ddos

Latest

  • Tashatuvango

    Nastier version of IoT botnet could brick your smart toaster

    Two new versions of a nasty botnet called BrickerBot were spotted in the wild by researcher Pascal Geenens, who reported the latest attack for security firm Radware. Permanent denial-of-service botnets like these can infect poorly-protected IoT devices like smart toasters and web-enabled vibrators to bring down various connected web servers. These new BrickerBot iterations use scripts with even more commands and almost four times as many actual attacks as previous iterations to completely overwhelm their targets.

    Rob LeFebvre
    04.25.2017
  • Erik McGregor/Pacific Press/LightRocket via Getty Images

    Black Lives Matter site faced over 100 attacks in half a year

    When you launch protests in the modern era, you don't just have to worry about aggressive responses on the streets... you have to worry about your online presence, too. Deflect Labs has determined that Black Lives Matter's official website was subject to over 100 botnet-based denial of service attacks between April 29th and October 15th, a large part of it coming from members of a Ghost Squad hacking collective that had vocally denounced BLM's campaign. And it didn't require many people, either. Just two culprits (who may be the same person) launched nearly a fifth of the attacks, one of which tried to flood the site with traffic using nearly 1 million bots.

    Jon Fingas
    12.14.2016
  • Dominic Lipinski/PA Wire

    UK police crack down on people paying for DDoS attacks

    Distributed Denial of Service (DDoS) attacks are on the rise, affecting individuals, private businesses and government-funded institutions alike. As part of a large warning to cybercriminals, the UK's National Crime Agency (NCA) has arrested 12 individuals for using a DDoS-for-hire service called Netspoof. "Operation Vulcanialia" targeted 60 citizens in total, and led to 30 cease and desist notices, and the seizure of equipment from 11 suspects. The NCA says it had two focuses: arresting repeat offenders and educating first-time users about the consequences of cybercrime.

    Nick Summers
    12.13.2016

  • Bungie is banning Destiny's biggest cheaters

    As video game makers continue to incorporate more online and multiplayer elements into their games, they need to give special consideration to how they deal with cheaters. Consoles are locked down by default, meaning players have fewer tools to manipulate their experience, but Bungie has confirmed it's (finally) ready to drop the banhammer in an attempt to stop people ruining Destiny's competitive multiplayer modes.

    Matt Brian
    11.18.2016
  • Reuters/Carlo Allegri

    4chan might have knocked out Hillary Clinton call centers yesterday

    It shouldn't come as a shock that many denizens of internet cesspool 4chan are fans of Donald Trump. So it's also not a huge surprise that one 4chan user apparently took it upon himself to disrupt a segment of Hillary Clinton's get out the vote call centers. As reported by The Verge, workers with NextGen Climate (a group dedicated to raising awareness to climate change issues) noticed problems with their automated calling program yesterday -- it got slower and eventually would cut out for hours at a time.

    Nathan Ingraham
    11.08.2016
  • Illustration by D. Thomas Magee 

    That time your smart toaster broke the internet

    Where were you the day the internet died? Last Friday the internet had its biggest hiccup to date when a whole bunch of major websites were maliciously knocked offline. Harnessing the weak security of internet-connected devices, like DVRs and cameras, the attackers used botnets implanted on the devices to traffic-overload the one business keeping those sites' domain names functional.

    Violet Blue
    10.28.2016
  • Getty Images

    Vulnerable webcams used in major internet attack recalled

    This past Friday, some of the biggest sites and services on the internet were effectively shut down by a major distributed denial of service attack (DDoS). As the day wore on, it was revealed that hacked Internet of Things devices like webcams and other connected home devices were the tools used to carry out the attack, and now at least some of the hacked devices are being recalled. The BBC reports that Chinese manufacturer Hangzhou Xiongmai has issued a recall for its faulty webcams that were involved in the attack.

    Nathan Ingraham
    10.24.2016
  • Illustration by D. Thomas Magee

    The looming specter of cyberwar with Russia

    In the world of cyber (as in security), the question of the week seems to be, "Are we going to cyberwar with Russia?" White House Press Secretary Josh Earnest thinks so. A week after President Obama singled out Russia as being responsible for cyberattacks on targets including the Democratic National Committee, Earnest said in a briefing that the administration would be serving a "proportional" response to Putin and the gang.

    Violet Blue
    10.21.2016
  • Level3

    Blame the Internet of Things for today's web blackout

    Today's nation-wide internet outage was enabled thanks to a Mirai botnet that hacked into connected home devices, according to security intelligence company Flashpoint. The distributed denial of service attack targeted Dyn, a large domain name server, and took down Twitter, Spotify, Reddit, The New York Times, Pinterest, PayPal and other major websites.

    Jessica Conditt
    10.21.2016

  • US investigating Friday's internet blackout as 'criminal act'

    This morning, several sites were shut down due to a distributed denial of service (DDoS) attack on Dyn, a large domain name server. Sites affected include Twitter, Spotify, the New York Times, Reddit, Yelp, Box, Pinterest, Paypal and potentially a lot more. It seems as if this attack was focused on the east coast. Now Reuters is reporting that the US government is investigating it to see if it was a "criminal act." The news outlet reports that it's not clear yet on who's responsible and the Department of Homeland Security has said that it's "investigating all potential causes." According to Dyn, it resolved one attack earlier this morning, but there was a second attack a few hours later. As of this writing, some sites like Twitter and Spotify appear to be back up, but there are still sporadic outages that result in broken images and links. Update: According to Krebs, security firm Flashpoint is now reporting that a Mirai-based botnet is involved in the attack on Dyn. Mirai is a malware that specifically targets IoT devices like routers, DVRs and cameras, turning them into bots that then report to a central server that could then send out mass DDoS attacks like we saw today.

    Nicole Lee
    10.21.2016

  • Some of the biggest sites on the internet were shut down this morning (update: down again)

    Happy Friday! If you've had trouble this morning accessing your favorite internet outlet, you're not alone. Dyn, one of the internet's biggest domain name servers (DNS) got hit with a distributed denial of service (DDoS) attack this morning, making it quite difficult to reach some of the biggest sites and services on the web. Twitter, Spotify, the New York Times, Reddit, Yelp, Box, Pinterest and Paypal are just a handful of the sites under siege this morning.

    Nathan Ingraham
    10.21.2016
  • monsitj / Getty Images

    Report confirms IoT botnet took down Krebs' security site

    Two weeks ago, security researcher Brian Krebs' site KrebsOnSecurity got knocked offline by one of the biggest DDOS attacks ever recorded, which peaked at 620 Gbps. What happened? Akamai, which had been protecting the site for free but ultimately had to unload it as the sustained traffic would have cost them millions of dollars, released a postmortem today. In it, they confirm that the attacker mainly used the Mirai malware to ovewhelm Krebs' site, though there may have been another botnet involved. But the most crucial distinction from a normal DDOS strike: These bots were mostly IoT devices.

    David Lumb
    10.06.2016

  • Security writer recovers from massive revenge cyberattack

    Journalists are no stranger to making enemies bent on retaliation. However, it's becoming increasingly difficult to survive that retaliation in the internet era... just ask security writer Brian Krebs. An unknown party knocked his website offline last week with a massive distributed denial of service attack (620Gbps of non-stop data) as revenge for exposing two major cyberattack sellers who've since been arrested. He's only back online after taking advantage of Alphabet's Project Shield, which protects journalists against censorship-oriented denial of service campaigns. His previous anti-DDoS provider, Akamai, had little choice but to drop him -- the company tells the Boston Globe that a sustained attack on that level would have cost the company "millions."

    Jon Fingas
    09.25.2016
  • DaLiu via Getty Images

    Major cyberattack seller knocked offline as it faces arrests

    One of the more popular cyberattack peddlers just came crashing down. Israeli law enforcement has arrested Yarden Bidani and Itay Huri as part of an FBI investigation into their alleged control of vDOS, one of the most popular paid attack platforms. According to information unearthed by security guru Brian Krebs from a third-party hack targeting vDOS, the two teens raked in at least $618,000 launching "a majority" of the distributed denial of service campaigns you've seen in recent years. The platform itself is also offline, although that's due to one of vDOS' victims (BackConnect Security) using a bogus internet address claim to stem the flood of traffic hitting its servers.

    Jon Fingas
    09.11.2016
  • Olivia Harris/Getty Images

    'Pokémon Go' expansion marred by a possible cyberattack

    Good news! Pokémon Go is available in 26 more countries... if you get a chance to play, that is. Trainers can now grab the mobile game across a wider swath of European nations (such as the Netherlands and Sweden), but temporarily went down amid reports of a possible distributed denial of service attack. The internet collective PoodleCorp claims to have flooded Pokémon Go servers worldwide with enough traffic to effectively render them useless.

    Jon Fingas
    07.16.2016
  • Getty Images/iStockphoto

    Lizard Squad hacked thousands of cameras to attack websites

    The hacking collective Lizard Squad isn't relying solely on masses of compromised PCs to cause some grief online. Security researchers at Arbor Networks have discovered that the outfit compromised several thousand closed-circuit cameras and webcams to create a botnet that it promptly used for denial of service attacks against bank, gaming sites, governments and internet providers. Each device might not be as individually powerful as a PC, but they add up -- some attacks flooded sites with as much as 400Gbps of data.

    Jon Fingas
    07.03.2016
  • Illustration by D. Thomas Magg

    Sophisticated hack attack? Don't believe the hype.

    You wouldn't believe how sophisticated hacking has become in the past few years. It has, in fact, gotten so mind-blowingly complex and erudite that this word, sophisticated, is now the only one human beings can really use to describe any single act of computer-security violation. Actually, no. The word, at best, has almost always been used to cover up egregious screwups of breached companies, and shoddy reporting. Or, when at a loss to understand even the most mundane of hacks. Even high-minded publications step into infosec's linguistic dung heap and track the word throughout their pieces on whatever latest rehashed cyber-bomb hysteria-of-the-week they're pushing.

    Violet Blue
    06.06.2016
  • Getty

    Feds indict seven Iranians for hacking banks, NY state dam

    Just days after accusing Syrian hackers of a wide range of crimes, US Attorney General Loretta Lynch unsealed an indictment against seven Iranian nationals on Wednesday, charging that the men launched dozens of denial of service attacks against targets beginning in 2011. These included the cybersystems of numerous US banks including JP Morgan, PNC and Capital One, as well as the NYSE and AT&T. They are even accused of trying to take control of a small dam in Rye, NY at one point.

    Andrew Tarantola
    03.24.2016
  • Getty Images/iStockphoto

    ProtonMail's encrypted email is now available to all

    After a two-year, invitation-only beta, ProtonMail has opened its privacy email service to the public and launched new mobile apps. The app is encrypted end-to-end and, like Apple's iPhone, can't even be accessed by the company itself. It also has a strong pedigree, having been founded by scientists from CERN and MIT following Edward Snowden's NSA revelations. While ProtonMail has been used by nearly a million people during the beta, anyone can now sign up. "This way, we put the choice in the hands of the consumer, not government regulators," says co-founder Andy Yen.

    Steve Dent
    03.17.2016
  • Getty Images

    Hackers target firm protecting against denial of service attacks

    When you dedicate your company to protecting against hacks, you make yourself a bigger target for those hacks... and one firm is learning this the hard way. Staminus, an online hosting service that focuses on protecting against distributed denial of service attacks, was the victim of an apparently giant hack last week. In addition to going offline until Thursday night, the company has confirmed that the intruders took customer data that includes payment card info, user names and (thankfully hashed) passwords. The perpetrators claim to have hijacked and reset the majority of Staminus' routers.

    Jon Fingas
    03.13.2016
PrevNext