Search This Blog

Showing posts with label DDoS. Show all posts

How Coronavirus Panic Created a Perfect Opportunity for Cyberattacks in Crucial Sectors?


In tough times like this, there is always someone out there looking for a weak spot to attack their enemy. The impact of Coronavirus today has devastated the socio-economic and political sectors; it has disrupted the commercial industry entirely, which has led to the fall of global trade and commerce, and unmistakably the panic and the terror among the people. Few people are already aware of this, but unfortunately, there still exist several people who are not aware of the fact that hackers are using it as an opportunity to exploit this vulnerability by launching cyberattacks.


For instance, recently, the US Department of Health and Human Services suffered a cyberattack while it was dealing with the coronavirus situation. However, none of the website's data and information was compromised. Still, according to the officials, hackers responsible for the attack are state-sponsored, looking for it as an opportunity to attack the working of the US departments and institutions. In other incidents, cyberattacks under the name of 'Wuhan Coronavirus' were launched in many countries. According to Kaspersky experts, ten files with the names of 'coronavirus-spread' contain malware, and file-encrypting infections are barging into systems and corrupting them.

The Potential Target Areas

1. Political: Cyber attacks can be launched on prominent political infrastructures like government ministries and health departments with the use of false information and misinformation. The latest DDoS attack on the US Department of health is just a beginning. False reports of 'nationwide lockdown' or 'nationwide quarantine' appeared in many countries like India and the US. The government is continuously working to expose these fake news by launching an official caution advisory on their websites requesting the public not to trust or share unverified information.

2. Criminal: The hackers are looking at it as an opportunity to launch cyberattacks. According to Checkpoint's Global Threat Index, "hackers around the globe have found the Coronavirus serving them well as an enabler for their activities. They are still riding the wave of the epidemic. Our Global Threat Index for January 2020 shows cyber-criminals are exploiting interest in the global epidemic to spread malicious activity, with several spam campaigns relating to the outbreak of the virus."

DDoS Attacks on the Gaming Giant Blizzard Causing Worldwide Service Disruption


In order to ruin the users' stay at home during their work from home period brought about by COVID-19, the hackers have hit gaming giant "Blizzard" with a colossal DDoS attack causing worldwide service disruption.

The attack, as per reports was carried out on March 18th around 2:20 AM (GMT) when Blizzard users took the issue to Twitter and the Customer Support handle for Blizzard on Twitter additionally affirmed enduring the DDoS attacks.

The company further clarified that it is “currently investigating an issue affecting our authentication servers, which may result in failed or slow login attempts.”

As indicated by DownDetector's live map, Blizzard is as yet enduring the result of the attack particularly in the US, Israel, Bahrain, Iraq, China, Singapore, Malaysia, and Denmark and a few other countries.
Image credit: Down Detector’s live map


Furthermore, it is very unclear whether the DDoS attack has halted as there has been no update tweet from the company. It is, however, worth noting that Blizzard is home to probably the most mainstream games including World of Warcraft, Overwatch, Heroes of the Storm and Diablo Immortal, and so on.

The gaming monster has a strong customer base with in excess of 32 million active users across the global. Aside from these EA Sport, a division of Electronic Arts is likewise enduring a worldwide service blackout.

It is indistinct on the off chance that it is an aftereffect of a DDoS attack or the company is confronting technical challenges within however there have been various tweets from EA Sports customers complaining about lagging and connectivity issues.

As indicated by DownDectector's live map, EA Sports is as yet enduring lagging issues in the US, United Kingdom, France, Spain, Denmark, Japan, and Israel, and so forth.

Image credit: Down Detector’s live map


By and by, it is most likely not a smart decision to DDoS Blizzard but rather users are encouraged to remain tuned for any further news with respect to the attack.

Hackers launch DDoS Attacks to Target Australian Banks


Hackers threatening banks in Monero to pay large amounts of money, and if the demands are not met, hackers have blackmailed to launch DDoS attacks against the banks. Since last week, bank corporations and different organizations in the financial sector in Australia have become the target of DDoS extortion campaigns.

A hackers group is blackmailing the victims to pay heavy amounts as a ransom. The attackers threaten to conduct a DDoS (Distributed Denial of Service) attack unless they are paid with XMR cryptocurrency in Monero. A security threat has been sent out by ACSC (Australian Cyber Security Centre) to inform the public about the attack. According to ACSC, none of the hackers have launched any attacks, nor has there been any news of DDoS attacks. The current evidence serves as proof of this claim.


DDoS Campaign Began in 2019 

The Global Ransom Denial of Service (DDoS), a campaign that started in October 2019, is responsible for launching the attacks on Australian financial organizations. According to ZDNet, earlier ransom efforts targeted financial companies and the banking sector. But over time, these attacks expanded and reached out to other industries. The list of nations who were the victims of the ransom threat is the banking sector in South Africa and Singapore, the telecom sector in turkey, ISP providers in South Africa and gambling websites in South Asian countries.

The ransom demands kept going on, and the attackers systematically extended the campaigns to 10 different countries across the world. Some of the attacks were successful but not all of them, as it would have been near to impossible to launch an all-out DDoS resource attack against each party. According to claims of ZDNet, it confirms that numerous attacks launched against the parties as a part of the campaign were successful.

The Group keeps changing names 

The group responsible for these attacks kept changing their identity to prevent being identified by the authorities. At first, they used Fancy Bear, the Russian hackers' group responsible for the 2014 White House Attack and 2016 DNC hack. After that, they used Cozy Bear, another Russian hacking group which is also infamous for the 2016 DNC attack.

Chinese Cyber-attack Hit Telegram Amidst Hong Kong Protests


Telegram a secure messaging app was as of late literally bombarded by a network of computers in China following the protests started by the Hong Kong government's plans to authorize another law.

On Tuesday night, as the protesters assembled close to the Legislative Building of Hong Kong, the authorities arrested the administrator of a Telegram talk group with approx. 20,000 individuals, despite the fact that he was absent at the protest site.

This law thusly enacted by the Hong Kong Government is said to enable individuals in the city to be 'extradited' to Mainland China, where the court framework is closed off from open scrutiny and firmly constrained by the Communist Party.

The uncommon estimates taken up by the Hong Kong authorities propose that the police have made their own way against the protesters, by constraining the digital communication.

Since the protesters were utilizing the present systems networking tools to summon their positions, share wellbeing tips and arrange reserves of nourishment and beverages, even as they find a way to shroud their characters. The experts reacted by tracking them where they plan their moves, recommending that they are taking cues to the manners in which China polices the internet.

Protesters and police offers like have yet brought along carried another 'technological savvy to the standoff.

Lokman Tsui, a professor at the School of Journalism and Mass Communication at the Chinese University of Hong Kong, shared his opinions with respect to the entire circumstance by saying that, We know the government is using all kinds of data and trails to charge people later on, this is why people are minimizing their footprints as much as possible, they are being much more conscious and savvy about it.”

The police used tear gas as protesters came closer to the Legislative Council building in Hong Kong on Wednesday. Protesters used the app Telegram to organize, but the police were watching.

Telegram said on its Twitter account that it had the option to settle its administrations not long after the attack started. It portrayed the overwhelming traffic as a DDoS attack, in which servers are invaded with solicitations from a planned system of PCs.

A significant number of these protesters seem, by all accounts, to be college-eyed and carefully adroit. They went to considerable lengths to keep from being captured or carefully followed. To go to and from the protesters, many remained in lines to purchase single-ride subway tickets as opposed to utilizing their digital payment cards, which can be followed. Some even standing up to the police, securing their faces with caps and covers, giving them anonymity just as some protection from the tear gas.

Beijing however is the one nation that has been accused in the past for attacks that silence political speech outside mainland China's borders.

“The bottom line is whether to trust Beijing,” said Dr. Tsui, the communications professor. “This is a government that routinely lies to its own citizens, that censors information, that doesn’t trust its own citizens. You can’t ask us to trust you if you don’t trust us.”

“These kids that are out there, all the young people, they’re smart,” he added. “They know not to trust Beijing.”

The event however presents no new challenge for Telegram, for as it has been utilized for boundless protests previously too — and has confronted numerous administration as well as government crackdowns. Some of the leading examples of nations who prohibited or obstructed its utilization include Russia, Moscow and Iran.

Telegram hit by DDoS attack





A most secure messaging app Telegram has been hit by a "powerful" distributed denial-of-service (DDoS) attack on Wednesday morning.

The app was down for many users across the globe, but people in the United States were most badly affected by this attack, according to DownDetector.

The  company said in a tweet, ‘We’re currently experiencing a powerful DDoS attack, Telegram users in the Americas and some users from other countries may experience connection issues.’

The app was down for just a little over an hour, and in the meantime, the company tweeted an explanation of how a DDoS attack works.

"Imagine that an army of lemmings just jumped the queue at McDonald's in front of you – and each is ordering a whopper," Telegram tweeted. "The server is busy telling the whopper lemmings they came to the wrong place – but there are so many of them that the server can't even see you to try and take your order."

The firm described the whole mechanism of how hackers accomplish a DDoS attack.

"To generate these garbage requests, bad guys use 'botnets' made up of computers of unsuspecting users which were infected with malware at some point in the past. This makes a DDoS similar to the zombie apocalypse: one of the whopper lemmings just might be your grandpa," the company said in another tweet.

However, Telegram said that every users’ data was safe, there was no kind of data hack through the whole attack. 

"There's a bright side: All of these lemmings are there just to overload the servers with extra work – they can't take away your Big Mac and Coke," the company tweeted.

Telegram refused to respond to a request for comment. 





The Dark Side of Kremlin- The Catalogue of Russian Data Leaks: All You Need To Know




Thousands of Russian emails and documents were leaked online in the late January in a catalogue named “The Dark Side of Kremlin”.


The catalogue was published by a “transparency collective” which goes by the name of “Distributed Denial of Secrets”.

DDoS encompasses an anonymous group of journalists, researchers, tech-experts and activists.

The documents contained private information regarding all the major hot-shots of Russia including the politicians, religious figures and the military.

The DDoS say, that their only job is to provide information to those who need it. If the information strengthens suspicions it hardly matters.

They also mentioned that their collection of data including emails, chat logs and attachments were hacked a few years ago by several hacking groups in Russia and Ukraine.

The Cyber Junta, Russian hackers Shaltai-Boltai, Ukrainian Cyber Alliance and other international parties were among the few accused.

The information leaked includes private documents and emails from the Ministry of Defense, the Russian Presidential Administration and other high-level political operatives.

Russia’s Prime Minister Dimitry Medvedev’s phone was hacked and his holiday pictures were uploaded online.

Russian President’s chef who controls companies that cater fancy banquets in Kremlin also lost his private notes to the leak.

The leak also includes the elaborate personal notes made by the chef on conversations between Putin and European leaders from Italy and Britain.

The most revealing hacks were the ones that came from the Russian Presidential Administration, which fairly let the Russian government, be a little more “transparent”.

The leak had details on how the government controls the Russian media and the way it transmits messages etc.

The most concerning part is that no one knows for sure how much and what kinds of information have been laid out bare in the open.

The leaks also provide an insight about the relations between Ukraine and Russia.

The inner-doings of Russia’s proxies and other insidious groups have also been brought into the light.

The DDoS had experienced a wipe on their servers making it imperative for them to upload it soon, in order to prevent the data from being censored.

Reportedly, this leak can’t be considered as a revenge for anything that has happened before, it was just an attempt at transparency.

A lot of the information present in the leaks was already available on the web but a lot of new investigations have been given birth due to this massive leakage.

This Russian document leak has created a paradigm shift in the way countries take their cyber-security seriously.

Analyzing these leaks could possibly lead Russia to adopting a new way of securing the web and its Presidential administration.

The government has already started taking care of its cyber-security vigilantly and all the loop holes will soon be filled up.

Attackers Utilize UPnP Features to Make DDoS Attacks Harder To Be Recognized




Security researchers are continuously observing DDoS attacks that utilize the UPnP features of home routers to modify network packets and make DDoS attacks harder to be recognizable and relieve with classic solutions.

Researchers from Imperva detailed the first UPnP port masking method, a new technique, a month ago.

Imperva staff announced that some DDoS botnets had begun utilizing the UPnP protocol found on home routers to skip the DDoS traffic off the router, but change the traffic's source port to an arbitrary number.

By changing the source port, more seasoned DDoS mitigation systems that depended on perusing this data to square approaching attacks started failing left and right, thus permitting the DDoS attacks to hit their intended targets.

The new DDoS mitigation systems that depend on deep packet inspection (DPI) are fit for identifying these sorts of attacks that utilize randomized source ports, however these are likewise more fiscally expensive for users and furthermore work slower, thus taking more time to distinguish and stop attacks.
\
Researchers at Imperva, Back in May, said that they've seen botnets executing DDoS attacks through the DNS and NTP protocols , but by utilizing UPnP to camouflage the traffic as originating from irregular ports, and not port 53 (DNS) or port 123 (NTP).

In those days, Bleeping Computer had foreseen that the strategy would turn out to be more prevalent among the botnet creators. This feeling turned out to be true yesterday when in a report by Arbor Networks, the organization wrote about observing comparative DDoS attacks that utilized the UPnP protocol, yet this time the procedure was utilized to mask the SSDP-based DDoS assaults.

SSDP DDoS attacks that would have been effectively moderated by blocking the approaching packets that came from port 1900 were harder to spot as the majority of the traffic originated from random ports rather than just one.

This UPnP-based port masking technique is obviously spreading among DDoS administrators, and DDoS mitigation providers will have to alter on the off chance that they need to stay in business, while organizations should put into overhauled securities in the event that they need to stay above water amidst these new types of deadly DDoS attacks.