The Hacker News Logo
Subscribe to Newsletter
CrowdSec

The Hacker News - Cybersecurity News and Analysis: ddos attack

Cloudflare Saw Record-Breaking DDoS Attack Peaking at 26 Million Request Per Second

Cloudflare Saw Record-Breaking DDoS Attack Peaking at 26 Million Request Per Second

June 14, 2022Ravie Lakshmanan
Cloudflare on Tuesday disclosed that it had acted to prevent a record-setting 26 million request per second (RPS) distributed denial-of-service (DDoS) attack last week, making it the largest HTTPS DDoS attack detected to date. The web performance and security company said the attack was directed against an unnamed customer website using its Free plan and emanated from a "powerful" botnet of 5,067 devices, with each node generating approximately 5,200 RPS at peak. The botnet is said to have created a flood of more than 212 million HTTPS requests within less than 30 seconds from over 1,500 networks in 121 countries, including Indonesia, the U.S., Brazil, Russia, and India. Roughly 3% of the attack came through Tor nodes. The attack "originated mostly from Cloud Service Providers as opposed to Residential Internet Service Providers, indicating the use of hijacked virtual machines and powerful servers to generate the attack — as opposed to much weaker Internet of Things
Fronton: Russian IoT Botnet Designed to Run Social Media Disinformation Campaigns

Fronton: Russian IoT Botnet Designed to Run Social Media Disinformation Campaigns

May 23, 2022Ravie Lakshmanan
Fronton, a distributed denial-of-service (DDoS) botnet that came to light in March 2020, is much more powerful than previously thought, per the latest research. "Fronton is a system developed for coordinated inauthentic behavior on a massive scale," threat intelligence firm Nisos said in a  report  published last week. "This system includes a web-based dashboard known as SANA that enables a user to formulate and deploy trending social media events en masse. The system creates these events that it refers to as Инфоповоды, 'newsbreaks,' utilizing the botnet as a geographically distributed transport." The existence of Fronton, an IoT botnet, became public knowledge following revelations from  BBC Russia  and  ZDNet  in March 2020 after a Russian hacker group known as Digital Revolution published documents that it claimed were obtained after breaking into a subcontractor to the FSB, the Federal Security Service of the Russian Federation. Further investigat
Microsoft Warns Rise in XorDdos Malware Targeting Linux Devices

Microsoft Warns Rise in XorDdos Malware Targeting Linux Devices

May 20, 2022Ravie Lakshmanan
A Linux botnet malware known as XorDdos has witnessed a 254% surge in activity over the last six months, according to latest research from Microsoft. The trojan, so named for carrying out denial-of-service attacks on Linux systems and its use of XOR-based encryption for communications with its command-and-control (C2) server, is  known  to have been  active  since at least 2014. "XorDdos' modular nature provides attackers with a versatile trojan capable of infecting a variety of Linux system architectures," Ratnesh Pandey, Yevgeny Kulakov, and Jonathan Bar Or of the Microsoft 365 Defender Research Team  said  in an exhaustive deep-dive of the malware. "Its SSH brute-force attacks are a relatively simple yet effective technique for gaining root access over a number of potential targets." Remote control over vulnerable IoT and other internet-connected devices is gained by means of secure shell (SSH) brute-force attacks, enabling the malware to form a botnet
Cloudflare Thwarts Record DDoS Attack Peaking at 15 Million Requests Per Second

Cloudflare Thwarts Record DDoS Attack Peaking at 15 Million Requests Per Second

April 27, 2022Ravie Lakshmanan
Cloudflare on Wednesday disclosed that it acted to mitigate a 15.3 million request-per-second (RPS) distributed denial-of-service (DDoS) attack. The web infrastructure and website security company called it one of the "largest HTTPS DDoS attacks on record."  "HTTPS DDoS attacks are more expensive in terms of required computational resources because of the higher cost of establishing a secure TLS encrypted connection," Cloudflare's Omer Yoachimik and Julien Desgats  said . "Therefore it costs the attacker more to launch the attack, and for the victim to mitigate it." The volumetric DDoS attack is said to have lasted less than 15 seconds and targeted an unnamed Cloudflare customer operating a crypto launchpad.  Volumetric DDoS attacks are designed to overwhelm a target network/service with significantly high volumes of malicious traffic, which typically originate from a botnet under a threat actor's control. Cloudflare said the latest attack w
Massive DDoS Attack Knocked Israeli Government Websites Offline

Massive DDoS Attack Knocked Israeli Government Websites Offline

March 15, 2022Ravie Lakshmanan
A number of websites belonging to the Israeli government were felled in a distributed denial-of-service ( DDoS ) attack on Monday, rendering the portals inaccessible for a short period of time. "In the past few hours, a DDoS attack against a communications provider was identified," the Israel National Cyber Directorate (INCD)  said  in a tweet. "As a result, access to several websites, among them government websites, was denied for a short time. As of now, all of the websites have returned to normal activity." A distributed denial-of-service attack is a malicious attempt to hamper the normal traffic of a targeted server or service by overwhelming the victim and its surrounding infrastructure with a flood of junk internet traffic by leveraging compromised computers and IoT devices as sources of attack traffic. The development comes after internet watchdog NetBlocks  reported  "significant disruptions" registered on multiple networks supplied by Israel&
Hackers Abuse Mitel Devices to Amplify DDoS Attacks by 4 Billion Times

Hackers Abuse Mitel Devices to Amplify DDoS Attacks by 4 Billion Times

March 09, 2022Ravie Lakshmanan
Threat actors have been observed abusing a high-impact reflection/amplification method to stage sustained distributed denial-of-service (DDoS) attacks for up to 14 hours with a record-breaking amplification ratio of 4,294,967,296 to 1. The attack vector – dubbed TP240PhoneHome ( CVE-2022-26143 ) – has been weaponized to launch significant DDoS attacks targeting broadband access ISPs, financial institutions, logistics companies, gaming firms, and other organizations. "Approximately 2,600 Mitel MiCollab and MiVoice Business Express collaboration systems acting as PBX-to-Internet gateways were incorrectly deployed with an abusable system test facility exposed to the public Internet," Akamai researcher Chad Seaman said in a joint advisory . "Attackers were actively leveraging these systems to launch reflection/amplification DDoS attacks of more than 53 million packets per second (PPS)." DDoS reflection attacks typically involve spoofing the IP address of a vic
Imperva Thwarts 2.5 Million RPS Ransom DDoS Extortion Attacks

Imperva Thwarts 2.5 Million RPS Ransom DDoS Extortion Attacks

March 04, 2022Ravie Lakshmanan
Cybersecurity company Imperva on Friday said it recently mitigated a ransom distributed denial-of-service (DDoS) attack targeting an unnamed website that peaked at 2.5 million requests per second (RPS). "While ransom DDoS attacks are not new, they appear to be evolving and becoming more interesting with time and with each new phase," Nelli Klepfish, security analyst at Imperva,  said . "For example, we've seen instances where the ransom note is included in the attack itself embedded into a URL request." The top sources of the attacks came from Indonesia, followed by the U.S., China, Brazil, India, Colombia, Russia, Thailand, Mexico, and Argentina. Distributed denial-of-service (DDoS) attacks are a subcategory of denial-of-service (DoS) attacks in which an army of connected online devices, known as a botnet, is used to overwhelm a target website with fake traffic in an attempt to render it unavailable to legitimate users. The California-headquartered firm s
Russia Releases List of IPs, Domains Attacking Its Infrastructure with DDoS Attacks

Russia Releases List of IPs, Domains Attacking Its Infrastructure with DDoS Attacks

March 03, 2022Ravie Lakshmanan
As the ongoing Russia-Ukraine conflict continues to escalate, the Russian government on Thursday  released  a massive list containing 17,576 IP addresses and 166 domains that it said are behind a series of distributed denial-of-service (DDoS) attacks aimed at its domestic infrastructure. Some of the noticeable domains in the listing released by Russia's National Coordination Center for Computer Incidents (NCCCI) included the U.S. Federal Bureau of Investigation (FBI), Central Intelligence Agency (CIA), and websites of several media publications such as the USA Today, 24News.ge, megatv.ge, and Ukraine's Korrespondent magazine. As part of its recommendations to counter the DDoS attacks, the agency is urging organizations to ringfence network devices, enable logging, change passwords associated with key infrastructure elements, turn off automatic software updates, disable third-party plugins on websites, enforce data backups, and watch out for phishing attacks. "Use Russ
Hackers Begin Weaponizing TCP Middlebox Reflection for Amplified DDoS Attacks

Hackers Begin Weaponizing TCP Middlebox Reflection for Amplified DDoS Attacks

March 02, 2022Ravie Lakshmanan
Distributed denial-of-service (DDoS) attacks leveraging a new amplification technique called TCP Middlebox Reflection have been detected for the first time in the wild, six months after the novel attack mechanism was presented in theory. "The attack […] abuses vulnerable firewalls and content filtering systems to reflect and amplify TCP traffic to a victim machine, creating a powerful DDoS attack," Akamai researchers  said  in a report published Tuesday. "This type of attack dangerously lowers the bar for DDoS attacks, as the attacker needs as little as 1/75th (in some cases) the amount of bandwidth from a volumetric standpoint," the researchers added. A distributed reflective denial-of-service ( DRDoS ) is a form of distributed denial-of-service (DDoS) attack that relies on publicly accessible UDP servers and bandwidth amplification factors (BAFs) to overwhelm a victim's system with a high volume of UDP responses. In these attacks, the adversary sends a
A Free Solution to Protect Your Business from 6 Biggest Cyber Threats in 2022

A Free Solution to Protect Your Business from 6 Biggest Cyber Threats in 2022

February 21, 2022The Hacker News
For the last few years, the cybersecurity threat landscape has gotten progressively more complex and dangerous. The online world is now rife with data thieves, extortionists, and even state actors looking to exploit vulnerabilities in businesses' digital defenses.  And unfortunately — the bad guys have the upper hand at the moment. Part of the reason for that is the fallout from the rapid digitization made necessary by the COVID-19 pandemic. According to research on the subject,  more than half of businesses  have yet to mitigate the risks created by that digitization. And when you add a persistent shortage of cybersecurity workers to that fact, you have the makings of a scary situation. But businesses aren't helpless. There are plenty of things they can do to augment their defenses as they look to mitigate cyber risks. And best of all, some of those options won't cost them a thing. A great example of that is the open-source security platform  Wazuh . It offers busines
Reasons Why Every Business is a Target of DDoS Attacks

Reasons Why Every Business is a Target of DDoS Attacks

January 31, 2022The Hacker News
DDoS (Distributed Denial of Service) attacks are making headlines almost every day.  2021 saw a 434%  upsurge in DDoS attacks, 5.5 times higher than 2020.  Q3 2021 saw a 24%  increase in the number of DDoS attacks in comparison to Q3 2020.  Advanced DDoS attacks that are typically targeted, known as smart attacks, rose by 31% in the same period. Further,  73% of DDoS attacks  in Q3 2021 were multi-vector attacks that combined multiple techniques to attack the targeted systems. The largest percentage of DDoS targets (40.8%) was in the US Banks, and financial institutions were the biggest DDoS and DoS attack targets in the past couple of years.  Does this mean businesses and organizations that aren't in the banking and financial services sector are safe from  DDoS attacks ? Most definitely not! Every business is a potential DDoS target. Read on to know why and what measures to take to keep your business effectively protected.  Common DDoS Targets Even though every business can be ta
Microsoft Mitigated Record-Breaking 3.47 Tbps DDoS Attack on Azure Customers

Microsoft Mitigated Record-Breaking 3.47 Tbps DDoS Attack on Azure Customers

January 27, 2022Ravie Lakshmanan
Microsoft this week revealed that it had fended off a record number of distributed denial-of-service (DDoS) attacks aimed at its customers in 2021, three of which surpassed 2.4 terabit per second (Tbps). One of the DDoS attacks took place in November, targeting an unnamed Azure customer in Asia and lasted a total of 15 minutes. It hit a peak throughput of 3.47 Tbps and a packet rate of 340 million packets per second (pps), making it the largest attack ever reported in history. "This was a distributed attack originating from approximately 10,000 sources and from multiple countries across the globe, including the United States, China, South Korea, Russia, Thailand, India, Vietnam, Iran, Indonesia, and Taiwan," Alethea Toh, product manager of Azure Networking,  said . DDoS attacks occur when several compromised devices are employed as a conduit to overwhelm a targeted server, service, or network with a flood of internet traffic with the goal of overloading the systems and d
Microsoft Fended Off a Record 2.4 Tbps DDoS Attack Targeting Azure Customers

Microsoft Fended Off a Record 2.4 Tbps DDoS Attack Targeting Azure Customers

October 12, 2021Ravie Lakshmanan
Microsoft on Monday revealed that its Azure cloud platform mitigated a 2.4 Tbps distributed denial-of-service (DDoS) attack in the last week of August targeting an unnamed customer in Europe, surpassing a  2.3 Tbps attack  stopped by Amazon Web Services in February 2020. "This is 140 percent higher than  2020's 1 Tbps attack  and higher than any network volumetric event previously detected on Azure," Amir Dahan, senior program manager for Azure Networking,  said  in a post, calling it a " UDP reflection " lasting for about 10 minutes. Reflected amplification attacks are a type of denial of service attacks wherein a threat actor takes advantage of the connectionless nature of UDP protocol with spoofed requests so as to overwhelm a target server or network with a flood of packets, causing disruption or rendering the server and its surrounding infrastructure unavailable. The attack is said to have originated from a botnet of approximately 70,000 compromised d
Mēris Botnet Hit Russia's Yandex With Massive 22 Million RPS DDoS Attack

Mēris Botnet Hit Russia's Yandex With Massive 22 Million RPS DDoS Attack

September 11, 2021Ravie Lakshmanan
Russian internet giant Yandex has been the target of a record-breaking distributed denial-of-service (DDoS) attack by a new botnet called Mēris. The botnet is believed to have pummeled the company's web infrastructure with millions of HTTP requests, before hitting a peak of 21.8 million requests per second (RPS), dwarfing a recent botnet-powered attack that came to light last month,  bombarding  an unnamed Cloudflare customer in the financial industry with 17.2 million RPS. Russian DDoS mitigation service Qrator Labs, which disclosed details of the attack on Thursday, called  Mēris  — meaning "Plague" in the Latvian language — a "botnet of a new kind."  "It is also clear that this particular botnet is still growing. There is a suggestion that the botnet could grow in force through password brute-forcing, although we tend to neglect that as a slight possibility. That looks like some vulnerability that was either kept secret before the massive campaign&#
Cloudflare mitigated one of the largest DDoS attack involving 17.2 million rps

Cloudflare mitigated one of the largest DDoS attack involving 17.2 million rps

August 20, 2021Ravie Lakshmanan
Web infrastructure and website security company Cloudflare on Thursday disclosed that it mitigated the largest ever volumetric distributed denial of service (DDoS) attack recorded to date. The attack, launched via a Mirai botnet, is said to have targeted an unnamed customer in the financial industry last month. "Within seconds, the botnet bombarded the Cloudflare edge with over 330 million attack requests," the company  noted , at one point reaching a record high of 17.2 million requests-per-second (rps), making it three times bigger than previously reported HTTP DDoS attacks. Volumetric DDoS attacks are designed to target a specific network with an intention to overwhelm its bandwidth capacity and often utilize  reflective amplification techniques  to scale their attack and cause as much operational disruption as possible. They also typically originate from a network of malware-infected systems — consisting of computers, servers, and IoT devices — enabling threat actors
Attackers Can Weaponize Firewalls and Middleboxes for Amplified DDoS Attacks

Attackers Can Weaponize Firewalls and Middleboxes for Amplified DDoS Attacks

August 16, 2021Ravie Lakshmanan
Weaknesses in the implementation of TCP protocol in  middleboxes  and censorship infrastructure could be weaponized as a vector to stage reflected denial of service (DoS) amplification attacks against any target, surpassing many of the existing UDP-based amplification factors to date. Detailed by a group of academics from the University of Maryland and the University of Colorado Boulder at the USENIX Security Symposium, the volumetric attacks take advantage of TCP-non-compliance in-network middleboxes — such as firewalls, intrusion prevention systems, and deep packet inspection (DPI) boxes — to amplify network traffic, with hundreds of thousands of IP addresses offering  amplification factors  exceeding those from DNS, NTP, and Memcached. The research, which received a Distinguished Paper Award at the conference, is the first of its kind to describe a technique to carry out DDoS reflected amplification attacks over the TCP protocol by abusing middlebox misconfigurations in the wild
New Mirai-Inspired Botnet Could Be Using Your KGUARD DVRs in Cyber Attacks

New Mirai-Inspired Botnet Could Be Using Your KGUARD DVRs in Cyber Attacks

July 02, 2021Ravie Lakshmanan
Cybersecurity researchers on Thursday revealed details about a new Mirai-inspired botnet called "mirai_ptea" that leverages an undisclosed vulnerability in digital video recorders (DVR) provided by KGUARD to propagate and carry out distributed denial-of-service (DDoS) attacks. Chinese security firm Netlab 360  pinned  the first probe against the flaw on March 23, 2021, before it detected active exploitation attempts by the botnet on June 22, 2021. The Mirai botnet, since  emerging on the scene  in 2016, has been linked to a string of large-scale DDoS attacks, including one against  DNS service provider Dyn  in October 2016, causing major internet platforms and services to remain inaccessible to users in Europe and North America. Since then,  numerous   variants  of  Mirai  have  sprung up  on the threat landscape, in part due to the availability of its source code on the Internet. Mirai_ptea is no exception. Not much has been disclosed about the security flaw in an att
Rising Demand for DDoS Protection Software Market By 2020-2028

Rising Demand for DDoS Protection Software Market By 2020-2028

March 15, 2021The Hacker News
Distributed Denial of Service (DDoS) attack is a malicious form of attack that disrupts the regular network traffic by overwhelming the website with more traffic than the server can handle. The main aim of this kind of cyberattack is to render the website inoperable. Over recent years, these kinds of attacks are increasing, fueling the demand for the  best DDoS protection  software solutions. Many unplanned data center outages are owing to DDoS attacks. The threat of DDoS is due to access to easy-to-use tools and the profit potential through extortion.  The attacks target businesses directly, leading to substantial financial and personal losses, making it critical to have robust DDoS protection software solutions in place. According to the report of  Market Research Inc , the DDoS protection Software Market is predicted to reach +14% CAGR by 2020 – 2028.  Important Statistics to illustrate the growing demand for DDoS Software Solutions Demand for the DDoS software market is on th
Online Courses and Software

Sign up for cybersecurity newsletter and get latest news updates delivered straight to your inbox daily.