Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label DDoS. Show all posts
OpenAI
Anonymous Sudan ChatGPT Cyber Attacks DDoS DDOS Attack Hacktivists OpenAI

OpenAI Reveals ChatGPT is Being Attacked by DDoS


AI organization behind ChatGPT, OpenAI, has acknowledged that distributed denial of service (DDoS) assaults are to blame for the sporadic disruptions that have plagued its main generative AI product.

As per the developer’s status page, ChatGPT and its API have been experiencing "periodic outages" since November 8 at approximately noon PST.

According to the most recent update published on November 8 at 19.49 PST, OpenAI said, “We are dealing with periodic outages due to an abnormal traffic pattern reflective of a DDoS attack. We are continuing work to mitigate this.”

While the application seemed to have been operating normally, a user of the API reported seeing a "429 - Too Many Requests" error, which is consistent with OpenAI's diagnosis of DDoS as the cause of the issue.

Hacktivists Claim Responsibility 

Hacktivist group Anonymous Sudan took to Telegram, claiming responsibility of the attacks. 

The group claimed to have targeted OpenAI specifically because of its support for Israel, in addition to its stated goal of going against "any American company." The nation has recently been under heavy fire for bombing civilians in Palestine.

The partnership between OpenAI and the Israeli occupation state, as well as the CEO's declaration that he is willing to increase investment in Israel and his multiple meetings with Israeli authorities, including Netanyahu, were mentioned in the statement.

Additionally, it asserted that “AI is now being used in the development of weapons and by intelligence agencies like Mossad” and that “Israel is using ChatGPT to oppress the Palestinians.”

"ChatGPT has a general biasness towards Israel and against Palestine," continued Anonymous Sudan.

In what it described as retaliation for a Quran-burning incident near Turkey's embassy in Stockholm, the group claimed responsibility for DDoS assaults against Swedish companies at the beginning of the year.

Jake Moore, cybersecurity advisor to ESET Global, DDoS mitigation providers must continually enhance their services. 

“Each year threat actors become better equipped and use more IP addresses such as home IoT devices to flood systems, making them more difficult to protect,” says Jake.

“Unfortunately, OpenAI remains one of the most talked about technology companies, making it a typical target for hackers. All that can be done to future-proof its network is to continue to expect the unexpected.”  

Read more »
Ransomware
Cyberattacks CyberCrime Cyberhackers Cybersecurity DDoS Digital Technology malware Ransomware

Defending Digital Fortresses: How Greater Manchester Fends off 10,000 Daily Cyber Assaults

 


Cyber hackers are targeting the council's systems at a rate of '10,000 a day', leading to threats to its software and systems by higher-ups. It has been agreed by councillors in Oldham that they will spend £682,000 on acquiring a ‘modern data protection service’ which will ensure the privacy of financial information as well as the personal information of thousands of citizens, in order to protect the data they are responsible for guarding. 

According to officers, at the moment, because of the current system in place the backup data is not protected against malicious damage or the cloud-based services are not protected from malicious intrusion. In light of this, the council has decided that it is necessary to move all of its data and backup requirements over to the Rubrik Air Gap system and to utilize it for its data recovery and backup. 

As stated in the report to the cabinet, the purpose of the decision was to ensure that both services and data will be protected against loss, which is essential in both disaster recovery scenarios as well as against accidental deletion, corruption, or other errors that could lead to information loss. 

According to the survey, three-fourths of councils (75 per cent) stated that they have been targeted by phishing attacks as this is the most common type of cyberattack against them, with the majority stating that it was the most common form of attack they have been targeted by. 

It can be noted that Distributed Denial-of-Service attacks (DDoS) were the second most common attack type - ranking as the most serious threat for six per cent of councils this year - which attempted to disrupt web traffic or services by overwhelming servers. With the increased digitalization driven by the pandemic, both the public and private sectors have been affected by the prevalence of cybercrime, which is being exacerbated by the increasing prevalence of cybercrime. 

A survey by Gallagher, an insurance company, shows that 15% of UK business owners rate cybercrime as one of the biggest risks to their business, and specifically that the post-pandemic reliance on technology has exacerbated the problem. There were eight months of interruption caused by the 2020 cyber attack on that local authority, as reported earlier this year by the leader of that local authority at a parliamentary committee. 

There is a type of malware known as ransomware that encrypts files and data in a way that prevents anyone from accessing those files without paying a ransom to the criminal group who has authorized the attack. Data that is stolen by an attacker may also be threatened with being leaked by the attacker. 

During the meeting, councillor Abdul Jabbar, cabinet member for finance and corporate resources, addressed the attendees with the following remarks: "We receive more than 10,000 attacks daily on our systems as a result of cyber attacks."
Read more »
India
Anti-DDoS Measures Cloud technology Cyber Security DDoS India

DDoS Attacks and Its Preventive Measures Organizations Should Adopt

The proliferation of Internet of Things (IoT) devices, now in the billions, coupled with the advancements in network infrastructure and the swift deployment of 5G, necessitates heightened agility from network operators and IT managers in pinpointing and rectifying security flaws. 

Additionally, in today's landscape, organizations are under constant threat from different types of attacks. These include ransomware, hacktivism, and DDoS attacks, all with the goal of either stealing information or causing disruptions in services. DDoS attacks are a particularly serious form of online service disruption, and they can occur due to either malicious intent or legitimate situations.

Cybercriminals are now employing the cloud to orchestrate DDoS attacks. India has witnessed a notable uptick in such attacks, capable of causing disruptions lasting from hours to even days. This not only affects revenue but also undermines customer trust and tarnishes reputation. Furthermore, targeted organizations may encounter legal or regulatory consequences, particularly if customer data is compromised. 

There are three primary categories of cloud-based DDoS attacks: volumetric, protocol, and app layer. Seasoned Managed Service Providers (MSPs) and cloud providers have robust DDoS filtering and defenses in operation. In order to effectively combat DDoS attacks, clients must swiftly detect attacks, implement countermeasures, closely oversee their systems, and incorporate detailed configurations. 

Now we will learn what are DDoS attacks, how to identify them, and their preventive measures. 

 What are DDoS attacks? 

A Distributed Denial-of-Service (DDoS) attack is when someone tries to disrupt a server, service, or network by flooding it with an enormous amount of internet traffic. This flood overwhelms the target and its supporting infrastructure. To make DDoS attacks work, the attackers use many hijacked computer systems to send attack traffic. 

These compromised systems can be regular computers or even devices like smart gadgets connected to the internet. In simple terms, a DDoS attack is like an unexpected traffic jam that blocks the usual flow of traffic on a highway, stopping it from reaching its destination. 

How to detect a DDoS attack on your system? 

When dealing with a DDoS attack, the most noticeable sign is a sudden slowdown or complete unavailability of a website or service. However, it's important to note that similar performance issues can arise from various causes, including a legitimate increase in traffic. This is why it's crucial to conduct further investigation. 

To identify potential DDoS attacks, traffic analytics tools play a vital role. They can help in recognizing certain red flags: 

  • Unusually high levels of traffic originating from a single IP address or within a specific IP range. 
  • A surge of traffic coming from users who share similar behaviour traits, such as device type, location, or web browser version. 
  • An abrupt and unexplained increase in requests directed at a particular page or endpoint. 
  • Peculiar traffic patterns, like sudden spikes during unconventional hours or patterns that seem artificial (for example, a spike occurring every 10 minutes). 

Ideal preventive measures that organizations should adopt against Distributed Denial of Service (DDoS) attacks are as follows: 

  • Firstly, strengthening security measures involves regularly applying updates, fine-tuning configurations, and reinforcing systems to withstand potential attacks, thus effectively safeguarding them. 
  • Secondly, deploying Anti-DDoS Measures entails configuring resources to be less susceptible to attacks. In the event of an attack, it is crucial to ensure that it does not lead to a complete organizational disruption. 
  • Thirdly, leveraging Anti-DDoS Tools enables the activation of functionalities and the incorporation of specialized instruments to provide a defense against DDoS attacks or reduce their potential impact.
  • Fourthly, developing a DDoS Response Strategy involves preparing your security or operations team for managing a DDoS attack and implementing additional measures to safeguard the system.
  • Furthermore, establishing DDoS monitoring entails vigilantly watching for indicators of an attack and meticulously documenting them for future enhancements.
In today's highly interconnected world, where digital technologies play an ever-expanding role, organizations would be wise to collaborate with a cybersecurity specialist. This becomes particularly crucial if cybersecurity is not their main focus or if they operate with budget constraints. 
Read more »
Telegram
Cyber Attacks DDoS Hactivist Group Messaging Apps Telegram

Hackers Attack Telegram With DDoS After Targeting Microsoft and X

 

Anonymous Sudan has launched a distributed denial-of-service (DDoS) attack against Telegram in response to the messaging platform's decision to deactivate its principal account, according to threat intelligence firm SOCRadar. 

Anonymous Sudan, claiming to be a hacktivist group motivated by political and religious concerns, carried out DDoS attacks against organisations in Australia, Denmark, France, Germany, India, Israel, Sweden, and the United Kingdom. 

The group has been active since the beginning of the year, and on January 18, it launched its Telegram channel, proclaiming its intention to undertake cyberattacks against any entity that opposes Sudan. The group's operations began with the targeting of many Swedish websites. 

However, in June, Microsoft 365, Outlook, Microsoft Teams, OneDrive for Business, and SharePoint Online were the targets of a string of disruptive DDoS attacks launched by Anonymous Sudan, which quickly gained attention. Cloud computing platform Azure from Microsoft was also impacted. Microsoft, which records the group as Storm-1359, confirmed DDoS attacks were the cause of the interruption after Anonymous Sudan boasted about the strike on their Telegram channel. 

With the goal of forcing Elon Musk into establishing the Starlink service in Sudan, the organisation launched a disruptive DDoS attack against X (previously Twitter) in late August. The hacktivists' primary Telegram channel has been moved temporarily as a result of the attack on Telegram, which had a different objective than the group's usual targets but yet failed to accomplish its goal. 

Uncertainty around the ban on Telegram has led the threat intelligence company to speculate that it may be connected to recent attacks on X or the use of bot accounts. Current DDoS and defacement operations are being carried out by the Anonymous Sudan group, which may not be based in Sudan and may actually have connections to the Russian hacking collective KillNet, according to previous reports from SOCRadar and Truesec. 

The group doesn't request the support of pro-Islamic organisations, only communicates with Russian hackers, and mostly posts in English and Russian rather than Arabic. The campaigns that have been noticed also have no connection to political issues regarding Sudan. 

The group also doesn't seem to be associated with the original Anonymous Sudan hacktivists, who first showed up in Sudan in 2019, or with Anonymous, the decentralised, anti-political hacktivist movement.
Read more »
phishing
Cyber Attacks CyberCrime DDoS Email Microsoft 365 Microsoft Outlook Outlook phishing

Outlook Services Paralyzed: Anonymous Sudan's DDoS Onslaught

 


In the last few days, several distributed denial-of-service (DDoS) attacks have been launched against Microsoft Outlook, one of the world's leading email providers. Anonymous Sudan, a hackers' collective, has launched DDoS attacks against Microsoft Outlook. The attacks, which aim to disrupt services and create concerns about various issues, have disrupted Outlook users worldwide. Additionally, online platforms are quite vulnerable to cyber threats because they are hosted online. 

Several outages have been reported today on Outlook.com for the same reason as yesterday's outages. Anonymous Sudan, an Internet hacking collective, claims that it performs DDoS attacks against the service on hackers' behalf. 

It has been claimed, however, that the hacktivist group Anonymous Sudan is responsible for the attack. They assert that they are conducting a distributed denial of service (DDoS) attack on Microsoft's service in protest of US involvement in Sudanese internal affairs by operating cyberattacks against its infrastructure. 

Approximately 1 million Outlook users across the globe have been affected by this outage, which follows two more major outages yesterday. Due to this issue, Outlook's mobile app cannot be used by users in a wide range of countries as users cannot send or receive emails. 

There have been complaints on Twitter about Outlook's spotty email service. Users assert that it has impacted their productivity as a result. 

It was announced over the weekend that the hacktivist group would be launching a campaign against the US as a response to the US interference in Sudanese internal affairs recently as part of its anti-US campaign. They cited the visit made by Secretary of State Antony Blinken to Saudi Arabia last week, in which he discussed the ongoing humanitarian situation in the country. 

There has also been an announcement by the White House that economic sanctions will be imposed on various corrupt government entities in Sudan, including the Sudanese Armed Forces (SAF) and the Rapid Support Forces (RSF), which are considered responsible for the escalation of the conflict. 

In response to this, Anonymous Sudan launched a distributed denial of service attack in late November, targeting the ride-sharing platform Lyft, in an attempt to overload a site or server with bot requests, thereby essentially bringing it to a standstill. 

It is also worth noting that several regional healthcare providers across the country were also taken offline during the weekend campaign.

Email communication was interrupted by several disruptions, including delayed or failed delivery of messages, intermittent connectivity problems, and slow response times. This was as a result of this issue. Individual users were inconvenienced by these interruptions; however, businesses that rely on Outlook for their day-to-day operations were also facing challenges as a result of these disruptions. This attack demonstrates the vulnerability of online platforms and emphasizes the need for robust cybersecurity measures to guard against threats of this nature. This is to ensure online platforms remain secure. 

In many tweets posted to Twitter by Microsoft, the company has alternated back and forth between saying they have mitigated the issue and that the issue is back again, implying that these outages are caused by technical issues. 

A group called Anonymous Sudan is claiming responsibility for the outages, claiming they are out to protest the US infiltrating Sudanese internal affairs through its involvement in the DDoS attacks against Microsoft and claim responsibility for the outages as well.

As a result of the continuous DDoS attacks on Microsoft Outlook and Microsoft 365 services, the group has been taunting Microsoft in its statements in the past month. 

There is increasing evidence that Microsoft Outlook continues to suffer crippling attacks from Anonymous Sudan, which frequently result in the suspension of service and the growth of concerns about the security of the online environment due to DDoS attacks launched by Anonymous Sudan. It has been observed that these deliberate disruptions hurt the user experience and the online platform. This is because these disruptions expose them to cyber threats. 

This ongoing situation only confirms the importance of cybersecurity measures to safeguard critical online services. The necessity of introducing these measures would be essential to ensure their protection in the future. Additionally, it raises questions about the platform's ability to cope with persistent and coordinated attacks on its cybersecurity system. 

The case between Anonymous Sudan and Microsoft in a world where cybersecurity threats are increasing by the day, serves as a timely reminder of the importance of continuous vigilance. This is to prevent these threats from becoming stronger as they progress in a direction not fully understood by users.
Read more »
German Federal Criminal Police Office
Cyber Attacks cybercriminals Cybersecurity DDoS Flyhosting German Authorities German Federal Criminal Police Office

German Police Raid FlyHosting, a DDoS-Friendly Hosting Provider

 


In a report, German authorities have seized Internet servers used by FlyHosting, a dark web company that offers DDoS-for-hire services. On November 20, 2022, FlyHosting posted an advertisement on a cybercrime forum to attract customers. The company stated that it is a German hosting company offering services to anyone searching for an environment to host malware, botnet controllers, or a DDoS-for-hire platform that can handle traffic spikes for hire. 

According to a statement issued today by the German Federal Criminal Police Office, they performed eight searches on March 30 to investigate criminal activity. Moreover, five individuals between the ages of 16 and 24 have been identified as suspected operators of "internet services" since 2021. As far as the suspects and the service in question were concerned, no names or other details were given by the German authorities. 

This statement indicates that previously unknown perpetrators used the Internet services provided by the suspects, in particular, for 'DDoS attacks'. These are attacks by which a large number of data packets are transmitted simultaneously via the Internet in an attempt to disrupt other data processing systems. 

According to a Telegram chat channel frequented by individuals interested or involved in the DDoS-for-hire industry, a raid on FlyHosting surfaced on Thursday morning. FlyHosting's customers have just heard the following news from Dstatcc. 

Several weeks ago, Flyhosting moved its system into an upgraded police room, according to the warning. As per the police, the support provided for DDO attacks, C&C/C2, and Stresser were not working properly. The police are expected to investigate files, payment logs, and IPs further. 

As a result of the DDoS attacks facilitated by the defendants in several cases since mid-2021, the websites of several companies as well as the Hesse Police have been overloaded in several cases. According to German authorities, the defendants' websites cannot operate fully because of these attacks. This means they will not be able to function at all times and in all places as a result of these attacks. 

There has been a report in the media that police have searched and seized the mobile phones, laptops, tablets, storage media, and handwritten notes of two unnamed defendants in connection with this case. Moreover, the police also confiscated servers in the Netherlands, Germany, and Finland that were provided by suspects. Germany's Hessen Police confirmed in response to questions in an interview that FlyHosting was the subject of the seizures.

There seems to be a broader clampdown on DDoS-for-hire services by law enforcement around the world, which is the probable reason for the raids on FlyHosting. Earlier this week, the National Crime Agency announced that it has been establishing phony DDoS-for-hire websites, which are intended to gather information on users as well as remind users that launching DDoS attacks is illegal. As a result, people seeking such services may become more paranoid due to this. 

There have been reports that the Department of Justice (DOJ) announced Operation Power Off in December 2022. This was an operation aimed at seizing more than four dozen domains responsible for over 30 million DDoS attacks. This operation has led to six U.S. men being charged with computer crimes for allegedly owning popular DDoS-for-hire companies that cybercriminals attacked.   
Read more »
Technology
Cyber risks Cyberattacks Cybersecurity Data Loss DDoS Healthcare HIT Technology

Protect Yourself from Healthcare Cyber Risks

 

It has become increasingly apparent in the past few years that technology has played a significant role to assist hospitals and patients in managing their interactions. This is at a time when healthcare systems are stretched to their limits. HMIS has been concerned with the issue of cyber security for quite some time. The use of Health information technology (HIT) in hospitals has made it possible for them to synchronize patient information safely and securely. 

Cyberattacks are no longer a thing of the past for organizations. A resilient business with superior risk management separates it from a data breach business.  

Many techniques can be used to ensure resilience, including meticulous calculations of all potential risks and implementing control measures to mitigate them if necessary. As a result of healthcare cybersecurity, services that protect patients' data and privacy from cyber threats and attacks are being adopted by healthcare organizations around the globe. 

A crucial factor for the success of healthcare is the safety of patient information, which means that all stakeholders must take every precaution to ensure that patient information remains sensitive. There is no doubt that healthcare cybersecurity threats extend internally and externally, which is why it is imperative to realize this. 

There has been a rapid evolution of hacking tactics used to exploit population fears. This was done to use the panic during the pandemic. Keeping up with the ever-evolving threats, especially in the healthcare sector, is made possible by cybersecurity best practices. 

The absence of a secure cybersecurity framework invites unwanted cyber threats, which can put the hospital and its patients at risk in terms of both financial and clinical risks. Cyber frauds, malware and ransomware attacks, phishing attacks, and other cyber scams are a few of the most common threats facing the healthcare industry. 

A Review of Common Health Cyber Risks 

As part of the healthcare system, hospitals also store patient health records that contain sensitive information. 

In addition, they received a large payment from the company. A cybercriminal who wants to steal money from a patient's account is eager to obtain payment details from the patient's account. They use them for identity theft and financial fraud, which enables them to steal money from the patient. 

Fraudulent emails 

As the name suggests, phishing refers to a process in which a threat actor appears as a legitimate entity or individual. This can trick you into divulging confidential data to them. To get access to your network, the attacker manipulates you into opening malicious content downloaded to your computer, tricking you into giving them access to your network by clicking on the content. When this type of writing is done, it will usually evoke the fear of missing out (FOMO) and a sense of urgency.

Healthcare organizations likely receive a tremendous amount of emails and messages since they cater to the public. There are many ways threat actors can pose as prospective patients or business partners to launch phishing attacks against them. 

Attacks by ransomware

It is well known that ransomware encrypts your computer and locks you out of your network in an attempt to take control of the system. They intend to encrypt your files in a way that makes them inaccessible without the key to decrypt them. You will then be asked to pay them a ransom to regain access to your system.

Because healthcare organizations possess ransomware-sensitive data, they are prone to ransomware attacks. In most cases, attackers would prefer to pay up than allow their confidential information to be compromised or exposed. 

Increasing Supply Chain Vulnerability

Attacks on supply chains may come from any one of the multiple areas that are part of and contribute to it. Health insurance companies work with a wide range of suppliers and partners who provide them with products and services that enable them to operate effectively. Several third parties have been granted authorization access to their network so that they can make their operations seamless. 

Health organizations can do one of the most important things to stay on top of these threats. Getting your healthcare system's cybersecurity up to speed is essential if you want to ensure its integrity.

1. Staff Cyber Security Training

A robust technical control system can make it much more challenging for unauthorized people to gain access to your systems which is why it is beneficial to put in place such controls. Social engineers circumvent system safeguards by using phishing and spoofing. These tactics take advantage of users' lack of security awareness. All employees are required to undergo cybersecurity training so they know what to do to prevent data loss or theft. 

2. User Access Controlled 

Hackers are often pictured congregating in dark underground rooms and huddled close together when hacking. 

Your systems are constantly penetrated and decrypted to compromise your privacy. There are, however, some exceptions to this rule, such as most successful attacks coming through a system's front door i.e. by attempting to access the system through an authenticated user account. You need to define the different roles each employee within your organization plays. This will enable you to create a system access control policy that is feasible to implement within your organization. This information should already be available in the human resources department.

3. A Depth Approach to Security 

A security software maker cannot guarantee 100 percent that their application will prevent hacks with their application for the duration of its use. There are several levels of security that you need to have, and that's why you need them. Getting around one will not give an attacker access to your data, even if they manage to circumvent one successfully. There are several security measures you can take to keep intruders out of your network. These measures include a firewall, an anti-virus program, and a whitelist of approved applications. 

Since this is the same as the different forms of security you might install in your own home, it does not seem a big deal that there are different types of security. Lighting, door locks, alarms, security cameras, guard dogs, and security guards are some of them that can be installed to improve security around homes.

4. Recovery of Lost Data 

Among the reasons why cyberattacks are carried out is the theft of personal data, which is a common occurrence. An infection caused by a virus as well as a DDoS attack can cause disruptions to your work. While DDoS attacks and malware infections have the potential to corrupt your data and render it unusable, they aren't likely to overtly steal information. The loss of your data is much more devastating than having it accessed unauthorized by someone else. As with hackers gaining access to patient data, it can not only damage your reputation, but it can also cripple your operations to the extent that it can bring down your entire company and public image.
Read more »
Twitter
cyber attack Cyber Attacks DDoS service disruption Twitter

Twitter Returns After Two-Hour Outage Affecting Tweets

On Wednesday, Twitter experienced a service disruption that resulted in users being unable to access certain parts of the platform, specifically the "Following" and "For you" feed. These feeds displayed an error message rather than the expected content. 

The problem was widespread and affected users globally. The issue persisted for approximately two hours before being resolved by Twitter's engineering team. 

DownDetector, a website that tracks service outages, reported issues with Twitter at 10:00 GMT, but the problem was resolved by 12:00. In the UK alone, over 5,000 users reported problems to DownDetector within half an hour of the Twitter service outage. 

The root cause of the outage is still unknown, and it is unclear if Twitter's recent 200 staff layoffs on Monday played any role in the incident. Further investigation is needed to identify the underlying cause of the outage and prevent similar incidents from occurring in the future. 

Even though some parts of Twitter, like the feeds, were not working, users could still send tweets as usual. However, no one could see or interact with those tweets. This caused top trending hashtags including "#TwitterDown" and "Welcome To Twitter".

Nevertheless, Twitter has had some temporary problems in the past few months. During a short outage in early February, some users were mistakenly told they had reached the daily limit for sending tweets. 

"It started shortly before the Musk takeover itself. The main spike has happened after the takeover, with four to five incidents in a month - which was comparable to what used to happen in a year,” Alp Toker, director of internet outage tracker NetBlocks, said Twitter has started experiencing more issues under Mr. Musk's tenure as CEO. 

Now we will learn why social media platforms generally suffer service disruptions and sudden outrage:

Social media networks can suffer shutdowns for a variety of reasons, including technical issues, cyber-attacks, policy violations, and government censorship. Technical issues such as server errors or bugs can cause social media networks to crash and become unavailable to users. 

In some cases, these issues can be quickly resolved, and the platform can be restored. However, if the issue is more severe, it may take longer to fix, and the platform may be down for an extended period. 

Cyber attacks such as Distributed Denial of Service (DDoS) attacks can also cause social media networks to go down. These attacks overwhelm a network with traffic, causing it to become unavailable to users. Cyber attackers may launch DDoS attacks for various reasons, such as to disrupt a particular organization or to extort money.
Read more »
US Military
Cyber Criminals Cyber Security DDoS HHS US Military

Block KillNet's DDoS Bots Using These Proxy IP Addresses

 


The US government has issued a warning about the Russian cybercrime gang stepping up its attacks against hospitals and health clinics by flooding their networks and using, as part of its warning, a free tool that is designed to help organizations defend against KillNet distributed-denial-of-service (DDoS) bots. 

Currently, tens of thousands of proxy IP addresses are listed on the KillNet open proxy IP blocklist. These IP addresses are being used by Russian hackers in their attempts to flood networks with traffic. Following the investigation that SecurityScorecard's threat researchers conducted on Killnet and other network spamming miscreants, the security company built this list of threats.

Although DDoS attacks are relatively unsophisticated, like many other attacks, they can still take a serious toll, especially when they disrupt hospitals, according to a recent blog post by the security firm using KillNet as an example. 

A website taken down by the Russian gang toward the end of January was one of 14 hospitals targeted in the United States. The University of Michigan Hospitals and Health Centers, Stanford Hospital, Duke University, and Cedars-Sinai Medical Center, among others, were some of the hospitals. There are several reasons for using DDoS attacks, one of which is to mask more intrusive activities. 

A report released by the US Department of Health and Human Services (HHS) on Wednesday confirmed that KillNet is a threat to the healthcare sector and prompted DHS to issue a second warning. A similar security alert has been issued by the Department of Homeland Security twice in the last few months.  

It is common for pro-Kremlin supporters to attach an ideological bent to their attacks - sometimes using empty threats to convey their message. "Killmilk, one of the leading members of the KillNet group, has threatened the US Congress with the sale of the health and personal information of American citizens to attack US policies concerned with Ukraine," according to the December security alert from HHS. According to the US, the planned attack has not yet been carried out. 

In a similar vein, the gang threatened to attack ventilators and other technical devices in British hospitals if another alleged KillNet criminal arrested in London in May was not released as soon as he was arrested. 

Although KillNet may claim to have carried out attacks on the US military, it is wise to take its claims with a pinch of salt, according to HHS. Given the fact that the group tends to exaggerate, there is a possibility that some of these operational and development announcements may simply be meant to garner attention, both publicly and within the cybercrime underground. According to the FBI and private security researchers, the group's DDoS campaigns have been viewed as publicity stunts, which, as annoying as they have been, have had "limited success." 

A Public Relations Stunt That Could Turn Wrong   

KillNet claimed responsibility on October 10 for deactivating more than a dozen websites associated with US airports as part of an attack aimed at knocking the websites offline. Although the large-scale DDoS attack was disruptive, it did not disrupt air travel or harm the operation of the airports. 

As soon as someone claimed to have unleashed a second bot army against JPMorgan Chase a day later, the same criminals saw similarly feeble results. In my opinion, some PR agency is trying to increase their budget for PR. 

It was then that at the beginning of November, a US Treasury official announced that the department had halted a "pretty low-level" DDOS attack designed to disrupt critical infrastructure nodes in the department, also attributed to Killnet.  

KillNet's DDoS attacks usually do not cause major damage but they have the potential to disrupt healthcare organizations and the millions of patients they serve for hours, days, or even weeks - and this can be especially damaging to organizations and patients in the healthcare sector.  

It has been reported that these bots are flooding the network traffic of patients and doctors, preventing them from sending and receiving health information online and making it harder for patients to schedule appointments in the future.  

Furthermore, sometimes miscreants use DDoS attacks as a distraction for their security teams to keep their attention while they work on more dangerous attacks, including the theft of sensitive information or the deployment of ransomware. 

According to HHS, it is likely that pro-Russian ransomware groups, including those that were part of the defunct Conti group, will respond to KillNet's appeal and offer support. These results will most likely lead to KillNet targeting entities that will be victimized by extortion or DDoS attacks as a means of extortion, a tactic that several ransomware groups have employed.
Read more »
Vulnerabilties and Exploits
CSMS DDoS Electric Vehicles SaiFlow Vulnerabilties and Exploits

Electric Vehicle Vulnerabilities Can Allow Hackers To Disrupt System, Cause Energy Theft




About the vulnerability

The vulnerabilities were found by experts working for SaiFlow, a company based in Israel that specializes in defending EV charging infrastructure and distributed energy resources. 

The security loopholes are linked to the communications between the charging system management service (CSMS) and the EV charge point (CP), especially using the Open Charge Port Protocol (OCPP). The loopholes are believed to affect the CSMS offered by various vendors. 

The issue is associated with the use of WebSocket communications by the OCPP and how it handles multiple connections poorly. The protocol lacks knowledge about handling more than one CP connection at a time and threat actors can abuse this by opening a new connection to the CSMS. Another problem is related to what SaiFlow explains as a "weak OCPP authentication and chargers identities policy." 

How does a hacker exploit the vulnerability?

By opening a new connection to the CSMS on behalf of a charge point, the threat actor can impact the original connection to be shut down or become non-functional.

 As per SailFlow, a threat actor can misuse the loopholes to deploy a distributed denial of service (DDoS) attack that destroys the electric vehicle supply equipment (EVSE) network. 

Besides this, if a threat actor can connect to CSMS, they may be able to get drivers' personal information, this includes payment card data, along with other sensitive data like server credentials. 

What do experts say about the vulnerabilities?

Ron Tiberg-Shachar, co-founder and CEO of SaiFlow said "in particular configurations, if the charger approves unfamiliar driver identities, an attacker can manage to charge their vehicle without paying for it. Since the CSMS platforms are publicly accessible, it is possible for an attacker to hijack the connection remotely, without needing to gain credentials, access, or perform MITM attacks." Tiberg believes that it may be possible for an amateur hacker to launch an attack, even with scarce resources. 

To conduct an attack, the hacker first needs to get a charger's identity. This identity generally has a standard structure, making it easier for hackers to enumerate the values of valid identifiers. 

In the next stage, they need to get info on which CSMS platform the charger is connected to. According to experts, the CSMS URL can be found using services like Shodan or SecurityTrails. 

The impact of this vulnerability

SailFlow has made a technical blog post explaining the vulnerabilities and the attack scenarios. The company also gave recommendations for how these kinds of attacks can be controlled. It seems unlikely that vendors can easily patch the vulnerabilities. 

Tiberg said, "we’ve approached many key players in the industry (and keep on doing so) to make them aware of our findings and how they can approach a solution. Additionally, we’ve made our solutions team available to support any specific technical questions, in an effort to reinforce vulnerabilities as quickly as possible. Our key goal is to support partners in scaling their charging infrastructure as quickly and safely as possible."

Read more »
saaS
Cyber Crime Cyber Crime Reports DDoS DDOS Attacks DDoS Flaw Microsoft Ransomware saaS

A Huge DDoS Network was Taken Down by the US DOJ

 


According to the US Department of Justice (DOJ), 48 domains were seized after it was discovered that they were offering distributed denial of service (DDoS) attacks on-demand as a service that criminals could exploit.  

This information was provided in a press release from the office of E Martin Estrada, the United States Attorney for the Central District of California. This release was intended to inform the public that in addition to these seizures, six defendants are being charged with crimes in connection with operating these platforms.  
 
With the addition of the DDoS attacks which are plaguing the internet, this news brings back to the forefront the concept of Cybercrime-as-a-Service, outlined in the Microsoft Digital Defence Report (MDDR) released in November 2022. 

What is DDoS?

It is a platform for performing distributed denial-of-service attacks (DDoS attacks) that primarily allows anyone to purchase and execute such attacks for free. Based on the software as a service (SaaS) business model, these services are lucrative because they allow the owner of an IoT botnet to conduct low-overhead attacks.


DoS-for-Hire Services

Until recently, the majority of cybercrime-as-a-service reports have covered cybercrime using the context of ransomware, or a threat actor encrypting data and locking it out so that people cannot access what they want (usually until a ransom has been paid), or droppers bots that spread malware via delaying software updates.  

Despite this, DDoS-as-a-service (sometimes known as "booters" since they boot targeted systems from the internet) continues to be one of the most popular cybercrime methods for those who wish to commit a crime without having the necessary knowledge. 

According to the US Attorney's office, the websites seized during the operation launched "millions" of DDoS attacks, attacking victims around the world, with some claiming to provide legitimate services for your business to cope with stress. 

With booter services such as these, anyone can launch cyberattacks against victims, causing grave harm to individuals, and compromising the internet access of everyone, said US Attorney Estrada, noting the ease with which the attacks are carried out, allowing for maximum damage to be done. 

This week’s sweeping law enforcement activity is a considerable step in our ongoing efforts to eradicate criminal conduct that threatens the internet’s infrastructure and our ability to function in a digital world.

There are several organizations, including the FBI, the National Crime Agency, the Netherlands Police, and the National Crime Strategy, which are taking a much softer approach towards anyone who shows an interest in using the DDoS-for-hire services that are available. 

To deter would-be cybercriminals from investing in these services and to educate the public about the dangers of DDoS activity, an advertorial campaign will be conducted using placement ads in search engines on common keywords related to DDoS-for-hire activity. The campaign aims to target the use of common keywords related to DDoS-for-hire activity. As part of its commitment to victims, the FBI has also pledged to assist them whenever possible. 

"The FBI is ready to work with victims of crimes whether they launch them independently or hire a skilled contractor to execute them," said Donald Alway, Assistant Director in Charge of the FBI Los Angeles Field Office. 

American victims of cybercrime are encouraged to contact their local FBI field office or to file a complaint with the FBI's Internet Crime Complaint Center at www.ic3.gov.
Read more »
Security
Botnet Crypto Mining Data DDoS malware Malware Authors Safety Security

Malware Authors Unknowingly Take Down Their Own Botnet

 

It is not often that malware authors go through the difficulties of establishing a malicious tool for botnet assembly, only to discover a way to effectively sabotage it themselves. But that seems to be the case with "KmsdBot," a distributed denial-of-service (DDoS) and crypto mining botnet discovered by Akamai researchers last month infecting systems across multiple industries. 

It has since gone mostly silent due to a single incorrectly formatted command on the part of its author. In DDoS attacks, the malware, written in the Go programming language, infects systems via an SSH connection with weak credentials and employs UDP, TCP, and HTTP POST and GET commands. The malware, according to Kaspersky, is designed to target multiple architectures, including Windows, Arm64, and mips64 systems.

Luxury car manufacturers, gaming companies, and IT firms are among those affected by the malware. The threat actors used KmsdBot to execute DDoS attacks in all of the attacks witnessed by Akamai, despite the malware's cryptomining functionality.

Following Akamai's initial disclosure in November, the company's researchers continued to monitor and analyse the threat. They modified a recent sample of KmsdBot as part of the exercise and decided to test various scenarios related to the malware's command and control (C2) functionality.

Akamai researchers discovered a location in the malware's code that consisted the IP address and port for KmsdBot's C2 server and changed it so that the address pointed to Akamai's IP space.

During the testing, Akamai researchers discovered that the bot abruptly stopped working after obtaining a command to send a large amount of junk information to bitcoin.com in an obvious attempt to DDoS the website. According to Cashdollar, the bot lacks error-checking functionality to ensure that the commands it receives are properly formatted. As a result, the Go binary crashes with the error message "index out of range."

He also claims that Akamai was able to reproduce the problem by sending the bot an incorrectly formatted command of its own.

"This malformed command likely crashed all the botnet code that was running on infected machines and talking to the C2 — essentially, killing the botnet," Akamai noted in its update on the malware this week.

Notably, the bot does not support any kind of persistence mechanism. As a result, the malware authors' only option for rebuilding the KmsdBot botnet is to infect systems from scratch. Cashdollar asserts that almost all of the KmsdBot-related activity tracked by Akamai in recent weeks has ceased. However, there are indications that threat actors are attempting to infect systems again, he says.
Read more »
Russian Cyber Security
Cyber Attacks DDoS DDOS Attack DDOS Attacks Killnet Russia Russian Cyber Security

KillNet: Pro-Russian Threat Actors Claims Responsiblity for 14 DDoS Attacks on U.S. Airports

 

On Monday, a pro-Russian hackers group ‘KillNet reportedly claimed to be behind the DDoS attacks, that temporarily took down the websites of several U.S. airports.
 
A similar case was witnessed by Atlanta International Airport. Consequently, users were unable to access the websites for a few hours during the campaign. Though, the attacks did not have any impact on flight operations.
 
The Los Angeles International Airport (LAX) authority informed about a threat on their website to the Transportation Security Administration and the FBI.
 
"The service interruption was limited to portions of the public facing FlyLAX.com website only. No internal airport systems were compromised and there were no operational disruptions," a spokesperson stated in an emailed statement. Adding to the statement, she said the airport’s IT Team has restored all services and is investigating the cause.
 
Later, the hacker group apparently posted the list of the hacked airport websites on Telegram that included 14 targeted domains, urging hackers to participate in the DDoS attack.
 
The Airport websites impacted by the group include Los Angeles International, Chicago O’Hare, Hartsfield-Jackson Atlanta International Airport, the Los Angeles International Airport (LAX), the Chicago O’Hare International Airport (ORD), the Orlando International Airport (MCO), the Denver International Airport (DIA), the Phoenix Sky Harbor International Airport (PHX), and the sites of airports in Kentucky, Mississippi, and Hawaii.
 
In a Telegram post on Monday, Killnet listed other U.S. sites that could be the next potential victims of similar DDoS attacks, such as sea terminals and logistics facilities, weather monitoring centers, health care systems, subway systems, and exchanges and online trading systems.
 
Apparently, this DDoS attack was not the first attack by KillNet as KillNet has previously targeted many other countries that were against the Russian invasion of Ukraine. These NATO countries include Italy, Romania, Estonia, Lithuania, and Norway.
 
KillNet's DDoS attacks and those urging other threat actors to carry out are an example of what security experts determine is the tendency in recent years of geopolitical tensions, to be permeated the cyber world. As per the speculations, this campaign against the US and other NATO countries, for instance, instigates days after an explosion demolished a section of a major bridge connecting Russia to the Crimean Peninsula.
Read more »
Kiwi Farms
Anonymous Cyber Security DDoS Kiwi Farms

Kiwi Farms Offline Due to Targeted DDoS Attacks


Site accused of leaking personal information 

Kiwi Farms is a website that hosts user-generated content and discussion forums. It has been accused of doxing, cyberbullying, and harassment. Kiwi Farms has been blocked from various social media websites and domain providers. 

Since 26th August 2022, however, Kiwi Farms has not been online and is showing a note from its administrators which says why the site is offline and how Kiwi Farms has been hit by DDoS (distributed denial of service) and other types of cyber attacks. 

Before the service was disrupted, according to the Kiwi Farm forum, it was targeted by a "DDoS attack" and other forms of network interruption attacks. 

The forum's administrators think that it was due to these cyberattacks and to safeguard other users, the internet service provider was compelled to ban their site.

Why is Kiwi Farms a target?

The website is infamous for doxing- or leaking personal information of users it considers "incels" (involuntary celibates), social justice warriors, feminists, and other users. 

It is believed that Kiwi Farms intently harass and humiliate people. A Twitch streamer and transgender activist Clara Sorrenti from Canada was arrested and swatted in London, Ontario, on 5th August. 

After a few days, the streamer's hotel address and location were exposed on Kiwi Farms. With the type of content that Kiwi Farms posts, it's no surprise that the site will be targeted by people who don't conform to its tactics. 

Who attacked Kiwi Farms with DDoS?

"Although it is unclear who was behind the DDoS attack against Kiwi Farms, @YourAnonNews, the largest social media representative of the Anonymous movement also tweeted about the incident," reports HackRead. 

Currently, it is not confirmed if Anonymous Hacktivists were behind the attack. 


Cloudfare and Kiwi Farms

Cloudfare offers security and DDoS protection to sites. It also offers services to Kiwi Farms and since the site has been alleged of doxing and leaking personal information of people without consent, the critics want Cloudfare to stop providing its services. 

In August 2017, Cloudfare immediately removed the neo-nazi and racist website DailyStormer from the platform. 

In 2019,  the infamous messageboard 8chan was alleged of sharing inciting content against minorities, and people of colour got ticked off by its hosting company Voxility, and Cloudfare withdrew its services. 

"However, at this moment there has been no statement from Cloudflare over the content Kiwi Farms has been accused of posting," said HackRead. 



Read more »
Stolen Data
Cyber Crime DDoS Domain Seize FBI Stolen Data

U.S. Agencies Seize Domains Employed for Selling Credentials

 

Earlier this week, the U.S. Department of Justice and the FBI announced that they seized three domains selling compromised personal information and launching cyber assaults on victim networks. 

The specific domains seized were weleakinfo.to, ipstress.in, and ovh-booter.com — the first of which allowed its users to traffic compromised personal data and offered a searchable database containing illegally amassed information obtained from over 10,000 data breaches. The other two domains offered DDoS-for-hire services to their users. 

The domains were taken down as part of an international investigation, in which the National Police Corps of the Netherlands and the Federal Police of Belgium arrested the primary suspect, searched several locations, and seized the underlying infrastructure. 

The weleakinfo.to domain offered access to seven billion records containing private data such as names, phone numbers, usernames, email addresses, and passwords. 

The seizure of this domain comes roughly two years after the FBI and the US Department of Justice took control of the internet domain name weleakinfo.com, which offered identical services. 

"Today, the FBI and the Department stopped two distressingly common threats: websites trafficking in stolen personal information and sites which attack and disrupt legitimate internet businesses," stated Matthew M. Graves, U.S. Attorney for the District of Columbia. “With the execution of the warrant, the seized domain names – weleakinfo.to and the related domains – are now in the federal government's custody, effectively suspending the website’s operation.” 

 "Cybercrime often crosses national borders. Using strong working relationships with our international law enforcement partners, we will address crimes like these that threaten privacy, security, and commerce around the globe." 

According to the DOJ, it remains unclear how long the weleakinfo.to the domain was in operation. Still, the website developed a reputation for selling names, email addresses, usernames, phone numbers, and passwords for online accounts to cybercriminals who would buy a subscription for a period of one day, one week, one month, three months, or a lifetime. 

Two years ago in January 2020, the FBI and the US DOJ announced the seizure of the WeLeakInfo.com domain, used in similar cybercrime activity. Just as WeLeakInfo.to, it also offered subscriptions, allowing customers to search 12 billion indexed records for specific information exposed in thousands of data breaches.
Read more »
Russia
Cyber Security CyberWar DDoS DNS domains Internet Runet Russia

Experts Estimated the Probability of Disconnecting Russia From the Internet

 

On 5th March, a telegram signed by Deputy Head of the Ministry of Digital Andrei Chernenko was sent to federal executive authorities and subjects of the Russian Federation with a number of recommendations for the protection of information infrastructure of the country. It does not contain direct instructions on disconnecting Russian users from the global network, but a number of experts saw in it indirect preconditions for the isolation of Runet. 

According to the document, by March 11, state websites and services must switch to using DNS servers located in the Russian Federation; remove from HTML page templates all JavaScript code downloaded from foreign resources (banners, counters, and so on); in case of using foreign hosting, switch to Russian; move to the domain zone.ru; complicate the "password policy". 

The Ministry of Finance stated that the sending of telegrams is connected with cyberattacks on Russian websites from abroad. The proposed "set of the simplest recommendations on cyber hygiene" is designed to ensure the availability of web resources of the Russian Federation. "There are no plans to turn off the Internet from the inside," the ministry assured. 
 
Mikhail Klimarev, executive director of the Internet Protection Society, said that the items listed in the telegram are absolutely banal rules of information security, but they may also indicate the preparation of state agencies for any force majeure. He found it difficult to say why the document appeared only now but suggested that this was due to the ongoing cyberwar between Russia and other states. 

"Anonymous hackers, DDoS attacks, attacks on DNS servers - it's really serious, and the Russian authorities really need to worry about how it should work," Klimarev explained. "There's really nothing to worry about, but it's all terrifying. From the outside, it looks like preparation for a sovereign Runet," he added.  

The norm on DNS servers may also indicate preparation for possible shutdowns of the Runet. However, the main logic of the document works to reduce cyberattacks and switch to local root servers to provide access to sites in the Russian domain zone. 

According to experts, disconnecting Russia from the Internet is extremely dangerous for the state, as it carries unpredictable social and financial consequences. 


Read more »
Website Hacked
Cyber Attacks DDoS DDOS Attacks DDoS Flaw User Security Website Attack Website Hacked

DoS Attackers are Employing ‘TCP Middlebox Reflection’ to Knock Websites Offline

 


Distributed denial-of-service (DDoS) hackers are employing a new amplification technique called TCP Middlebox Reflection to target websites. Last week, researchers at Akamai, a content distribution network firm, detected the novel attack methodology for the first time in the wild, six months after the technique was published in theory. 

"The attack […] abuses vulnerable firewalls and content filtering systems to reflect and amplify TCP traffic to a victim machine, creating a powerful DDoS attack," Akamai researchers stated in a blog post. "This type of attack dangerously lowers the bar for DDoS attacks, as the attacker needs as little as 1/75th (in some cases) the amount of bandwidth from a volumetric standpoint."

Generally, most DDoS assaults exploit the User Datagram Protocol (UDP) to amplify packet delivery by sending packets to a server that replies with a larger packet size, which is then forwarded to the victim. In these attacks, the attacker sends thousands of DNS or NTP requests containing a fake source IP address to the victim, causing the destination server to return the responses back to the spoofed address in an amplified manner that exhausts the bandwidth issued to the target. 

The amplification technique was published in a research paper in August 2021, which showed that malicious actors could exploit middleboxes such as firewalls via TCP to magnify denial of service attacks.  

While UDP reflection vectors DoS amplification attacks have traditionally been used in DoS amplification assaults due to the protocol’s connectionless nature. The novel attack approach exploits TCP non-compliance in middleboxes such as deep packet inspection (DPI) tools to launch TCP-based reflective amplification assaults.  

The first wave of this novel campaign is said to have occurred around February 17, targeting Akamai customers across banking, travel, gaming, media, and web hosting industries with high amounts of traffic that peaked at 11 Gbps at 1.5 million packets per second (Mpps).  

"The vector has been seen used alone and as part of multi-vector campaigns, with the sizes of the attacks slowly climbing," Chad Seaman, lead of the security intelligence research team (SIRT) at Akamai, explained.  

The basic thought of attackers with TCP-based reflection is to exploit the middleboxes that are used to enforce censorship laws and enterprise content filtering policies by sending specially designed TCP packets to trigger a volumetric response. Indeed, in some cases, Akamai noted that a single SYN packet with a 33-byte payload triggered a 2,156-byte response, effectively achieving an amplification factor of 65x (6,533%).  

"The main takeaway is that the new vector is starting to see real world abuse in the wild. Typically, this is a signal that more widespread abuse of a particular vector is likely to follow as knowledge and popularity grows across the DDoS landscape and more attackers begin to create tooling to leverage the new vector,” Seaman explained.
Read more »
Qrator Labs
Botnet Cyber Attacks DarkMarket DDoS Personal Data Qrator Labs

Russia Recorded the Largest Botnet Attack on Retail

 

The new botnet is not used to damage the IT infrastructure of companies through DDoS attacks, but to collect internal information; large chains of retailers became victims. 

According to Alexander Lyamin, the founder and CEO of Qrator Labs, the main danger of data mining for retail companies is that attackers can conduct competitive analysis based on the collected data. In addition, data mining is often used in fraudulent schemes with theft or fraud of bonus points, as a tool of unfair competition. 

One of Russia's largest retail chains Lenta acknowledges that the number of cyberattacks on retail has increased. The attackers target the personal data of employees and customers of the company. Botnet attacks can cause serious damage to businesses. X5 Group and Inventive Retail Group declined to comment. 

Experts add that data mining could be a competitive intelligence tool. "The retail sector is well suited for this since all chain stores have online versions, and analyzing the availability of goods on the site, customer reviews or price changes allows competitors to build their business more efficiently," experts explain. 

Using data-mining in retail, it is possible to collect information that is valuable on the black market, for example, credit card numbers, or from competitors: customer patterns and other statistics. 

According to experts, the introduction of network traffic analysis technologies and process control at network endpoints will help to cope with the threat. 

In general, according to Qrator Labs, at the end of 2021 the victims of attacks on information security, including DDoS, were services to create websites, organizations from the field of education, and e-commerce. 

“DDoS attacks follow business: in those industries where there is maximum growth, the number of attacks proportionally increases,” explains Alexander Lyamin. In the fourth quarter, users continued to study remotely, and the number of online orders for goods broke all records, so the attackers focused their attention on these profitable segments.
Read more »
VoIP
Bandwidth Cyber Attcaks DDoS DDOS Attack Outage VoIP

Bandwidth Suffers Outages Caused by DDoS Attack

 

Within the last couple of days, Bandwidth.com has been the latest target of distributed denial of service attacks targeting VoIP companies. 

Bandwidth, a firm providing Voice over Internet Protocol (VoIP), services to companies and resellers, revealed that it suffered a failure after reporting on the DDoS attack on the 27th of September, Monday night. 

Bandwidth Chief Executive Officer David Morken confirmed the incident and also claimed that "a number of critical communications service providers have been targeted by a rolling DDoS attack." Bandwidth started reporting unintended voice and messaging services breakdown from September 25 at 3:31 p.m. EST. 

Bandwidth has since provided periodic status updates describing voice disruptions, improved services 911 (E911), messaging, and portal access. As Bandwidth is among the world's major voicemail service providers for IP firms, several other VoIP suppliers, including Twilio, Accent, DialPad, Phone.com, and RingCentral, have experienced disruptions throughout the past few days. 

While the fact that all those failures are linked to a service outage has not been established, one failure report specifically cites Bandwidth while the others say an upstream provider is implicated. "While we have mitigated much-intended harm, we know some of you have been significantly impacted by this event. For that, I am truly sorry. You trust us with your mission-critical communications. There is nothing this team takes more seriously," Morken said. 

The firm continues to monitor the circumstance with the network services and technical teams and actively engages with the customers to deal with any questions. The company mentioned that they’re going to post updates to status.bandwidth.com because they have further information to provide.

Since the statement was issued, the firm updated the details of a number of incoming and outgoing calling services with partial outages. 

On its Cloud Service Status page, Accent said on Tuesday that the "upstream provider continues to acknowledge the DDoS attack has returned to their network however we are seeing a very limited impact to inbound calling for our services." 

"Mitigation steps are being put in place to route inbound phone numbers around the upstream carrier the impact to service grows. We will continue to monitor the situation and update the status as appropriate," Accent wrote. 

Further, on Monday, a source said that their clients were experiencing serious issues with their migrated phone lines. The firm is the downstream retailer of Bandwidth hosted products and claimed that because of the bandwidth problem, they knew major telecoms company that "was in emergency mode".

Considering VoIP services are usually routed through the internet and necessitate public access to their servers and endpoints, they are indeed the main targets for DDoS extortion. Hackers would be overwhelmed by the transmission of more queries than possible to carry out these DDoS assaults, and the targeted devices and servers will not be available to everyone else. 

"Bandwidth continues to experience a DDoS attack which is intermittently impacting our services. Our network operations and engineering teams continue active mitigation efforts to protect our network," reads a screenshot shared on Reddit. 

Monday night, Bandwidth said that it had restored its services, although it was not apparent if threats were ceased or demands were fulfilled as asked by the actors. Nevertheless, it is usual for cybercriminals to stop attacks momentarily while pushing for extortion, while on Tuesday morning the DDoS attacks were resumed. 
Read more »
Subscribe to: Posts (Atom)