Hackers attacking WordPress sites via home routers

Administrators of sites using the popular blogging platform WordPress face a new challenge: hackers are launching coordinated brute-force attacks on the administration panels of WordPress sites via unsecured home routers, according to a report on Bleeping Computer.

Once they’ve gained access, the attackers can guess the password for the page and commandeer the account.

The home routers are corralled into a network which disseminates the brute-force attack to thousands of IP addresses negotiating around firewalls and blacklists, the report stated.

The flaw was detected by WordFence, a firm that offers a security plugin for the WordPress platform. The campaign is exploiting security bugs in the TR-069 router management protocol to highjack devices. Attackers gain entry by sending malicious requests to a router’s 7547 port.

The miscreants behind the campaign are playing it low-key to avoid detection, attempting only a few guesses at passwords for each router.

While the exact size of the botnet is unknown, WordFence reported that nearly seven percent of all the brute-force attacks on WordPress sites last month arrived from home routers with port 7547 exposed to the internet.

The flaw is exacerbated by the fact that most home users lack the technical know-how to limit access to their router’s 7547 port. In some cases, the devices do not allow the shuttering of the port.

A more practical solution is offered by WordFence: ISPs should filter out traffic on their network coming from the public internet that is targeting port 7547.

“The routers we have identified that are attacking WordPress sites are suffering from a vulnerability that has been around since 2014 when CheckPoint disclosed it,” Mark Maunder, CEO of WordFence CEO, told SC Media on Wednesday.

The specific vulnerability, he pointed out, is the “misfortune cookie” vulnerability. “ISPs have known about this vulnerability for some time and they have not updated the routers that have been hacked, leaving their customers vulnerable. So, this is not a case of an attacker continuously evolving a technique to infect routers. This is a case of opportunistic infection of a large number of devices that have a severe vulnerability that has been known about for some time, but has never been patched.”

There are two attacks, Maunder told SC. The first is the router that is infected through the misfortune cookie exploit. The other is the attacks his firm is seeing on WordPress sites that are originating from infected ISP routers on home networks.

“The routers appear to be running a vulnerable version of Allegro RomPager version 4.07,” Maunders said. “In CheckPoint’s original 2014 disclosure of this vulnerability they specifically note that 4.07 is the worst affected version of RomPager. So there is nothing new or innovative about this exploit, it is simply going after ISP routers that have a large and easy to hit target painted on them.”

The real story here, said Maunder, is that a number of large ISPs, several of them state owned, have gone a few years without patching their customer routers and their customers and the online community are now paying the price. “Customer home networks are now exposed to attackers and the online community is seeing their websites attacked. I expect we will see several large DDoS attacks originating from these routers this year.”

Source: https://www.scmagazine.com/hackers-attacking-wordpress-sites-via-home-routers/article/649992/

  • 0

Activists plan DDoS attack on the White House website during Trump’s inauguration

A software engineer is calling for protesters to flood the site with traffic during the presidential inauguration

It’s almost time. Ex-reality TV host and businessman Donald Trump will be officially sworn in as the US president on Friday January 20. His campaign was divisive, to say the least, and it seems his tenure as president is looking like having a bumpy start, with protests planned in all states of the US, including on the streets of Washington DC.

However, rather than stand outside, some protestors are choosing to target the President-elect with other, indoor-based, means. Software engineer, Juan Soberanis, is calling on protestors to attempt to take down the White House’s website in a DDoS attack – simply by flooding the website with traffic. Soberanis is calling it “Occupy White House”.

According to the International Business Times, Soberanis wrote on his online protest pledge: “”If you can’t make it to Washington DC on inauguration day to protest Trump’s presidency, you can still fight for the cause by helping to take down whitehouse.gov as a show of solidarity for the lives impacted by Trump’s policy agenda.

“It’s simple. By overloading the site with visitors, we will be able to demonstrate the will of the American people,” he continued.

Soberanis then goes on to tell fellow protestors to overwhelm the website by setting up auto-refresh on the WhiteHouse.gov homepage throughout the day.

The San-Francisco engineer is the creator of Protester.io, a Kickstarter-type site that encourages individuals to get involved in online protests. However, only one protest is currently live on the site, a finished protest set up by Soberanis to incite people to join the ACLU as a protest against Trump. The alleged URL for his Occupy White House protest page on the site appears to be inaccessible at the moment.

Hacking group Anonymous is additionally, and allegedly, planning cyber attacks against Trump’s new administration.

It should be noted, though, that this type of attack is considered criminal activity in the US under the Computer Fraud and Abuse Act. The act dictates that sending a command to a protected computer with the intent to cause damage can be judged a criminal offence, and people affiliated with Anonymous have been charged in the past by the US government for launching DDoS attacks on government entities and trade groups.

Screen Shot 2017-01-19 at 14.38.54

Thousands of people are planning to protest Trump’s inauguration on January 20

As well as being a controversial choice for president, Trump’s inauguration is set to be a controversial affair, too. The likes of Cher, Chelsea Handler and Katy Perry have promised to take part in the Women’s March, either in the capital or in the states around, the day after the inauguration, to protest the Republican party’s threats to defund Planned Parenthood.

According to Google, the statewide searches for “inauguration protest” are much higher than “attend inauguration” searches on the site. During the transition from Obama stepping down and Trump stepping up, “Russia” has been one of the top searched-for big issuesin the States on Google, alongside immigration and Obamacare.

Source: http://www.wired.co.uk/article/donald-trump-inauguration-ddos-attack-planned

  • 0

Warcraft, Overwatch Down? Blizzard DDoS Attacks Affect Gaming Service

Miscreants have struck Blizzard servers again with multiple waves of DDoS attacks over the last 12 hours. Warcraft and Overwatch, two massively popular games, have been facing latency, login and disconnection issues even while Blizzard has been working on fixing the problem.

The company first acknowledged the problem in a tweet Sunday evening.

screen-shot-2016-12-05-at-12-31-17

Since then, Blizzard claimed to have regained control over matters at its end, only to announce twice the DDoS attacks had restarted. Its last update, at 11:42 p.m. EST Sunday, came three hours after the last wave of DDoS attacks.

screen-shot-2016-12-05-at-12-32-07

On Twitter, a group calling itself Phantom Squad claimed responsibility for the attack

screen-shot-2016-12-05-at-12-32-45

Blizzard also provided a link to a support page on its website that may help some users troubleshoot their connection problems.

As always, social media was abuzz with users venting their frustration at the gaming servers being affected. This is at least the fifth such instance in the last few months.

screen-shot-2016-12-05-at-12-34-16

screen-shot-2016-12-05-at-12-35-05

The company also has a scheduled maintenance coming up Tuesday.

screen-shot-2016-12-05-at-12-35-56

Source: http://www.ibtimes.com/warcraft-overwatch-down-blizzard-ddos-attacks-affect-gaming-service-2454782

  • 0

​The top 5 least-wanted malware in any corporate IT infrastructure

Ask a group of people to define malware, and you’re likely to get a range of different answers. The term has become a catch-all description for a broad collection of different cyber threats that keep IT managers awake at night.

Categories falling under the malware banner include viruses and worms, adware, bots, Trojans and root kits. Each category is different but all can cause disruption and loss if not detected and quickly removed.

Of the malware types in the wild, the top five are:

1. Remote Access Trojans (RATs)

RATS comprise malicious code that usually arrives hidden in an email attachment or as part of a downloaded file such as a game. Once the file is open, the RAT installs itself on the victim’s computer where it can sit unnoticed until being remotely trigged.

RATs provide attackers with a back door that gives them administrative control over the target computer. This can then be used to steal data files, access other computers on the network or cause disruption to business processes.

One of the first examples, dubbed Beast, first appeared in the early 2000s. It was able to kill running anti-virus software and install a key logger that could monitor for password and credit card details. Sometimes it would even take a photo using the target computer’s web cam and send it back to the attacker.

2. Botnets

Some liken botnets to a computerised ‘zombie army’ as they comprise a group of computers that have been infected by a backdoor Trojan. Botnets have similar features to a RAT, however their key difference is that they are a group of computers being controlled at the same time.

Botnets have been described as a Swiss Army knife for attackers. Linked to a command-and-control channel, they can be instructed to forward transmissions including spam or viruses to other computers in the internet. They can also be used to initiate distributed denial of service (DDoS) attacks similar to the one suspected to have disrupted the Australian census.

Some attackers even rent their botnets out to other criminals who want to distribute their own malware or cause problems for legitimate websites or services.

3. Browser-based malware

This type of malware targets a user’s web browser and involves the installation of a Trojan capable of modifying web transactions as they occur in real time. The benefit for malware of being in a browser is that it enables it to avoid certain types of security protection such as packet sniffing.

Some examples of the malware generate fake pop-up windows when they know a user is visiting a banking web site. The windows request credit card details and passwords which are then sent back to the attacker.

Security experts estimate that there have been around 50 million hosts infected by browser-based malware and estimated financial losses have topped $1 billion.

4. Point-of-sale (POS) Malware

  • 0

“The amount of traffic, or bandwidth, that is able to be generated and used as a weapon is at an all-time high.,” said one expert.

The company measured threats faced by its customers during a roughly one-year time period, seeing a 211 percent year-over-year increase in attacks.

More commonly known as DDoS attacks, they are designed to flood servers with artificial internet traffic that causes access interruption to websites or network systems.

The firm largely attributed this apparent growth to the establishment of several botnet operations — which serve as a platform to automate and increase attack volume — and malicious actors’ ability to access greater bandwidth to help generate and use such weapons. Dark Web dealers are using these botnets, according to Imperva, to offer more effective cyber tools to would-be customers.

“The amount of traffic, or bandwidth, that is able to be generated and used as a weapon is at an all-time high. This is likely the result of more compromised machines with higher bandwidth,” Imperva Vice President Tim Matthews told FedScoop.

In short, hackers are able to launch denial of service attacks by manipulating a hosting provider to re-route IP addresses towards a preferred server.

Those DDoS attacks recorded by Imperva — recorded between March 2015 and April 2016 — targeted a diverse range of clients. Even so, all of the attacks similarly aimed to disrupt each organization’s digital operations at one of two distinct levels: application or network.

To be clear, an application-based DDoS effectively works to discontinue online access to a specific property, like a website or software service, rather than an entire network.

Because app-based DDoS attacks are by nature less expansive, they typically leverage less traffic. In the past, DDoS-ing an entire network has presented a challenge for hackers due to the sheer artificial traffic required to pull it off. But Imperva’s new report suggests that botnets are significantly changing this dynamic; making it easier for individual operations to disrupt larger segments of the internet.

Another worrisome trend in the DDoS arena, spotted by Imperva, is that when a target gets hit once, it should prepare for another wave. Data shows that 40 percent of affected targets were attacked more than once, while 16 percent were targeted more than five times.

In the past, DDoS attacks have been used to distract an organization from a more malicious data breach, leading to the possible exfiltration of valuable data like customer finances and personal records.

Here’s what a DDoS looks like via a data visualization by cybersecurity firm Norse:

Source: http://fedscoop.com/ddos-attacks-up-211-percent-august-2016

  • 0

What are the DoS and DDoS attacks that brought down the census?

Experts believe that the electronic assault on the census site was a DDoS attack – a kind of electronic army that attacks an enemy’s website on every flank using millions of computers as soldiers. 

About 2000 of these attacks occur every day across the world, said DigitalAttackMap, a website that monitors such attacks.

Only days ago, this type of attack shut down US Olympic swimming Michael Phelps’ commercial website, SCMagazine, which specialises in IT security, said. 

It said the attack happened fresh after Phelps’ gold medal-winning performance in the men’s 4×100 metre freestyle relay at the Rio Games.

One hacking expert told Time magazine that any celebrity or high-profile site should expect these attacks.

“Each celebrity on our target list will be either hacked or DDoSed,” a representative of hacking group New World Hackers said.

Xbox, US Republican presidential candidate Donald Trump and the BBC have been among New World Hackers’ recent targets.

DigitalAttackMap, a joint venture between Google Ideas and network security firm Arbor Networks, said these attacks had hit online gaming sites, newspapers and banks; Greek banks were crippled this year. Yet its site doesn’t show a DDoS attack on the ABS census site on Tuesday, bolstering claims by some that the attack didn’t take place. 

The DigitalAttackMap tracks DDoS attacks on a daily basis. The red flare over Brazil shows a serious DDoS attack.
The DigitalAttackMap tracks DDoS attacks on a daily basis. The red flare over Brazil shows a serious DDoS attack.  Photo: DigitalAttackMap.com

The Australian Bureau of Statistics said its census site was hit four times by denial of service (DoS) attacks. A DoS is a broad term for attacks that attempt to crash an online system so that users cannot access it.

Some IT and cybersecurity professionals speculated that a DDoS (Distributed Denial of Service) attack was to blame. 

A DDoS is a type of DoS attack in which hackers attempt to crash a system by flooding it with bots – or Trojan – accounts.

DigitalAttackMap said attackers cripple websites, such as the ABS’ census site, by building networks of infected computers, known as botnets, by spreading malicious software through emails, websites and social media.

Once infected, these machines can be controlled remotely, without their owners’ knowledge, and used like an army to launch an attack against any target. Some botnets are millions of machines strong.

 

DigitalAttackMap says these botnets can generate huge floods of traffic to overwhelm a target.

“These floods can be generated in multiple ways, such as sending more connection requests than a server can handle, or having computers send the victim huge amounts of random data to use up the target’s bandwidth. Some attacks are so big they can max out a country’s international cable capacity.”

Adding to many people’s fears about the security of the census website before the attack, the information gained from these sites during an attack is sold on online marketplaces that specialise in information gained from these DDoS attacks, DigitalAttackMap said.

“Using these underground markets, anyone can pay a nominal fee to silence websites they disagree with or disrupt an organisation’s online operations. A week-long DDoS attack, capable of taking a small organisation offline, can cost as little as $150,” the website said.

Source: http://www.smh.com.au/technology/technology-news/what-are-the-dos-and-ddos-attacks-that-brought-down-the-census-20160809-gqowwp.html

  • 0

MICHAEL PHELPS TARGETED BY HACKERS FOLLOWING RECORD OLYMPIC GOLD

The website of Michael Phelps has been targeted by hackers after the U.S. swimmer won a record 19th Olympic gold medal in the 4×100-meter relay in Rio de Janeiro.

The hacking group New World Hackers has claimed responsibility for taking down the website, telling Newsweek that a distributed denial of service (DDoS) attack caused prolonged outages. At the time of publication, Phelps’s website was still experiencing difficulties.

New World Hackers has previously gained notoriety after a spate of attacks on public figures and organizations, including Donald Trump, the BBC and government websites in Pakistan. According to the group, the attacks are designed to highlight the security vulnerabilities of the targets’ websites.

“The attack on Michael Phelps is an example showing how celebrities websites lack security measures,” a member of the group tells Newsweek. “We’re testing the network vulnerability of every celebrity we come past.”

Michael Phelps website gold hackersPhelps’ website was experiencing difficulties on Monday morning. SCREENGRAB/ NEWSWEEK 

Phelps is one of several targets of New World Hackers, though beyond disabling the website the group says it has no intention of stealing data or revealing private information of the swimmer. Other celebrities on the list include the singer Adele, whose website was briefly targeted last week.

The group is indiscriminate in their attacks, targeting celebrities that have vulnerabilities with their websites. The attacks also serve as publicity for BangStresser, the group’s powerful DDoS tool that works by flooding websites with so much traffic that it overloads them.

“No celebrity is safe. We have tested over 100 celebrities so far and around 70 of them have caught our eye. Adele.com has the worst security you will ever see in your life,” the New World Hackers member says.

michael phelps website down gold hackersMichael Phelps’ website was down in most countries on Monday morning. SCREENGRAB/ NEW WORLD HACKERS 

He adds: “Each celebrity on our target list will be either hacked or DDoSed. [The celebrities] should take this as a guide, how to secure a site, accounts and more. It’s time the celebrities become more aware, there is always someone watching.”

The group warned that more attacks were imminent on other high-profile targets, including Kanye West and Kim Kardashian.

“The smartest celebs would be the Kardashian family and Kanye West,” the hacker says. “They actually have good protection on the domains, only one problem. They left one fatal error that will eventually cost them.”

Source: http://www.newsweek.com/michael-phelps-website-down-hackers-record-olympics-gold-488171

  • 0

GTA 5 Outage: Why Grand Theft Auto V Was Not Working

PSN was also attacked

Poodlecorp launched a Distributed Denial of Service (DDoS) attack on Rockstar Games’ GTA 5 servers to take the game down. This resulted in players being unable to play the online elements of the game with others. The attack lasted for a few hours before service was restored.

The hack of GTA 5 resulted in online elements from every version of the game not working. Those that tried to play during this time were met with error messages. Poodlecorp took to social media to claim responsibility for the hack and said more was in store for gamers on Sony Corp (ADR)’s (NYSE:SNE) PlayStation Network, reports Daily Star.

Poodlecorp claimed it was able to cause small outages in the PlayStation Network for PS3 and PS4 users on Thursday morning. However, this doesn’t seem to be all it has planned. It claims that this was only a test before it launches a larger attack.

Poodlecorp hasn’t announced plans for any other attacks outside of GTA 5 and the PlayStation Network. While the Grand Theft Auto V servers are back up, there’s a possibility they could go down again throughout the day. The same is also true for the PlayStation Network.

One of Poodlecorp’s members recently claimed in an interview that its ranks includes previous members of hacker group Lizard Squad. The group also took responsibility for an attack on Nintendo Co., Ltd (ADR)’s (OTCMKTS:NTDOYPokemon Go servers late last month, Express notes.

Source: http://investorplace.com/2016/08/gta-5-outage-grand-theft-auto-v-rockstar-games-poodlecorp/#.V6OhaWWgPzI

  • 0

RT targeted by massive DDoS attack during attempted Turkey coup

A massive DDoS attack was staged on the servers of the Internet service provider that provides web streaming for the RT TV channel during the coverage of Friday’s attempted coup in Turkey, briefly taking the stream offline.

The channel was able to resume streaming, but the servers were attacked again after some time.

“We received a major DDoS attack when the Turkish coup started, second one from when we started streaming RT; this time HTTP headers were infested with some new code which our Firewall did not detect,” a representative of the service provider told RT.

The first wave of the attack continued for about two hours while the second one lasted around an hour. The streaming is currently fully restored, while the circumstances of the attack are still being clarified.

The RT website have been targeted by a number of DDoS attacks. In September 2014, the site was subjected to the biggest DDoS attack in its history, which was repelled by its

Previous attacks were launched against the site in February 2013, when RT.com ceased functioning for six hours, and in August 2012, when both RT International and RT Spanish websites were attacked. Hacker group AntiLeaks, opposing the Wikileaks project launched by Julian Assange, claimed responsibility for that attack.

Source: https://www.rt.com/news/351645-rt-massive-ddos-attack/

  • 0

68 gov’t websites attacked

Several Philippine government websites have been subjected to various forms of cyberattacks following the release of the ruling on the arbitration case filed by the Philippines against China.

The STAR learned yesterday that at least 68 websites have been subjected to attacks, which included attempts of hacking and defacement, slowdowns and distributed denial of service attacks.

Among those at the receiving end were agencies such as the Department of National Defense, the Philippine Coast Guard, Department of Foreign Affairs, Department of Health, the Presidential Management Staff and the gov.ph domain registry website.

The website of the Bangko Sentral ng Pilipinas was also subjected to a supposed hacking, although authorities were able to immediately foil it.

The websites of these agencies were all accessible yesterday.

The source of the attacks has yet to be determined, although initial investigation supposedly pointed to an entity supposedly operating from the Netherlands.

The Permanent Court of Arbitration (PCA) that issued the ruling on the Philippine case is based in The Hague in the Netherlands.

The Information and Communications Technology Office, the precursor of the newly created Department of Information and Communications Technology, has yet to respond to request for comment regarding the cyberattacks.

The Department of Science and Technology earlier provided additional protection to Philippine government websites amid repeated incidents of defacements and denial of service attacks.

PCA website hacking

Earlier, a cyber-security company reported that the PCA website was infected with a malware by “someone from China” in July 2015.

Citing information from ThreatConnect Inc., Bloomberg Business reported the attack happened in the midst of the week-long hearing on the jurisdiction of the arbitration case filed by Manila against Beijing over the territorial dispute in the South China Sea.

Gaelle Chevalier, a case manager at the PCA, told Bloomberg that they “have no information about the cause of the problems.”

Source: http://www.philstar.com/headlines/2016/07/16/1603250/68-govt-websites-attacked

  • 0