Operator of DDoS protection service named as Mirai author

Krebs says he’s fingered author of epic IoT web assault code

The author of the massive distributed denial-of-service attack malware Mirai, which ropes infected routers and internet of things devices into remotely controlled armies, is a New Jersey man, according to journo Brian Krebs.

On his website this week, Krebs names a chap called Paras Jha, owner of a distributed denial-of-service (DDoS) attack mitigation company ProTraf Solutions, for the creation and dissemination of the Mirai software nasty.

Mirai is one of the worst DDoS botnets ever to grace the internet and is fingered for downing large chunks of the internet, including record-breaking attacks on Krebs’ own site.

Previous analyses have suggested the malware was penned by a person named “Anna-Senpai”.

Krebs builds a case to link Anna-Senpai to Jha and says that he, along with other players, built the Mirai code and used it to attack Minecraft servers to lure disgruntled customers.

He tells of how Jha contacted upstream providers to have command and control servers of rival IoT firms shut down, and how the hacker built malcode into his botnet that eliminated rival Qbot botnets.

Those upstream providers that ignored Jha’s requests were also subject to large DDoS attacks.

Mirai evolved from earlier incarnations of botnet code designed for DDoS attacks. In 2014 an earlier variant was used to launch DDoS attacks against Minecraft servers which can generate up to US$50,000 a month.

Krebs found that Jha lists the same skills on his LinkedIn page as on HackForums, a large marketplace where low level grey hat activities, cybercrime, and bragging takes place.

He details many other compelling links between Jha’s older identities he used online while learning to code, including ‘OG_Richard_Stallman’, and his recent aliases including Anna-Senpai. ®

Source: http ://www.theregister.co.uk/2017/01/20/krebs_mirai_authors/

  • 0

DDoS attack and measures to Fight DDoS attack

White hats are in an ongoing battle with black hats for protecting the Internet from DDoS attacks. According to Abhor Network, more than 2000 daily DDoS attacks are observed worldwide.

In 2016, we saw the largest DDoS attack till date on Dyn (a DNS provider). During the attack, Dyn’s servers were loaded with more than  1.2 Tbps of data which crashed the company’s servers. This attack caused major websites like Twitter, Amazon, Reddit, and Netflix to go down. The attack was carried out using IoT devices infected by Mirai malware; which means the attacker might have used your routers, Smart TVs, mobiles, computers and IP cameras to do the DDoS attack.

Since the attackers have started using your Internet-connected devices to launch dangerous attacks (without your knowledge) against  Banks, Telecom, and Media (that speak against some political agendas), it is about time we(users) become aware of DDoS.

What is DDoS Attack?

DDoS is Distributed Denial of Service attack. In this attack, hackers use compromised systems (called botnets) to make online services unavailable to clients. During the attack, the attacker simply overfloods the service provider’s servers with fake traffics from multiple sources (botnets). This causes the servers to crash. Thus, the intended audience are deprived of the services.

In simple words, DDoS attack is like window shoppers swarming your business denying genuine customers from getting your service.

DDoS Attack Nepal
DDoS Attack

Symptoms of DDoS Attack:

According to Wikipedia, the United States Computer Emergency Readiness Team (US-CERT) has identified symptoms of a denial-of-service attack to include:

  • unusually slow network performance (opening files or accessing web sites)
  • unavailability of a particular website
  • inability to access any website
  • a dramatic increase in the number of spam emails received (this type of DoS attack is considered an e-mail bomb).

Additional symptoms may include:

  • disconnection of a wireless or wired internet connection
  • long-term denial of access to the web or any internet services.

Why is DDoS attack so dangerous?

  1. A large-scale attack can affect Internet connectivity of entire geographical regions.
  2. Anyone can buy a week of  DDoS attack at just $150 in the black market. Source: Trendmicro Research
  3. There can be millions of Botnets since many devices these days are connected to the Internet. This makes the attack more dangerous.
  4. There are more than 2000 attacks per day.
  5. Small businesses are an easy target because it is cheap and easy to attack services that don’t have DDoS countermeasures.

How to Fight DDoS attack:

  1. Be prepared by recognizing the symptoms of a DDoS attack.
  2. Get extra bandwidth for your website. This will give you time to fight the DDoS without your service going down.
  3. Monitor your website traffic regularly. Use Web Analytics tools.
  4. If you think you are under attack, contact your ISP or Host Provider.
  5. Use DDoS mitigation specialist companies if you can afford.

In conclusion, spread the words about DDoS attack to everyone you know who owns or wish to own a website. Also, prevent your devices from being compromised– I will write about it on next post. For now, let’s fight DDoS attacks together.

Source: https://www.gadgetbytenepal.com/fight-ddos-attack/

  • 0

Russian telecom giant repels DDoS attacks on country’s 5 largest financial institutions

Russian telecom giant Rostelecom has thwarted DDoS-attacks on the five largest banks and financial institutions in the country, the company said in a statement.

All the attacks were recorded on December 5, 2016, the longest of them lasting for over two hours, Rostelecom said on Friday.

“The analysis of the attack sources carried out by Rostelecom specialists revealed that the traffic was generated from the home routers of users who are usually referred to IoT devices,” Muslim Medzhlumov, director of the Cybersecurity Center for Rostelecom, said in a statement, published on the company’s website.

“A distinctive feature of the attacks was that they were organized with the help of devices that support the CWMP Management Protocol (TR-069). A few weeks ago, a serious vulnerability was revealed in the implementation of this protocol on a number of devices from different manufacturers, which allows attackers [to] organize DDoS-attacks. At the beginning of last week, the largest German operator Deutsche Telecom was subjected to an attack on users’ home devices, as well as the Irish provider Eircom,” he explained.

The Russian Federal Security Service (FSB) reported on December 2 that it had received intelligence of foreign intelligence services preparing large-scale cyber-attacks in Russia in the period starting from December 5, 2016, aimed at destabilizing Russia’s financial system and the activities of a number of major Russian banks.

A RIA Novosti source close to the Central Bank reported that the Bank of Russia recorded several attacks on December 5 on the site of VTB Bank Group.

On Tuesday, Russian President Vladimir Putin signed into effect an updated doctrine on information security. It states that the limitless flow of information has a negative impact on international security, as it can be employed to pursue geopolitical and military goals, thus favoring organized crime, extremists and terrorists.

The doctrine notes that Russian government agencies, scientific centers, and military industries are being targeted by foreign intelligence services by means of electronic and cyber surveillance.

To counter threats and challenges in the information environment, Russia will build “strategic deterrents” and step up efforts to “prevent armed conflicts that stem from the use of IT.”

The doctrine also instructs government agencies to strengthen critical information infrastructure to protect against cyber and computer network attacks.

Source: https://www.rt.com/news/369738-ddos-attacks-russia-banks/

  • 0

New DDoS attack method called BlackNurse lets hackers take down firewalls and servers from a single laptop

Security researchers have discovered a new attack technique that requires less effort to launch large-scale attacks.

A new DDoS attack method called BlackNurse has been discovered by security researchers, which allows hackers to launch large-scale attacks with less effort than is required for traditional DDoS attacks. BlackNurse also provides attackers with the ability to take down severs and firewalls with just a single laptop.

According to researchers at TDC SOC (Security Operations Centre of the Danish telecom operator TDC), BlackNurse leverages low-volume ICMP (Internet Control Message Protocol)-based attacks to launch attacks capable of overloading firewalls and shutting them down. BlackNurse targets vulnerable firewalls made by Cisco, PaloAlto and others, in a “ping flood attack” reminiscent of those popular in the 1990s.

TDC researchers said: “The BlackNurse attack attracted our attention, because in our anti-DDoS solution we experienced that even though traffic speed and packets per second were very low, this attack could keep our customers’ operations down. This even applied to customers with large internet uplinks and large enterprise firewalls in place. We had expected that professional firewall equipment would be able to handle the attack.

“Based on our test, we know that a reasonable sized laptop can produce approx a 180 Mbit/s DoS attack with these commands.”

Researchers at security firm Netresec, clarified how and why the new technique was dubbed BlackNurse, which according to the firm has caused “some confusion/amusement/discussion”. Netresec also cautioned about googling the term, which they claimed “might not be 100% safe-for-work, since you risk getting search results with inappropriate videos that have nothing to do with this attack”.

Netresec said: “The term ‘BlackNurse’, which has been used within the TDC SOC for some time to denote the ‘ICMP 3,3′ attack, is actually referring to the two guys at the SOC who noticed how surprisingly effective this attack was. One of these guys is a former blacksmith and the other a nurse, which was why a colleague of theirs jokingly came up with the name ‘BlackNurse’. However, although it was first intended as a joke, the team decided to call the attack ‘BlackNurse’ even when going public about it.”

How does BlackNurse work?

DDoS attacks ideally require a large volume of traffic to successfully cripple targets. Traditionally, large-scale attacks involve hoards of devices and numerous IP addresses working collectively to bombard a targeted server with massive volumes of traffic, in efforts to stop it from functioning. However, BlackNurse does not need an army of compromised devices; neither does it require high volumes of traffic. Instead, BlackNurse issues out low volume ICMP error messages to servers and firewalls, which can fairly easily overload the main processors, rendering them useless.

ESET security researcher Mark James told IBTimes UK: “BlackNurse uses ICMP flooding to achieve its goal. ICMP is also known as Ping and is predominantly used to test the connectivity between two computers. An ICMP (ping) echo request is sent from one machine and awaits an ICMP echo reply from the receiving machine.

“The time of the round trip is measured which would normally indicate how good the connection route is based on errors and or packet loss. If you take that same technology and send lots of requests without waiting for any replies, it’s possible to overload the destination server. It works two-fold, as often the receiving server will attempt to reply to the incoming requests and try to send replies thus increasing its activity and helping the initial attack. Also BlackNurse uses a different technique that is slower than traditional ICMP flood attacks utilising some firewall vulnerabilities or misconfiguration.”

Mitigation for such an attack is possible. “Disabling ICMP Type 3 Code 3 on the WAN interface can mitigate the attack quite easily,” the TDC researchers said. “This is the best mitigation we know of so far.”

Source: http://www.ibtimes.co.uk/new-ddos-attack-method-called-blacknurse-lets-hackers-take-down-firewalls-servers-single-laptop-1592214

  • 0

Is government regulation the way to blunt DDoS attacks?

Government regulation is a sticky issue in any industry, perhaps even more in cyber security. Every time the government creates a rule or an obligation, goes the argument, it merely opens a hole to be exploited. Exhibit number one is the call for makers of any product with encryption to create a secure back door police and intelligence agencies can use to de-crypt possibly criminal communications.

Of course there’s no such thing as an absolutely secure  back door, so it will end up being used by criminals or nation states.

I raise this because last week security expert Bruce Schneier again raised the issue of whether governments should step in to help give more protection against distributed denial of service DDoS attacks.

It’s easy for attackers to build powerful DDoS botnets that leverage insecure Internet connected devices like consumer webcams, he argues, the most recent of which was the attack last month on U.S. domain name service provider Dyn Inc., which temporarily impaired the ability of a number of online businesses including Twitter.

It doesn’t matter, Schneier argues, if DDoS attacks are state-based or not. The fact the software is so easily available to their build a botnot or buy it as a service that can pour 1 TB and more of data at a target is the threat.

“The market can’t fix this because neither the buyer nor the seller cares,” he has written. One logical place to block DDoS attacks is on the Internet backbone, he says, but providers have no incentive to do it because “they don’t feel the pain when the attacks occur and they have no way of billing for the service when they provide it.”

So when the market can’t provide discipline, Schneier says, government should. He offers two suggestions:

–impose security regulations on manufacturers, forcing them to make their devices secure;

–impose liabilities on manufacturers of insecure Internet connected devices, allowing victims to sue them.

Either one of these would raise the cost of insecurity and give companies incentives to spend money making their devices secure, he argues.

I’m not sure. For one thing litigation is a long and expensive process. How do I sue a company headquartered in another country (say, China) that sells devices used by a person in a third country (say, Brazil) which is part of a botnet assembled by a person in another country (say, the U.S.) used to attack me in Canada?

There’s also the problem of defining secure. What can a manufacturer do if it forces creation a long password for a device, but users insist on insecure passwords (like “password123456879.”)

Still, we need to discuss short-term solutions because, as Schneier points out, with the huge number of insecure Internet connected devices out there the DDoS problem is only going to get worse.

Let us know what you think in the comments section below.

Source: http://www.itworldcanada.com/article/is-government-regulation-the-way-to-blunt-ddos-attacks/388238

  • 0

Massive DDoS Attacks Disable Internet Access Throughout Liberia

British security researcher Kevin Beaumont recently reported that a series of massive cyber attacks using the Mirai DDoS botnet periodically disabled all Internet access throughout the country of Liberia.

“Liberia has one Internet cable, installed in 2011, which provides a single point of failure for Internet access. … The attacks are extremely worrying because they suggest a Mirai operator who has enough capacity to seriously impact systems in a nation state,” Beaumont wrote.

An employee at a Liberian mobile service provider told Network Worldthat the attacks were hurting his business. “It’s killing our revenue,” he said. “Our business has been targeted frequently.”

Beaumont said it appears that the attacks, which targeted Liberian telecom operators who co-own the single Internet cable, were being used to test denial of service techniques.

Given the volume of traffic, more than 500 Gbps, Beaumont said it appears that the botnet is owned by the same actor who hit the managed DNS provider Dyn on October 21, disabling websites across the U.S.

Mikko Hypponen, chief research officer at F-Secure, told VICE News that those actors were probably… kids. “Kids who have the capability and don’t know what to do with it,” he said.

Flashpoint director of security research Allison Nixon agreed with that assessment, stating in a blog post, “The technical and social indicators of this attack align more closely with attacks from the Hackforums community than the other type of actors that may be involved, such as higher-tier criminal actors, hacktivisits, nation states, and terrorist groups.”

Still, NSFOCUS chief research intelligence analyst Stephen Gates told eSecurity Planet by email that attacks like these could have a real impact on tomorrow’s U.S. presidential election.

While U.S. polling machines aren’t connected to the Internet, Gates said, some voter identification systems may be. “In some states, the voter ID must be checked before a voter can proceed,” he said. “If those systems are connected to the Internet to gain access to a database of registered voters, and they were taken offline, then would-be voters could not be verified.”

“What that would mean to the election process is anyone’s guess,” Gates added.

According to Nexusguard’s Q3 2016 DDoS Threat Report, the number of reflection-based DDoS attacks fell more than 40 percent during the third quarter of the year, while IoT-based botnets reached unprecedented speeds. The U.S. saw the most attack events in the third quarter, followed by China, Russia and the United Kingdom.

“Few service providers can sustain the level of malicious traffic we saw in Q3 from IoT botnets, so these DDoS outages are causing companies to completely rethink their cybersecurity strategies,” Nexusguard chief scientist Terrence Gareau said in a statement.

“Hackers’ preferences for botnets over reflection attacks are typical of cyclical behavior, where attackers will switch to methods that have fallen out of popularity to test security teams with unexpected vectors,” Gareau added.

Source: http://www.esecurityplanet.com/network-security/massive-ddos-attacks-disable-internet-access-throughout-liberia.html

  • 0

The Dyn DDOS Attack And The Changing Balance Of Online Cyber Power

As the denial of service (DDOS) attack against Dyn shook the internet a little over a week ago, it brought to the public forefront the changing dynamics of power in the online world. In the kinetic world of the past, the nation state equivalent was all-powerful, since it alone could raise the funds necessary to support the massive military and police forces necessary to command societies. In the online world, however, the “armies” being commanded are increasingly used against their will, massive networks of infected drone machines formed into botnets. The cost of acquiring, powering, cooling, connecting and operating these virtual soldiers are borne by private individuals and corporations, with criminal enterprises able to co-opt them into massive attack botnets. What does this suggest is in store for the future of the online world?

The notion of using large botnets to launch globally distributed DDOS attacks is by no means a new concept and in fact has become a hallmark of the modern web. Indeed, I remember as a freshman in college 16 years ago seeing a new Linux server installed where I worked one morning and seeing the same machine being carted off by the security staff that afternoon after it had been hacked and converted into a botnet drone just a few hours after being plugged in. What makes the attack against Dyn so interesting is the scale at which it occurred and its reliance on compromised Internet of Things devices, including DVRs and webcams, allowing it to command a vastly larger and more distributed range of IP addresses than typical attacks. Making the attack even more interesting is the fact that it appears to have relied on open sourced attack software that makes it possible for even basic script kiddies to launch incredibly powerful attacks with little knowledge of the underlying processes.

This suggests an immense rebalancing in the digital era in which anyone anywhere in the world, all the way down to a skilled teenager in his or her parent’s basement in a rural village somewhere in a remote corner of the world, can take down some of the web’s most visible companies and wreak havoc on the online world. That preliminary assessments suggest that the attack was carried out by private actors rather than a nation state only reinforces this shift in online power.

 Warfare as a whole is shifting, with conflict transforming from nations attacking nations in clearly defined and declared geographic battlespaces to ephemeral flagless organizations waging endless global irregular warfare. In the cyber domain, as the battleground of the future increasingly places individuals and corporations in the cross hairs, this raises the fascinating question of how they can protect themselves?

In particular, the attack against Dyn largely mirrored an attack against Brian Krebs’ Krebs on Security blog last month, which raises the specter of criminals and nations being able to increasingly silence their critics, extort businesses and wreak havoc on the online world, perhaps even at pivotal moments like during an election day.

In the physical world, the nation state offers protection over the physical assets of companies operating in its territories, with military and police forces ensuring the sanctity of warehouses, office buildings and other tangible assets. However, in the digital world, state hackers from one country can easily compromise and knock offline the ecommerce sites of companies in other nations or leak their most vital secrets to the world.

In the case of Brian Krebs’ site, his story thankfully has a happy ending, in which Alphabet’s Jigsaw (formerly Google Ideas) took over hostingof his site under their Project Shield program. Project Shield leverages Google’s massive global infrastructure to provide free hosting for journalistic sites under sustained digital attack, protecting them from repressive governments and criminal enterprises attempting to silence their online voices.

Looking to the future, what options do companies have to protect themselves in an increasingly hostile digital world? Programs such as the Project on Active Defense by George Washington University’s Center for Cyber & Homeland Security are exploring the gray space of proactive countering and highly active response to cyberattacks. For example, what legal and ethical rights does a company have to try and stop an incoming cyberattack? Can it “hack back” and disable key command and control machines in a botnet or take other active approaches to disrupt the incoming traffic? What happens if a company remotely hacks into a control machine to disable it and it turns out it is an infected internet-connected oven in someone’s house and in the process of disabling it, the oven malfunctions and turns to maximum heat and eventually catches fire and burns the house down? Is the company responsible for the damage and potential loss of life? What legal responsibilities and liabilities do device manufacturers have to develop a more secure Internet of Things? If a company in 2016 still sells devices with default administrative passwords and well-known vulnerabilities that make them easy prey for botnets, should the companies bear the same burden as any other consumer safety issue? As over-the-air remote security updates become more common, should legislation be passed to require all consumer devices have the ability to be remotely updated with security patches?

As the modern web celebrates more than 20 years of existence, somewhere over those last two decades the web has gone from a utopia of sharing and construction of a brighter future to a dystopia of destruction and unbridled censorship. Will the web grow up and mature to a brighter security future or will it descend into chaos with internet users fleeing to a few walled gardens like Facebook that become the “safe” version of the web? Only time will tell.

Source: http://www.forbes.com/sites/kalevleetaru/2016/10/31/the-dyn-ddos-attack-and-the-changing-balance-of-online-cyber-power/#73a1613de230

  • 0

SIERRA WIRELESS WARNS CELLULAR DATA GEAR TARGETED BY MIRAI MALWARE

Sierra Wireless is warning customers to change default factory credentials on its AireLink gatway communications gear or risk being infected by Mirai malware. Mirai malware scans the Internet for IoT gear such as DVRs and IP-enabled cameras and other devices that are protected by default or hard-coded credentials, and forces them to join botnets used in DDoS attacks. But now, according to Sierra Wireless, the malware is broadening its reach from DVRs and CCTV cameras and is targeting connected automotive, manufacturing and a broad mix of industrial control equipment that connects to the Internet.

“There is evidence that ‘Internet of Things’-type devices have been infected with the Linux malware Mirai, which attackers used in the recent DDoS attacks against the web site Krebs on Security,” said the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) in a bulletin issued Friday. Earlier this week, Sierra Wireless warned customers that a number of its AirLink Cellular Gateway devices were at risk of the Mirai malware (LS300, GX400, GX/ES440, GX/ES450 and RV50).

“Sierra Wireless has confirmed reports of the ‘Mirai’ malware infecting AirLink gateways that are using the default ACEmanager password and are reachable from the public internet. The malware is able to gain access to the gateway by logging into ACEmanager with the default password and using the firmware update function to download and run a copy of itself,” Sierra Wireless wrote in a bulletin (PDF). “Devices attached to the gateway’s local area network may also be vulnerable to infection by the Mirai malware.” Since security journalist Brian Krebs’ website was targeted last month in a massive DDoS attack, that peaked at better than 620 Gbps, things have gotten worse. Earlier this month hackers released the source code for the malware to the public on the Hackforums website. Mirai is not the only malware industrial control firms have to worry about. A similar malware called BASHLITE also targeted IoT devices. Like Mirai, BASHLITE targets security cameras and DVRs that are configured with telnet and web interfaces enabled and use default credentials. Security experts say IoT devices are becoming bigger and more attractive targets for hackers. That’s because devices often run embedded or stripped-down versions of the Linux OS that lack security features and are extremely hard – if not impossible – to update.

Source: https://threatpost.com/sierra-wireless-warns-cellular-data-gear-targeted-by-mirai-malware/121317/

 

  • 0

Web Host Hit by DDoS of Over 1Tbps

A French web hoster is claiming his firm has been hit by the biggest DDoS attack ever seen, powered by an IoT botnet with an estimated capacity of 1.5Tbps.

Octave Klaba, the founder and CTO of OVH, took to Twitter late last week to reveal his firm was under attack from a stream of DDoS blitzes creeping towards and eventually past the 1Tbps mark.

He claimed the botnet in question was initially comprised of around 145,000 internet-connected cameras and digital video recorders with an estimated 1-30Mbps capacity each – that’s a potential 1.5Tbps in total.

In further updates this week Klaba said the botnet had increased by first another 6857 devices and then 15,654 more.

The news follows reports last week that Akamai was forced to withdraw its pro bono DDoS protection of the KrebsOnSecurity site after it was allegedly hit by an attack measuring 665Gbps, then the largest on record.

Dave Larson, CTO and COO at Corero Network Security, claimed the recent attacks are beginning to change the way IT security professionals view DDoS.

“The internet is a powerful tool, and must be viewed with security and protection first and foremost,” he added. “Motivations for attacks, and the tools and devices used to execute the attacks, are readily available to just about anyone; combining this with almost complete anonymity creates a recipe to break the Internet.”

Roland Dobbins, principal engineer at Arbor Networks, argued that IoT botnets are increasingly favored by hackers because they frequently ship with insecure defaults, are often connected to high speed internet and are rarely patched to fix bugs.

“Embedded IoT devices are often low-interaction – end-users don’t spend much time directly interfacing with them, and so aren’t given any clues that they’re being exploited by threat actors to launch attacks,” he told Infosecurity.

“Organizations can defend against DDoS attacks by implementing best current practices for DDoS defense, including hardening their network infrastructure; ensuring they’ve complete visibility into all traffic from their networks; having sufficient DDoS mitigation capacity and capabilities either on premise or via cloud-based DDoS mitigation services or both; and by having a DDoS defense plan which is kept updated and is rehearsed on a regular basis.”

Source: http://www.infosecurity-magazine.com/news/web-host-hit-by-ddos-of-over-1tbps/

  • 0

Renowned blog KrebsOnSecurity hit with massive DDoS attack

The 620 Gbps DDoS attack was built on a massive botnet.

The security blog KrebsOnSecurity has been hit with one of the largest distributed denial of service (DDoS) attacks of all time.

The site, which is run by security expert Brian Krebs, was hit by a DDoS attack of around 620 Gbps on 20 September.

KrebsOnSecurity managed to stay online during the attack, due to defences from content delivery network provider Akamai.

The largest attack of this kind Akamai had previously defended was one of 336 Gbps earlier this year.

Previous large-scale DDoS attacks, including the 336 Gbps attack, used well-known methods to amplify a smaller attack such as using unmanaged DNS servers.

Apart from being much larger in terms of scale, the attack on KrebsOnSecurity also differed in that it seemed to instead use a very large botnet of hacked devices. This could have involved hundreds of thousands of systems.

“Someone has a botnet with capabilities we haven’t seen before,” Martin McKeay, Akamai’s senior security advocate, said to KrebsOnSecurity. “We looked at the traffic coming from the attacking systems, and they weren’t just from one region of the world or from a small subset of networks — they were everywhere.”

Brian Krebs said that there were some signs that the attack had used a botnet that had captured a large number of Internet of Things (IoT) devices.

During a DDoS attack, the targeted website is flooded with traffic, designed to overwhelm the resources of the site to crash or suspend its services.

“It seems likely that we can expect such monster attacks to soon become the new norm,” wrote Krebs.

He suggested that the attack on his site might have been in retaliation for a series he had done on the takedown of a DDoS-for-hire service vDOS, a theory supported by text included in the strings of the DDoS attack referencing the vDOS owners.

Source: http://www.cbronline.com/news/cybersecurity/business/renowned-blog-krebsonsecurity-hit-with-massive-ddos-attack-5012622

  • 0