Connect with us

Cyber Security

DDoS Attacks Nearly Double Between Q4 2018 and Q4 2019



Peer-to-peer botnets, TCP reflection attacks, and increased activity on Sundays are three DDoS attack trends from last quarter.

The number of distributed denial-of-service (DDoS) attacks nearly doubled between the fourth quarter of 2018 and fourth quarter of 2019, researchers found in a new study of DDoS trends.

Last quarter brought an increase in the number of attacks relative to the third quarter of 2019, Kaspersky Labs researchers report, and attacks also lasted longer. This was expected, they said, as the fourth quarter is often a period of “retail warfare,” driving cybercrime between October and December. The end of 2018 was “very calm” and set an expectation for a 2019 increase. However, researchers did not notice a spike in DDoS activity around Black Friday or Christmas.

DDoS attackers continued to leverage non-standard protocols for amplification attacks in the last quarter of 2019, researchers found. Adversaries have also adopted Apple Remote Management Service (ARMS), part of the Apple Remote Desktop (ARD) application for remote administration. This tactic was first spotted in June 2019; by October, attacks were widespread.

The fourth quarter of 2019 brought multiple high-profile DDoS attacks, including threats against financial organizations in South Africa, Singapore, and nations across Scandinavia. DDoS attacks aimed to cause disruption for the United Kingdom’s Labour party and also targeted Minecraft servers at the Vatican. In a more recent case, just last week the FBI warned of a potential DDoS attack targeting a state-level voter registration and information site.

“This demonstrates that DDoS is still a common attack method among cybercriminals driven by ideological motives or seeking financial gain, and organizations should be prepared for such attacks and have a deep understanding of how they evolve,” researchers said in a statement.

Other notable findings include a rise in “smart” DDoS attacks that focus on the application layer and are launched by skilled attackers. Researchers saw about 28% of DDoS attacks occurred on weekends. Sundays, in particular, proved popular, with 13% of attacks on this day of the week. While it may not seem significant, Sundays have historically been the quietest for DDoS activity and have been growing increasingly popular throughout 2019.

Researchers detected a growing number of peer-to-peer botnets in the past quarter; these operate independent of command-and-control servers and are more difficult to neutralize. One of these botnets, discovered by 360 Netlab researchers, is named Roboto and targets Linux servers. Another, Mozi, typically targets IoT devices and spreads using the DHT protocol.

Some adversaries continue to leverage proven tools and tactics in their DDoS attacks. In the fourth quarter of 2019, researchers saw a wave of TCP reflection attacks in which attackers send requests to legitimate services while appearing as the victim. The victim is overwhelmed with responses; as a result, the attackers’ IP addresses don’t show alerts.

While the duration of DDoS attacks may have slightly lengthened between the third and fourth quarters of 2019, Imperva data indicated a trend toward cheaper and shorter attacks overall. More than 51% of attacks lasted barely 15 minutes in 2019, and only 10% lasted between 15 to 30 minutes. Experts attribute the shift to more availability and use of DDoS-for-hire services, which let nearly anyone strike targets of their choosing with small attacks for as little as $5.

Researchers anticipate stability in DDoS attacks going forward. “Seems like the DDoS market have re-stabilized — we see no prerequisites for either a fall or further growth,” they wrote in a blog post on their findings. “There have been no high-profile arrests or closures of specialized websites for quite some time, and the cryptocurrency market is not showing explosive growth.”

Related Content:

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial … View Full Bio

More Insights


Cyber Security

Coronavirus: cases pass 66,000 as Beijing orders 14-day quarantine for returnees



Covid-19 cases pass 66,000 in China as residents in capital who flout new restrictions told they will be held accountable under the law

Beijing has ordered people returning to the city from holidays to quarantine themselves for 14 days to try to contain the coronavirus spread, as the death toll in China from the outbreak passed 1,500.

On Saturday, the countrys National Health Commission said 2,641 new cases were confirmed in the previous 24 hours, taking the total number of confirmed infections across mainland China to 66,492. There were also 143 deaths in the 24 hours to midnight on Friday, taking total fatalities from the virus to 1,523.

The official Beijing Daily newspaper said people failing to obey government orders to quarantine themselves on return from the holidays would be punished. But it was not immediately clear how that would be enforced, or whether the restrictions would apply to non-residents or foreigners arriving from abroad.

Beijing has a population of more than 20 million people and the annual National Peoples Congress, where thousands of Communist Party delegates pour into the city, is due to start on 5 March.

Global Times (@globaltimesnews)

Beijing city is intensifyng virus fight, ordering all Beijing-based work units to ensure “zero infections” as the city faces a challenge of rising arrivals of migrant workers. The capital city enacted a law Friday all people coming to Beijing must be quarantined for 14 days.

February 15, 2020

From now on, all those who have returned to Beijing should stay at home or submit to group observation for 14 days after arriving, Beijings virus prevention working group said in a notice cited by the Beijing Daily.

Those who refuse to accept home or centralised observation and other prevention and control measures will be held accountable under the law, it said.

A Chinese worker wears a protective mask and goggles as he cleans and disinfects machines at a nearly empty subway station during rush hour in Beijing. Photograph: Kevin Frayer/Getty Images

A National Health Commission official Liang Wannian told a news conference the government would continue to try to contain the spread of virus in the city of Wuhan in Hubei province the centre of the outbreak. The commission was focused on lowering the fatality rate and reducing the infection rate, Liang said.

The number of deaths in Hubei rose by 139 as of Friday, with 107 of those in Wuhan. A total of 1,123 people in Wuhan had died from the coronavirus.

Wang Hesheng, the new head of Hubeis Health Commission, vowed to find and treat everyone affected by the virus, the state-run Global Times said.

Wang was one of several high-level appointees flown in to Hubei province in the past week to take over from sacked local officials. It followed public anger over the death in Wuhan of whistleblower doctor, Li Wenliang, who succumbed to the virus.

China has been struggling to get the worlds second largest economy going after the lunar new year holiday, which was extended by 10 days to help contain the virus. The Global Times reported that Chinas banks have offered $77bn in lines of credit to help combat the epidemic. The central government has also pumped tens of billions into the countrys financial system.

A man wearing a face mask walks his dog in Beijing. Photograph: STR/AFP via Getty Images

Meanwhile the White House economics advisor, Larry Kudlow, said he expected the virus to maybe knock 0.2-0.3% off the US GDP in the first quarter.

The number of trade fairs, sports events and industry conferences in China and overseas that have been affected by the spread of the virus continued to increase.

International Business Machines Corp (IBM) said on Friday it had canceled its participation in the RSA cyber security conference in San Francisco at the end of February due to coronavirus-related concerns.

Earlier, Facebook said it had cancelled its global marketing summit scheduled for next month, also in San Francisco, over worry about the same risks.

The Mobile World Congress (MWC), the annual telecoms industry gathering in Barcelona, was also cancelled after a mass exodus by exhibitors linked to the coronavirus.

Organisers of next weeks gymnastics World Cup in Melbourne said on Saturday the entire Chinese team had pulled out due to travel restrictions.

A top Chinese official, in an interview with Reuters, acknowledged that the coronavirus was a huge challenge, but defended the governments management of the epidemic and lashed out at the overreaction of some countries.

State Councillor Wang Yi, who also serves as Chinas foreign minister, said China had taken decisive measures to fight the epidemic, many going beyond international health regulations and World Health Organization (WHO) recommendations.

Through our efforts the epidemic is overall under control, he said.

Outside mainland China, there have been nearly 450 cases in some 28 countries and territories, and three deaths. Japan confirmed its first coronavirus death on Thursday.

One person has died in Hong Kong and one in the Philippines.

The virus is killing about 2% of those infected, but has spread faster than other respiratory viruses that emerged this century.

A WHO-led joint mission with China will start its outbreak investigation work this weekend, focusing on how the new coronavirus is spreading and its severity, WHO chief Tedros Adhanom Ghebreyesus said.

Reuters contributed to this report

Read more:

Continue Reading

Cyber Security

Security News This Week: The ‘Robo Revenge’ App Makes It Easy to Sue Robocallers



Just when you thought the catastrophic Equifax breach was entirely in the rearview, the Department of Justice this week charged four Chinese military hackers with the theft. That's 147.9 million people's Social Security numbers and other personal information in China's hands. Add it to the compromises of the Office of Personnel Management, Anthem, and Marriott—all also linked to China—and it's clear that the country has amassed an unprecedented trove of data that it can use for intelligence purposes for years to come.

In other international law enforcement news, the DoJ also alleged that Huawei perpetrated years of rampant intellectual property theft. We also took a look at the real reason the US is so afraid of Huawei creating potential backdoors: American intelligence agencies have a long history of doing that very thing.

With all that alleged geopolitical hacking afoot, it's a good thing that Google this week announced that it would give away security keys to campaigns for free, as well as tutorials on how to actually use them. Those campaigns should also consider reading our guide to sending files securely online; if you want end-to-end encryption, Firefox Send is a good place to start.

In domestic news, the US Department of Homeland Security is apparently buying up cell phone location data to boost its immigration enforcement. While that might raise your hackles, it also raises interesting questions about digital privacy, especially in light of the Supreme Court's decision in Carpenter v. United States two years ago that limited the use of cell site data by law enforcement. Also interested in tracking: Conservative news sites, which plant far more cookies in your browser than their liberal counterparts do. Meanwhile, security researchers found a series of serious flaws in the Voatz voting app, although the company denies that they could have led to vote manipulation.

Finally, if you're not using encrypted messaging app Signal yet, now's the time to start. The company has put a $50 million infusion towards building out features that make it not just secure, but accessible to normals.

The good people at DoNotPay have previously automated the arduous processes of fighting parking tickets and canceling subscriptions. This week, they added robocalls to their target list with Robo Revenge, a sort of digital sting operation. Robo Revenge generates a burner credit card number to give to the scammer on the other end of the line, who'll give up their contact information as part of the transaction. The service will then automatically create legal documents and provide instructions on how to sue the unwanted caller for up to $3,000. Instead of feeling helplessly bombarded by calls, you can finally fight back. You can access Robo Revenge now through DoNotPay's website or app.

In what appears to be a first, the Department of Justice arrested an Ohio man in connection with a cryptocurrency laundering scheme. Larry Harmon allegedly ran Helix, a bitcoin mixer that operated on the dark web, concealing the origins of hundreds of millions of dollars' worth of illicit transactions. Take it as another in a series of reminders that cryptocurrency transactions aren't nearly as private as you might think.

The FIDO Alliance wants to kill passwords. The consortium focuses on promoting and developing other forms of authentication that aren't quite so problematic. To do that effectively, it needs the buy-in of all the major tech companies, which it pretty much had with the exception of Apple. Good news! The Cupertino holdouts officially signed on this week, meaning you can expect FIDO's seamless logins to eventually work across whatever devices you happen to own.

By now you hopefully understand that Macs do indeed get malware. In fact, according to new research from security firm Malwarebytes, Macs saw more malware threats per device than their PC counterparts in 2019, and was up 400 percent year over year. The good news—or maybe we should just say better news—is that most of that malware is adware, which is annoying but relatively harmless compared to ransomware and other ills. Still, remember that just because you're on an Apple device doesn't mean you can go around clicking shady links with impunity.

Read more:

Continue Reading

Cyber Security

Incident Of The Week: Quaker Steak & Lube Alerts Customers To Payment Card Incid…



The independent owners and operators of several Quaker Steak & Lube casual dining restaurants have disclosed that customer payment card data was sent to an unauthorized source due to malware infecting the stores’ retail point-of-sale (POS) terminals over weeks to months during 2019.

Quaker Steak & Lube is a casual dining restaurant chain based in Sharon, Pennsylvania known for its chicken wings and variety of sauces. The company has 42 stores located in Florida, Indiana, Iowa, Kentucky, Louisiana, New Jersey, Ohio, Pennsylvania, South Carolina, Tennessee, Virginia and West Virginia. The company was acquired out of bankruptcy in 2015 by TravelCenters of America (T/A).

Franchise Locations Hit With Retail POS Malware

At the time of publication, 7 independently owned and operated Quaker Steak & Lube locations has issued breach disclosures. All seven locations stated that their payment card terminals were infected with malware that captured customer data, though the start and end dates varied:

Store Location

Infected POS Dates

Bloomsburg, PA

February 14, 2019 and September 6, 2019

Charleston, WV

February 14, 2019 and August 19, 2019

York, PA

June 14, 2019 and August 5, 2019

State College, PA

June 14, 2019 and August 5, 2019

Canton, OH

June 14, 2019 and August 23, 2019

Mentor, OH

July 2, 2019 and July 10, 2019

Columbus, OH

July 4, 2019 and September 6, 2019

See Related: Incident Of The Week UPDATE: Wawa Customer Payment Card Data Found on Dark Web

Remotely Accessed POS Management System Presumed To Be Vulnerability

All of the notifications point back to a common POS system managed by Midwest POS Solutions. The store owners were alerted to unusual activity relating to payment cards that may have been used at these restaurant locations and began working with third-party forensic investigators to investigate the report.

Through the investigations, it was discovered that payment card information may have been accessed as a result of the installation of malicious software on the POS system utilized at these restaurants. It was further determined that Midwest POS credentials were used to remotely access the POS system at this location, which allowed an unauthorized actor to deploy the malicious software into the point of sale system.

See Related: Incident Of The Week: Leak Discloses UN Data Breach From 2019

Information Involved In Data Incident; Incident Response Efforts

The investigations determined that payment card information such as name, card number, expiration date, and/or CVV (magnetic stripe track data) that were used at the restaurants in the disclosed periods may have been involved in this incident.

The store owners worked with multiple forensic investigative firms to conduct investigations into this incident and to assist in remediation efforts. The owners have also deployed tools to contain, disable, and remove any malware that may have been installed on its restaurant systems and enhanced existing security measures to reduce the likelihood of future incidents.

See Related: All Incident Of The Week Reports


Continue Reading