How hackers tried to knock blacklivesmatter.com offline

DBO writes, "A new report by Deflect Labs tracks the complex ways that hackers have sought to take down the Black Lives Matter website. The attacks, which relied on harvesting WordPress sites, increased in sophistication and left a murky, unsavory trail by actors who did everything from try to extort the website to taking it down entirely." Read the rest

Not just crapgadgets: Sony's enterprise CCTV can be easily hacked by IoT worms like Mirai

The unprecedented denial-of-service attacks powered by the Mirai Internet of Things worm have harnessed crappy, no-name CCTVs, PVRs, and routers to launch unstoppable floods of internet noise, but it's not just faceless Chinese businesses that crank out containerloads of vulnerable, defective-by-design gear -- it's also name brands like Sony. Read the rest

DDoS attack on Finnish automated buildings disabled heating controls

When the heat goes out during Finnish winter, it's a matter of life and death, so when two automated buildings controlled by Valtia systems suffered DDoS attacks that shut off the heat, Finns were understandably alarmed about the new threat. Read the rest

Two hackers are selling DDoS attacks from 400,000 IoT devices infected with the Mirai worm

The Mirai worm -- first seen attacking security journalist Brian Krebs with 620gbps floods, then taking down Level 3, Dyn and other hardened, well-provisioned internet giants, then spreading to every developed nation on Earth (and being used to take down some of those less-developed nations) despite being revealed as clumsy and amateurish (a situation remedied shortly after by hybridizing it with another IoT worm) -- is now bigger than ever, and you can rent time on it to punish journalists, knock countries offline, or take down chunks of the core internet. Read the rest

Winter Denial of Service attack knocks out heating in Finnish homes

A DDoS attack that incidentally affected the internet connections for at least two housing blocks in Lappeenranta, Finland caused their heating systems to shut down, leaving their residents without heat in subzero weather. Read the rest

Internet of Things botnet threatens to knock the entire country of Liberia offline

The various Mirai botnets, which use "clumsy, amateurish code to take over even more clumsy and amateurish CCTVs, routers, PVRs and other Internet of Things devices, have been responsible for some eye-popping attacks this season: first there was the 620Gbps attack on journalist Brian Krebs (in retaliation for his coverage of a couple of petty Israeli crooks); then there was the infrastructure attack that took out Level 3, Netflix, Twitter, Dyn, and many more of the internet's best-defended services. Read the rest

Internet-destroying outages were caused by "amateurish" IoT malware

Some of the internet's most popular, well-defended services -- including Twitter -- were knocked offline yesterday by a massive denial-of-service attack that security experts are blaming on botnets made from thousands of hacked embedded systems in Internet of Things devices like home security cameras and video recorders. Read the rest

Major U.S. websites inaccessible in "cyber attack" on domain name system

Much of the web struggled to stay on its feet today, with outages bringing down U.S.-based services and sites such as Amazon, Twitter and Netflix. A massive distributed denial of service (DDOS) attack on Dyn DNS is reportedly the cause: as a popular provider of domain-name lookup services, it falling over means that browsers simply don't know where to find websites.

Monitoring: Services have been restored to normal as of 13:20 UTC. Posted about 1 hour ago. Oct 21, 2016 - 13:36 UTC

Update : This attack is mainly impacting US East and is impacting Managed DNS customers in this region. Our Engineers are continuing to work on mitigating this issue. Posted about 2 hours ago. Oct 21, 2016 - 12:45 UTC

Investigating: Starting at 11:10 UTC on October 21st-Friday 2016 we began monitoring and mitigating a DDoS attack against our Dyn Managed DNS infrastructure. Some customers may experience increased DNS query latency and delayed zone propagation during this time. Updates will be posted as information becomes available.

This is "probably why half the internet is shut down today," reports Gizmodo, which offers the following list of sites that were down for the count.

ActBlue, Basecamp, Big cartel, Box, Business Insider, CNN, Cleveland.com, Esty, Github, Grubhub, Guardian.co.uk, HBO Now, Iheart.com (iHeartRadio), Imgur, Intercom, Intercom.com, Okta, PayPal, People.com, Pinterest, Playstation Network, Recode, Reddit, Spotify, Squarespace Customer Sites, Starbucks rewards/gift cards, Storify.com, The Verge, Twillo, Twitter, Urbandictionary.com (lol), Weebly, Wired.com, Wix Customer Sites, Yammer, Yelp, Zendesk.com, Zoho CRM,

Update: The Amazon AWS status page is a useful bookmark, as the service backends many websites and services. Read the rest

The clumsy, amateurish IoT botnet has now infected devices in virtually all of the world's countries

Mirai, the clumsily written Internet of Things virus that harnessed so many devices in an attack on journalist Brian Krebs that it overloaded Akamai, has now spread to devices in either 164 or 177 countries -- that is, pretty much everywhere with reliable electricity and internet access.

Imperva, a company that provides protection to websites against Distributed Denial of Service (DDoS) attacks, is among the ones who have been busy investigating Mirai. According to their tally, the botnet made of Mirai-infected devices has reached a total of 164 countries. A pseudonymous researcher that goes by the name MalwareTech has also been mapping Mirai, and according to his tally, the total is even higher, at 177 countries.

Internet of Things Malware Has Apparently Reached Almost All Countries on Earth [Lorenzo Franceschi-Bicchierai/Motherboard] Read the rest

The malware that's pwning the Internet of Things is terrifyingly amateurish

Following the release of the sourcecode for the Mirai botnet, which was used to harness DVRs, surveillance cameras and other Internet of Things things into one of the most powerful denial-of-service attacks the internet has ever seen, analysts have gone over its sourcecode and found that the devastatingly effective malware was strictly amateur-hour, a stark commentary on the even worse security in the millions and millions of IoT devices we've welcomed into our homes. Read the rest

Your next DDoS attack, brought to you courtesy of the IoT

The internet is reeling under the onslaught of unprecedented denial-of-service attacks, the sort we normally associate with powerful adversaries like international criminal syndicates and major governments, but these attacks are commanded by penny-ante crooks who are able to harness millions of low-powered, insecure Internet of Things devices like smart lightbulbs to do their bidding. Read the rest

The democratization of censorship: when anyone can kill as site as effectively as a government can

On the eve of the Stuxnet attacks, half a decade ago, I found myself discussing what it all meant with William Gibson (I'd just interviewed him on stage in London), and I said, "I think the most significant thing about any of these sophisticated, government-backed attacks is that they will eventually turn into a cheap and easy weapon that technically unskilled people can deploy for petty grievances." We haven't quite got there yet with Stuxnet, but there's a whole class of "advanced persistent threat" techniques that are now in the hands of fringey criminals who deploy them at the smallest provocation. Read the rest

A powerful attacker is systematically calibrating an internet-killing tool

Someone -- possibly the government of China -- has launched a series of probing attacks on the internet's most critical infrastructure, using carefully titrated doses of denial-of-service to precisely calibrate a tool for shutting down the whole net. Read the rest

UPDATED: Wikileaks dumps years' worth of email from Turkey's ruling party

Update: This dump turned out to primarily consist of public mailing list traffic; Wikileaks promotions of the dump included links to spreadsheets containing thousands of Turkish women's sensitive personal information, and the organization has largely ducked responsibility for its mistakes, attacking those who point out its mistakes.

Wikileaks have just published the Erdoğan Emails, which is claimed to represent years' worth of email from the APK, the Turkish ruling party, with messages dating from 2010 to as recent as July 6. Read the rest

Always-on CCTVs with no effective security harnessed into massive, unstoppable botnet

When security firm Sucuri investigated the source of a 50,000-request/second DDoS attack on a jewelry shop, they discovered to their surprise that the attacks originated on a botnet made of hacked 25,500+ CCTV cameras in 105 countries. Read the rest

How it feels to be under DDoS attack

At this week's O'Reilly Velocity conference in Santa Clara, Artur Bergman, founder and CTO, told the story of how he got involved in starting a denial-of-service-resistant CDN -- a personal story about helping his old company cope with a titanic DDoS attack that brought it and its upstream provider to their knees. Read the rest

One million machines, including routers, used to attack banks

Akamai's Ryan Barnett reports on two attacks against the service's financial customers last year: attackers used nearly 1m compromised systems to attempt to log in to users' accounts using logins and passwords from earlier breaches. Read the rest

More posts