The Rise of the DDoS Attacks and the Abuse of the WS-Discovery Protocol


A new type of attack that feeds on vulnerabilities in the usage of the Web Services Dynamic Discovery protocol has been discovered recently by analysts from Akamai's DDoS mitigation service Prolexic.

The attackers here are said to have had used a moderately new strategy—one that can possibly yield more than 15,000 per cent rate of return for the junk data it heaves at a victim.

Since WS-Disclosure provides devices on a similar network a chance to communicate, and guides them all to ping one area or address with insights concerning themselves, attackers can control WS-Discovery by sending uniquely crafted pernicious protocol requests to vulnerable devices like CCTV cameras and DVRs, which is extremely simple for them to do as WS-Discovery is intended to be utilized internally on local access networks and Akamai gauges that approximately 800,000 gadgets exposed on the web can receive WS-Discovery commands.

“There's a huge pool of vulnerable devices sitting out there waiting to be abused” says Chad Sailor, senior specialist on Akamai's security insight reaction group.

"DDoS attacks abusing the WS-Discovery protocol have increased," says security researcher Troy Mursch.
 "The notable thing here is the amount of vulnerable hosts that can be abused and the large amplification factor that enables crippling attacks."

Video game platforms are the most well-known targets for DDoS attacks, during the beginning of September, for instance, Blizzard's hugely famous World of Warcraft Classic went down sporadically for a considerable length of time as a result of a DDoS attack.

"With gaming, they are one of our most frequently attacked industries," Akamai's Seaman says. "We have a handful of different gaming customers that we protect and we basically see the full gamut of all the different attack vectors and exploratory attacks through them. So it’s not surprising to see them being the first ones being targeted with a new vector."

In any case the dread about WS-Discovery DDoS attacks, however, is that the gaming industry won't be the last target as the researchers caution once more that the industries should be prepared for greater versions in the future.



SGS Servers Compromised In a Data Leak; Customers in Jeopardy!

SGS Servers Compromised In a Data Leak; Customers in Jeopardy!


Firms including MG Motors, Shell India and Daimler India commercial vehicles got in jeopardy as the servers of SGS Group got compromised.

The private data saved on those servers was up for sale for a mere amount of $10,000 on ‘Dark Web’ or on the private internet forums.

Per sources, the data includes quality reports of the few very prominent oil and gas firms and truck manufacturers.

The firm in question mentioned that the leak’s been plugged, the anomalies have also been corrected and all the possible measures have been taken. Also the clients have been informed.

The firm’s Korean division which contains over 6,000 reports and French division were also under attack outing thousands of user data and test reports of its clients.

SGS servers are probably going to have quite a financial impact for its clients and customers.

“The SGS company servers have laid bare legitimate reports and it’s bound to have serious implications as hackers have all the access to the kind of files on the DarkWeb”, said J Prasanna, CEO, Cyber Security and Privacy Foundation Pte Ltd, Singapore.

According to him the situation clearly points to the actual storage devices being compromised.

The concerned firms were questioned about the damage to which Shell replied that they are strongly focused on ensuring high standards for its customers.


Google about to Roll Out One of the Most Awaited Features



In 2018, Google broke headlines for tracking its users location even after they disabled the sharing of location history via their privacy settings.

There were complaints against the company, stating, "Google represented that a user ‘can turn off Location History at any time. With Location History off, the places you go are no longer stored.’ This simply was not true."

In the wake of receiving intense criticism over location history, Google came up with necessary adjustments which now allow users to stop the tech giant from tracking them, except for the applications in which location data is of utmost importance such as Waze and Google Maps.

In an attempt to make Google Maps even more secure and trustworthy, the company added enhanced security features related to location privacy in Android 10; to further better the services and regain the lost user trust, Google is planning to add Incognito Mode to Google Maps and the feature is said to be in testing.

Users can always put restrictions on the location data collected by Google Maps by signing out of their Google account, but it will come at the cost of their convenience, therefore, Google is planning to introduce Incognito Mode which can be turned on by the users in the same way they do it for Youtube or Google Chrome to delink the search or navigation data from their main Google account.

In order to activate Incognito Mode, users can simply choose the option from their Google account avatar and they will be informed about the app being in incognito mode by a black status bar and the marker indicating the location will turn into dark from blue to mark the change.

To enable the feature, users are recommended to install Preview Maps version 10.26 or higher and for those who are not a part of Preview Maps test group, wait until the company releases it on a wider scale.



Avito users were targeted by a dangerous Android Trojan


International company Group-IB, which specializes in the prevention of cyber attacks, has recorded a new Android Trojan campaign, the victims of which are customers of 70 banks, payment systems, web-wallets in the Russian Federation and the CIS. The potential damage from the Trojan, called FANTA, amounted to at least 35 million rubles ($547,000).

FANTA belongs to the Flexnet malware family, which is known to experts since 2015 and studied in detail. The Trojan and its associated infrastructure are constantly evolving: attackers are developing more effective distribution schemes, adding new functionality to more effectively steal money from infected devices and bypass security measures.

According to the company, the Trojan is aimed, in particular, at users who place purchase and sale advertisements on a Russian classified advertisements website Avito.

Attackers find contact details of sellers in a network, and after a while the victim receives personalised SMS about the transfer of full cost of goods to his account. The message contains a link where sellers can find payment details. Then the link opens a phishing page on the Avito website, which notifies the seller of the purchase and contains a description of his goods and the amount received from the sale of the goods. After clicking on the "Continue" bottom, FANTA malware disguised as the Avito application is downloaded to the phone.

The receipt of bank card data is carried out in a standard way for Android Trojans: the user opens phishing site that disguises as legitimate mobile banking application where the victim enters their bank card details", the Group-IB described the scheme of attackers.

Moreover, FANTA analyzes which apps are running on the infected device. Experts found that in addition to demonstrating pre-prepared phishing pages, FANTA also reads the notifications text about 70 banking applications, fast payment systems and e-wallets. In addition, an important feature of FANTA, which the creators paid special attention, is the bypass of anti-virus tools.

According to Group-IB, the latest attack was aimed at Russian — speaking users, most of the infected devices are located in Russia, a smaller part is in Ukraine, Kazakhstan and Belarus.
It's interesting to note that FANTA developers are able to hack the devices of users of about 30 different Internet services, such as AliExpress, Youla, Pandao, Aviasales, Booking, Trivago, as well as taxi and car sharing services.

Earlier in another Russian service of free ads Youla stated that the company plan to completely remove the display numbers, keeping all communications within the service.

JPMorgan hacker to plead guilty next week in New York




One of the key suspects in the enormous JPMorgan Chase hack in 2014, a Russian hacker Andrei Tyurin, is all set to plead next week in New York.

He was one of the several people charged for the case in 2015, and was on the loose until Georgian officials caught hold of him a year ago. Gery Shalon, the supposed instigator of the conspiracy, was arrested in Israel in 2015 and handed over to the US as he has allegedly been in touch with American authorities.

During Tyurin's first New York court appearance; it was proposed that his associations in the criminal world may enable specialists to examine the Russian endeavours to disrupt the 2016 US presidential election through cyber-attacks and hacking.

Tyurin was first produced in a US court in September the previous year after he was handed over from the Republic of Georgia and he had pleaded not guilty to charges including hacking, wire fraud, identity theft and conspiracy.

From that point forward, various hearings for his situation have been cancelled as prosecutors and defence attorneys worked through for an agreement and just last week, the Manhattan US attorney's office endeavoured to solidify his New York case with one in Atlanta, in which he is one of the few accused for hacking E*Trade.