DDoS attacks as a service have kicked off 2019 stronger than ever, according to a new report by Nexusguard, claiming the booter-originated attacks more than doubled their amounts compared to the fourth quarter of last year.

The Nexusguard’s Q1 2019 Threat Report says the attacks are growing despite FBI’s best efforts to curb them. DNS amplification types of DDoS attacks are still the favorite ones among DDoS-for-hire websites. These rose more than 40 times, quarter-on-quarter.

Telecommunications companies and communications service providers seem to be the number one victims, with those originating from Brazil being the most common target.

According to the report, communications service providers should be careful with these evolved attacks, tackling them with scalable, cloud-based DDoS detection and mitigation. Those that choose a different path risk being targeted with ‘bit-and-piece’ attacks.

The bit-and-piece DDoS attack differs from your traditional DDoS attack, as it takes advantage of the large attack surface and spreads tiny attack traffic across hundreds of IP addresses. That way, the attack can successfully evade being detected using a diversion.

“Due to the increasing demand for DDoS attack services and the boom in connected devices, hackers for hire have doubled and DDoS campaigns are not going away for organizations,” said Juniman Kasman, chief technology officer for Nexusguard. “Businesses will need to ensure their attack protections can seamlessly evolve with new vectors and tactics that attackers seek out, which ensures service uptime, avoids legal or reputational damages, and preserves customer satisfaction.”

Source:https://www.itproportal.com/news/ddos-for-hire-attacks-on-the-rise/

Popular chat service Discord experienced issues today due to network problems at Cloudflare and a wider internet issue. The app was inaccessible for its millions of users, and even Discord’s website and status pages were struggling. Discord’s problems could be traced to an outage at Cloudflare, a content delivery network. Cloudflare started experiencing issues at 7:43AM ET, and this caused Discord, Feedly, Crunchyroll, and many other sites that rely on its services to have partial outages.

Cloudflare says it’s working on a “possible route leak” affecting some of its network, but services like Discord have been inaccessible for nearly 45 minutes now. “Discord is affected by the general internet outage,” says a Discord statement on the company’s status site. “Hang tight. Pet your cats.”

“This leak is impacting many internet services including Cloudflare,” says a Cloudflare spokesperson. “We are continuing to work with the network provider that created this route leak to remove it.” Cloudflare doesn’t name the network involved, but Verizon is also experiencing widespread issues across the East Coast of the US this morning. Cloudflare notes that “the network responsible for the route leak has now fixed the issue,” so services should start to return to normal shortly.

Cloudfare explained the outage in an additional statement, commenting that “Earlier today, a widespread BGP routing leak affected a number of Internet services and a portion of traffic to Cloudflare. All of Cloudflare’s systems continued to run normally, but traffic wasn’t getting to us for a portion of our domains. At this point, the network outage has been fixed and traffic levels are returning to normal.”

Source: https://www.theverge.com/2019/6/24/18715308/discord-down-outage-cloudflare-problems-crunchyroll-feedly

Botnets in 2018 continued to use DDoS as their primary weapon to attack high-speed networks, according to NSFOCUS.

Continuous monitoring and research of botnets discovered significant changes taking place in the coding of malware used to create bots, operations, and maintenance of botnets and IP Chain-Gangs.

Throughout 2018, NSFOCUS developed profiles on 82 IP Chain-Gangs, groups of bots from multiple botnets acting in concert during specific cyber-attack campaigns. Understanding botnets in general and IP Chain-Gangs, in particular, helps improve defensive strategies and, thus, the ability to better mitigate attacks.

Key findings

  • NSFOCUS detected 111,472 attack instructions from botnet families that were received by a total of 451,187 attack targets, an increase of 66.4 percent from last year.
  • The U.S. (47.2 percent) and China (39.78 percent) were the two worst-hit countries when it came to botnet attacks.
  • Statistical analysis shows that gambling and porn websites were the most targeted, suffering 29,161 (an average of 79 per day) DDoS attacks throughout 2018.
  • Botnets were shifted from Windows platforms towards Linux and IoT platforms, leading to the fast decline of older Windows-based families and the thriving of new IoT-based ones.
  • As for platforms hosting Command and Control (C&C) servers, families using IoT platforms, though smaller in quantity, were more active, attracting 87 percent of attackers.
  • In 2018, a total of 35 active families were found to issue more than 100 botnet instructions, accounting for 24 percent of all known families. Several families with the highest level of instruction activity accounted for most of the malicious activities throughout 2018.

“Security service providers need to adapt their strategies to better mitigate the increasing threats posed by the new generation of botnets,” said Richard Zhao, COO at NSFOCUS.

“As defenders, we not only need to enhance our capabilities of countering ransomware and cryptominers but also need to improve the protections for IoT devices.

“While the total number of IoT devices globally surges rapidly and IoT product lines are increasingly diversified, IoT devices still have poor security. Insecure firmware and communication protocols lead to numerous vulnerabilities in IoT platforms.”

Source: https://www.helpnetsecurity.com/2019/06/20/botnets-shift/

Update June 18, 2019 3:20pm CT: Ubisoft has resolved issues stemming from today’s DDoS attack and all services have been restored.

 Ubisoft says it’s suffering from a series of distributed denial-of-service (DDoS) attacks. They hit right as Rainbow Six Siege’s Operation Phantom Sight is getting underway and are currently affecting server connectivity and latency.

In a DDoS attack, a web service or website is flooded with an overwhelming amount of traffic making it unstable and unusable. While it’s not clear who’s responsible for the attack, Ubisoft says it’s working to remedy the issues, according to its support page. Ubisoft put out a similar statement when it was hit by a large DDoS attack just under a year ago.

Screen Shot 2019-06-19 at 13.05.17

Fans should be aware that Ubisoft services are likely to be impacted until the issue is resolved. Last time a large scale DDoS attack hit Ubisoft it took about 10 hours for the company to be able to remedy the situation.

With the new operators of Operation Phantom Sight just being rolled out for all to play, it’s a bummer that some may not get to try them out until the issue is resolved.

Source: https://dotesports.com/rainbow-6/news/ubisoft-hit-with-string-of-ddos-attacks-just-as-r6s-operation-phantom-sight-goes-live

While there were fewer cyber threat incidents in Singapore last year, the republic continues to be the target for cyber attacks by advanced threat actors, the Cyber Security Agency of Singapore (CSA) said in its third annual Cyber Landscape report.

Here is a look at six alarming cyber security trends highlighted in the report:

DATA BREACHES

With data becoming the most valued currency or “commodity” in cyberspace, the CSA said that cyber criminals will try even harder to breach electronic databases.

Those that store large amounts of private and personal information will be the biggest target for hackers and cyber criminals.

The data breach involving healthcare cluster SingHealth was Singapore’s worst cyber attack, with the personal information of more than 1.5 million patients – including Prime Minister Lee Hsien Loong – stolen by hackers in June last year.

THREATS TO GLOBAL SUPPLY CHAINS

Supply chains that consumers depend on for their goods are increasingly becoming interconnected and automated thanks to rapidly developing technology.

But the CSA warned that cyber criminals are trying to disrupt them. This could be for reasons such as extracting information from the companies involved in these supply chains, or holding them to ransom. Industries dominated by a few companies are especially vulnerable as problems in one stage of production could potentially lead to a breakdown in the entire supply chain.

ATTACKS ON CLOUD DATABASES

An increasing number of databases are being hosted in the cloud, which is where software and systems are designed specifically to be deployed over a network.

This means that cyber criminals will be on the lookout to exploit potential vulnerabilities in cloud infrastructure.

“While their primary goal remains data theft, threat actors will also try to exploit cloud services for other malicious aims, such as to amplify Distributed Denial-of-Service (DDoS) attacks,” the agency said in its report.

SMART BUILDINGS AND CONNECTED SYSTEMS

The advent of Internet of Things (IoT) devices and connected industrial control systems in buildings and factories might improve and quicken processes, but it also means that they are open to more danger.

As these buildings and systems become ‘smarter’, the risk of them being attacked to hold their owners to ransom, or be exploited to spread malware or conduct DDoS attacks, also increases, said CSA.

ARTIFICIAL INTELLIGENCE (AI)

AI will be able to significantly enhance the capabilities of security systems in cases such as detecting unusual behaviour and rolling out appropriate responses and mitigation measures in the case of an attack.

But the CSA warned that threat actors can also use AI to search for vulnerabilities in computer systems.

It could also potentially be used to create malicious software that bypasses existing online security measures in an organisation.

BIOMETRIC DATA

As biometric authentication, such as the use of fingerprints or facial scanning, becomes increasingly common, threat actors will shift to target and manipulate biometric data, to build virtual identities and gain access to personal information.

Source: https://www.straitstimes.com/tech/six-alarming-cyber-security-trends-highlighted-by-the-csa