Security News
Technical details tied to a record-breaking distributed-denial-of-service attack against Russian internet behemoth Yandex are surfacing as the digital dust settles. Attackers, according to Qrator Labs, exploited a 2018 bug unpatched in more than 56,000 MikroTik hosts involved in the DDoS attack.
A new distributed denial-of-service botnet that kept growing over the summer has been hammering Russian internet giant Yandex for the past month, the attack peaking at the unprecedented rate of 21.8 million requests per second. The botnet received the name Mēris, and it gets its power from tens of thousands of compromised devices that researchers believe to be primarily powerful networking equipment.
Russian internet giant Yandex has been targeted in a massive distributed denial-of-service attack that started last week and reportedly continues this week. A report in Russian media says that the assault is the largest in the short history of the Russian internet, the RuNet, and that it was confirmed by a U.S.-based company.
Banks and post offices in New Zealand have been hit by a cyber offensive, according to reports, consisting of sustained DDoS attacks against a number of critical online services. Local cybersecurity agency NZ-CERT added to the general air of mystery, saying in a statement on its website that it was "Aware of a DDoS attack targeting a number of New Zealand organisations. We are monitoring the situation and are working with affected parties where we can."
Parts of New Zealand were cut off from the digital world today after a major local ISP was hit by an aggressive DDoS attack. Vocus - the country's third-largest internet operator which is behind brands including Orcon, Slingshot and Stuff Fibre - confirmed the cyberattack originated at one of its customers.
Two UK VoIP operators have had their services disrupted over the last couple of days by ongoing, aggressive DDoS attacks. South Coast-based Voip Unlimited has confirmed it has been slapped with a "Colossal ransom demand" after being hit by a sustained and large-scale DDoS attack it believes originated from the Russian cybercriminal gang REvil.
Cybercriminals behind the BazaLoader malware came up with a new lure to trick website owners into opening malicious files: fake notifications about the site being engaged in distributed denial-of-service attacks. The goal is the same though: use contact forms to deliver BazaLoader malware that often drops Cobalt Strike, which can lead to data theft or a ransomware attack.
Cybercriminals behind the BazaLoader malware came up with a new lure to trick website owners into opening malicious files: fake notifications about the site being engaged in distributed denial-of-service attacks. The goal is the same though: use contact forms to deliver BazaLoader malware that often drops Cobalt Strike, which can lead to data theft or a ransomware attack.
Swedish digital rights organisation Qurium has alleged that an Israeli company called Bright Data has helped the government of the Philippines to DDOS local human rights organisation Karapatan. In July, Qurium reported that the Philippines Department of Science and Technology and Army had conducted DDOS attacks on local media critical of the nation's government, and targeted Karapatan.
Weaknesses in the implementation of TCP protocol in middleboxes and censorship infrastructure could be weaponized as a vector to stage reflected denial of service amplification attacks, surpassing many of the existing UDP-based amplification factors to date. Detailed by a group of academics from the University of Maryland and the University of Colorado Boulder at the USENIX Security Symposium, the volumetric attacks take advantage of TCP-non-compliance in-network middleboxes - such as firewalls, intrusion prevention systems, and deep packet inspection boxes - to amplify network traffic, with hundreds of thousands of IP addresses offering amplification factors exceeding those from DNS, NTP, and Memcached.