Security News

The FBI has arrested a suspect who's charged in connection with waging distributed denial-of-service attacks against the campaign website of an unsuccessful 2018 Democratic candidate for the U.S. House in California. The FBI's criminal complaint in the case claims that Arthur Jan Dam, who lives in California, conducted four DDoS attacks between April 20, 2018, and May 29, 2018, against the campaign website of an unnamed Democratic primary candidate for the U.S. House of Representatives in California who ultimately lost.

These organizations must now not only defend IT infrastructures, but also manage risks caused by increased DDoS attacks on customer-facing services and applications, mobile networks, and unsecured IoT devices. "By weaponizing new attack vectors, leveraging mobile hotspots, and targeting compromised endpoint IoT devices, attackers are increasingly finding ways to infiltrate our internet-connected world. They are getting more sophisticated by using a minuscule portion of the available vulnerable devices to carry out a successful attack. The largest OpenVPN DDoS attack we observed used less than one percent of the available reflectors connected to the internet. Botmasters are waiting in the wings, since the risk will only increase in 2020 when an estimated 20.4 billion more devices are connected to the internet."

A vulnerability in 12,000+ internet-facing Jenkins servers can be abused to mount and amplify reflective DDoS attacks against internet hosts, Radware researchers have discovered. The vulnerability can also be triggered by a single, spoofed UDP packet to launch DoS attacks against those same vulnerable Jenkins servers, by forcing them into an infinite loop of replies that can't be stopped unless one of the servers is rebooted or has its Jenkins service restarted.

Over the weekend, an extensive disruption to Iran's telecommunication networks knocked out about 25 percent of the country's internet service for several hours, according to NetBlocks, a nonprofit organization that tracks internet freedom across the globe. The disruption, which took place at about 11:45 a.m. local time Saturday, caused an initial outage of cellular and fixed-line services in Iran for nearly an hour, with the country only able to partially recover its full internet service several hours after the incident, NetBlocks says.

DNS amplification was the most used technique for DDoS attackers in 2019 having been found in one-third of all attacks. The proportion of DDoS attacks that involved corrupted cloud servers was 45% between January and December; this is a 16% increase over the same time period the previous year.

The U.S. Department of Justice has asked victims of the Quantum Stresser DDoS-for-hire service, whose operator was recently sentenced, to come forward. According to authorities, the service had roughly 70-80,000 subscribers between 2011 and 2018, and in 2018 customers launched or attempted to launch approximately 50,000 DDoS attacks aimed at individuals or organizations.

The FBI reportedly warned this week that attackers repeatedly attempted to disrupt a state's voter registration and information website with a distributed denial-of-service attack. On Tuesday, the FBI issued a Private Industry Notification that described the attempted DDoS attack, according to Bleeping Computer, which says it obtained a copy of the alert.

Most DDoS attacks in 2019 were directed toward companies in the gaming and gambling sectors, the report found. Released on Wednesday, Imperva's annual Global DDoS Threat Landscape Report looks at the greater scale, effective strategies, and higher frequency of DDoS attacks.

NETSCOUT, a market leader in service assurance, security, and business analytics, announced Arbor Sightline with Sentinel to deliver the next generation of DDoS visibility and protection for service providers and large enterprises. Combining core ARBOR NETWORKS and NETSCOUT Layer 7 technologies with intelligent analytics, machine learning, and automation, Sightline with Sentinel integrates network infrastructure defense functions into an orchestrated capability that delivers unparalleled protection for network, customer, and application services at a lower cost.

These guys aren't just launching attacks that kick all players on a targeted server out of a game, or degrade the game performance down to sludge, Ubisoft alleges. Defendants are well aware of the harm that the DDoS Services and DDoS Attacks cause to Ubisoft.