Articles about Ddos

Chinese firm recalls webcams over botnet DDoS woes

Chinese electronics firm Hangzhou Xiongmai is set to recall swathes of webcams after they were compromised by the Mirai botnet. Mirai exploits the low security standards of internet-connected devices, from routers to webcams, and after enslaving them with malware uses their network connections to launch DDoS attacks, such as …

Hacktivist crew claims it launched last week's DDoS mega-attack

A group called New World Hackers has claimed responsibility for a DDoS attack that rendered significant portions of the web unreachable last Friday. A series of assaults carefully targeted at managed DNS provider Dyn knocked the service offline for much of the day, causing disruption to multiple well-known sites that relied on …
John Leyden, 24 Oct 2016

Thanks, IoT vendors: your slack attitude will get regulators moving

Last Friday's Mirai botnet attack against Dyn must force everybody's hands – vendors, regulators, and Internet infrastructure operators. It's going to be a while before research gets as far as attribution to an attacker, but in the meantime, there's plenty of culpability to go around. Two things are clear, however: the …
head of 50s-style robot

Today the web was broken by countless hacked devices – your 60-second summary

Updated Today a vast army of hijacked internet-connected devices – from security cameras and video recorders to home routers – turned on their owners and broke a big chunk of the web. Compromised machines, following orders from as-yet unknown masterminds, threw massive amounts of junk traffic at servers operated by US-based Dyn, which …
Chris Williams, 21 Oct 2016

DNS devastation: Top websites whacked offline as Dyn dies again

An extraordinary, focused attack on DNS provider Dyn continues to disrupt internet services for hundreds of companies, including online giants Twitter, Amazon, AirBnB, Spotify and others. The worldwide assault started at approximately 11am UTC on Friday. It was a massive denial-of-service blast that knocked Dyn's DNS anycast …
Kieren McCarthy, 21 Oct 2016

Dyn dinged by DDoS: US DNS firm gives web a bad hair day

A denial of service attack against managed DNS provider Dyn restricted access to many US-based websites on Friday. The ongoing attack is affecting Dyn’s managed DNS customers on the US East Coast, according to the provider, which adds on its status page that its “engineers are continuing to work on mitigating this issue”. …
John Leyden, 21 Oct 2016

IBM throws ISP under a bus for Australia's #Censusfail

IBM has blamed a supplier for causing the failure of Australia's online census, which went offline on the very night millions of households were required to describe their disposition. Big Blue's submission (PDF) to Australia's Standing Committees on Economics, which is conducting an Inquiry into the Preparation, …
Simon Sharwood, 21 Oct 2016
Nerd fail photo via Shutterstock

Australia's IBM-assisted Census fail burned AU$30 MEEELLION

Australia's AU$700k-per-year chief statistician has told a Senate estimates committee that the August 2016 Census crash lopped $30 million off the hoped-for $100 million savings to be had from taking the survey online. The Australian Bureau of Statistics (ABS) spent $10 million to have IBM conduct the online Census, but the …
man reads tablet on the toilet. Photo by Shutterstock

It's finally happened: Hackers are coming for home routers en masse

Cybercrooks are increasingly targeting routers in consumers’ homes. Fortinet reports that attacks of this type have regularly figured as entries in its daily top 10 IPS (intrusion prevention system) detection list over the last three months since July. The security vendor reckons that home routers have become a favoured target …
John Leyden, 19 Oct 2016

Orange blows up French govt website in terrorism censorship snafu

The French Interior Ministry suffered an unexpected denial of service attack yesterday – after ISP Orange mistakenly routed heaps of traffic to the government's website. Several popular and legit internet domains were wrongly added to Orange's terrorism block list. Browsers visiting domains on the list are redirected to a …
Iain Thomson, 18 Oct 2016

Sweet, vulnerable IoT devices compromised 6 min after going online

The unpatched Windows XP problem that spawned the Blaster and Sasser worm a decade ago is being replicated on a different platform by hackers exploiting IoT devices to launch denial of service attacks. Two Internet of Things-powered packet floods took down the websites of cybersecurity journalist Brian Krebs and French hosting …
John Leyden, 17 Oct 2016

Huge DDoS attacks are about to get bigger: Mirai bots infect Sierra Wireless gateways

Sierra Wireless cellular modems are being infected by the Mirai botnet malware used to smash systems offline. Mirai commandeers web-connected cameras, sensors and other Internet of Things (IoT) devices using the default factory-set login passwords in their firmware. It has been fingered for unleashing the largest DDoS attack …
Iain Thomson, 14 Oct 2016

Post-referendum UK still part of Euro cyberterror stress test... for now

European enterprises are teaming with information security agencies and governments to run a pan-European cyberwar readiness exercise today. Cyber Europe 2016 - which involves thousands of experts from all 28 EU Member States, Switzerland and Norway - is being co-ordinated by European Union security agency ENISA. It's the …
John Leyden, 14 Oct 2016
Qualcomm's AllJoyn underpins the range of connectedness that the AllSeen Alliance taps into

Decade-old SSH vuln exploited by IoT botnet armies to hose servers

Hackers are exploiting a 12-year-old vulnerability in OpenSSH to funnel malicious network traffic through Internet of Things (IoT) gizmos, Akamai warns. The SSHowDowN Proxy attack [PDF] exploits a lingering weakness in many default configurations of internet-connected embedded devices. Compromised gadgets are being abused to …
John Leyden, 13 Oct 2016

Internet of Things botnets: You ain’t seen nothing yet

Internet of Things (IoT) botnet "Mirai" is the shape of things to come and future assaults could be even more severe, a leading security research firm warns. Mirai powered the largest ever DDoS attack ever, spawning a 620Gbps DDoS against KrebsOnSecurity. Source code for the malware was released on hacker forums last week. …
John Leyden, 10 Oct 2016
Image by Maksim Kabakou

Stickers emerge as EU's weapon against dud IoT security

The European Commission is readying a push to get companies to produce labels that reveal the security baked into internet-of-things things. The labelling effort is part of a broader push to drive companies to better handle security controls and privacy data in the notoriously insecure and leaky devices. Deputy head of …
Darren Pauli, 10 Oct 2016

Invasion of the virus-addled lightbulbs (and other banana stories)

Something for the Weekend, Sir? Yikes, all I have to do is go away for a couple of weeks and all hell breaks loose. But at least it’s the right kind of hell: that is, the veritable technological hell that I’ve been predicting in these columns for years. First off as I sit back in my late-vacation sun lounger to read the news on my tablet is that the Krebs on …
Alistair Dabbs, 07 Oct 2016

Secure cloud doesn’t always mean your stuff in it is secure too

IPExpo “Picking a secure cloud partner is not as trivial as it may seem. Don't assume that because the cloud is secure, your business within the cloud is secure,” Unisys’ chief trust officer Tom Patterson said today. Alongside Patterson and giving a joint keynote speech about lowering costs and risks in the cloud this morning was AWS …
Gareth Corfield, 06 Oct 2016
Parachutists and cloud image via Shutterstock

Trust the cloud, we’re getting the hang of securing it, says Unisys security chief

IPExpo Everyone’s starting to believe in public cloud but security remains an uphill battle, Unisys’ chief trust officer Tom Patterson told The Register this morning. “There are no four walls any more,” he said, sipping a cappuccino in London’s ExCel conference centre and referring to the traditional security model where threats were …
Gareth Corfield, 06 Oct 2016

‘You can’t opt out of IoT’: Our future is the Rise of the Sensor Machines

IPExpo “The majority of SMEs are bamboozled by the Internet of Things and how it will support their business,” Mike van Bunnens, MD of comms tech firm Comms365 told The Register today. Predicting a future where “everything” is an IoT device that “binds us together”, van Bunnens - flanked by colleagues Shaun Nicholls and Nick Sacke - …
Gareth Corfield, 05 Oct 2016

Speaking in Tech: Making $1bn profit from a $10m investment? We'll take it

Podcast speaking_in_tech Greg Knieriemen podcast enterprise Speaking in Tech #231 - Melissa This week Ed Saipetch is back this week with Podcast Idol Melissa Gurney from Dell EMC. Our special guest this week is Erin Banks, Big Data & Analytics Marketing Director at Dell EMC. The trio discuss Big Data, Nutanix IPO, FPGA’s, DDOS and …
Team Register, 05 Oct 2016

SANS issues call to arms to battle IoT botnets

The SANS Institute is hoping sysadmins can help it to do what vendors won't: improve Internet of Things security. The call comes in the wake of not one but two IoShitT-based botnet attacks – the 600 Gbps-plus slam that sent security publication Krebs on Security from Akamai to Google Shield, and the same botnet escalating to …

MariaDB: MaxScale 2.0 given the full SSL streaming Monty

MariaDB has this afternoon made version 2.0 of MaxScale, its database proxy, generally available. The new version of the database proxy arrives with additional features for streaming, security, scalability and availability, which it provides while sat between the application client and the database. Consisting of a generic …

Source code unleashed for junk-blasting Internet of Things botnet

Malicious code used to press-gang IoT connected devices into a botnet was leaked online over the weekend. The Mirai malware is a DDoS Trojan and targets Linux systems and, in particular, IoT devices. A botnet formed using the malware was used to blast junk traffic at the website of security researcher Brian Krebs last month in …
John Leyden, 03 Oct 2016

Criticize Donald Trump, get your site smashed offline from Russia

It has been an odd day for Newsweek – its main site was taken offline after it published a story claiming a company owned by Republican presidential candidate Donald Trump broke an embargo against doing deals with Cuba. The magazine first thought that the sheer volume of interest in its scoop was the cause for the outage, but …
Iain Thomson, 30 Sep 2016
A Starship bot face-tp-face with a pensioner on the street

Pisspoor IoT security means it'd be really easy to bump off pensioners

Two things are fixed on everyone's minds when it comes to the Internet of Things: security and law. How does industry overcome the threats posed by these two hurdles? Speaking at yesterday's Cambridge Wireless IoT event in London, Max Heinemeyer from Darktrace was all in favour of automating away the security problems. He …
Gareth Corfield, 29 Sep 2016

Internet of Things security? Start with who owns the data

“Defence is only as strong as the weakest link,” said Tim Phipps of Solarflare at today’s Cambridge Wireless event on security within the Internet of Things. Today's Cambridge Wireless event was part of its Special Interest Group focusing on security and defence. In particular, on securing and defending the Internet of Things …
Gareth Corfield, 28 Sep 2016
Credit card fraud

Urgent! Log in for spear-phisher survey or your account will be deleted

Europol’s annual cyber-crime survey warns that the quality of spearphishing and other "CEO fraud" is continuing to improve and "cybercrime-as-a-service" means an ever larger group of fraudsters can easily commit online attacks. Many threats remain from last year – banking trojan attacks are still an issue for businesses and …
John Oates, 28 Sep 2016
Irritated man looks at office desktop screen in frustration. Photo by Shutterstock

No wonder we're being hit by Internet of Things botnets. Ever tried patching a Thing?

Internet of Things devices are starting to pose a real threat to security for the sensible part of the web, Akamai's chief security officer Andy Ellis has told The Register. Speaking in the aftermath of the large DDoS against security journalist Brian Krebs, Ellis elaborated a little on the makeup of the botnet which took down …
Gareth Corfield, 27 Sep 2016
Image by hobbit

152k cameras in 990Gbps record-breaking dual DDoS

The world's largest distributed denial of service (DDoS) attack has been clocked from the same network of 152,463 compromised low-powered cameras and internet-of-things devices which punted a media outlet off the internet. Last days, we got lot of huge DDoS. Here, the list of "bigger that 100Gbps" only. You can see the …
Team Register, 27 Sep 2016

Security man Krebs' website DDoS was powered by hacked Internet of Things botnet

The huge distributed denial of service (DDoS) attack which wiped security journalist Brian Krebs' website from the internet came from a million-device-strong Internet of Things botnet. "Attack appears to include numerous IoT devices, including security cameras. Still itemizing them," an Akamai spokesman told El Reg by email. …
Gareth Corfield, 26 Sep 2016
Image by robodread

Google rushes in where Akamai fears to tread, shields Krebs after world's-worst DDoS

Google has provided free distributed denial of service attack (DDoS) mitigation services to security publication Krebs on Security, stepping in after Akamai withdrew support. The information security site was last week hammered with a 620Gbps DDoS attack, widely rated one of the world's largest by volume of junk data. …
Darren Pauli, 26 Sep 2016

IBM botched geo-block designed to save Australia's census

Australia's Bureau of Statistics has heavily criticised IBM for the security it applied to the nation's failed online census, which was taken offline after a distributed denial of service (DDoS) attack that battered a curiously flimsy defensive shield. The Bureau also admits it could have done better in a submission (PDF) to a …
Simon Sharwood, 23 Sep 2016

DDoS attacks: For the hell of it or targeted – how do you see them off?

Distributed Denial of Service (DDoS) attacks can be painful and debilitating. How can you defend against them? Originally, out-of-band or scrubbing-centre DDoS protection was the only show in town, but another approach, inline mitigation, provides a viable and automatic alternative. DDoS attacks can be massive, in some cases …
Danny Bradbury, 22 Sep 2016
OpenResty Logo

WTF is OpenResty? The world's fifth-most-used Web server, that's what!

Netcraft's September survey of the world's most prevalent web servers turned up something interesting: a dip for all major servers but a sudden spike for OpenResty. Open what? OpenResty is a superset of the nginx web server, but bundled with LuaJIT, a just-in-time compiler for the Lua scripting language. We've not covered Lua …
Simon Sharwood, 20 Sep 2016

DDoSers do it more now, but they do it less fiercely*

The number of distributed denial of service attacks has doubled over the last 12 months. Akamai reports that Q2 saw a 129 per cent year-on-year increase in total DDoS attacks. During the second quarter, Akamai mitigated a total of 4,919 attacks, one of which (against a media company) reached an eye-watering 363n Gbps. Although …
John Leyden, 15 Sep 2016

Infected Android phones could flood America's 911 with DDoS attacks

A research trio has shown how thousands of malware-infected phones could launch automated distributed denial of service attacks to cripple the US emergency phone system "for days". The attacks are a new area of research and exploit the need for emergency call services to accept all calls regardless of origin. The theoretical …
Darren Pauli, 13 Sep 2016

Meet DDoSaaS: Distributed Denial of Service-as-a-Service

Analysis It’s not often an entirely new and thriving sector of the “digital economy” – one hitherto unmentioned by the popular press – floats to the surface of the lake in broad daylight, waving a tentacle at us. This is the DDoS-for-hire industry, and it’s fascinating for a few reasons. This shady marketplace has done everything a …
Andrew Orlowski, 12 Sep 2016

Israeli Pentagon DDoSers explain their work, get busted by FBI

Two Israeli men have been arrested for running a distributed-denial-of service-as-a-service site, after one seemingly claimed to attack the Pentagon. Itay Huri and Yarden Bidani, released on US$10,000 bonds, were arrested following a tip off from the FBI, local news site TheMarker reports. A Twitter account using Bidani's …
Darren Pauli, 12 Sep 2016

Linode fends off multiple DDOS attacks

Cloud hosting outfit Linode has again come under significant denial of service (DoS) attack. The attacks aren't as bad as the epic events that all-but-took Linode down in January 2016, but they are coming in thick and fast. The company's reported DoS attacks on September 2nd, September 4th and then a series of attacks on …
Simon Sharwood, 11 Sep 2016
stack of newspapers

Anti-piracy site DDoSed

Swedish anti-piracy site was taken offline on Friday by a suspected DDoS attack. The debt collection company behind the site - which aims to identify Swedes engaged in illicit file sharing - suspects that it’s become the victim of a distributed denial of service attack, according to local reports (Google …
John Leyden, 02 Sep 2016

We want GCHQ-style spy powers to hack cybercrims, say police

Traditional law enforcement techniques are incapable of tackling the rise of cybercrime, according to a panel of experts gathered to discuss the issue at the Chartered Institute of IT. Last night more than a hundred IT professionals and academics, including representatives of the National Crime Agency and Sir David Omand, the …

Suspicious DNS activity runs rife

Nearly half (40 per cent) of enterprise networks tested by security appliance firm Infoblox show evidence of DNS tunnelling. DNS tunnelling is symptomatic of active malware or ongoing data exfiltration within an organisation’s network. Infoblox’s latest quarterly security assessment report (pdf) also measured the prevalence of …
John Leyden, 01 Sep 2016

Blizzard blighted by another DDoS storm

Blizzard, the game developer behind World of Warcraft and Overwatch, was hit by another DDoS attack on Tuesday. The assault coincides with the final day of its Overwatch Summer Games event. In an update to an official Twitter account, Blizzard admitted the assault was affecting its ability to deliver services. "We continue to …
John Leyden, 23 Aug 2016

DIY bank account raiding trojan kit touted in dark web dive bars

Cybercrooks are touting a new DIY financial crime kit that lets you roll your own ZeuS-like software nasty. The Scylex malware kit can be used to build malicious code that, once running on a victim's Windows PC, snoops on online banking passwords, intercepts web traffic and opens a backdoor granting full control over the …
John Leyden, 12 Aug 2016

Meet DDoSCoin, the cryptocurrency that pays when you p0wn

A curious proof-of-work project built on cryptocurrency has emerged that offers a means to prove participation in distributed denial of service (DDoS) attacks. University of Colorado assistant professor Eric Wustrow and University of Michigan phD student Benjamin VanderSloot create the platform that allows TLS web servers to …
Darren Pauli, 12 Aug 2016

Imperva under pressure to find buyer after disappointing results

An activist investor is reportedly pushing data centre security firm Imperva to find a buyer following disappointing financial results. Cisco Systems, IBM, Raytheon or Symantec are touted as potential suitors of the Israeli entrepreneur-founded firm, which markets Web Application Firewalls and DDoS mitigation services. …
John Leyden, 11 Aug 2016

Networking wonks say lousy planning, not DDOS, caused #Censusfail

The failure of the Australian census seems to be a failure of planning. The Federal Government is blaming a distributed denial of service attack (DDoS) and an abundance of caution for sending the once-every-five-years Antipodean citizen survey into a grinding halt beginning last night and continuing as of the time of writing …
Darren Pauli, 10 Aug 2016
Dr Strangelove bomb

#Censusfail Australia: Not an attack, data safe, no heads to roll

“This was not an attack, nor was it a hack”: that's the official government position on the collapse of last night's Australian online Census systems, attributed to a denial-of-service attack. The chief statistician David Kalisch, the small business minister Michael McCormack and the government's infosec spokesperson Alexander …
People fight in cartoon cloud. photo by Shutterstock

Hybrid cloud: Deciding the right mix for your workloads

Blog Anyone who's read much of what I write for The Reg will know that I'm a believer in hybrid cloud – using the cloud for some elements of your world whilst retaining components on-premises too. But precisely which elements? We'll look at how you might decide what belongs where: on-premises, in the private cloud, or in the public …
Dave Cartwright, 09 Aug 2016