Denial of Service Archive

The concerns around nation-state hackers echoes recent concerns regarding the US and French presidential elections.

A new report has raised concerns about the possible interference by nation-state hackers in the run-up to the Brexit vote.

The Commons Public Administration and Constitutional Affairs Committee (PACAC) said that MPs were concerned about foreign interference in last year’s Brexit vote. Although the report does not specifically identify the hackers or malicious actors responsible, it was noted that Russia and China were known to launch cyber attacks based on an understanding of mass psychology.

Many will note that the report echoes the recent claims and concerns surrounding Russia and its influence in the US and French presidential elections.

The report was launched to investigate the outage of the voter registration government website, with the outage hitting on one of the last days in the run-up to the vote, June 7. The government was forced to extend the deadline to register to vote in the EU referendum, allowing two further days for people to register.

The outage left tens of thousands of potential voters unable to complete registration, sparking a major voter registration row amongst the UK government and the Electoral Commission. Debate was further fuelled by arguments that the outage may disenfranchise voters and swing important votes. John Rakowski, Director of Technology Strategy at AppDynamics, said at the time:

“”Digital technology has revolutionised the way we interact with organisations – from shopping to banking, and now voting. The impact of young voters on the outcome of the EU referendum is unquestionable and technology plays a vital role. It’s unacceptable that thousands of Brits were left unable to vote due to an IT glitch that should have been anticipated and planned for months ago.”

Although an IT glitch was blamed at the time of the outage, the new report by MP’s points to a possible DDoS attack, but downplays its role in the referendum outcome.

“The crash had indications of being a DDOS ‘attack’. We understand that this is very common and easy to do with botnets… The key indicants are timing and relative volume rate,” the committee’s report said.

While the committee did not point the Brexit finger of blame at the website outage, it did note that lessons must be learned. While pointing to other nation states, the MP’s report said that it was crucial that the lessons learnt from this incident must extend past the purely technical.

“The US and UK understanding of ‘cyber’ is predominantly technical and computer network-based,” the report said.

“For example, Russia and China use a cognitive approach based on understanding of mass psychology and of how to exploit individuals.

“The implications of this different understanding of cyber-attack, as purely technical or as reaching beyond the digital to influence public opinion, for the interference in elections and referendums are clear.

“PACAC is deeply concerned about these allegations about foreign interference,” the report concluded.

However, due to the simplistic nature of the supposed DDoS attack on the voter registration site, many experts are saying that it is not the work of state hackers.

“This is a very serious allegation, and it should be thoroughly investigated by all appropriate means. However, I doubt that a serious actor, such as a nation state for example, can be behind this particular DDoS attack,” said  Ilia Kolochenko, CEO of web security firm, High-Tech Bridge.

“Governments have enough technical and financial resources to create smart botnets, simulating human behavior that would be hardly distinguishable from legitimate website visitors. Running a classic DDoS attack is too coarse, and would rather attract unnecessary attention to the external interference, trigger investigations and all other outcomes that smart attackers would avoid at any price.”

Source: http://www.cbronline.com/news/cybersecurity/breaches/hackers-fix-brexit-vote-ddos/

The website of Michael Phelps has been targeted by hackers after the U.S. swimmer won a record 19th Olympic gold medal in the 4×100-meter relay in Rio de Janeiro.

The hacking group New World Hackers has claimed responsibility for taking down the website, telling Newsweek that a distributed denial of service (DDoS) attack caused prolonged outages. At the time of publication, Phelps’s website was still experiencing difficulties.

New World Hackers has previously gained notoriety after a spate of attacks on public figures and organizations, including Donald Trump, the BBC and government websites in Pakistan. According to the group, the attacks are designed to highlight the security vulnerabilities of the targets’ websites.

“The attack on Michael Phelps is an example showing how celebrities websites lack security measures,” a member of the group tells Newsweek. “We’re testing the network vulnerability of every celebrity we come past.”

Michael Phelps website gold hackersPhelps’ website was experiencing difficulties on Monday morning. SCREENGRAB/ NEWSWEEK 

Phelps is one of several targets of New World Hackers, though beyond disabling the website the group says it has no intention of stealing data or revealing private information of the swimmer. Other celebrities on the list include the singer Adele, whose website was briefly targeted last week.

The group is indiscriminate in their attacks, targeting celebrities that have vulnerabilities with their websites. The attacks also serve as publicity for BangStresser, the group’s powerful DDoS tool that works by flooding websites with so much traffic that it overloads them.

“No celebrity is safe. We have tested over 100 celebrities so far and around 70 of them have caught our eye. Adele.com has the worst security you will ever see in your life,” the New World Hackers member says.

michael phelps website down gold hackersMichael Phelps’ website was down in most countries on Monday morning. SCREENGRAB/ NEW WORLD HACKERS 

He adds: “Each celebrity on our target list will be either hacked or DDoSed. [The celebrities] should take this as a guide, how to secure a site, accounts and more. It’s time the celebrities become more aware, there is always someone watching.”

The group warned that more attacks were imminent on other high-profile targets, including Kanye West and Kim Kardashian.

“The smartest celebs would be the Kardashian family and Kanye West,” the hacker says. “They actually have good protection on the domains, only one problem. They left one fatal error that will eventually cost them.”

Source: http://www.newsweek.com/michael-phelps-website-down-hackers-record-olympics-gold-488171

 

Botnets and DDoS Attacks

There’s just so much that seems as though it could go wrong with closed-circuit television cameras, a.k.a. video surveillance. With an ever-increasing number of digital eyes on the average person at all times, people can hardly be blamed for feeling like they’re one misfortune away from joining the ranks of Don’t Tase Me, Bro, esteemed internet celebrity.

However, if you think viral infamy is your worst-case scenario when it comes to CCTV, think again. Keep reading to find out why CCTV cameras and other internet-connected items are open to being hijacked by hackers looking to do DDoS damage, and about the bizarre case of the CCTV botnet located at a mall five minutes from a professional DDoS mitigation service.

The internet of issues with the Internet of Things

CCTV cameras belong to the Internet of Things (IOT), a grouping of, well, things that are linked through both wired and wireless networks, often using the same internet protocol as the internet. They’re embedded with network connectivity, electronics, sensors and software that allow them to collect data and exchange data. Pacemakers, smart thermostats and microchips in animals are all examples of the items that make up the Internet of Things.

The Internet of Things is actually very cool. It minimizes the gap between the physical world and computer-based systems. It’s what allows you to turn on your smart washing machine from the office, or lock your front door from the train. Here’s the issue with the Internet of Things, though. Your laptop is connected to the internet, so you’ve secured it. Same for your phone, tablet, probably your router, and any other number of internet-connected devices you use on a daily basis. You wouldn’t leave those open to exploitation, allowing just anyone to hijack and control them.

The Internet of Things is designed to be remotely controlled across network infrastructure. Read that again. These items are designed to be remotely controlled. And yet, how many of those cow microchips do you think are secured? How many smart TVs? How many of the 245 million surveillance camerasthat are installed worldwide? (And that’s only counting the professionally installed surveillance cameras. Imagine how many do-it-yourself cameras are out there with even less security.)

Hijacking horror stories

You’ve probably already read about the downside of the Internet of Things, you just may not have realized it. One of the most high-profile instances of this is the recent stories about baby monitors being hacked, with grown men screaming at babies in the dead of the night.

As you can imagine, the potential for foul play with the Internet of Things is extensive. This is what’s led to the creation of CCTV botnets, which have been behind a number of DDoS attacks. By gaining control of internet-connected devices, attackers are able to direct those resources at a target website or other internet service, overwhelming it with malicious traffic and either driving it offline, or slowing it down enough to be unusable for legitimate users.

The consequences of a DDoS attack are many and dire. Not only will a website that’s not working drive users away and erode consumer trust, but a DDoS attack can also cause hardware damage, software damage, and can act as a smokescreen while attackers steal intellectual property, customer information, and financial data. And in terms of dollars and cents, an unmitigated DDoS attack can cost an organization a staggering $40,000 per hour.

From a virtual battlefield to a physical one

CCTV botnets weren’t anything new to professional DDoS mitigation providers Imperva Incapsula. In fact, they first publicly warned about them in March of 2014 when a steep increase in botnet activity largely traced back to CCTV cameras.

However, it was a slightly different ballgame when Imperva Incapsula began to mitigate repeated HTTP flood attacks on one of their clients. The DDoS attack itself was nothing special – peaking at 20,000 requests per second, no big deal for professional DDoS mitigation – however when Imperva Incapsula began looking through the attacking IPs, they discovered something curious. Some of the botnet devices were located right near their office.

Bot-CCTV

Geo-location of CCTV Botnet devices (Source: Imperva Incapsula)

Further detective work revealed that the botnet devices in question were CCTV cameras that were accessible to attackers through the devices’ default login credentials. Imperva Incapsula employees took a look through the camera lens and recognized a mall not five minutes from their offices. In a stark departure from a normal day spent fighting the evils of the internet, employees were able to head over to the mall and explain to the camera owners in-person what had happened, why it happened, and help them clean the malware from their cameras.

Lessons that need to be learned

What you need to learn from these Internet of Things incidents is two-fold. Firstly, if you have internet-connected devices like smart TVs, washing machines, thermostats, precision farming equipment, anything, they need to be secured. Even if you for some reason did not care if your devices were being used in a botnet to carry out DDoS attacks, rest assured that if attackers can hijack your devices for DDoS attacks, they can take control of them for other reasons. This is an especially frightening thought when it comes to nanny cams and other monitoring devices in your home.

The second lesson that needs to be learned in all of this is for website owners. The Internet of Things is already massive and it’s estimated by Gartner that by the year 2020, it will be comprised of over 25 billion devices. That is billions of devices that could potentially be used in DDoS attacks against websites just like yours.

Professional DDoS protection is already a necessity, and it’s only going to continue to become a bigger necessity. Professional DDoS mitigation services may not be able to protect you from the prying eyes of a CCTV camera during your most embarrassing moments, but they can protect your website, your users, your equipment, your intellectual property, and your finances from CCTV and other Internet of Things botnets.

By Naomi Webb

Source: http://cloudtweaks.com/2016/07/new-cctv-nightmare-botnets-ddos-attacks/

Infoblox DNS Threat Index finds criminals are creating more ransomware-domains than ever, and predicts a continuing increase in attacks as more criminals rush to cash in. 

 

Emboldened by the wave of successful ransomware attacks in early 2016, more cybercriminals are rushing to take advantage of this lucrative crime spree.

Networking company Infoblox’s quarterly threat index shows cybercriminals have been busy in the first quarter of 2016 creating new domains and subdomains and hijacking legitimate ones to build up their ransomware operations.

The number of domains serving up ransomware increased 35-fold in the first three months of 2016 compared to the end of 2015, according to the latest Infoblox DNS Threat Index. The index doesn’t measure actual attack volumes but observes malicious infrastructure — the domains used in individual campaigns. Criminals are constantly creating new domains and subdomains to stay ahead of blacklists and other security filters. The fact that the attack infrastructure for ransomware is growing is a good indicator that more cybercriminals are shifting their energies to these operations.

“There is an old adage that success begets success, and it seems to apply to malware as in any other corner of life,” Infoblox researchers wrote in the report.

The threat index hit an all-time high of 137 in the first quarter of 2016, compared to 128 in fourth quarter 2015. While there was a lot of activity creating infrastructure for all types of attacks, including malware, exploit kits, phishing, distributed denial-of-service, and data exfiltration, the explosion of ransomware-specific domains helped propel the overall threat index higher, Infoblox said in its report. Ransomware-related domains, which include those hosting the actual download and those that act as command-and-control servers for infected machines, accounted for 60 percent of the entire malware category.

“Again in simple terms: Ransomware is working,” the report said.

Instead of targeting consumers and small businesses in “small-dollar heists,” cybercriminals are shifting toward “industrial-scale, big-money” attacks on commercial entities, said Rod Rasmussen, vice president of cybersecurity at Infoblox. Cybercriminals don’t need to infect several victims for $500 each if a single hospital can net them $17,000 in bitcoin, for example.

The latest estimates from the FBI show ransomware cost victims $209 million in the first quarter of 2016, compared to $24 million for all of 2015. That doesn’t cover only the ransoms paid out — it also includes costs of downtime, the time required to clean off the infection, and resources spent recovering systems from backup.

Toward the end of 2015, Infoblox researchers observed that cybercriminals appeared to have abandoned the “plant/harvest cycle,” where they spent a few months building up the attack infrastructure, then a few months reaping the rewards before starting all over again. That seems to be the case in 2016, as there was no meaningful lull in newly created threats and new threats — such as ransomware — jumped to new highs. The harvest period seems to be less and less necessary, as criminals get more efficient shifting from task to task, from creating domains, hijacking legitimate domains, creating and distributing malware, stealing data, and generally causing harm to their victims.

 

“Unfortunately, these elevated threat levels are probably with us for the foreseeable future — it’s only the nature of the threat that will change from quarter to quarter,” Infoblox wrote.

Ransomware may be the fastest-growing segment of attacks, but it still accounts for a small piece of the overall attack infrastructure. Exploit kits remain the biggest threat, accounting for more than 50 percent of the overall index, with Angler leading the way. Angler is the toolkit commonly used in malvertising attacks, where malicious advertisements are injected into third-party advertising networks and victims are compromised by navigating to websites displaying those ads. Neutrino is also gaining popularity among cybercriminals. However, the lines are blurring as Neutrino is jumping into ransomware, as recent campaigns delivered ransomware, such as Locky, Teslacrypt, Cryptolocker2, and Kovter, to victims.

Recently, multiple reports have touted ransomware’s rapid growth, but what gets lost is that ransomware isn’t the most prevalent threat facing enterprises today. Organizations are more likely to see phishing attacks, exploit kits, and other types of malware, such as backdoors, Trojans, and keyloggers. Note Microsoft’s recent research, which noted that in 2015, ransomware accounted for less than 1 percent of malware. The encounter rate for ransomware jumped 50 percent over the second half of 2015, but that is going from 0.26 percent of attacks to 0.4 percent. Even if there are 35 times more attacks in 2016, that’s still a relatively small number compared to all other attacks.

The good news is that staying ahead of ransomware requires the same steps as basic malware prevention: tightening security measures, keeping software up-to-date, and maintaining clean backups.

“Unless and until companies figure out how to guard against ransomware — and certainly not reward the attack — we expect it to continue its successful run,” warned the report.

 

Source:  http://www.infoworld.com/article/3077859/security/ransomware-demands-are-working-fueling-an-increase-in-attacks.html

As of June 1st, Ghost Squad Hackers – the same group leading #OpIcarus – have launched a series of coordinated attacks against leading members of the corporate mainstream media. Giving credit where credit is due, Tec.mic and Softpedia were the first to report the operation. But their reports only tell a portion of the whole story, we will explain why in a moment.

 

Broadly speaking, the goal of the #OpSilence is to attack all the corrupt major news networks that mislead and censor information from the general public. More specifically, the news agencies who conceal the crimes of Israel, while misleading the population about the mistreatment of the Palestinian people. The operation is off to a quick start, Ghost Squad has successfully” carried out DDoS attacks on CNN and FOX News” already just this month. More attacks are promised, NBC and MSM appears to be their next target.

 

https://t.co/T7LxqJjzQN “FOXNEWS” Email server has been crashed for 8+ hours by #GhostSquadHackers #OpSIlencepic.twitter.com/uS5zWm75SQ

— s1ege (@s1ege_) June 1, 2016

 

 

When Tech.mic and Softpedia presented their coverage of the hacks, they included images and references directly to Anonymous. But upon reading these articles, Ghost Squad had a message of their own that they want everyone to hear:

 

ALL OF THE MEDIA WHO REPORTS ON OUR ATTACKS #OPSILENCE IS GSH OP NOT ANONOP WE ARE NOT AND I REPEAT NOT ANONYMOUS

— s1ege (@s1ege_) June 1, 2016

 

 

It is no secret Ghost Squad has a close affiliation with Anonymous; I am sure this is how the group got started in the first place. The group insists they speak for themselves, they are essentially trying to get their own reputation – credibility.

 

But there is a second layer to this discussion highlighting the recent divide within Anonymous. There has been a “Civil War” of sorts in recent months, and the reputation of the Anonymous collective as a whole has been damaged. Last winter, prominent hacktivist group Ghostsec also cut their ties with Anonymous. In a statement they said “Anonymous has a habit of shooting in every direction and asking questions later.” In other interviews they imply that Anonymous has developed a reputation for behaving immature – more concerned with silly DDoS’ing attacks than changing the world.

 

Since the quarreling of #OpWhiteRose many people have splintered off, or left Anonymous entirely – just another in the long list of strange effects Donald Trump has had on the entire world. Ghost Squad is one of the groups effected by this ‘Civil War.’ In the time since this happened last March, the group has exploded onto the scene, quickly becoming one of the most influential and talked about hacking groups in the entire world in 2016.

 

I have no doubt about the origins of this operation though, this goes back to#OpMediaControl which began last June. The operation called for the hacking of every major news network in the United States, testing their email systems, DDoS’ing web sites, attempting to hack in teleprompters or live feeds – anything you could think of. Last I heard back in December, they were still trying to recruit people to join them for an event this summer. Sound familiar to what Ghost Squad is doing right now?

 

For the purposes of accuracy, AnonHQ News reached out to our contacts in #OpMediaControl. We gave them a preview of the article and asked them what they thought. They showed us a press release dating May 28, 2016, a video proclaiming that#OpMediaControl has been re-engaged. Of course, #OpSilence proceeded to begin June 1st. In another interesting note, earlier last month Anonymous Resistance Movement, one of the groups behind #OpMediaControl, conducted an interview with GhostSquad. So as you can see, the two groups are well acquainted with one another – these operations are no coincidence.

Ghost Squad may be stepping up from the pack here, but make no mistake, this operation has been in the making for over a year and Anonymous led the way.

 

Source:  http://macedoniaonline.eu/content/view/29562/61/