Articles about Ddos

Overwatch

Blizzard blighted by another DDoS storm

Blizzard, the game developer behind World of Warcraft and Overwatch, was hit by another DDoS attack on Tuesday. The assault coincides with the final day of its Overwatch Summer Games event. In an update to an official Twitter account, Blizzard admitted the assault was affecting its ability to deliver services. "We continue to …
John Leyden, 23 Aug 2016

DIY bank account raiding trojan kit touted in dark web dive bars

Cybercrooks are touting a new DIY financial crime kit that lets you roll your own ZeuS-like software nasty. The Scylex malware kit can be used to build malicious code that, once running on a victim's Windows PC, snoops on online banking passwords, intercepts web traffic and opens a backdoor granting full control over the …
John Leyden, 12 Aug 2016

Meet DDoSCoin, the cryptocurrency that pays when you p0wn

A curious proof-of-work project built on cryptocurrency has emerged that offers a means to prove participation in distributed denial of service (DDoS) attacks. University of Colorado assistant professor Eric Wustrow and University of Michigan phD student Benjamin VanderSloot create the platform that allows TLS web servers to …
Darren Pauli, 12 Aug 2016
sale

Imperva under pressure to find buyer after disappointing results

An activist investor is reportedly pushing data centre security firm Imperva to find a buyer following disappointing financial results. Cisco Systems, IBM, Raytheon or Symantec are touted as potential suitors of the Israeli entrepreneur-founded firm, which markets Web Application Firewalls and DDoS mitigation services. …
John Leyden, 11 Aug 2016

Networking wonks say lousy planning, not DDOS, caused #Censusfail

The failure of the Australian census seems to be a failure of planning. The Federal Government is blaming a distributed denial of service attack (DDoS) and an abundance of caution for sending the once-every-five-years Antipodean citizen survey into a grinding halt beginning last night and continuing as of the time of writing …
Darren Pauli, 10 Aug 2016
Dr Strangelove bomb

#Censusfail Australia: Not an attack, data safe, no heads to roll

“This was not an attack, nor was it a hack”: that's the official government position on the collapse of last night's Australian online Census systems, attributed to a denial-of-service attack. The chief statistician David Kalisch, the small business minister Michael McCormack and the government's infosec spokesperson Alexander …
People fight in cartoon cloud. photo by Shutterstock

The old public, private, or home school sorting bin

Blog Anyone who's read much of what I write for The Reg will know that I'm a believer in hybrid cloud – using the cloud for some elements of your world whilst retaining components on-premises too. But precisely which elements? We'll look at how you might decide what belongs where: on-premises, in the private cloud, or in the public …
Dave Cartwright, 09 Aug 2016
HTTP/2 flow diagram

Two first-gen flaws carried over to HTTP/2, warn security bods

Black Hat Security researchers have unearthed four high-profile vulnerabilities in HTTP/2, a new version of the protocol. HTTP/2 introduces new mechanisms that effectively increase the attack surface of business critical web infrastructure, according to a study by researchers at data centre security vendor Imperva and released at the …
John Leyden, 03 Aug 2016

123-Reg drowns in ongoing DDoS tsunami

Beleaguered web host 123-Reg has suffered a "huge scale" distributed denial of service (DDoS) attack to its data centre – knocking the Brit outfit's website offline and a number of users' services. The attack began this morning and is still ongoing but no performance-related issues have been reported since the traffic was …
Kat Hall, 02 Aug 2016
suicidal_clown_shutterstock_648

123-Reg goes TITSUP – again

Updated It seems the wheels of 123-Reg's clown vehicle have fallen off once again. The UK-based web host's website is out of action and customers are reporting a lack of email access. One reader got in touch to say: "Over the past month or so the email service offered by 123-Reg has been up and down and very poor for this small …
Kat Hall, 02 Aug 2016

Hybrid Cloud: The new IT service platform?

So. Hybrid cloud. Let's start with a quick definition, courtesy in this case of TechTarget which describes it as: “a cloud computing environment which uses a mixture of on-premises, private cloud and third-party, public cloud services with orchestration between the two platforms”. I like this particular definition as it sums it …
Dave Cartwright, 28 Jul 2016
Woman in balaclava with shopping bags. Photo by Shutterstock

Oh deer.io: Cyber criminals* using one-stop DIY web biz shops

Updated Cybercrime miscreants seem to be flocking to a one-stop online web business shop. The use of sites like Deer.io prove the barriers to entry for cybercrime are continually being lowered, according to threat intel firm Digital Shadows. Darkside.global, a URL associated with cybercriminal Tessa88 who has distributed leaked …
John Leyden, 27 Jul 2016

DDoS, the cloud and you

Private cloud computing can be a useful way to offload some computing overhead and manage your costs effectively. The switch to operating expenses from capital expenses, the elasticity, the business continuity benefits – they're all real. But so are the dangers of DDoS disaster. There's a problem with moving your servers and …
Danny Bradbury, 21 Jul 2016

DDoS trends: Bigger, badder but not longer

DDoS attacks once again escalated in both size and frequency during the first six months of 2016. Netscout's DDoS mitigation arm Arbor Networks warns that attacks greater than 100Gbps are far from uncommon. The security firm has monitored 274 attacks over 100Gbps in the first half of 2016, versus 223 in all of 2015. The …
John Leyden, 19 Jul 2016
Docker logo

Docker Cloud under fire after DDoS attacks slam DNS, knacker websites

Updated Websites running on the Docker Cloud hosted container management and deployment service were taken down by an apparent DNS outage on Monday. Reg readers and Docker Cloud support forum members complained today that their services were down or suffering intermittent outages with little explanation from Docker. One angry user …
Gavin Clarke, 19 Jul 2016
Pokemon toys

Trump? Terror? Turkey? Whoa, there's a Tentacool in that Bush...

If terror attacks, coups and the prospect of a Trump presidency aren’t enough to convince the end of days might just be at hand, a brief review of the weekend’s Pokemon Go related news should tip the balance. As the augmented reality monster hunting smartphone game rolled out across the real world, players were shot at and …
Joe Fay, 18 Jul 2016
Giant Pikachu Pokemon balloon flown at the 89th Annual Macy's Thanksgiving Day Parade on Columbus Circle. EDITORIAL USE ONLY. Photo credit: Lev Radin / Shutterstock.com

Pokemon Go DDoS claim

An online group has claimed responsibility for launching a distributed denial of service (DDoS) attack against Pokemon Go. The DDoS-disruption group says it overloaded the game's servers over the weekend, causing players across the world to be kicked back into the real world. Pokemon creator Niantic has not commented on the …
Team Register, 17 Jul 2016
Image by Daniel Wiedemann http://www.shutterstock.com/gallery-89719p1.html

CloudFlare probes mystery interception of site traffic across India

An unknown agency in India, possibly telco Airtel, is quietly capitalising on encryption gaps in sites tended by DDOS-buster CloudFlare to intercept and redirect users. Little is yet known about the attacks, so far detected targeting piracy torrent site The Pirate Bay and a handful of other outfits. CloudFlare engineers have …
Darren Pauli, 14 Jul 2016

Chinese gambling site served near record-breaking complex DDoS

A chinese gambling company has been pulverised with multiple nine-vector, 470 Gbps, 110 million packet-per-second distributed denial of service (DDoS) attacks, some of the biggest and most complex ever recorded. The unnamed company was attacked by DDoS that used nine vectors in a very rare bid to bypass Incapsula's mitigation …
Darren Pauli, 01 Jul 2016
Mosasaurs illustration. Image credit: Julius T Csotonyi for the University of Yale

Hydra hacker bot spawns internet of things DDoS clones

Lizard Squad may be mostly behind bars, but their LizardStresser botnet has spawned more than 100 clones. According to Arbor Networks' Matthew Bing, the imitators have lit on the Internet of Things, enslaving thousands of dumb devices with code the hacker group published last year. LizardStresser is an illegal booter service …
Darren Pauli, 01 Jul 2016

25,000 malware-riddled CCTV cameras form network-crashing botnet

A massive network of hacked CCTV cameras is being used to bring down computers around the world, we're told. The unusual 25,000-strong botnet was apparently spotted by US security outfit Sucuri when it investigated an online assault against an ordinary jewelry store. The shop's website was flooded offline after drowning in 35 …
Iain Thomson, 28 Jun 2016

Inside the World of the Dark DDoS

Today’s distributed denial of service attacks are different than the kinds that we saw at the dawn of the millennium when the threat emerged. They’re becoming more nuanced, and subtle – and they could result in a lot more than a downed web server. In the early days of DDoS, volumetric attacks were all the rage. Politically or …
Danny Bradbury, 27 Jun 2016
Lady eating a sandwich checking her mobile phone

Biz networks' DNS troubles

More than four in five (83 per cent) of enterprise networks show evidence of malicious DNS activity. Malware such as botnets, the ZeuS banking malware, distributed denial of service (DDoS) traffic and the CryptoLocker ransomware generated malicious lookup queries picked up in a new study by DNS security specialists Infoblox …
John Leyden, 16 Jun 2016
 Can't See You... by https://www.flickr.com/photos/12023825@N04/  cc 2.0 attribution sharealike generic https://creativecommons.org/licenses/by-sa/2.0/

Half of Brit small biz hit by cyber crime. 10% spend zilch on infosec

Almost half (48 per cent) of Britain's small businesses were hit by cyber-crime in the last year, with 10 per cent targeted many times. Despite this only one in five see cybersecurity as a business priority, and just 15 per cent are confident that they have adequate measures in place to prevent cybercrime, according to a …
John Leyden, 14 Jun 2016

Juniper: Yes, IPv6 ping-of-death hits Junos OS, too

That IPv6 neighbour packet discovery bug Cisco warned about last week? Juniper has just followed Switchzilla by warning it has the same problem. When Cisco announced the vuln, it said other IPv6 implementations would also be at risk. The Gin Palace agrees: CVE-2016-1409 is an issue for anybody running Junos OS. The advisory …
Taylor Swift

SWIFT threatens to give insecure banks a slap if they don't shape up

The SWIFT global payments system has announced it plans to suspend banks with weaker cyber defences until they improve their security. The threatened sanction follows a run of attacks on international banks over recent weeks, including the $81m mega-heist at the Bangladeshi Central Bank. These cyber-heists1 relied on hackers …
John Leyden, 03 Jun 2016
A view from Babbage's eye-mounted Picam

TFTP abused by DDoSsers

Crooks have come up with a new technique for swamping websites with junk traffic. Miscreants have begun using a DDoS reflection and amplification method that abuses TFTP (Trivial File Transfer Protocol), Akamai reports. TFTP is mostly a LAN service used for configuration of devices such as phones and initial installations of …
John Leyden, 01 Jun 2016
Bill_Halbert_Kcom

It's a Hull of a thing: Kcom takes a break from 8-year sales slide

Telecoms provider Kcom stemmed its declining revenue for the first time in eight years, reporting growth of 0.4 per cent to £349.2m for the full year 2015/16. However, operating profit fell to £6.3m from £50.9m mainly due to increased investments, compared with the previous year. That was mainly due to its fibre roll-out in …
Kat Hall, 27 May 2016

ARIN under DDoS attack

The American Registry for Internet Numbers (ARIN) has warned that it is experiencing a distributed denial of service (DDoS attack). “This was and continues to be a sustained attack against our provisioning services, email, and website.” the organisation outfit says. As ARIN assigns internet numbers, operates WHOIS services …
Simon Sharwood, 27 May 2016

DDOS-as-a-service offered for just five dollars

Freelancer-finding site Fiverr has booted out users offering distributed denial of service attack for-hire groups for as low as US$5. Fiverr is a service that connects buyers with professionals like designers and developers, many of whom offer their services for not much more than the price of a beer. Incapsula security wonks …
Darren Pauli, 26 May 2016

Password reuse bot steals creds from weak sites, logs in to banks

The perils of password re-use have been laid bare with the discovery of a botnet dedicated to finding account credentials on websites and testing the logins it finds on banks. The work is clever since it avoids tripping botnet detection and brute force rate limiters in place at most security-savvy banks, but absent across the …
Darren Pauli, 24 May 2016
Vikings. Credit: History Channel.

Malicious Android apps slip into Google Play, top third party charts

Malicious Android applications have bypassed Google's Play store security checks to enslave infected devices into distributed denial of service attack, advertising fraud, and spam botnets. The apps are legitimate games that in some stores outside of Google Play have made it to highly-contested top free games charts. …
Darren Pauli, 17 May 2016

Salesforce.com crash caused DATA LOSS

Salesforce.com's protracted outage earlier this week caused data loss. An update on the company's status page dated May 12, 2016 20:00 UTC says data “written to the NA14 instance between 9:53 UTC and 13:29 UTC on May 10, 2016 can not be restored.” There's a tiny ray of sunshine in that announcement, because previous updates …
Simon Sharwood, 13 May 2016
A man talks angrily into his mobile. Photo via Shutterstock

Did your UK biz just pay £1,500 to stop a DDoS? You've been had

What kind of a grifter pretends he's going to DDoS you? The kind that easily makes off with a lot of cash, it seems. "Hackers" who have been making empty DDoS threats while posing as the Armada Collective appear to have have moved on. No, they didn't stop scamming people, they just changed their modus operandi: they're now …
John Leyden, 04 May 2016

Do you know where your trade secrets are?

Information security (infosec) is no longer a nice-to-have. It is a matter of corporate survival. Even the smallest company can be weakened by the simple loss of a customer list, ruined by the fallout from the loss of protected customer information. There's a lot more to infosec than merely hunkering down behind a firewall. As …
Trevor Pott, 03 May 2016
Abstract newspaper letters

DDoS just smokescreens

Distributed denial of service (DDoS) attacks are increasingly being used as a smokescreen for hacker attacks. A new survey from Neustar reports 71 per cent of financial services firms attacked experienced some form of theft and 38 per cent found viruses or malware activation after a DDoS attack. More than half (57 per cent) of …
John Leyden, 27 Apr 2016
Sopranos

Website extortionists rake in over $100,000 without lifting a finger

Reputation is everything in business: it appears a bunch of canny scammers have stolen the identity of a hacking squad to make some serious bank. Back in November, a group calling itself the Armada Collective carried out a series of distributed denial of service (DDoS) attacks on webmail providers who refused to pay them a …
Iain Thomson, 25 Apr 2016

Anonymous whales on Denmark, Iceland with OpKillingBay DDoS

A pair of Akamai researchers are warning that entities using the name and iconography of hacker collective Anonymous will soon expand a six-year distributed denial of service (DDoS) attack campaign against Japan to other whale-and-dolphin-eating nations. The operation, dubbed KillingBay, is detailed in a report [PDF] and is …
Darren Pauli, 22 Apr 2016

Academic network Janet clobbered with DDoS attacks – again

Blighty's government-funded educational network Janet has once again been hit by a cyber attack, with a fresh wave of DDoS attacks launched against the network this morning. The issue first began on Friday 15 April, with the body reporting it had been hit by a DDoS attack. "We are seeing another targeted attack. This may …
Kat Hall, 18 Apr 2016
LIZARD WEARING A TOP HAT SITS ON A BRANCH.  Brett Weinstein pic - ALTERED BY JUDE KARABUS - licensed under  CC 3.0

Lizard Squad back to blast Blizzard’s gaming hub

Lizard Squad has hit gaming firm Blizzard’s servers with a massive DDoS attack. Blizzard's Battle.net services were left intermittently unavailable as a result of the assault, the latest in a long line of hacking attacks against gaming firms by the notorious black hat hacking crew. Blizzard confirmed an attack in the earlier …
John Leyden, 15 Apr 2016

Swedish military unwittingly helped hose US banks in 2012/2013

Sweden's military has told a newswire that its servers were used in a 2012/2013 attack on American banks. The report from Agence France Presse (AFP) quotes military spokesperson Mikael Abramsson, who told the agency, "The hacking attack was a kind of wake-up call for us and forced us to take very specific security steps to …

British booter bandit walks free after pleading guilty to malware sales

Worcestershire man Grant Manser has pleaded guilty to six counts of computer misuse offences after selling booter software on the dark web. The 20 year old sold the software while aged just 16 for between £5 and £20 a pop during the four years from January 2012, The Daily Mail reports. He pleaded guilty to six charges under …
Team Register, 11 Apr 2016

Cyber-underworld price list revealed: $500 for company email inbox, $1,200 passports, etc

The underground bazaars for stolen online identities, access to corporate email inboxes, and fake ID are booming, we're told. Research by Dell SecureWorks says the market for underground hacking is increasing, particularly in Russia. Russian hackers are expanding their working hours and using guarantors to ensure customer …
John Leyden, 08 Apr 2016

Man pleads guilty for serving white hat with DoS, swearbot, sex toys

Oklahoma man Benjamin Earnest Nichols faces up to 10 years jail in a United States federal prison and a US$250,000 fine after pleading guilty to launching a distributed denial of service attack against security consultancy mccrewsecurity.com. Nichols, 37, pled guilty to one count of causing the transmission of a program or …
Darren Pauli, 08 Apr 2016

Homeland Security report hoses down energy-sector 'cybergeddon' talk

+Comment Everybody knows how easily the world could be plunged into a New Dark Ages with nothing more than a handful of hacker keystrokes – everybody except the United States Department of Homeland Security (DHS). In a report obtained and published by Public Intelligence researchers, the DHS contradicts most of the received wisdom …

Infosec miscreants are peddling malware that will KO your router

Malware targeting embedded devices such as routers rather than computers is doing the rounds. A new and improved version of Kaiten, an Internet Relay Chat (IRC)-controlled malware typically used to carry out distributed denial-of-service (DDoS) attacks, is spreading, security firm ESET warns. KTN-Remastered or KTN-RM features …
John Leyden, 30 Mar 2016

DNS root server attack was not aimed at root servers – infosec bods

The internet's root servers were not the target of a distributed denial-of-service (DDoS) attack in December which for a short time took out four of the 13 pillars of the global network. That's according to two security researchers who will present their findings at a conference in Argentina on Friday. Instead, they conclude …
Kieren McCarthy, 29 Mar 2016

US charges Iranians with hacking into an NY dam, blasting banks offline

The US Department of Justice (DoJ) has charged seven Iranian hackers over a string of high-profile distributed denial-of-service (DDoS) attacks against banks. The seven allegedly worked with Islamic Revolutionary Guard Corps-affiliated entities to run a coordinated campaign of cyber attacks against the US financial sector. One …
John Leyden, 24 Mar 2016
wham_bang by Roy Lichtenstein

Cyberthreat: How to respond...and when

Spotting threats in cyberspace is like star gazing. There are lots of them out there, but telling them apart and working out which ones are about to go supernova takes experience and skill. You don’t want to pour the same resource into protecting yourself against every single perceived threat, because no budget can support …
Danny Bradbury, 23 Mar 2016

Swedish sysadmins reach for the hex key, reassemble services after weekend DDoS

News outlets in Sweden went dark over the weekend in the face of a large-scale distributed denial-of-service (DDoS) attack. Newspaper Dagens Nyheter (DN) reports here (but English-speakers will need help with the translation) that as well as the attack it suffered, media outlets Expression, Svenska Dagbladet, Aftonbladet, …