Posts Tagged ‘DDoS-attacks’

 Wordpress Vulnerability5 days ago on the Internet appeared malicious script that exploits vulnerabilities in WordPress Pingback API for DDoS-attacks.

Experts note that by accessing the WordPress XMLRPC API, using the file xmlrpc.php, attackers can not only use it for DDoS-attacks, but also to learn whether a host on the internal network, scan ports hosts inside the network, and even change setting Internal marshrutizatora.Po experts, at the moment the only solution for users who want to protect your site from malicious script that exploits vulnerabilities in WordPress Pingback API, rename or delete the file xmlrpc.php.

For the first time this vulnerability WordPress developers reported 6 years ago, but then did not take these messages seriously, citing the fact that there are so many ways to spend a DDoS-attack on the sites created on WordPress, as well, and how to combat them.

Kaspersky Lab logoAccording to anti-virus experts ‘Kaspersky Lab’, the upcoming 2013 promises increase in targeted attacks and attacks sponsored by government agencies.

On the eve of ‘Kaspersky Lab’ has published its list of predictions for 2013, saying that he expects growth of attacks on critical infrastructure, and cases of theft of sensitive data as the authorities of different countries, and at the business user.

“We expect that the number of cyber campaigns in 2013 will increase further. Easy to read headlines computer press to understand that now targeted attacks have become a real headache for big business, especially for what is associated with important infrastructure facilities” – the company says.

Antivirus company said that, in many cases, the purpose of attacks can become public facilities, such as transportation or housing facilities. In 2013, more countries will undertake the development of so-called cyber weapons aimed at the implementation of acts of espionage and sabotage systems. This will happen not only because of the fact that to create cyber weapons are much cheaper than the usual weapons, but also because the latest in modern conditions can be much more useful.

Also forecasts company said for 2013 includes growth hackers activity, in which organized DDoS-attacks on various government resources.

DDoS attack alertAccording to researchers of Group-IB, hackers even more often resort to more profitable types of fraud.

According to experts of the Group-IB company, DDoS-attack as the type of criminal earnings loses the popularity among hackers in favor of more profitable bank fraud.

Botnets, used by malefactors both for carrying out DDoS-attacks, and for a compromise of systems of the remote bank service (RBS), have identical structure, however it is possible to use them differently.

On stealing from DBS systems swindlers can earn to 26 million dollars a month. On DDoS-attacks — to 5 thousand dollars a week. Attack to Internet banking by it more favourably.

At the high income the special software used by malefactors, it is possible to update for his developers for a fee. such service can cost to 35 thousand dollars a month. (more…)

Hackers attackJanet Napolitano of the Representative office, said that a number of major U.S. financial institutions are actively tried discredit.

According to a leader of the Department of Homeland Security (DHS) U.S. Secretary Janet Napolitano, over the past few days by unknown hackers are actively trying to discredit a number of major financial institutions in the country. No details about security incidents Napolitano has not disclosed.

“Right now, financial institutions oppose attacks – quoted representatives of DHS publication The Hill. – We believe in it. I will not give you any secret information. I can only say that this is due to some of the largest institutions in the country. “

She also noted that the agency has experience in dealing with hackers, attacking in the last few years, the stock exchanges of the country. In addition, Napolitano said that in the case of the current incident hackers have managed to steal from the bank a certain amount of money. (more…)

Vulnerability

DDoS-attack

In the last quarter, had a chance to reflect Prolexic Technologies 7 DDoS-attack capacity of over 20 GB / s, directed to the resources of its customers. Some of them were conducted by hackers using php-bot itsoknoproblembro.

“Last year, DDoS-attack above 20 Gb / s was unthinkable, but now seen as commonplace,” – says (Stuart Scholly, President of Prolexic. – “For reference, in the business world, few people has a network infrastructure capable of supporting such traffic load.”

Although the intensity of DDoS-specific campaigns has increased, the number of attacks on Prolexic customer base decreased by 14% compared with the II quarter. However, the figure for the year nearly doubled. DDoS-speed traffic in July-September, an average of 4.9 Gb / s, which is 11% higher than in the previous quarter. The number of packets per second (pps), sent by bots continues to grow, and for 3 months increased by 33%, from 2.7 to 3.6 million. (more…)

Botnet or zombie network

Posted: October 17, 2012 in Glossary
Tags: , ,

BotnetBotnet or zombie network – a network of computers infected with malware that allows an attacker to remotely manage other people’s machines without the knowledge of their owners.

In recent years, botnets have become a stable source of income for cybercriminals. Consistently low costs and minimum knowledge needed to control the botnet, contribute to popularity, and with it the number of botnets. To DDoS-attacks or spam, carried by zombie networks, attackers and their customers earn thousands of dollars.

Botnets are created to make money. There are several areas of commercially viable applications of zombie networks: DDoS-attacks, collecting confidential information, spam, phishing, search engine spam, wrapping click-counters, etc. It should be noted that profit will be any direction, no matter what the attacker has chosen, and botnet can perform all of these activities simultaneously. (more…)