ddos attack | Breaking Cybersecurity News | The Hacker News

Hackers are leveraging large number of compromised machines (a botnet network) to carry out massive DNS Flood DDoS attack against a large Video Gaming Industry website, peaking above 110 Gbps. A US based security solutions provider Incapsula , is protecting a famous Video Gaming website from this high bandwidth DDoS attack from last 48 Hours and according to them, the attack is still continuing. Incapsula has not yet disclosed the name of the video gaming company. "The attack is still going on - that over 48 hours by now, from what I see it ain't gonna stop anytime soon ," Incapsula spokesperson wrote in an e-mail to The Hacker News. DDoS AT 90 MILLION PACKETS/SECOND The researchers at the security firm noticed a surge of massive DNS Flood DDoS attack on one of its clients, peaking at approximately 90 Mpps (Million Packets Per Second), which is really a very very big number. Majority number of attacking IP addresses belong to China and India. " Good reason to think

Hackers and cyber attacks are getting evil and worst nightmare for companies day-by-day. Just last week a group of hackers ruined the code-hosting and software collaboration platform, ' Code Spaces ' by destroying their Amazon cloud server, complete data and its backup files too. Recently, the largest ever and most severe Distributed Denial of Service (DDoS) attacks in the history of the Internet has been recorded that hit the online democracy poll promoting opinion on the upcoming Hong Kong elections. PopVote , an online mock election operated by The University of Hong Kong's Public Opinion Program, by Saturday recorded more than half a million votes in less than 30 hours in the unofficial referendum that provided permanent residents of Hong Kong to choose their preferred political representatives, that is suppose to be continued until June 29. However, the Chief Executive is officially chosen by a 1,200-member Election Committee under the current political system and drawn largel

It comes as no surprise that today's cyber threats are orders of magnitude more complex than those of the past. And the ever-evolving tactics that attackers use demand the adoption of better, more holistic and consolidated ways to meet this non-stop challenge. Security teams constantly look for ways to reduce risk while improving security posture, but many approaches offer piecemeal solutions – zeroing in on one particular element of the evolving threat landscape challenge – missing the forest for the trees.  In the last few years, Exposure Management has become known as a comprehensive way of reigning in the chaos, giving organizations a true fighting chance to reduce risk and improve posture. In this article I'll cover what Exposure Management is, how it stacks up against some alternative approaches and why building an Exposure Management program should be on  your 2024 to-do list. What is Exposure Management?  Exposure Management is the systematic identification, evaluation,

Code Spaces , a code-hosting and software collaboration platform used by different organizations for project management and development needs, was forced to shut down operations after an attacker compromised its internal system and deleted its customer's data and backups as well. This is really a nightmare for the code-hosting company based in Coventry, UK that claimed to offer " Rock Solid, Secure and Affordable Svn Hosting, Git Hosting and Project Management. " Codespaces.com homepage shows a lengthy explanation on the attack and an apology from its customer. " Code Spaces will not be able to operate beyond this point, the cost of resolving this issue to date and the expected cost of refunding customers who have been left without the service they paid for will put Code Spaces in an irreversible position both financially and in terms of ongoing credibility, " read the note. " As such at this point in time we have no alternative but to cease trading and concentra

Yesterday, the most popular RSS reader Feedly was down as a result of a large scale distributed-denial-of service (DDoS) attack carried by the cybercriminals to extort money. On Wednesday, the Feedly was temporarily unavailable for its users. Feedly posted details of the attack at 5:00 AM ET on its blog saying that they were under a Distributed Denial of Service (DDoS) attack and cyber-criminals were demanding money in return for returning the service to its normal operations. " Criminals are attacking feedly with a distributed denial of service attack (DDoS). The attacker is trying to extort us money to make it stop, " Edwin Khodabakchian, founder and CEO of Feedly said in a statement on Wednesday. He also expressed regret, " We want to apologize for the inconvenience. Please know that you data is safe and you will be able to re-access your feedly as soon as the attack is neutralized. " Feedly is a very popular RSS feed service which is available for desktop, iOS and

The DDoS techniques have massively increased with the attackers becoming more skillful at working around the network security. A massive 300Gbps DDoS attack launched against Spamhaus website almost broke the Internet a year ago and also earlier this year, hackers have succeeded in reaching new heights of the massive DDoS attack targeting content-delivery and anti-DDoS protection firm CloudFlare, reaching more than 400Gbps at its peak of traffic. Akamai's Prolexic Security Engineering and Response Team (PLXsert) issued a threat advisory on Thursday reporting a significant surge in DDoS attacks last month abusing the Simple Network Management Protocol (SNMP) interface in network devices. Simple Network Management Protocol (SNMP) is a UDP-based protocol which is commonly known and often used to manage network devices. SNMP is typically used in devices such as printers, routers and firewalls that can be found in the home and enterprise environments as well. Just as D

On Friday, we reported about the large-scale operation of International raids launched by the FBI and other law enforcement officials in countries around the world to arrest the targeted customers of a popular Remote Administration Tool (RAT) called ' Blackshades ,' which is designed to take over the remote control of the infected computers and steal information. The news broke when various announcements on underground forums by hacking group members claimed that FBI especially going after all of them who purchased the hacking tool using PayPal as payment option. Today, the UK's National Crime Agency announced that the raids took place in more than 100 of countries and they have arrested more than 100 people worldwide involved in the purchasing, selling or using the Blackshades malware. More than half million computers in more than dozens of countries were infected by this sophisticated malware that has been sold on underground forums since at least 2010 to seve

Till Now the Internet was encountering the traditional Distributed Denial of Service (DDoS) attacks , where a large number of compromised systems use to flood servers with tremendous amount of bandwidth; but in past few months we have noticed massive change in the techniques of DDoS attack. Hackers are using creative, but evil DDoS techniques such as NTP and DNS Amplification DDoS attacks. Last month we have seen that how cybercriminals abused a vulnerability in one of the biggest Chinese video hosting website Sohu.com to convert their millions of visitors to participate into the Layer 7 (Application Layer) DDoS attack with 20 Million requests. According to the new report released by a US based security solutions provider Incapsula , another interesting DDoS attack activities have been noticed by the researchers in which an attacker abused two major anti-DDoS Service providers to perform massive DDoS attack on other websites. Its really EPIC that the services who should

Reading a 'Note' created by anyone on the Facebook could trick you automatically to do malicious attacks against others unknowingly. A Security researcher Chaman Thapa, also known as chr13 claims that the flaw resides in 'Notes' section of the most popular social networking site - Facebook, that could allow anyone to launch the distributed denial-of-service (DDoS) attack of more than 800 Mbps Bandwidth on any website. A Distributed Denial-of-Service (DDoS) attack is one in which multiple compromised systems attacks a single target system or service to make it unavailable to its intended users. The flood of incoming requests essentially forces the target system or service to shut down, thereby denying service to the system to its legitimate users. While demonstrating the vulnerability on his blog , he explained that Facebook allows its users to include tags inside the post in order to draft a note with beautiful related images from any source. Faceb

An application layer or 'layer 7' distributed denial of service ( DDoS ) attacks is one of the most complicated web attack that disguised to look like legitimate traffic but targets specific areas of a website, making it even more difficult to detect and mitigate. Just Yesterday Cloud-based security service provider ' Incapsula ' detected a unique application layer DDoS attack, carried out using traffic hijacking techniques. DDoS attack flooded one of their client with over 20 million GET requests, originating from browsers of over 22,000 Internet users. What makes this case especially interesting is the fact that the attack was enabled by persistent XSS vulnerability in one of the world's largest and most popular site - one of the domains on Alexa's " Top 50 " list. XSS  vulnerability  to Large-Scale DDoS Attack Incapsula has not disclosed the name of vulnerable website for security reasons, but mentioned it as a high profile video content provider

The Distributed Denial of Service (DDoS) attack is becoming more sophisticated and complex with the increase in the skills of attackers and so, has become one of favorite weapon for the cyber criminals to temporarily suspend or crash the services of a host connected to the Internet and till now nearly every big site had been a victim of this attack. Since 2013, Hackers have adopted new tactics to boost the sizes of Distributed Denial of Service ( DDoS ) attack known as ' Amplification Attack ', leveraging the weakness in the UDP protocols. One of the commonly used by hacker is (Domain Name System) DNS Reflection Denial of Service (DrDoS). WHAT IS DrDoS ATTACK? The DNS Reflection Denial of Service (DrDoS) technique exploits security weaknesses in the Domain Name System (DNS) Internet protocol. Using Internet protocol spoofing, the source address is set to that of the targeted victim, which means all the replies will go to the target and the target of the attack receives re

The Distributed Denial of Service ( DDoS ) attack has become more sophisticated and complex and therefore has become one of the favorite weapon for the cyber criminals to temporarily suspend the services of any host connected to the Internet and till now nearly every big site had been a victim of this attack, from WordPress to online game websites. According to the new report released by a US based security solutions provider  Incapsula , DDOS activities have become threefold since the start of the year 2013, pointing the key source of trash traffic to be the remotely controlled " zombie army " that can be used to flood various websites by DDoS attacks and other malicious activities. The report site as " DDOS Threat Landscape ", explains that almost one in every three DDoS attacks is above 20Gbps and 81% of attacks feature multiple vector threats. The attackers are becoming more skillful at working around the network security and reusing their DDOS Botnets to attack multi

DDoS attacks are a growing issue facing by governments and businesses. In a recent attack, thousands of legitimate WordPress websites have been hijacked by hackers, without the need for them to be compromised. Instead, the attackers took advantage of an existing WordPress vulnerability ( CVE-2013-0235 ) - " Pingback Denial of Service possibility ". According to security company Sucuri , in a recent amplification attack more than 162,000 legitimate Wordpress sites were abused to launch a large-scale distributed denial-of-service (DDoS) attack . The attack exploited an issue with the XML-RPC (XML remote procedure call) of the WordPress, use to provide services such as Pingbacks, trackbacks, which allows anyone to initiate a request from WordPress to an arbitrary site. The functionality should be used to generate cross references between blogs, but it can easily be used for a single machine to originate millions of requests from multiple locations. " Any

Currently there are more than Million people worldwide playing Windows Games, Computer Games and Online Video Games, at least an hour a day, but the gaming servers are often insecure and misconfigured. Yesterday, a popular multiplayer Free Online Game ' Wurm ' servers were knocked offline by Distributed Denial of Service (DDoS) attack. Servers were targeted shortly after its most recent update. The Online Game company announced a Bounty Reward of  €10,000  ($13,000) for information about the attacker involved in the recent DDOS attack .  As the gaming servers go down, the company will lose gamers, reputation and revenue. The Wurn Online Game developer said: " We can offer 10,000 Euro for any tips or evidence leading to a conviction of the person responsible for this attack. " Free Online Game service was already planning to change the server, but the DDoS attack made the gaming application offline for more than a day. " Shortly after todays update we wer

The Distributed Denial of Service (DDoS) attack is the one of favourite weapon for the hackers to temporarily suspend services of a host connected to the Internet and till now nearly every big site had been a victim of this attack. Since 2013, Hackers have adopted new tactics to boost Distributed Denial of Service attack sizes, which is known as ' Amplification Attack ', that provide the benefits of obscuring the source of the attack, while enabling the bandwidth to be used to multiply the size of the attack. Just yesterday, hackers have succeeded in reaching new heights of the massive DDoS attack targeting content-delivery and anti-DDoS protection firm CloudFlare , reaching more than 400Gbps at its peak of traffic, striking at the company's data servers in Europe. " Very big NTP reflection attack hitting us right now. Appears to be bigger than the #Spamhaus attack from last year. Mitigating ," CloudFlare CEO Matthew Price said in a tweet. " Someone's got a big, new can

Since 2011, the collective hacking group, Anonymous and LulzSec were targeting both Government and law-enforcement websites of U.S and UK, by their own DDoS attack tactics which they used to communicate and plan on Chat rooms known as IRCs, but British intelligence agency GCHQ used their own weapon against them. According to the recent Edward Snowden document, a division of Government Communications Headquarters (GCHQ), which is also very well known as the British counterpart of the NSA, had shut down communications among Anonymous hacktivists by launching a " denial of service " (DDOS) attacks, making the British government the first western government known to have conducted such an attack, NBC news reports . The same DDoS technique the hackers use to take down government, political and industry websites, including the Central Intelligence Agency (CIA), Federal bureau of Investigation (FBI), the Serious Organized Crime Agency (SOCA), Sony News International and Westbor

Have you given shed to Zombies in your house? No???? May be you have no idea about it. After Computers, Servers, Routers, Mobiles, Tablets…. Now its turn of your home appliances to be a weapon or a victim of cyber war. Recently Security Researchers from Proofpoint  found more than 100,000 Smart TVs, Refrigerator, and other smart household appliances compromised by hackers to send out 750,000 malicious spam emails. As the ' Internet of Things ' becoming smart and popular it became an easy weapon for cyber criminals to launch large scale of cyber attacks. " The attack that Proofpoint observed and profiled occurred between December 23, 2013 and January 6, 2014, and featured waves of malicious email, typically sent in bursts of 100,000, three times per day, targeting Enterprises and individuals worldwide." Previously, such attacks were only drafted theoretically by researchers, but this is the first such proven attack involved smart household appliances that are used as ' thingB