Follow us on Twitter
About Me
- Unknown
Blog Archive
- 2016 (2)
- 2015 (46)
- 2014 (87)
-
2013
(199)
- October(3)
- September(4)
- August(7)
-
July(25)
- Syrian Electronic Army warns twitter against their...
- Saudi prince defects from royal family
- JPMorgan Says It May Leave The Physical Commoditie...
- As cyber attacks detonate, banks gird for battle
- Checking up Izz Ad-Din Al Qassam activities in a s...
- Chase bank, first potential victim of the phase 4 ...
- Izz ad-Din Al-Qassam starts phase 4 of operation A...
- Website of Phone and texting app ‘Viber’ Hacked & ...
- Syrian Electronic Army Hacks The Daily Dot Website...
- More Cities Should Go Bankrupt
- The Aramco silence after operation #OPSA
- Mobile Messaging Service Tango Hacked by Syrian El...
- Anonymous hacks, leaks emails and passwords of US ...
- YES WE SCAN
- FISA court renews NSA surveillance program
- Al-Qaeda vs. FSA: Declaring "Islamic State" First ...
- Afghan Cyber Army declare war on israel reloading ...
- بيان حلف الفضول في الذكرى الأولى لبدء نشاطاته
- First Anniversary proclamation of Hilf-ol-Fozoul
- اَللّهُمَّ فُکَّ کُلَّ اَسیرٍ
- Erdogan Lies about Protesters
- DDoS: Hacktivists Preparing Phase 4?
- Israeli F-16 warplane crashes into sea
- Brazil expresses deep concerns over US spying acti...
- Snowden: NSA is ‘in bed with the Germans’
- June(1)
- May(22)
- April(35)
- March(37)
- February(11)
- January(54)
- 2012 (142)
Blog Archive
-
▼
2013
(199)
-
▼
July
(25)
- Syrian Electronic Army warns twitter against their...
- Saudi prince defects from royal family
- JPMorgan Says It May Leave The Physical Commoditie...
- As cyber attacks detonate, banks gird for battle
- Checking up Izz Ad-Din Al Qassam activities in a s...
- Chase bank, first potential victim of the phase 4 ...
- Izz ad-Din Al-Qassam starts phase 4 of operation A...
- Website of Phone and texting app ‘Viber’ Hacked & ...
- Syrian Electronic Army Hacks The Daily Dot Website...
- More Cities Should Go Bankrupt
- The Aramco silence after operation #OPSA
- Mobile Messaging Service Tango Hacked by Syrian El...
- Anonymous hacks, leaks emails and passwords of US ...
- YES WE SCAN
- FISA court renews NSA surveillance program
- Al-Qaeda vs. FSA: Declaring "Islamic State" First ...
- Afghan Cyber Army declare war on israel reloading ...
- بيان حلف الفضول في الذكرى الأولى لبدء نشاطاته
- First Anniversary proclamation of Hilf-ol-Fozoul
- اَللّهُمَّ فُکَّ کُلَّ اَسیرٍ
- Erdogan Lies about Protesters
- DDoS: Hacktivists Preparing Phase 4?
- Israeli F-16 warplane crashes into sea
- Brazil expresses deep concerns over US spying acti...
- Snowden: NSA is ‘in bed with the Germans’
-
▼
July
(25)
Wednesday, July 10, 2013
DDoS: Hacktivists Preparing Phase 4?
Experts say distributed-denial-of-service attacks
against U.S. banks are not over, despite what's now been a two-month
cease-fire by the hacktivist group Izz ad-Din al-Qassam Cyber Fighters.
Security vendors tell me the hacktivist group's botnet is growing. And
when these attacks do resume, they won't be easy to fight.
This next wave of DDoS attacks will be different from what we have seen in earlier waves of attacks, dating back to mid-September 2012, researchers believe. As a result, many of the mitigation strategies and defenses banks have in place could prove ineffective.
Luckily, information about new code added to Brobot, al-Qassam's botnet, is being shared behind the scenes among banking institutions. Now, banks and DDoS-mitigation providers are just waiting for what will be the fourth phase of DDoS to strike.
In a conversation, John LaCour, the CEO of cyberintelligence firm PhishLabs, broke down Brobot's evolution in recent weeks: "The files that are being placed on web servers are different than what were there before," he explains. These are the code files being placed on the compromised web servers hacktivists have been taking over to grow their bot.
Further, LaCour says: "The new code we see on these web servers is one of the strong indicators that the botnet is being rebuilt."
So the code behind the malware has changed and includes configurations we did not see in the first three phases of attacks.
Simply put, al-Qassam is adjusting and reacting to the mitigation techniques banks have implemented over the past 10 months. Why would they invest energy and resources into new strategies if they did not plan to wage more attacks?
The DDoS attacks waged by this self-proclaimed hacktivist group over the course of the previous three phases now constitute one of the longest-ever sustained cyber-attacks. It goes without saying: These attackers have might, skill and funding, and we should not be fooled into thinking this recent lapse means DDoS threats are over.
This is why attacks like the PDF download attack recently waged against two mid-tier banks garnered attention (see Another Version of DDoS Hits Banks).
Were those download attacks a test of some of the different types of attacks to come?
Several of my sources speculated we might see al-Qassam's attacks resurface on July 4. That's because Brobot's growth had been active over the days leading up to the Independence Day holiday.
The attackers' scans on search engines for blogs and websites using outdated versions of WordPress and Joomla had picked up. The attackers were actively taking these sites over. But their takeover activity waned as the week dragged on.
Thus, July 4 remained quiet.
Of course, as PhishLabs' LaCour points out, it's not just Brobot we have to worry about. "We have recently seen attacks against Russian banks with other types of botnets," he says.
Quite frankly, even Brobot itself could be leased out to other cybergroups with criminal agendas. We just don't know.
The key takeaway, where Brobot is concerned: "The fact that they are building is concerning," LaCour notes. I agree.
Based on what I see and hear, I'm convinced we can expect more DDoS attacks - and relatively soon. But are we prepared for these new attacks? That's what I'd like to hear from you. What have you done to prepare your institution to detect and defend against future attacks?
Even if these new variants in code used to take over blogs and sites have not been seen before, have we learned enough to react quickly when attacks strike? You tell me.
This next wave of DDoS attacks will be different from what we have seen in earlier waves of attacks, dating back to mid-September 2012, researchers believe. As a result, many of the mitigation strategies and defenses banks have in place could prove ineffective.
Luckily, information about new code added to Brobot, al-Qassam's botnet, is being shared behind the scenes among banking institutions. Now, banks and DDoS-mitigation providers are just waiting for what will be the fourth phase of DDoS to strike.
A New DDoS
Here's what I'm hearing from the industry to support my opinion: Brobot is being rebuilt. That doesn't just mean Brobot is growing. It means Brobot is being retooled, tweaked and is gearing up for a new wave of attacks designed to get around existing mitigation measures.In a conversation, John LaCour, the CEO of cyberintelligence firm PhishLabs, broke down Brobot's evolution in recent weeks: "The files that are being placed on web servers are different than what were there before," he explains. These are the code files being placed on the compromised web servers hacktivists have been taking over to grow their bot.
Further, LaCour says: "The new code we see on these web servers is one of the strong indicators that the botnet is being rebuilt."
So the code behind the malware has changed and includes configurations we did not see in the first three phases of attacks.
Simply put, al-Qassam is adjusting and reacting to the mitigation techniques banks have implemented over the past 10 months. Why would they invest energy and resources into new strategies if they did not plan to wage more attacks?
More Attacks
No one is sharing details about when we might see the new wave, but many observers say we certainly can expect more attacks.The DDoS attacks waged by this self-proclaimed hacktivist group over the course of the previous three phases now constitute one of the longest-ever sustained cyber-attacks. It goes without saying: These attackers have might, skill and funding, and we should not be fooled into thinking this recent lapse means DDoS threats are over.
This is why attacks like the PDF download attack recently waged against two mid-tier banks garnered attention (see Another Version of DDoS Hits Banks).
Were those download attacks a test of some of the different types of attacks to come?
Several of my sources speculated we might see al-Qassam's attacks resurface on July 4. That's because Brobot's growth had been active over the days leading up to the Independence Day holiday.
The attackers' scans on search engines for blogs and websites using outdated versions of WordPress and Joomla had picked up. The attackers were actively taking these sites over. But their takeover activity waned as the week dragged on.
Thus, July 4 remained quiet.
Of course, as PhishLabs' LaCour points out, it's not just Brobot we have to worry about. "We have recently seen attacks against Russian banks with other types of botnets," he says.
Quite frankly, even Brobot itself could be leased out to other cybergroups with criminal agendas. We just don't know.
The key takeaway, where Brobot is concerned: "The fact that they are building is concerning," LaCour notes. I agree.
Based on what I see and hear, I'm convinced we can expect more DDoS attacks - and relatively soon. But are we prepared for these new attacks? That's what I'd like to hear from you. What have you done to prepare your institution to detect and defend against future attacks?
Even if these new variants in code used to take over blogs and sites have not been seen before, have we learned enough to react quickly when attacks strike? You tell me.
Subscribe to:
Post Comments (Atom)
0 comments:
Post a Comment