Stop DDoS Attacks Archive

A crowdfunding initiative run by Together for Yes has suffered a DDoS attack.

The digital campaigning element of the imminent referendum in Ireland has seen a massive amount of change in a relatively short time.

Only this week did Facebook and Google place curtailments on digital advertising around the referendum, as Google banned all online ads relating to the Eighth Amendment from its platforms, while Facebook restricted advertising to registered Irish organisations and groups. As the online advertisements mention abortion, they would be restricted by Twitter’s existing ad policies.

Crowdfunding site hit

In another twist, a crowdfunding website for the national civil society group campaigning for a Yes vote was hit by a DDoS attack yesterday evening (9 May). The website, hosted by CauseVox, experienced a DDoS attack from within Ireland. It momentarily disrupted service and brought down CauseVox’s security infrastructure. The attack took place at 5.45pm, which would ordinarily have been a peak time for donations, and the website shut down for 30 minutes.

CauseVox also hosts crowdfunding pages for Amnesty International Ireland and Terminations for Medical Reasons – both groups that are campaigning for a Yes vote later in the month. Amnesty Ireland director Colm O’Gorman confirmed its website was down for approximately 45 minutes.

Sarah Monaghan, Together for Yes spokesperson, said: “We are continuing to investigate this extremely serious incident and are actively consulting security experts in the field to help identify the specific source of the attack, and have made a report to Gardaí.

“Together for Yes is a national grassroots movement which relies on small donations from large numbers of people. Our crowdfund initiative is a core element of the manner in which we resource our campaign and therefore we would take extremely seriously any attempt to undermine it.”

A spokesperson for Amnesty International explained the issue further to Siliconrepublic.com: “We were informed by CauseVox, the hosting platform, that there was a DDOS attack originating from Ireland. The website was interrupted at 5.45pm for around 45 minutes.

“This is obviously a serious issue, but also an indication of the lengths some will go to try shut down our efforts to counter such misinformation. We will continue our online campaign to counter misinformation across as many platforms as possible.”

The spokesperson noted that CauseVox is a reputable platform and that the site was up and running soon after the initial attack. They added that CauseVox had assured them that steps to mitigate such attacks in future were being taken. The incident is still under investigation.

DDoS explained

A DDoS (distributed denial of service) attack’s main aim is to make a target website, machine or network resource unavailable.

Usually, this type of cyberattack is accomplished by drowning a system (a server, for example) with data requests. This can then cause the website to crash. A database could also be hit with a massive volume of queries. In this particular case, the result is an overwhelmed website.

Impact from DDoS attacks can vary from mild disruption to total denial of service to entire websites, apps or even businesses.

DDoS attacks have grown exponentially in scale, and occur quite often in the cybercrime world. In the 1990s, a DDoS incident would have typically involved 150 requests per second, but attacks these days can exceed 1,000Gbps.

The Mirai botnet is a prime example of a modern DDoS attack. A massive attack also occurred on GitHub earlier in 2018, using a new technique called ‘memcaching’.

Updated, 4.28pm, 10 May 2018: This article was updated to include comments from an Amnesty International spokesperson.

Updated, 6.21pm, 10 May 2018: A correction has been made to clarify that individual websites hosted by CauseVox, and not the entire platform, were affected by this attack.

Source: https://www.siliconrepublic.com/enterprise/referendum-ddos-attack-ireland

Security threats abound on the internet, which is why ethical hackers and security researchers spend much of their time in search of these issues. As part of the work that they do to keep the internet safe, researchers at vpnMentor announced that they have found an RCE vulnerability in the majority of gigabit-capable passive optical network (GPON) home routers.

With more than 1 million people using the GPON fiber-optics system, the network is pretty popular. Because so many routers today use GPON internet, the researchers conducted a comprehensive assessment on a number of the home routers and found a way to bypass all authentication on the devices, which is the first vulnerability (CVE-2018-10561).

“With this authentication bypass, we were also able to unveil another command injection vulnerability (CVE-2018-10562) and execute commands on the device,” vpnMentor said.

Through a comprehensive analysis of the GPON firmware, researchers learned that the combination of the two vulnerabilities granted full control of not only the devices but their networks as well.

“The first vulnerability exploits the authentication mechanism of the device that has a flaw. This flaw allows any attacker to bypass all authentication,” they wrote. This critical vulnerability could leave users’ gateways vulnerable to being used for botnets.

The authentication bypass bug could easily be exploited so that the gateways could be accessed remotely. “If verified, these home gateways join the escalating category of botnet-vulnerable IoT devices, and they underscore the growing risk of very large botnet-based DDoS attacks,” said Ashley Stephenson, CEOCorero Network Security.

Because this class of routers is most often directly connected to high-speed broadband internet connections, compromised devices could be covertly herded by a bot master to form a botnet large enough to generate high-impact distributed denial-of-service (DDoS) attacks against victims around the world, said Stephenson.

Source: https://www.infosecurity-magazine.com/news/security-holes-make-home-routers/

 

 

As IT operations are becoming more complex and require both advanced infrastructure and security expertise to increase the overall security posture of the organization, the managed service provider (MSP) industry is gaining more traction and popularity.

Estimated to grow from USD $152.45 billion in 2017 to USD $257.84 billion by 2022, at a CAGR of 11.1%, the MSP industry offers greater scalability and agility to organizations that have budget constraints and opt for a cloud-based IT deployment model.

“The cloud-based technology is the fastest-growing deployment type in the managed services market and is expected to grow at the highest CAGR during the forecast period from 2017 to 2022,” according to ResearchandMarkets. “IT budget constraints for installation and implementation of required hardware and software, limited IT support to manage and support managed services, and need for greater scalability are major factors that are likely to drive the adoption of cloud managed services in the coming years. The cloud-based deployment model offers higher agility than the on-premises deployment model.”

However, MSPs are expected to also become more targeted by threat actors than in the past. Supply chain attacks are becoming a common practice, as large organizations have stronger perimeter defenses that increase the cost of attack, turning MSPs into “low-hanging fruit”
that could provide access into infrastructures belonging to more than one victim. In other words, MSPs hold the keys to the kingdom.

Since MSPs are expected to provide around-the-clock security monitoring, evaluation, and response to security alters, they also need to triage and only escalate resources when dealing with advanced threats.

1. Wormable military-grade cyber weapons

Leveraging leaked, zero-day vulnerabilities in either operating systems or commonly deployed applications, threat actors could make the WannaCry incident a common occurrence. As similarly-behaving threats spread across infrastructures around internet-connected endpoints – both physical and virtual – MSPs need to quickly react with adequate countermeasures to defend organizations.
While MSPs may not be directly targeted, their role in protecting organizations will become far more important as they’ll need to reduce reaction time to new critical threats to a bare minimum, on an ongoing basis. Consequently, network security and threat mitigation will become commonplace services for MSPs.

2. Next-Level Ransomware

The rise of polymorphism-as-a-service (PaaS) will trigger a new wave of ransomware samples that will make it even more difficult for security solutions to detect. Coupled with new encryption techniques, such as leveraging GPU power to expedite file encryption, ransomware will continue to plague organizations everywhere. Backup management and incident response that provides full data redundancy need to be at the core of MSP offerings when dealing with these new ransomware variants.

While traditional ransomware will cause serious incidents, threat actors might also hold companies at gunpoint by threatening to disrupt services with massive distributed-denial-of-service (DDoS) attacks performed by huge armies of IoT botnets.

3. OSX Malware

The popular belief that Apple’s operating system is immune to malware was recently put to the test by incidents such as the ransomware disseminating Transmission app and advanced remote access Trojans (RATs) that have been spying on victims for years. With Apple devices making their way into corporate infrastructures onto C-level’s desks, managing and securing them is no longer optional, but mandatory.

Security experts have started finding more advanced threats gunning for organizations that have specific MacOS components, meaning that during 2018 threat actors will continue down this alley. Regardless of company size, vertical, or infrastructure, MSPs need to factor in MacOS malware proliferation and prepare adequate security measures.

4. Virtualization-Aware Threats

Advanced malware has been endowed with virtualization-aware capabilities, making it not just difficult to identify and spot by traditional endpoint security solutions, but also highly effective when performing lateral movement in virtual infrastructures. MSPs need to identify and plan to deploy key security technologies that are not just designed from the ground up to defend virtual infrastructures, but also hypervisor-agnostic, offer complete visibility across infrastructures, and detect zero-day vulnerabilities.

Focusing on proactive security technologies for protecting virtual workloads against sophisticated attacks will help MSPs offer unique value to their services.

5. Supply Chain Attacks

MSPs could also become the target of attack for threat actors, which is why deploying strong perimeter defense on their end should also be a top priority. Having access and managing security aspects to remote infrastructures turns MSPs into likely candidates for advanced attacks. Either by directly targeting their infrastructure or by “poisoning” commonly-deployed tools, MSPs should treat the security of their own infrastructure with the utmost scrutiny.

Source: https://securityboulevard.com/2018/04/what-security-risks-should-msps-expect-in-2018/

Another day, another series of DDoS attacks – This time Sucuri and its customers have been hit by a series of attacks worldwide.

The California based website security provider Sucuri has suffered a series of massive DDoS attacks (distributed denial-of-service) causing service outage in West Europe, South America and parts of Eastern United States.

The attacks began on April 12th, 2018 at approximately 11 pm (PST) when Sucuri network came under non-stop DDoS attacks. The company then worked with Tier 1 providers to mitigate the attacks.

In an email to HackRead, Sucuri spokesperson said that “The attack was big enough that caused some of our ports to be pretty close to capacity, causing very high latency and packet loss. In some other regions, it caused temporary latency and packet loss.”

The company’s Status page also kept the customers updated revealing that Sucuri “worked with its upstream providers, our NOC and partners to help mitigate the attack and re-route the affected regions. Unfortunately, due to the size of the attack, it took a lot longer than expected to get it fully handled.”

image 1

The exact size of DDoS attacks is still unknown, the same goes for its culprits and their motives, however, lately, there has been a surge in large-scale DDoS attacks. Last month, malicious hackers used Memcached vulnerability to carry out world’s largest ever DDoS attacks of 1.7 Tbps on an American firm and 1.35 Tbps attack on Github.

The vulnerability was also used to hit Amazon, Google, NRA, Play Station, and several other high-profile targets.

As for Sucuri, the good news is that the attacks have been successfully mitigated and at the time of publishing this article Sucuri services and customer websites were back online.

Source: https://www.hackread.com/website-security-firm-sucuri-hit-by-ddos-attacks/

There’s a lot of misunderstanding about blockchain. A recent study by HSBC, for example, found that 59 percent of customers around the world had never heard of it. Yet, while that alone is quite telling, it’s probably more alarming to consider the fact that very same poll revealed that 80 percent of people who had hard of blockchain did not understand what it is.

This level of confusion isn’t confined to the general population either. Politicians in charge of setting the law around this sort of technology and some traders who are perfectly at home with currency futures are equally in the dark about what this technology is and what it means for the financial industry.

There are some who fear that this technology – a digital transaction ledger in which each block is protected by cryptography – poses a security risk. That hasn’t been helped, it has to be said, by a number of scams in this market which have caused some to associate blockchain with risk.

CoinDesk, for example, demonstrates seven key incidents that attracted attention in 2017 alone. The incidents it highlights — including wallet hacks, ICO fraud and software bugs — cost investors nearly $490 million.

But, while it’s understandable that these sorts of incidents cause alarm, the general fear around blockchain is misplaced, probably not helped by the fact that this technology is proving ‘disruptive’ to the old order, promising drastic change to the speed and ease of money transfers.

Far from being the cause of problems for the financial industry, this technology might well offer a solution to make the industry safer.

Medium writer Redactor demonstrates four key ways in which blockchain technology is improving cybersecurity. These are:

  • Mitigating attacks such as DDoS with a decentralized structure and by not having a single point of failure
  • Protection for IoT devices, which can communicate with enterprise-defined ledgers based on blockchain
  • Providing transparency with permanent records that cannot be altered without creating a data trail (in order for transactions to be finalized they need to be approved more than half of the systems in a network and, when this occurs, the block is given a time stamp and is immutable)
  • Allowing for digital identities, greater encryption and more robust authentication

It’s fair to say that blockchain is here to stay. It isn’t ‘just’ the technology that underpins Bitcoin and other cryptocurrencies — although this is probably what its most known for — but it is a form of technology that has much wider potential for use in the finance sector and beyond.

Rather than ignore it — or treat it as a security threat — the industry needs to identify the potential of blockchain and set to work to use this as a way to add security. This, increasingly, is the case, with banks and big tech firms working on ways to harness blockchain to shelter the data of financial firms and customers alike.

Clearly scams shouldn’t be ignored — and work needs to be done to crack down on these — but nor should the positive potential of blockchain as a force for security.

Source: http://www.circleid.com/posts/20180416_is_blockchain_causing_more_cyberattacks_in_financial_industry/