Support

Archive | Attacks and DDoS Attacks

View all postings from the Attacks category in “Security to the Core,” the Arbor Networks Security Engineering and Response Team Blog.

How to Become an Internet Supervillain in Three Easy Steps

One of the truisms of comic books and graphic novels is that nothing is immutable – both heroes and villains are rebooted, retconned, featured as radically (or subtly) different versions in alternate timelines, etc. The Marvel Cinematic Universe, which so far includes the Captain America, Thor,Hulk, Iron Man, and Avengers films, is a good example. […]

Continue Reading

DDoS Attacks in the Wake of French Anti-terror Demonstrations

On January 15th, France’s chief information systems defense official, Adm. Arnaud Coustilliere, announced a sharp rise in online attacks against French web sites: “Calling it an unprecedented surge, Adm. Arnaud Coustilliere, head of cyberdefense for the French military, said about 19,000 French websites had faced cyberattacks in recent days, …” [1]. As we’ve done in […]

Continue Reading

North Korea Goes Offline

It was reported earlier today that North Korea was having Internet connectivity issues. Given recent events involving Sony Pictures Entertainment (SPE), these reports are of particular interest. The first question when you see this type of report is whether it’s purely a connectivity issue or whether an attack is behind it. While visibility into North Korean […]

Continue Reading

DDoS Activity in the Context of Hong Kong’s Pro-democracy Movement

In early August, we examined data demonstrating a striking correlation between real-world and online conflict [1], which ASERT tracks on a continual basis [2-7]. Recent political unrest provides another situation in which strong correlative indicators emerge when conducting time-series analysis of DDoS attack data. The latest round of pro-democracy protests in Hong Kong began on […]

Continue Reading

FCC advised on Remediation of Server-based DDoS Attacks

Yesterday, the Communications Security, Reliability and Interoperability Council (CSRIC), a federal advisory committee to the Federal Communications Commission (FCC), submitted its final report on Remediation of Server-based DDoS Attacks. The CSRIC’s Working Group 5 was tasked with developing recommendations for communications providers to enable them to mitigate the impact of high volume DDoS attacks launched […]

Continue Reading

Into the Light of Day: Uncovering Ongoing and Historical Point of Sale Malware and Attack Campaigns

Point of Sale systems that process debit and credit cards are still being attacked with an increasing variety of malware. Over the last several years PoS attack campaigns have evolved from opportunistic attacks involving crude theft of card data with no centralized Command & Control, through memory scraping PoS botnets with centralized C&C and most […]

Continue Reading

Trojan.Eclipse — A Bad Moon Rising?

ASERT’s malware collection and processing system has automatic heuristics that bubble up potentially new and interesting DDoS malware samples into a “for human analysis” queue. A recent member of this queue was Trojan.Eclipse and this post is my analysis of the malware and its associated campaigns. Analysis was performed on the sample with an MD5 […]

Continue Reading

The Heartburn Over Heartbleed: OpenSSL Memory Leak Burns Slowly

Marc Eisenbarth, Alison Goodrich, Roland Dobbins, Curt Wilson Background A very serious vulnerability present in OpenSSL 1.0.1 for two years has been disclosed (CVE-2014-0160). This “Heartbleed” vulnerability allows an attacker to reveal up to 64kb of memory to a connected client or server. This buffer-over-read vulnerability can be used in rapid succession to exfiltration larger […]

Continue Reading

Happy Holidays: Point of Sale Malware Campaigns Targeting Credit and Debit Cards

Inside Recent Point-of-Sale Malware Campaign Activities Curt Wilson, Dave Loftus, Matt Bing An active Point of Sale (PoS) compromise campaign designed to steal credit and debit card data using the Dexter and Project Hook malware has been detected. Indicators of compromise will be provided for mitigation and detection purposes. Prior to the publication of this […]

Continue Reading