisticated, but they won’t be that way for long.

That was the conclusion of a 25-page report released last week by Flashpoint.

The report, “Hacking for ISIS: The Emergent Cyber Threat Landscape,” found that the Islamic State’s “overall capabilities are neither advanced nor do they demonstrate sophisticated targeting.”

However, the severity of the attacks by the groups supporters isn’t likely to remain unsophisticated, it added.

“Their capability of hacking military or NSA servers in the United States is far-fetched, but it’s not completely impossible,” said Laith Alkhouri, Flashpoint’s director of Middle East and North Africa research and one of the authors of the report.

“Concern is high, not because they have sophisticated hacking skills but because they’re utilizing multiple ways of bringing in new talent, utilizing all the freely available tools online, trying to utilize malware that’s already available and building their own malware,” he told TechNewsWorld.
Script Kiddie Assassins

ISIS lacks the organization and skills of other cyber adversaries of the United States, noted another author of the report, Flashpoint Director of Security Research Allison Nixon.

“Chinese and Russian hackers are organized criminal gangs or nation-state supported groups,” she told TechNewsWorld. “They’re highly educated, highly skilled. They use custom malware and custom tools.”

“On the other hand, ISIS supporters are more like script kiddies or hactivists. They have a low level of sophistication and engage in behavior patterns and use toolsets that we would see in any other attention-seeking group,” Nixon continued.

“They’re using open source tools and very old public exploits,” she said. “They’re only capable of hacking sites that aren’t very well maintained in the first place.”

Although ISIS hackers have some similarities to hactivists, they differ from them in at least one very important way. “Hacktivists don’t threaten physical violence,” Nixon said. “Physical violence is an important part of ISIS hackers.”

“They’re interested in translating these online threats into physical attacks,” she added.

Attacks of Opportunity

The hacking tools of ISIS cyberwarriors are almost invariably going to be taken from publicly available open source projects because of the ease of obtaining such tools along with the fact that they can often be used successfully, the report noted.

Developing proprietary tools would require significant effort and resources to create a completely private toolset that is on par, or better than, what is already available publicly, it said.

Of course, actors may modify this publicly available software or write simple scripts, but it is unlikely these groups are building software from the ground up for their supporters to use, the report said.

“As pro-ISIS cyber attacks and capabilities have gradually increased over time but remained relatively unsophisticated, it is likely that in the short run, these actors will continue launching attacks of opportunity,” it noted.

“Such attacks, include finding and exploiting vulnerabilities in websites owned by, for example, small businesses, and defacing these websites. Other attacks may include DDoS attacks,” the report continued.

Hacking Powerhouse

Pro-ISIS cyberactors are demonstrating an upward trajectory, indicating that they will continue to improve and amplify pre-existing skills and strategies, the report said.

Such a trend was exemplified by the recent merger of multiple pro-ISIS cybergroups under one umbrella: the United Cyber Caliphate.

“We’re starting to see these groups coalesce their brand. They’re increasing their ranks in number. They’re increasing their ranks in skill. They’re increasing their ranks in languages, which means they’re increasing the channels on which they operate and which they distribute their claims of responsibility,” Alkhouri noted.

“That means they have a much more powerful message and a more robust structure than before,” he continued. “They are coalescing their ranks to become a hacking a powerhouse.”

U.S. Responds

The United States isn’t ignoring the growing threat of ISIS in cyberspace. A new campaign was designed to disrupt the ability of the Islamic State to spread its message, attract new adherents, circulate orders from commanders and carry out day-to-day functions, like paying its fighters, according to a news report published last week.

While the Pentagon hasn’t been shy about letting ISIS know U.S. cyberforces will be gunning for it, details have been in short supply.

“There doesn’t seem to be any specifics on what they intend to do or how they intend to carry it out,” said Lawrence Husick, co-chairman of the Foreign Policy Research Institute’s Center for the Study of Terrorism.

“It may be as something as simple as finding some servers and executing an automated attack on those servers,” he told TechNewsWorld, “or it may be something more complicated, like the use of directed malware or the disruption of encrypted channels used by ISIS on the dark Web.”

Given how the military likes to keep its cyber cards close to its BDUs, it’s a bit unusual that it’s saying anything at all about its plans for ISIS. “I’m not sure why they chose to talk about it,” said Richard Stiennon, author of There Will Be Cyberwar.

“It’s better to take advantage of your ability to intercept and spoof messages without telling your adversary about it,” he told TechNewsWorld.

Psych Op

However, there could be a domestic angle to the Pentagon’s bravado about its cyberwar efforts. “There’s a desire by the branches for more dollars from Congress for their cyber programs,” Stiennon said.

On the other hand, prying money from Congress for cyber initiatives doesn’t seem to be a problem. “For many years, Congress has pretty much given the military everything that it wants in the way of cyber,” Husick said. “That’s one area of the budget where they have really not had any problem at all.”

The Pentagon’s announcement of a cyber campaign could be an effective weapon against ISIS. “Deception and disruption are part of the game of warfare,” he said. “There are times when you say something and do nothing, and there are other times when you do something and say nothing.”

“They may be trying to get into the head of ISIS,” said retired Rear Adm. James Barnett, head of the cybersecurity practice at Venable.

Nevertheless, he doesn’t think the Pentagon is bluffing when it says it’s going to escalate the cyberwar with ISIS.

“We may not hear about the operations for months, but at some point we’ll hear about a coordinated strike, either in combination with conventional forces or something significant in cyberspace,” he told TechNewsWorld.

Source:  http://www.technewsworld.com/story/83468.html