Top CyberSecurity News for November 14th 2016

  1. The Internet’s Biggest Hacking Forum Removes Its DDoS-for-Hire SectionFrom Softpedia. 

    Omniscient, the administrator of Hack Forums, the Internet’s biggest freely accessible hacking-related forum, announced on Friday, October 26, that he would remove the DDoS-for-Hire section from the forum.

    His decision came after a series of events that have tied his forum to DDoS attacks carried with the Mirai botnet.

    It all started when a Hack Forums user named Anna-Senpai released the source code of the Mirai malware via the forum, which drew a massive and immediate attention from security researchers.

    A person who had taken Mirai’s source code and modified it, had then used it to launch a DDoS attack on the network of Dyn, a managed DNS service, which resulted in a large section of the Internet becoming unavailable.

Top CyberSecurity News for November 11th 2016

  1. Russian banks floored by DDoS attacksFrom The Register. 

    At least five Russian banks weathered days-long DDoS attacks this week.

    A wave of assaults began on Tuesday afternoon and continued over the next two days. Victims include Sberbank and Alfabank, both of which confirmed DDoS attacks on their online services, RT reports.

    The attacks were powered by compromised IoT devices, according to an unnamed Russian Central Bank official. Early indications are that the Mirai IoT botnet which disrupted DNS services for scores of high-profile websites in October 2016 may be behind the latest attacks but this is unconfirmed.

    The last DDOS attack on this scale against Russian banks was in October 2015, when eight major institutions were targeted.

Top CyberSecurity News for November 8th 2016

  1. Lessons From the Dyn DDoS AttackFrom Schneier.com. 

    A week ago Friday, someone took down numerous popular websites in a massive distributed denial-of-service (DDoS) attack against the domain name provider Dyn. DDoS attacks are neither new nor sophisticated. The attacker sends a massive amount of traffic, causing the victim’s system to slow to a crawl and eventually crash. There are more or less clever variants, but basically, it’s a datapipe-size battle between attacker and victim. If the defender has a larger capacity to receive and process data, he or she will win. If the attacker can throw more data than the victim can process, he or she will win.

    The attacker can build a giant data cannon, but that’s expensive. It is much smarter to recruit millions of innocent computers on the internet. This is the “distributed” part of the DDoS attack, and pretty much how it’s worked for decades. Cybercriminals infect innocent computers around the internet and recruit them into a botnet. They then target that botnet against a single victim.

Daily CyberSecurity News For 4th November 2016

  1. Mirai botnet attackers are trying to knock an entire country offlineFrom ZDNet. 

One of the largest Distributed Denial-of-Service (DDoS) attacks happened this week and almost nobody noticed.

Since the cyberattack on Dyn two weeks ago, the internet has been on edge, fearing another massive attack that would throw millions off the face of the web. The attack was said to be upwards of 1.1Tbps — more than double the attack a few weeks earlier on security reporter Brian Krebs’ website, which was about 620Gbps in size, said to be one of the largest at the time. The attack was made possible by the Mirai botnet, an open-source botnet that anyone can use, which harnesses the power of insecure Internet of Things (IoT) devices.

Daily CyberSecurity News For 2nd November 2016

  1. New, more-powerful IoT botnet infects 3,500 devices in 5 daysFrom ArsTechnica. 

    There’s a new, more powerful Internet-of-things botnet in town, and it has managed to infect almost 3,500 devices in just five days, according to a recently published report.

    Linux/IRCTelnet, as the underlying malware has been named, borrows code from several existing malicious IoT applications. Most notably, it lifts entire sections of source code from Aidra, one of the earliest known IoT bot packages. Aidra was discovered infecting more than 30,000 embedded Linux devices in an audacious and ethically questionable research project that infected more than 420,000 Internet-connected devices in an attempt to measure the security of the global network. As reported by the anonymous researcher, Aidra forced infected devices to carry out a variety of distributed denial-of-service attacks but worked on a limited number of devices.

Daily CyberSecurity News For October 29th 2016

  1. Bug Bounty Hunter Launches Accidental DDoS Attack on 911 Systems via iOS BugFrom Softpedia. 

    The Maricopa County Sheriff’s Office Cyber Crimes Unit arrested Meetkumar Hiteshbhai Desai, an 18-year-old teenager from the Phoenix area, for flooding the 911 emergency system with hang-up calls.

    According to a press release from the Maricopa County Sheriff’s Office, Desai created a JavaScript exploit, which he shared on Twitter and other websites with his friends.

    People accessing Desai’s link from their iPhones saw their phone automatically dial and redial 911.

Top CyberSecurity News For October 27th 2016

  1. Dyn DNS DDoS likely the work of script kiddies, says FlashPointFrom TechCrunch. 

    Business risk intelligence firm FlashPoint has put out a preliminary analysis of last week’s massive denial of service attack against Dyn DNS, and its conclusion is it was likely the work of amateur hackers — rather than, as some had posited, state-sponsored actors perhaps funded by the Russian government.

    The DDoS attack against Dyn’s domain name system impacted access to a range of sites in parts of the U.S. last Friday, including PayPal, Twitter, Reddit, GitHub, Amazon, Netflix, Spotify and RuneScape.

    Aside from suspicion falling on Russia, various entities have also claimed or implied responsibility for the attack, including a hacking group called the New World Hackers and — bizarrely — WikiLeaks, which put out a (perhaps joke) tweet suggesting some of its supporters might be involved.

Top CyberSecurity News For October 22nd 2016

  1. Hacked Cameras, DVRs Powered Today’s Massive Internet OutageFrom KrebsOnSecurity. 

    A massive and sustained Internet attack that has caused outages and network congestion today for a large number of Web sites was launched with the help of hacked “Internet of Things” (IoT) devices, such as CCTV video cameras and digital video recorders, new data suggests.

    Earlier today cyber criminals began training their attack cannons on Dyn, an Internet infrastructure company that provides critical technology services to some of the Internet’s top destinations. The attack began creating problems for Internet users reaching an array of sites, including Twitter, Amazon, Tumblr, Reddit, Spotify and Netflix.

Top CyberSecurity News For October 21st 2016

  1. This Is Probably Why Half the Internet Shut Down TodayFrom Gizmodo.   

    Twitter, Spotify and Reddit, and a huge swath of other websites were down or screwed up this morning. This was happening as hackers unleashed a large distributed denial of service (DDoS) attack on the servers of Dyn, a major DNS host. It’s probably safe to assume that the two situations are related.

    Domain Name Servers (DNS) act as the Internet’s phone book. Basically, they facilitate your request to go to a certain webpage and make sure you are taken to the right place. If the DNS provider that handles requests for Twitter is down, well, good luck getting to Twitter.

Top CyberSecurity News For October 16th 2016

  1. Mirai IoT DDoS Trojan Now Targets Cellular Network EquipmentFrom Softpedia. 

    Sierra Wireless, one of the biggest hardware manufacturers of mobile equipment, has issued an alert yesterday, warning customers not to use default passwords with their devices as they might be at risk of infection from the infamous Mirai malware.

    The company says that Airlink wireless routers and gateways deployed with 3G and 4G LTE cellular networks are at risk.

    Sierra says that network operators that use these devices across their infrastructure, and are using them with their default credentials are at risk of having the devices taken over and employed in DDoS attacks.