Articles about Ddos

DDOS

Criticize Donald Trump, get your site smashed offline from Russia

It has been an odd day for Newsweek – its main site was taken offline after it published a story claiming a company owned by Republican presidential candidate Donald Trump broke an embargo against doing deals with Cuba. The magazine first thought that the sheer volume of interest in its scoop was the cause for the outage, but …
Iain Thomson, 30 Sep 2016
A Starship bot face-tp-face with a pensioner on the street

Pisspoor IoT security means it'd be really easy to bump off pensioners

Two things are fixed on everyone's minds when it comes to the Internet of Things: security and law. How does industry overcome the threats posed by these two hurdles? Speaking at yesterday's Cambridge Wireless IoT event in London, Max Heinemeyer from Darktrace was all in favour of automating away the security problems. He …
Gareth Corfield, 29 Sep 2016

Internet of Things security? Start with who owns the data

“Defence is only as strong as the weakest link,” said Tim Phipps of Solarflare at today’s Cambridge Wireless event on security within the Internet of Things. Today's Cambridge Wireless event was part of its Special Interest Group focusing on security and defence. In particular, on securing and defending the Internet of Things …
Gareth Corfield, 28 Sep 2016
Credit card fraud

Urgent! Log in for spear-phisher survey or your account will be deleted

Europol’s annual cyber-crime survey warns that the quality of spearphishing and other "CEO fraud" is continuing to improve and "cybercrime-as-a-service" means an ever larger group of fraudsters can easily commit online attacks. Many threats remain from last year – banking trojan attacks are still an issue for businesses and …
John Oates, 28 Sep 2016
Irritated man looks at office desktop screen in frustration. Photo by Shutterstock

No wonder we're being hit by Internet of Things botnets. Ever tried patching a Thing?

Internet of Things devices are starting to pose a real threat to security for the sensible part of the web, Akamai's chief security officer Andy Ellis has told The Register. Speaking in the aftermath of the large DDoS against security journalist Brian Krebs, Ellis elaborated a little on the makeup of the botnet which took down …
Gareth Corfield, 27 Sep 2016
Image by hobbit http://www.shutterstock.com/gallery-1008401p1.html

152k cameras in 990Gbps record-breaking dual DDoS

The world's largest distributed denial of service (DDoS) attack has been clocked from the same network of 152,463 compromised low-powered cameras and internet-of-things devices which punted a media outlet off the internet. Last days, we got lot of huge DDoS. Here, the list of "bigger that 100Gbps" only. You can see the …
Team Register, 27 Sep 2016

Security man Krebs' website DDoS was powered by hacked Internet of Things botnet

The huge distributed denial of service (DDoS) attack which wiped security journalist Brian Krebs' website from the internet came from a million-device-strong Internet of Things botnet. "Attack appears to include numerous IoT devices, including security cameras. Still itemizing them," an Akamai spokesman told El Reg by email. …
Gareth Corfield, 26 Sep 2016
Image by robodread http://www.shutterstock.com/gallery-529180p1.html

Google rushes in where Akamai fears to tread, shields Krebs after world's-worst DDoS

Google has provided free distributed denial of service attack (DDoS) mitigation services to security publication Krebs on Security, stepping in after Akamai withdrew support. The information security site was last week hammered with a 620Gbps DDoS attack, widely rated one of the world's largest by volume of junk data. …
Darren Pauli, 26 Sep 2016

IBM botched geo-block designed to save Australia's census

Australia's Bureau of Statistics has heavily criticised IBM for the security it applied to the nation's failed online census, which was taken offline after a distributed denial of service (DDoS) attack that battered a curiously flimsy defensive shield. The Bureau also admits it could have done better in a submission (PDF) to a …
Simon Sharwood, 23 Sep 2016

DDoS attacks: For the hell of it or targeted – how do you see them off?

Distributed Denial of Service (DDoS) attacks can be painful and debilitating. How can you defend against them? Originally, out-of-band or scrubbing-centre DDoS protection was the only show in town, but another approach, inline mitigation, provides a viable and automatic alternative. DDoS attacks can be massive, in some cases …
Danny Bradbury, 22 Sep 2016
OpenResty Logo

WTF is OpenResty? The world's fifth-most-used Web server, that's what!

Netcraft's September survey of the world's most prevalent web servers turned up something interesting: a dip for all major servers but a sudden spike for OpenResty. Open what? OpenResty is a superset of the nginx web server, but bundled with LuaJIT, a just-in-time compiler for the Lua scripting language. We've not covered Lua …
Simon Sharwood, 20 Sep 2016
couch_potato_remote_control_surfer

DDoSers do it more now, but they do it less fiercely*

The number of distributed denial of service attacks has doubled over the last 12 months. Akamai reports that Q2 saw a 129 per cent year-on-year increase in total DDoS attacks. During the second quarter, Akamai mitigated a total of 4,919 attacks, one of which (against a media company) reached an eye-watering 363n Gbps. Although …
John Leyden, 15 Sep 2016
Image by TSHIRT-FACTORYdotCOM http://www.shutterstock.com/gallery-110716p1.html

Infected Android phones could flood America's 911 with DDoS attacks

A research trio has shown how thousands of malware-infected phones could launch automated distributed denial of service attacks to cripple the US emergency phone system "for days". The attacks are a new area of research and exploit the need for emergency call services to accept all calls regardless of origin. The theoretical …
Darren Pauli, 13 Sep 2016

Meet DDoSaaS: Distributed Denial of Service-as-a-Service

Analysis It’s not often an entirely new and thriving sector of the “digital economy” – one hitherto unmentioned by the popular press – floats to the surface of the lake in broad daylight, waving a tentacle at us. This is the DDoS-for-hire industry, and it’s fascinating for a few reasons. This shady marketplace has done everything a …
Andrew Orlowski, 12 Sep 2016

Israeli Pentagon DDoSers explain their work, get busted by FBI

Two Israeli men have been arrested for running a distributed-denial-of service-as-a-service site, after one seemingly claimed to attack the Pentagon. Itay Huri and Yarden Bidani, released on US$10,000 bonds, were arrested following a tip off from the FBI, local news site TheMarker reports. A Twitter account using Bidani's …
Darren Pauli, 12 Sep 2016

Linode fends off multiple DDOS attacks

Cloud hosting outfit Linode has again come under significant denial of service (DoS) attack. The attacks aren't as bad as the epic events that all-but-took Linode down in January 2016, but they are coming in thick and fast. The company's reported DoS attacks on September 2nd, September 4th and then a series of attacks on …
Simon Sharwood, 11 Sep 2016
stack of newspapers

Anti-piracy site DDoSed

Swedish anti-piracy site Spridningskollen.se was taken offline on Friday by a suspected DDoS attack. The debt collection company behind the site - which aims to identify Swedes engaged in illicit file sharing - suspects that it’s become the victim of a distributed denial of service attack, according to local reports (Google …
John Leyden, 02 Sep 2016

We want GCHQ-style spy powers to hack cybercrims, say police

Traditional law enforcement techniques are incapable of tackling the rise of cybercrime, according to a panel of experts gathered to discuss the issue at the Chartered Institute of IT. Last night more than a hundred IT professionals and academics, including representatives of the National Crime Agency and Sir David Omand, the …

Suspicious DNS activity runs rife

Nearly half (40 per cent) of enterprise networks tested by security appliance firm Infoblox show evidence of DNS tunnelling. DNS tunnelling is symptomatic of active malware or ongoing data exfiltration within an organisation’s network. Infoblox’s latest quarterly security assessment report (pdf) also measured the prevalence of …
John Leyden, 01 Sep 2016
Overwatch

Blizzard blighted by another DDoS storm

Blizzard, the game developer behind World of Warcraft and Overwatch, was hit by another DDoS attack on Tuesday. The assault coincides with the final day of its Overwatch Summer Games event. In an update to an official Twitter account, Blizzard admitted the assault was affecting its ability to deliver services. "We continue to …
John Leyden, 23 Aug 2016

DIY bank account raiding trojan kit touted in dark web dive bars

Cybercrooks are touting a new DIY financial crime kit that lets you roll your own ZeuS-like software nasty. The Scylex malware kit can be used to build malicious code that, once running on a victim's Windows PC, snoops on online banking passwords, intercepts web traffic and opens a backdoor granting full control over the …
John Leyden, 12 Aug 2016

Meet DDoSCoin, the cryptocurrency that pays when you p0wn

A curious proof-of-work project built on cryptocurrency has emerged that offers a means to prove participation in distributed denial of service (DDoS) attacks. University of Colorado assistant professor Eric Wustrow and University of Michigan phD student Benjamin VanderSloot create the platform that allows TLS web servers to …
Darren Pauli, 12 Aug 2016
sale

Imperva under pressure to find buyer after disappointing results

An activist investor is reportedly pushing data centre security firm Imperva to find a buyer following disappointing financial results. Cisco Systems, IBM, Raytheon or Symantec are touted as potential suitors of the Israeli entrepreneur-founded firm, which markets Web Application Firewalls and DDoS mitigation services. …
John Leyden, 11 Aug 2016

Networking wonks say lousy planning, not DDOS, caused #Censusfail

The failure of the Australian census seems to be a failure of planning. The Federal Government is blaming a distributed denial of service attack (DDoS) and an abundance of caution for sending the once-every-five-years Antipodean citizen survey into a grinding halt beginning last night and continuing as of the time of writing …
Darren Pauli, 10 Aug 2016
Dr Strangelove bomb

#Censusfail Australia: Not an attack, data safe, no heads to roll

“This was not an attack, nor was it a hack”: that's the official government position on the collapse of last night's Australian online Census systems, attributed to a denial-of-service attack. The chief statistician David Kalisch, the small business minister Michael McCormack and the government's infosec spokesperson Alexander …
People fight in cartoon cloud. photo by Shutterstock

Hybrid cloud: Deciding the right mix for your workloads

Blog Anyone who's read much of what I write for The Reg will know that I'm a believer in hybrid cloud – using the cloud for some elements of your world whilst retaining components on-premises too. But precisely which elements? We'll look at how you might decide what belongs where: on-premises, in the private cloud, or in the public …
Dave Cartwright, 09 Aug 2016
HTTP/2 flow diagram

Two first-gen flaws carried over to HTTP/2, warn security bods

Black Hat Security researchers have unearthed four high-profile vulnerabilities in HTTP/2, a new version of the protocol. HTTP/2 introduces new mechanisms that effectively increase the attack surface of business critical web infrastructure, according to a study by researchers at data centre security vendor Imperva and released at the …
John Leyden, 03 Aug 2016

123-Reg drowns in ongoing DDoS tsunami

Beleaguered web host 123-Reg has suffered a "huge scale" distributed denial of service (DDoS) attack to its data centre – knocking the Brit outfit's website offline and a number of users' services. The attack began this morning and is still ongoing but no performance-related issues have been reported since the traffic was …
Kat Hall, 02 Aug 2016
suicidal_clown_shutterstock_648

123-Reg goes TITSUP – again

Updated It seems the wheels of 123-Reg's clown vehicle have fallen off once again. The UK-based web host's website is out of action and customers are reporting a lack of email access. One reader got in touch to say: "Over the past month or so the email service offered by 123-Reg has been up and down and very poor for this small …
Kat Hall, 02 Aug 2016

Hybrid Cloud: The new IT service platform?

So. Hybrid cloud. Let's start with a quick definition, courtesy in this case of TechTarget which describes it as: “a cloud computing environment which uses a mixture of on-premises, private cloud and third-party, public cloud services with orchestration between the two platforms”. I like this particular definition as it sums it …
Dave Cartwright, 28 Jul 2016
Woman in balaclava with shopping bags. Photo by Shutterstock

Oh deer.io: Cyber criminals* using one-stop DIY web biz shops

Updated Cybercrime miscreants seem to be flocking to a one-stop online web business shop. The use of sites like Deer.io prove the barriers to entry for cybercrime are continually being lowered, according to threat intel firm Digital Shadows. Darkside.global, a URL associated with cybercriminal Tessa88 who has distributed leaked …
John Leyden, 27 Jul 2016

DDoS, the cloud and you

Private cloud computing can be a useful way to offload some computing overhead and manage your costs effectively. The switch to operating expenses from capital expenses, the elasticity, the business continuity benefits – they're all real. But so are the dangers of DDoS disaster. There's a problem with moving your servers and …
Danny Bradbury, 21 Jul 2016

DDoS trends: Bigger, badder but not longer

DDoS attacks once again escalated in both size and frequency during the first six months of 2016. Netscout's DDoS mitigation arm Arbor Networks warns that attacks greater than 100Gbps are far from uncommon. The security firm has monitored 274 attacks over 100Gbps in the first half of 2016, versus 223 in all of 2015. The …
John Leyden, 19 Jul 2016
Docker logo

Docker Cloud under fire after DDoS attacks slam DNS, knacker websites

Updated Websites running on the Docker Cloud hosted container management and deployment service were taken down by an apparent DNS outage on Monday. Reg readers and Docker Cloud support forum members complained today that their services were down or suffering intermittent outages with little explanation from Docker. One angry user …
Gavin Clarke, 19 Jul 2016
Pokemon toys

Trump? Terror? Turkey? Whoa, there's a Tentacool in that Bush...

If terror attacks, coups and the prospect of a Trump presidency aren’t enough to convince the end of days might just be at hand, a brief review of the weekend’s Pokemon Go related news should tip the balance. As the augmented reality monster hunting smartphone game rolled out across the real world, players were shot at and …
Joe Fay, 18 Jul 2016
Giant Pikachu Pokemon balloon flown at the 89th Annual Macy's Thanksgiving Day Parade on Columbus Circle. EDITORIAL USE ONLY. Photo credit: Lev Radin / Shutterstock.com

Pokemon Go DDoS claim

An online group has claimed responsibility for launching a distributed denial of service (DDoS) attack against Pokemon Go. The DDoS-disruption group says it overloaded the game's servers over the weekend, causing players across the world to be kicked back into the real world. Pokemon creator Niantic has not commented on the …
Team Register, 17 Jul 2016
Image by Daniel Wiedemann http://www.shutterstock.com/gallery-89719p1.html

CloudFlare probes mystery interception of site traffic across India

An unknown agency in India, possibly telco Airtel, is quietly capitalising on encryption gaps in sites tended by DDOS-buster CloudFlare to intercept and redirect users. Little is yet known about the attacks, so far detected targeting piracy torrent site The Pirate Bay and a handful of other outfits. CloudFlare engineers have …
Darren Pauli, 14 Jul 2016

Chinese gambling site served near record-breaking complex DDoS

A chinese gambling company has been pulverised with multiple nine-vector, 470 Gbps, 110 million packet-per-second distributed denial of service (DDoS) attacks, some of the biggest and most complex ever recorded. The unnamed company was attacked by DDoS that used nine vectors in a very rare bid to bypass Incapsula's mitigation …
Darren Pauli, 01 Jul 2016
Mosasaurs illustration. Image credit: Julius T Csotonyi for the University of Yale

Hydra hacker bot spawns internet of things DDoS clones

Lizard Squad may be mostly behind bars, but their LizardStresser botnet has spawned more than 100 clones. According to Arbor Networks' Matthew Bing, the imitators have lit on the Internet of Things, enslaving thousands of dumb devices with code the hacker group published last year. LizardStresser is an illegal booter service …
Darren Pauli, 01 Jul 2016

25,000 malware-riddled CCTV cameras form network-crashing botnet

A massive network of hacked CCTV cameras is being used to bring down computers around the world, we're told. The unusual 25,000-strong botnet was apparently spotted by US security outfit Sucuri when it investigated an online assault against an ordinary jewelry store. The shop's website was flooded offline after drowning in 35 …
Iain Thomson, 28 Jun 2016

Inside the World of the Dark DDoS

Today’s distributed denial of service attacks are different than the kinds that we saw at the dawn of the millennium when the threat emerged. They’re becoming more nuanced, and subtle – and they could result in a lot more than a downed web server. In the early days of DDoS, volumetric attacks were all the rage. Politically or …
Danny Bradbury, 27 Jun 2016
Lady eating a sandwich checking her mobile phone

Biz networks' DNS troubles

More than four in five (83 per cent) of enterprise networks show evidence of malicious DNS activity. Malware such as botnets, the ZeuS banking malware, distributed denial of service (DDoS) traffic and the CryptoLocker ransomware generated malicious lookup queries picked up in a new study by DNS security specialists Infoblox …
John Leyden, 16 Jun 2016
 Can't See You... by https://www.flickr.com/photos/12023825@N04/  cc 2.0 attribution sharealike generic https://creativecommons.org/licenses/by-sa/2.0/

Half of Brit small biz hit by cyber crime. 10% spend zilch on infosec

Almost half (48 per cent) of Britain's small businesses were hit by cyber-crime in the last year, with 10 per cent targeted many times. Despite this only one in five see cybersecurity as a business priority, and just 15 per cent are confident that they have adequate measures in place to prevent cybercrime, according to a …
John Leyden, 14 Jun 2016

Juniper: Yes, IPv6 ping-of-death hits Junos OS, too

That IPv6 neighbour packet discovery bug Cisco warned about last week? Juniper has just followed Switchzilla by warning it has the same problem. When Cisco announced the vuln, it said other IPv6 implementations would also be at risk. The Gin Palace agrees: CVE-2016-1409 is an issue for anybody running Junos OS. The advisory …
Taylor Swift

SWIFT threatens to give insecure banks a slap if they don't shape up

The SWIFT global payments system has announced it plans to suspend banks with weaker cyber defences until they improve their security. The threatened sanction follows a run of attacks on international banks over recent weeks, including the $81m mega-heist at the Bangladeshi Central Bank. These cyber-heists1 relied on hackers …
John Leyden, 03 Jun 2016
A view from Babbage's eye-mounted Picam

TFTP abused by DDoSsers

Crooks have come up with a new technique for swamping websites with junk traffic. Miscreants have begun using a DDoS reflection and amplification method that abuses TFTP (Trivial File Transfer Protocol), Akamai reports. TFTP is mostly a LAN service used for configuration of devices such as phones and initial installations of …
John Leyden, 01 Jun 2016
Bill_Halbert_Kcom

It's a Hull of a thing: Kcom takes a break from 8-year sales slide

Telecoms provider Kcom stemmed its declining revenue for the first time in eight years, reporting growth of 0.4 per cent to £349.2m for the full year 2015/16. However, operating profit fell to £6.3m from £50.9m mainly due to increased investments, compared with the previous year. That was mainly due to its fibre roll-out in …
Kat Hall, 27 May 2016

ARIN under DDoS attack

The American Registry for Internet Numbers (ARIN) has warned that it is experiencing a distributed denial of service (DDoS attack). “This was and continues to be a sustained attack against our provisioning services, email, and website.” the organisation outfit says. As ARIN assigns internet numbers, operates WHOIS services …
Simon Sharwood, 27 May 2016

DDOS-as-a-service offered for just five dollars

Freelancer-finding site Fiverr has booted out users offering distributed denial of service attack for-hire groups for as low as US$5. Fiverr is a service that connects buyers with professionals like designers and developers, many of whom offer their services for not much more than the price of a beer. Incapsula security wonks …
Darren Pauli, 26 May 2016

Password reuse bot steals creds from weak sites, logs in to banks

The perils of password re-use have been laid bare with the discovery of a botnet dedicated to finding account credentials on websites and testing the logins it finds on banks. The work is clever since it avoids tripping botnet detection and brute force rate limiters in place at most security-savvy banks, but absent across the …
Darren Pauli, 24 May 2016