Salted Hash has followed the extortion attempts from a group of scammers overseas who are targeting the leaked Ashley Madison email list. Most of the emails threaten exposure, but others threatened DDoS as well as offered help collecting government aid.
Following the money, the group has earned more than $20,000 off the scam, and their emails are still going out. Here's a brief overview of the scams, and the other technical data for anyone wishing to research further. The first email from the group hit a catch-all address used by Salted Hash. However, it was one of the addresses used by this blog in 2014 to investigate extortion claims against Ashley Madison.Read more
We've reached a point that security researchers have long warned is coming: insecure embedded devices connected to the Internet are routinely being hacked and used in attacks.
The latest example is a distributed denial-of-service attack detected recently by security firm Imperva. It was a traditional HTTP flood aimed at overloading a resource on a cloud service, but the malicious requests came from surveillance cameras protecting businesses around the world instead of a typical computer botnet. The attack peaked at 20,000 requests per second and originated from around 900 closed-circuit television cameras.Read more
Cyber-attackers have taken down the website of the National Crime Agency in apparent revenge for arrests made last week. The NCA website was temporarily down, four days after six teenagers were released on bail on suspicion of using hacking group Lizard Squad’s cyberattack tool to target websites and services.
The six suspects are accused of usinga tool that bombards websites and services with bogus traffic to attack a national newspaper, a school, gaming companies and a number of online retailers. The NCA is the latest body to fall foul of what is called a Distributed Denial of Service attack, stopping real visitors from reaching the site.Read more
The frequency of distributed denial of service attacks continued to rise during the second quarter of 2015, doubling year-on-year for the third quarter in succession as instances of “mega attacks” also became more common.
Akamai’s Security State of the Internet report found that although such assaults are becoming less powerful but longer, there were 12 attacks peaking at more than 100Gbps, a 100 percent year on year rise, and five that peaked at more than 50 million packets per second. Many of the attacks used Simple Service Discovery Protocol, a common protocol enabled by default on millions of home and office devices.Read more
Some of the most widely used BitTorrent applications, including uTorrent, Mainline, and Vuze are also the most vulnerable to a newly discovered form of denial of service attack that makes it easy for a single person to bring down large sites.
The distributed reflective DoS attacks exploit weaknesses found in the open BitTorrent protocol, which millions of people rely on to exchange files over the Internet. But it turns out that features found uTorrent, Mainline, and Vuze make them especially suitable for the technique. DRDoS allows a single BitTorrent user with only modest amounts of bandwidth to send malformed requests to other BitTorrent users.Read more
The US FBI just released a public service announcement to the public about a large number of websites being exploited and compromised through WordPress plugin vulnerabilities.
The defacements have affected Web site operations and the communication platforms and a variety of other domestic and international Web sites. Although the defacements demonstrate low-level hacking sophistication, they are disruptive and often costly in terms of lost business revenue and expenditures on technical services to repair infected computer systems. The FBI explained what happens when a site gets compromised.Read more
IBM Security has identified an active campaign using a variant of Dyre malware that has successfully stolen more than $1 million from targeted enterprise organizations. The campaign shows a brazen twist from the once-simple Dyre malware by adding sophisticated social engineering tactics likely to circumvent two-factor authentication.
In recent incidents, organizations have lost millions to attackers. While many popular banking Trojans have targeted individuals, Dyre has always been used to target organizations. Dyre has evolved to become simultaneously sophisticated and easy to use.Read more
A popular coding website of the USA is enduring an onslaught of Internet traffic meant for China’s most popular search engine, and security experts say the episode likely represents an attempt by China to shut down anticensorship tools.
The attack on a service world-wide software development used by programmers and major tech firms appears to underscore how China’s Internet censors increasingly reach outside the country to clamp down on content they find objectionable. Security experts said the traffic onslaught directed huge amounts of traffic from overseas users of Chinese search giant Baidu Inc. to GitHub.Read more
DDoS attack on the online resource of the company entails the loss of thousands of dollars depending on the size of the company – these data were obtained during the survey conducted by Kaspersky Lab and B2B International.
Costs associated with the elimination of the consequences of attacks are also added reputational losses and costs caused by the inaccessibility of public online resource for partners and customers. Designed by experts losses include several articles. In an average amount of damage from DDoS attacks have included the cost of elimination of the incident consequences.Read more