Articles about Ddos

DDoS, the cloud and you

Private cloud computing can be a useful way to offload some computing overhead and manage your costs effectively. The switch to operating expenses from capital expenses, the elasticity, the business continuity benefits – they're all real. But so are the dangers of DDoS disaster. There's a problem with moving your servers and …
Danny Bradbury, 21 Jul 2016

DDoS trends: Bigger, badder but not longer

DDoS attacks once again escalated in both size and frequency during the first six months of 2016. Netscout's DDoS mitigation arm Arbor Networks warns that attacks greater than 100Gbps are far from uncommon. The security firm has monitored 274 attacks over 100Gbps in the first half of 2016, versus 223 in all of 2015. The …
John Leyden, 19 Jul 2016
Docker logo

Docker Cloud under fire after DDoS attacks slam DNS, knacker websites

Updated Websites running on the Docker Cloud hosted container management and deployment service were taken down by an apparent DNS outage on Monday. Reg readers and Docker Cloud support forum members complained today that their services were down or suffering intermittent outages with little explanation from Docker. One angry user …
Gavin Clarke, 19 Jul 2016
Pokemon toys

Trump? Terror? Turkey? Whoa, there's a Tentacool in that Bush...

If terror attacks, coups and the prospect of a Trump presidency aren’t enough to convince the end of days might just be at hand, a brief review of the weekend’s Pokemon Go related news should tip the balance. As the augmented reality monster hunting smartphone game rolled out across the real world, players were shot at and …
Joe Fay, 18 Jul 2016
Giant Pikachu Pokemon balloon flown at the 89th Annual Macy's Thanksgiving Day Parade on Columbus Circle. EDITORIAL USE ONLY. Photo credit: Lev Radin / Shutterstock.com

Pokemon Go DDoS claim

An online group has claimed responsibility for launching a distributed denial of service (DDoS) attack against Pokemon Go. The DDoS-disruption group says it overloaded the game's servers over the weekend, causing players across the world to be kicked back into the real world. Pokemon creator Niantic has not commented on the …
Team Register, 17 Jul 2016
Image by Daniel Wiedemann http://www.shutterstock.com/gallery-89719p1.html

CloudFlare probes mystery interception of site traffic across India

An unknown agency in India, possibly telco Airtel, is quietly capitalising on encryption gaps in sites tended by DDOS-buster CloudFlare to intercept and redirect users. Little is yet known about the attacks, so far detected targeting piracy torrent site The Pirate Bay and a handful of other outfits. CloudFlare engineers have …
Darren Pauli, 14 Jul 2016

Chinese gambling site served near record-breaking complex DDoS

A chinese gambling company has been pulverised with multiple nine-vector, 470 Gbps, 110 million packet-per-second distributed denial of service (DDoS) attacks, some of the biggest and most complex ever recorded. The unnamed company was attacked by DDoS that used nine vectors in a very rare bid to bypass Incapsula's mitigation …
Darren Pauli, 01 Jul 2016
Mosasaurs illustration. Image credit: Julius T Csotonyi for the University of Yale

Hydra hacker bot spawns internet of things DDoS clones

Lizard Squad may be mostly behind bars, but their LizardStresser botnet has spawned more than 100 clones. According to Arbor Networks' Matthew Bing, the imitators have lit on the Internet of Things, enslaving thousands of dumb devices with code the hacker group published last year. LizardStresser is an illegal booter service …
Darren Pauli, 01 Jul 2016

25,000 malware-riddled CCTV cameras form network-crashing botnet

A massive network of hacked CCTV cameras is being used to bring down computers around the world, we're told. The unusual 25,000-strong botnet was apparently spotted by US security outfit Sucuri when it investigated an online assault against an ordinary jewelry store. The shop's website was flooded offline after drowning in 35 …
Iain Thomson, 28 Jun 2016

Inside the World of the Dark DDoS

Today’s distributed denial of service attacks are different than the kinds that we saw at the dawn of the millennium when the threat emerged. They’re becoming more nuanced, and subtle – and they could result in a lot more than a downed web server. In the early days of DDoS, volumetric attacks were all the rage. Politically or …
Danny Bradbury, 27 Jun 2016
Lady eating a sandwich checking her mobile phone

Biz networks' DNS troubles

More than four in five (83 per cent) of enterprise networks show evidence of malicious DNS activity. Malware such as botnets, the ZeuS banking malware, distributed denial of service (DDoS) traffic and the CryptoLocker ransomware generated malicious lookup queries picked up in a new study by DNS security specialists Infoblox …
John Leyden, 16 Jun 2016
 Can't See You... by https://www.flickr.com/photos/12023825@N04/  cc 2.0 attribution sharealike generic https://creativecommons.org/licenses/by-sa/2.0/

Half of Brit small biz hit by cyber crime. 10% spend zilch on infosec

Almost half (48 per cent) of Britain's small businesses were hit by cyber-crime in the last year, with 10 per cent targeted many times. Despite this only one in five see cybersecurity as a business priority, and just 15 per cent are confident that they have adequate measures in place to prevent cybercrime, according to a …
John Leyden, 14 Jun 2016

Juniper: Yes, IPv6 ping-of-death hits Junos OS, too

That IPv6 neighbour packet discovery bug Cisco warned about last week? Juniper has just followed Switchzilla by warning it has the same problem. When Cisco announced the vuln, it said other IPv6 implementations would also be at risk. The Gin Palace agrees: CVE-2016-1409 is an issue for anybody running Junos OS. The advisory …
Taylor Swift

SWIFT threatens to give insecure banks a slap if they don't shape up

The SWIFT global payments system has announced it plans to suspend banks with weaker cyber defences until they improve their security. The threatened sanction follows a run of attacks on international banks over recent weeks, including the $81m mega-heist at the Bangladeshi Central Bank. These cyber-heists1 relied on hackers …
John Leyden, 03 Jun 2016
A view from Babbage's eye-mounted Picam

TFTP abused by DDoSsers

Crooks have come up with a new technique for swamping websites with junk traffic. Miscreants have begun using a DDoS reflection and amplification method that abuses TFTP (Trivial File Transfer Protocol), Akamai reports. TFTP is mostly a LAN service used for configuration of devices such as phones and initial installations of …
John Leyden, 01 Jun 2016
Bill_Halbert_Kcom

It's a Hull of a thing: Kcom takes a break from 8-year sales slide

Telecoms provider Kcom stemmed its declining revenue for the first time in eight years, reporting growth of 0.4 per cent to £349.2m for the full year 2015/16. However, operating profit fell to £6.3m from £50.9m mainly due to increased investments, compared with the previous year. That was mainly due to its fibre roll-out in …
Kat Hall, 27 May 2016

ARIN under DDoS attack

The American Registry for Internet Numbers (ARIN) has warned that it is experiencing a distributed denial of service (DDoS attack). “This was and continues to be a sustained attack against our provisioning services, email, and website.” the organisation outfit says. As ARIN assigns internet numbers, operates WHOIS services …
Simon Sharwood, 27 May 2016

DDOS-as-a-service offered for just five dollars

Freelancer-finding site Fiverr has booted out users offering distributed denial of service attack for-hire groups for as low as US$5. Fiverr is a service that connects buyers with professionals like designers and developers, many of whom offer their services for not much more than the price of a beer. Incapsula security wonks …
Darren Pauli, 26 May 2016

Password reuse bot steals creds from weak sites, logs in to banks

The perils of password re-use have been laid bare with the discovery of a botnet dedicated to finding account credentials on websites and testing the logins it finds on banks. The work is clever since it avoids tripping botnet detection and brute force rate limiters in place at most security-savvy banks, but absent across the …
Darren Pauli, 24 May 2016
Vikings. Credit: History Channel.

Malicious Android apps slip into Google Play, top third party charts

Malicious Android applications have bypassed Google's Play store security checks to enslave infected devices into distributed denial of service attack, advertising fraud, and spam botnets. The apps are legitimate games that in some stores outside of Google Play have made it to highly-contested top free games charts. …
Darren Pauli, 17 May 2016

Salesforce.com crash caused DATA LOSS

Salesforce.com's protracted outage earlier this week caused data loss. An update on the company's status page dated May 12, 2016 20:00 UTC says data “written to the NA14 instance between 9:53 UTC and 13:29 UTC on May 10, 2016 can not be restored.” There's a tiny ray of sunshine in that announcement, because previous updates …
Simon Sharwood, 13 May 2016
A man talks angrily into his mobile. Photo via Shutterstock

Did your UK biz just pay £1,500 to stop a DDoS? You've been had

What kind of a grifter pretends he's going to DDoS you? The kind that easily makes off with a lot of cash, it seems. "Hackers" who have been making empty DDoS threats while posing as the Armada Collective appear to have have moved on. No, they didn't stop scamming people, they just changed their modus operandi: they're now …
John Leyden, 04 May 2016

Do you know where your trade secrets are?

Information security (infosec) is no longer a nice-to-have. It is a matter of corporate survival. Even the smallest company can be weakened by the simple loss of a customer list, ruined by the fallout from the loss of protected customer information. There's a lot more to infosec than merely hunkering down behind a firewall. As …
Trevor Pott, 03 May 2016
Abstract newspaper letters

DDoS just smokescreens

Distributed denial of service (DDoS) attacks are increasingly being used as a smokescreen for hacker attacks. A new survey from Neustar reports 71 per cent of financial services firms attacked experienced some form of theft and 38 per cent found viruses or malware activation after a DDoS attack. More than half (57 per cent) of …
John Leyden, 27 Apr 2016
Sopranos

Website extortionists rake in over $100,000 without lifting a finger

Reputation is everything in business: it appears a bunch of canny scammers have stolen the identity of a hacking squad to make some serious bank. Back in November, a group calling itself the Armada Collective carried out a series of distributed denial of service (DDoS) attacks on webmail providers who refused to pay them a …
Iain Thomson, 25 Apr 2016

Anonymous whales on Denmark, Iceland with OpKillingBay DDoS

A pair of Akamai researchers are warning that entities using the name and iconography of hacker collective Anonymous will soon expand a six-year distributed denial of service (DDoS) attack campaign against Japan to other whale-and-dolphin-eating nations. The operation, dubbed KillingBay, is detailed in a report [PDF] and is …
Darren Pauli, 22 Apr 2016

Academic network Janet clobbered with DDoS attacks – again

Blighty's government-funded educational network Janet has once again been hit by a cyber attack, with a fresh wave of DDoS attacks launched against the network this morning. The issue first began on Friday 15 April, with the body reporting it had been hit by a DDoS attack. "We are seeing another targeted attack. This may …
Kat Hall, 18 Apr 2016
LIZARD WEARING A TOP HAT SITS ON A BRANCH.  Brett Weinstein pic - ALTERED BY JUDE KARABUS - licensed under  CC 3.0

Lizard Squad back to blast Blizzard’s gaming hub

Lizard Squad has hit gaming firm Blizzard’s servers with a massive DDoS attack. Blizzard's Battle.net services were left intermittently unavailable as a result of the assault, the latest in a long line of hacking attacks against gaming firms by the notorious black hat hacking crew. Blizzard confirmed an attack in the earlier …
John Leyden, 15 Apr 2016

Swedish military unwittingly helped hose US banks in 2012/2013

Sweden's military has told a newswire that its servers were used in a 2012/2013 attack on American banks. The report from Agence France Presse (AFP) quotes military spokesperson Mikael Abramsson, who told the agency, "The hacking attack was a kind of wake-up call for us and forced us to take very specific security steps to …

British booter bandit walks free after pleading guilty to malware sales

Worcestershire man Grant Manser has pleaded guilty to six counts of computer misuse offences after selling booter software on the dark web. The 20 year old sold the software while aged just 16 for between £5 and £20 a pop during the four years from January 2012, The Daily Mail reports. He pleaded guilty to six charges under …
Team Register, 11 Apr 2016

Cyber-underworld price list revealed: $500 for company email inbox, $1,200 passports, etc

The underground bazaars for stolen online identities, access to corporate email inboxes, and fake ID are booming, we're told. Research by Dell SecureWorks says the market for underground hacking is increasing, particularly in Russia. Russian hackers are expanding their working hours and using guarantors to ensure customer …
John Leyden, 08 Apr 2016

Man pleads guilty for serving white hat with DoS, swearbot, sex toys

Oklahoma man Benjamin Earnest Nichols faces up to 10 years jail in a United States federal prison and a US$250,000 fine after pleading guilty to launching a distributed denial of service attack against security consultancy mccrewsecurity.com. Nichols, 37, pled guilty to one count of causing the transmission of a program or …
Darren Pauli, 08 Apr 2016

Homeland Security report hoses down energy-sector 'cybergeddon' talk

+Comment Everybody knows how easily the world could be plunged into a New Dark Ages with nothing more than a handful of hacker keystrokes – everybody except the United States Department of Homeland Security (DHS). In a report obtained and published by Public Intelligence researchers, the DHS contradicts most of the received wisdom …

Infosec miscreants are peddling malware that will KO your router

Malware targeting embedded devices such as routers rather than computers is doing the rounds. A new and improved version of Kaiten, an Internet Relay Chat (IRC)-controlled malware typically used to carry out distributed denial-of-service (DDoS) attacks, is spreading, security firm ESET warns. KTN-Remastered or KTN-RM features …
John Leyden, 30 Mar 2016

DNS root server attack was not aimed at root servers – infosec bods

The internet's root servers were not the target of a distributed denial-of-service (DDoS) attack in December which for a short time took out four of the 13 pillars of the global network. That's according to two security researchers who will present their findings at a conference in Argentina on Friday. Instead, they conclude …
Kieren McCarthy, 29 Mar 2016

US charges Iranians with hacking into an NY dam, blasting banks offline

The US Department of Justice (DoJ) has charged seven Iranian hackers over a string of high-profile distributed denial-of-service (DDoS) attacks against banks. The seven allegedly worked with Islamic Revolutionary Guard Corps-affiliated entities to run a coordinated campaign of cyber attacks against the US financial sector. One …
John Leyden, 24 Mar 2016
wham_bang by Roy Lichtenstein

Cyberthreat: How to respond...and when

Spotting threats in cyberspace is like star gazing. There are lots of them out there, but telling them apart and working out which ones are about to go supernova takes experience and skill. You don’t want to pour the same resource into protecting yourself against every single perceived threat, because no budget can support …
Danny Bradbury, 23 Mar 2016

Swedish sysadmins reach for the hex key, reassemble services after weekend DDoS

News outlets in Sweden went dark over the weekend in the face of a large-scale distributed denial-of-service (DDoS) attack. Newspaper Dagens Nyheter (DN) reports here (but English-speakers will need help with the translation) that as well as the attack it suffered, media outlets Expression, Svenska Dagbladet, Aftonbladet, …

Secure email bods ProtonMail open signup floodgates to world+dog

Interview Secure email service ProtonMail has come out of beta and re-opened free registration to all for the first time in almost two years. Applications to join the invite-only service had been backed up almost since the day it launched, as the free encrypted mail service quickly reached its upper capacity of users and struggled to …

Anti-cyber-attack biz Staminus is cyber-attacked, mocked by card-leaking tormentors

Updated Staminus Communications – a US web hosting biz that specializes in protecting sites from distributed denial-of-service attacks – is recovering after hackers ransacked its servers and leaked customer credit card numbers. Its systems fell over for about 20 hours up until the early hours of Friday morning, UK time, or late at …
John Leyden, 11 Mar 2016

DDoS protection biz Incapsula knackers its customers' websites

Glitches at distributed denial-of-service mitigation biz Incapsula left the websites it defends offline twice on Thursday. Incapsula blamed "connectivity issues" for the global PITSTOP, aka the worldwide degradation of its services. "A rare case triggered an issue on the Incapsula service and caused two system-wide errors at …
John Leyden, 10 Mar 2016
Speedometer by Nathan E Photography, Flickr under CC2.0

F5 adds 100 Gbps blade to VIPRION range

F5 Networks has added a 100 Gbps Ethernet blade to its eight-blade chassis range, targeting 4G and future 5G network deployments, along with high performance DDoS mitigation. The specs for the blade are straightforward: two 100 Gbps Ethernet ports and six 40 Gbps Ethernet ports, and claimed support for more than a billion …

Trivial path for DDoS amplification attacks found by infosec bods

Security researchers have discovered a new vector for DDoS amplification attacks – and it's quite literally trivial. Improperly configured services such as DNS or Network Time Protocol (NTP) have been exploited to launch a string of DDoS attacks over the last couple of years. Researchers at Edinburgh Napier University have …
John Leyden, 09 Mar 2016

What are you doing to spot a breach?

Technology moves quickly, not just in legitimate business, but in the cybercriminal world too. Advanced attack tools are now available on the black market, lowering the barrier to entry for the average online lowlife. They are happy to target large and small organizations alike, and they only have to be lucky once. Security …
Robin Birtstone, 08 Mar 2016

Rent a denial-of-service booter for $60, wreak $720k in damage

Criminals can pay distributed-denial-of-service attackers less than US$60 to inflict as much as US$720,000 in damage to an organisation per day, researcher Dennis Schwarz says. The so-called booter or stresser services are commonly sold as would-be legitimate tools for security professionals. These tools are supposedly used to …
Darren Pauli, 04 Mar 2016
hacker

OPSEC mistakes spill Russian DDoS scum's payment secrets

OPSEC mistakes by a cybercrook have allowed security researchers to estimate the revenue of a Russian DDoS booter merchant. The research is noteworthy because the only public information available on these miscreants is normally their online advertisements for site takedown services in Russian-language cybercrime forums and …
John Leyden, 03 Mar 2016
Dyson DC58 Animal

SMBs? Are you big enough to have a serious backup strategy?

One of the TLAs* we come across all the time in IT is CIA. It's not, in this context, a shady American intelligence force: as far as we're concerned it stands for Confidentiality, Integrity and Availability – the three strands you need to consider as part of your security and data management policies and processes. Most …
Dave Cartwright, 02 Mar 2016

You're a cybercrime kingpin. You need a new evil lackey. How much do you tell them?

RSA 2016 Cybercrooks, much like ethical security defenders, are facing a skills crisis and difficulties in recruiting qualified staff. Their attempts to bring workers into criminal organisations leave it possible for experts to learn more about their strategies and tactics, according to new research from threat intelligence firm Digital …
John Leyden, 01 Mar 2016

DDoS attacks up 149 percent as brassy booter kids make bank

The number of distributed denial of service attacks rose 149 percent in dying months of 2015 according to Akamai's networking wonks. The latest figures in the State of the Internet Q4 2015 report (PDF) tracked some 3693 DDoS attacks during the final quarter finding 169 percent uptick in infrastructure attacks. Akamai finds …
Darren Pauli, 01 Mar 2016
cable

People don't want big OpenFlow deployments, so let's do small ones

OpenFlow looks like it has all the hallmarks of inevitable success: it fits into a broad stack of open networking protocols, it has lots of vendor support, it's backed by the Linux Foundation, and it's been under development since 2009. All that remains is users, which are rather hard to find. Might that change if the project …