[ISN] Fueled by super botnets, DDoS attacks grow meaner and ever-more powerful

http://arstechnica.com/security/2013/04/fueled-by-super-botnets-ddos-attacks-grow-meaner-and-ever-more-powerful/ By Dan Goodin Ars Technica Apr 17 2013 Coordinated attacks used to knock websites offline grew meaner and more powerful in the past three months, with an eight-fold increase in the average amount of junk traffic used to take sites down, according to a company that helps customers weather the so-called distributed denial-of-service campaigns. The average amount of bandwidth used in DDoS attacks mushroomed to an astounding 48.25 gigabits per second in the first quarter, with peaks as high as 130 Gbps, according to Hollywood, Florida-based Prolexic. During the same period last year, bandwidth in the average attack was 6.1 Gbps and in the fourth quarter of last year it was 5.9 Gbps. The average duration of attacks also grew to 34.5 hours, compared with 28.5 hours last year and 32.2 hours during the fourth quarter of 2012. Earlier this month, Prolexic engineers saw an attack that exceeded 160 Gbps, and officials said they wouldn’t be surprised if peaks break the 200 Gbps threshold by the end of June. The spikes are brought on by new attack techniques that Ars first chronicled in October. Rather than using compromised PCs in homes and small offices to flood websites with torrents of traffic, attackers are relying on Web servers, which often have orders of magnitude more bandwidth at their disposal. As Ars reported last week, an ongoing attack on servers running the WordPress blogging application is actively seeking new recruits that can also be harnessed to form never-before-seen botnets to bring still more firepower. Also fueling the large-scale assaults are well-financed attackers who are increasingly able to coordinate with fellow crime organizations, Prolexic officials wrote in quarterly global DDoS report published Wednesday. […] ______________________________________________ Visit the InfoSec News Security Bookstore Best Selling Security Books and More! http://www.shopinfosecnews.org




Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Malware and domain-squatters target Boston Marathon bombing

http://www.theregister.co.uk/2013/04/17/malware_squatters_boston_marathon_bombing/ By Iain Thomson in San Francisco The Register 17th April 2013 The scummier end of the online community has been quick to use Monday’s bombing of the Boston Marathon as bait for multiple malware dispersals, plus a spot of old-fashioned online fraud along the way. Within 24 hours of the blasts, the ISC reported that 234 potentially fake domains have been registered featuring mention of the attack. Some have started soliciting donations (including one asking for Bitcoins – evidently confident that the current $90 unit price will rise again) but there are no reports of spammers using them, as yet. It should be pointed out that a few of these domains were bought by people looking to stop squatters, and most are “parked” or dead-end links at this stage. John Bambenek, ISC member and founder of Bambenek Consulting, said the figures were rather a positive sign. “I would have thought this would have picked up quicker than it had,” he said. “That said, it did give me the impetus to finish scripting a few things to basically monitor these domains automatically to start looking for indicators and to see when (or if) they ever come out of ‘parked’ status.” […] ______________________________________________ Visit the InfoSec News Security Bookstore Best Selling Security Books and More! http://www.shopinfosecnews.org


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] ‘Miami’ vice hacker fights extradition to U.S.

http://www.baltictimes.com/news/articles/32831/?/ The Baltic Times Apr 17, 2013 RIGA – Latvian cyber-crime suspect Deniss Calovskis is innocent until proven guilty, but the charges against him are very serious, U.S. Ambassador to Latvia Mark Pekala said, commenting on the so-called ‘Riga hacker affair,’ reports LETA. “Taking into account his possible participation in these crimes, Calovskis has been charged with fraud and large scale cyber-theft with the aim of obtaining bank account information, by the United States. The virus which was created by Calovskis and his accomplices infected over a million computers throughout the world, and 40,000 computers in the U.S., causing tens of millions [of dollars] in damages for companies, state institutions and private individuals,” the ambassador explains. Pekala admitted that the U.S. is clearly interested in the charges against Calovskis, which are inside U.S. jurisdiction. “Our banks and our residents were victims of this crime. Both Latvian and U.S. law have been taken into account in this case. In the near future, the Cabinet of Ministers will decide whether to extradite Calovskis to the U.S. to face prosecution. If he is extradited, he will face court proceedings in the U.S. according to U.S. laws and processes,” the ambassador said. Pekala added that since 2006, the United States has extradited three people to Latvia, while in 2012 a Latvian citizen was extradited to the United States. […] ______________________________________________ Visit the InfoSec News Security Bookstore Best Selling Security Books and More! http://www.shopinfosecnews.org


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Tactics of WordPress attackers similar to bank assaults

http://www.csoonline.com/article/731797/tactics-of-wordpress-attackers-similar-to-bank-assaults By Antone Gonsalves CSO April 16, 2013 Cybercriminals are attacking servers hosting WordPress sites in an attempt to build a potent botnet that would be eerily similar to one used last year to attack major U.S. financial institutions. The motives of the latest attackers is not known. However, their tactics resemble those used to build the infamous Brobot botnet, in which the attackers compromised PHP-based websites powered by the Joomla and WordPress content management systems. It was used to attack financial institutions including as U.S. Bancorp, JPMorgan Chase & Co., Bank of America, PNC Financial Services Group and SunTrust Banks. The similarities have some security experts worried. “I don’t think we can know exactly what the motivations for the attacks are right now, but the concern is this attack could be building something very similar and its scale is pretty significant,” said Matthew Prince, co-founder and chief executive of CloudFlare. In both attacks, the criminals used a botnet comprised of home personal computers to attack hosting servers in order to build a far more powerful network. In the latest assaults, the hackers are using a so-called “brute-force” attack, which involves trying many combinations of commonly used user names and passwords. […] ______________________________________________ Visit the InfoSec News Security Bookstore Best Selling Security Books and More! http://www.shopinfosecnews.org


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Central Hudson says extent of cyber breach an unknown

http://www.poughkeepsiejournal.com/article/20130417/NEWS01/304170003/In-brief-Central-Hudson-says-extent-cyber-breach-an-unknown Poughkeepsie Journal Apr 16, 2013 Central Hudson Gas & Electric Corp.’s president says the company may never be able to confirm if nearly one-third of its customers’ banking information has been compromised by a cyber security breach in February. The utility said in a statement Tuesday that it has completed an internal investigation of the online security attack. The company said it had hired forensic computer experts to conduct the investigation. An external investigation by police is expected to continue, said James P. Laurito, Central Hudson’s president. Experts determined that “malware” designed to seek out and export information had infiltrated Central Hudson’s computer last year, but it cannot be confirmed whether any such export occurred. Laurito said customers should continue to monitor their bank records. […] ______________________________________________ Visit the InfoSec News Security Bookstore Best Selling Security Books and More! http://www.shopinfosecnews.org


Facebooktwittergoogle_plusredditpinterestlinkedinmail