Security News

During the pandemic, cyber attackers targeted industries providing connectivity, services and entertainment to populations forced to shelter-in-place, resulting in a 341% year-over-year increase in distributed denial-of-service attacks, according to Nexusguard. The massive shift in online behavior and reliance on connectivity strained communications service providers and internet service providers that provided the backbone for this remote work, including spikes in ransom DDoS attacks to extort organizations for payment in exchange for staying online.

The new name is a tongue-in-cheek combination of the Russia-linked Fancy Bear advanced persistent threat and North Korea's Lazarus Group. According to Proofpoint, this time around the gang has been sending threatening, targeted emails to various organizations, including those operating in the energy, financial, insurance, manufacturing, public utilities and retail sectors - asking for a two-Bitcoin starting ransom if companies want to avoid a crippling DDoS attack.

Kinetic Business introduced DDoS Mitigation Service, a fully managed service that monitors, detects, validates and mitigates attacks-even on third-party networks -before an outage or related damage occurs. Kinetic's DDoS Mitigation Service uses a network of highly scalable scrubbing centers that ingest and inspect attack traffic upstream from the customer's network.

Application and network performance management company NETSCOUT warned organizations this week that STUN servers have been increasingly abused for distributed denial-of-service attacks, and there are tens of thousands of servers that could be abused for such attacks by malicious actors. While the amplification rate is only 2.32 to 1, UDP reflection/amplification attacks abusing STUN services can be more difficult to mitigate without overblocking legitimate traffic.

DDoS attacks increase the pressure on the victim to pay the ransom by adding another threat to combat, says NETSCOUT. Ransomware attackers are always looking for new ways to persuade their targets to pay the ransom. One tactic increasingly being added to a traditional ransomware campaign is a DDoS attack.

Access to Mexico's Lotería Nacional and Pronósticos lottery websites are now blocked to IP addresses outside of Mexico after a ransomware gang threatened to perform denial of service attacks. Lotería Nacional is the government-run national lottery system of Mexico, operating under Mexico's Ministry of Finance.

Nexusguard has announced a new program that empowers CSPs to easily launch anti-DDoS protection for their customers. Nexusguard will provide 10,000 Gbps of DDoS-mitigating hardware to CSPs around the world.

A recently developed botnet named "Simps" has emerged from the cyber-underground to carry out distributed denial-of-service attacks on gaming targets and others, using internet of things nodes. According to the Uptycs' threat research team, Simps was first seen in April being dropped on IoT devices by the Gafgyt botnet.

Some DNS resolvers are affected by a vulnerability that can be exploited to launch distributed denial-of-service attacks against authoritative DNS servers, a group of researchers warned this week. Google and Cisco, both of which provide widely used DNS services, have deployed patches for TsuNAME, but the researchers believe many servers are still vulnerable to attacks.

Attackers can use a newly disclosed domain name server vulnerability publicly known as TsuNAME as an amplification vector in large-scale reflection-based distributed denial of service attacks targeting authoritative DNS servers. In simpler terms, authoritative DNS servers translate web domains to IP addresses and pass this info to recursive DNS servers that get queried by regular users' web browsers when trying to connect to a specific website.