Security News
The U.S. Department of Health and Human Services was targeted with a distributed denial-of-service attack on Sunday, but the agency said it did not experience any significant disruption as a result of the incident. "Incident response takes time, and as this just occurred last night, more time for investigations will be required. Based on reporting, this appears to be some sort of denial of service attack and the barrier to entry for DOS attacks are low."
Despite a previous warning by Ben-Gurion University of the Negev researchers, who exposed vulnerabilities in 911 systems due to DDoS attacks, the next generation of 911 systems that now accommodate text, images and video still have the same or more severe issues. In the study the researchers evaluated the impact of DDoS attacks on the current and next generation 911 infrastructures in North Carolina.
The FBI has arrested a suspect who's charged in connection with waging distributed denial-of-service attacks against the campaign website of an unsuccessful 2018 Democratic candidate for the U.S. House in California. The FBI's criminal complaint in the case claims that Arthur Jan Dam, who lives in California, conducted four DDoS attacks between April 20, 2018, and May 29, 2018, against the campaign website of an unnamed Democratic primary candidate for the U.S. House of Representatives in California who ultimately lost.
These organizations must now not only defend IT infrastructures, but also manage risks caused by increased DDoS attacks on customer-facing services and applications, mobile networks, and unsecured IoT devices. "By weaponizing new attack vectors, leveraging mobile hotspots, and targeting compromised endpoint IoT devices, attackers are increasingly finding ways to infiltrate our internet-connected world. They are getting more sophisticated by using a minuscule portion of the available vulnerable devices to carry out a successful attack. The largest OpenVPN DDoS attack we observed used less than one percent of the available reflectors connected to the internet. Botmasters are waiting in the wings, since the risk will only increase in 2020 when an estimated 20.4 billion more devices are connected to the internet."
A vulnerability in 12,000+ internet-facing Jenkins servers can be abused to mount and amplify reflective DDoS attacks against internet hosts, Radware researchers have discovered. The vulnerability can also be triggered by a single, spoofed UDP packet to launch DoS attacks against those same vulnerable Jenkins servers, by forcing them into an infinite loop of replies that can't be stopped unless one of the servers is rebooted or has its Jenkins service restarted.
Over the weekend, an extensive disruption to Iran's telecommunication networks knocked out about 25 percent of the country's internet service for several hours, according to NetBlocks, a nonprofit organization that tracks internet freedom across the globe. The disruption, which took place at about 11:45 a.m. local time Saturday, caused an initial outage of cellular and fixed-line services in Iran for nearly an hour, with the country only able to partially recover its full internet service several hours after the incident, NetBlocks says.
DNS amplification was the most used technique for DDoS attackers in 2019 having been found in one-third of all attacks. The proportion of DDoS attacks that involved corrupted cloud servers was 45% between January and December; this is a 16% increase over the same time period the previous year.
The U.S. Department of Justice has asked victims of the Quantum Stresser DDoS-for-hire service, whose operator was recently sentenced, to come forward. According to authorities, the service had roughly 70-80,000 subscribers between 2011 and 2018, and in 2018 customers launched or attempted to launch approximately 50,000 DDoS attacks aimed at individuals or organizations.
The FBI reportedly warned this week that attackers repeatedly attempted to disrupt a state's voter registration and information website with a distributed denial-of-service attack. On Tuesday, the FBI issued a Private Industry Notification that described the attempted DDoS attack, according to Bleeping Computer, which says it obtained a copy of the alert.
Most DDoS attacks in 2019 were directed toward companies in the gaming and gambling sectors, the report found. Released on Wednesday, Imperva's annual Global DDoS Threat Landscape Report looks at the greater scale, effective strategies, and higher frequency of DDoS attacks.