Some activist DDoS attacks growing in sophistication, expert says

Tomado de: http://searchsecurity.techtarget.com

The majority of distributed denial-of-service (DDoS) attacks against corporate and government websites can be easily filtered out by appliances and software, but one expert says a growing number of attacks are from technically savvy individuals and often trip up mitigation systems.

It's cheap and easy to launch an attack but the common person may not know how to go about it.

Jeff Lyon, CEO, Black Lotus

A wide variety of attacks that are driven by activists use relatively unsophisticated tools. They can cause an initial disruption, but business and government websites can recover fairly quickly, said Jeff Lyon, CEO of Los Angeles-based Black Lotus Communications, a DDoS mitigation firm. A growing threat are DDoS attacks driven by extortionists and technically savvy hackers, which are complicated enough to make it difficult to defend against, Lyon said.

"Those attacks tend to be extremely complex because the attackers know that the basic tools so prevalent in the wild aren't as effective because security providers can easily defend against them," Lyon told SearchSecurity.com in a recent interview.

DDoS mitigation has been gaining interest from enterprise IT teams of late. The financial industry has been especially hard hit by DDoS over the last two weeks. JPMorgan Chase and Bank of America both suffered intermittent website problems. U.S. Bank and PNC reported problems with their customer websites Wednesday. The attacks are believed to be originating from a group known as Izz ad-Din al-Qassam Cyber Fighters, a hacktivist group that has been announcing its campaigns on the Pastebin website.

Lyon said some of the DDoS campaigns are layer 7 HTTP attacks that look like real users. Systems that use behavioral analysis and signatures often have to be manually tuned to filter out the right traffic and rule out false positives, he said.

"In order to defend against that specific type of attack you have to have a method in place to determine which traffic is robots and which traffic is humans and be able to implement a filtering rule" Lyon said. "That's where the real challenge is right now."

In this interview, Lyon talks about the transition from extortion-driven DDoS attacks in 2003 to more hacktivist-style attacks, which began in about 2007. Today, hacktivists primarily use social networking to gain enough followers and collaboratively take out websites while a determined individual can rent a botnet or create their own DDoS tool to carry out a targeted attack, Lyon said.

Give us a brief history of DDoS and tell us about Black Lotus:

Jeff Lyon: Black Lotus is a managed availability security firm. We started our company up in 1999. Back then was when the first USCERT advisories came out saying there's this new phenomenon called a DDoS [distributed denial-of-service] attack. About four years after that, attacks really started occurring against the enterprise. Back in 1999 attacks were really against criminal enterprises or against ecommerce or larger start-up companies. Around 2003 is when attacks really started impacting online casinos, poker rooms and that's when extortion became a major target of a DDoS attack. As the years went on, namely about 2007 is when the hacktivism trend began to occur. It stopped being just an extortion tool. It started being used if you didn't like someone or you wanted to tell someone to do something, you could go ahead and use a DDoS attack. Consequently 2007 is where DDoS mitigation became a really big business.

Why do you think was there was an evolution from financially motivated DDoS attacks (extortion) to politically motivated or statement-driven attacks?

Lyon: Mainly it's because anonymity is much more prevalent. If you are making a statement against a company or an organization you can use a medium like Twitter or any other type of social media to generate opinions and get people to attack a target. What has happened with Anonymous is that everyone can get together and launch a low orbit ion cannon (LOIC) type of attack. Everyone stays relatively anonymous. It's more of a collective that's making the attack. This is very difficult for law enforcement to wrap their hands around and actually prosecute individuals even though they are undertaking those initiatives. With extortion, they are able to use more traditional tools to investigate the crime because there is a money trail.  It may be difficult to figure out who launched the attack but when there is extortion involved you are able to say this is where the money went after someone made a ransom payment.

Are some hacktivist-driven DDoS attacks making it more difficult for Black Lotus and other DDoS mitigation firms?

Lyon: What we find is that the more common Anonymous type of attacks—the ones you see in the media—are actually relatively easy to defend against. These types of attacks take advantage of the collective and other people making a statement. When you see someone on Twitter announcing a target to attack, what they are doing is trying to take advantage of that company's inability to defend itself against the attack, but it's really not that complex to defend against.  

It seems like a lot of DDoS attacks use fairly unsophisticated methods, flooding websites with malicious traffic that can be easily filtered out, is that the case?

Lyon: The attacks will run the gamut with different technologies in use. The ones we hear so much about, especially the ones that are launched by relatively unsophisticated folks wanting to take part in a protest, are pretty unsophisticated attacks. In order for them to occur the organizers of these attacks have to distribute tools to their followers. Once that tool is distributed then security experts and analysts can take it apart and figure out what needs to be done to defend against that particular type of attack and build those signatures used in mitigation appliances and other security products.

The ones that are extremely difficult are actually not in the realm of hacktivism. They could be extortion attacks. They could be attacks against competitors or they could be hacktivism, but not the mass-media hacktivism we're all so familiar with. Those attacks tend to be extremely complex because the attackers know that the basic tools so prevalent in the wild aren't as effective because security providers can easily defend against them. The attacker must build a tool or use a tool that is lesser known and much more difficult to raise a defense. The one that comes to mind are these layer 7 HTTP attacks that look like real users. No matter what your signature looks like there are attacks coming in that match your legitimate traffic. They look exactly the same. In order to defend against that specific type of attack you have to have a method in place to determine which traffic is robots and which traffic is humans and be able to implement a filtering rule. That's where the real challenge is right now.  

So there are some hacktivist DDoS attacks that can be sophisticated?

Lyon: These will be the hacktivists that are themselves computer hackers. They are very well educated in the use of computers and computer networks. For example you might have a website with a religious or political view that is unpopular with a specific person or specific hacker and that hacker takes a personal interest in taking down that website. That particular type of attack still qualifies as hacktivism. It's still an activist style attack, but not the common type person launching an attack.

How difficult is it for a single person to carry out a fairly sophisticated DDoS attack?

Lyon: If you're not skilled in specifically designing a tool or already active in that realm of trading tools and coding for malicious purposes, your other option is to go to websites or underground forums and essentially buy access to the tools. You can go on a hacker forum and explain you want to attack a website. Someone might come forward and say they control a botnet that has 100,000 systems in it and I'll let you rent that for $10 an hour. It's cheap and easy to launch an attack but the common person may not know how to go about it. Your common person who doesn't know anything about hacking probably won't find these forums and successfully launch an attack.

-----------------------------------------------------------------------------------------------------------

Apreciacion Personal

Lo que al inicio parecia un juego ultimamente es ha intensificado, seguramente a partir de Annonymous conoces el termino DDoS, bueno es basicamente un ataque de sobrecarga por peticiones, si bien se escucha bastante simple, con el tiempo, segun relata la noticia, se ha intensificado en el aspecto intelectual.

Los atacantes ahora conocen muy bien las armas con las que se enfrentan y como defenderse de las trabas que ponen las empresas atacadas. Conociendo todo esto se puede lograr un ataque mas fuerte por eso las empresas de hoy en dia, que crear que pueden ser victimas de un ataque de este tipo deben preparase muy bien, y esto no quiere decir colocar  a una persona a verificar que todo este en optimas condiciones sino tener un equipo calificado para enfrentar estos ataques.

Microsoft plans to release fix for IE zero-day vulnerability

Tomado de: http://searchsecurity.techtarget.com

Microsoft said Tuesday that it plans to release a fix for the recently discovered IE zero-day vulnerability.

The fix will be released in the next few days, according to a blog post by Yunsun Wee, director of Trustworthy Computing at Microsoft.

"While we have only seen a few attempts to exploit this issue, impacting an extremely limited number of people, we are taking this proactive step to help ensure Internet Explorer customers are protected and able to safely browse online," he wrote.

The zero-day flaw affects Internet Explorer 6, 7, 8 and 9, according to a security advisory 2757760 issued by Microsoft late Monday.

Security researcher Eric Romang discovered the vulnerability over the weekend. According to researchers at Boston-based Rapid7, users' computers can become infected by visiting a malicious website. They advised users switch browsers until a security fix is available.

The fix Microsoft will release will be easy to use and will provide "full protection against this issue until an update is available," Wee wrote. Until the fix is available, users should follow the mitigations listed in Monday's advisory, he added.

----------------------------------------------------------------------------------------------------------------------------------

Apreciacion Personal

Zero-Day, tambien conocido como "Dia 0" es justamente un periodo de tiempo en el que un software puede ser atacado. Cuando recien se lanza una solucion de software los verdaderos testera, los usuarios, toman posesion de la misma y la posibilidad de errores aumenta. Cuando un hacker finalmente logra encontrar una vulnerabilidad se le conoce como la vulnerabilidad del Zero-Day. 

Internet Explorer no ha sido la excepcion esta vez y como sus predesedores, las versiones 6,7,8, la version 9 ha caido tambien con esta vulnerabilidad que a partir del dia de hoy Microsoft empieza a hacerse cargo.

Which Information Security Services are Most Popular?

Tomada de: http://www.networkworld.com

Enterprises are increasing their spending on professional and managed security services. According to ESG Research, 58% of security professionals say that their organization’s use of managed and/or professional services for information security has “increased substantially” or “increased somewhat” over the past 2 years.

Just what types of services are they consuming? The list is long and diverse, but according to ESG Research, the top 5 categories are as follows:

• 33%: Security architecture and infrastructure design (i.e. professional/consulting services)
• 30%: Threat intelligence services
• 30%: Network monitoring services
• 30%: Security /risk management /regulatory compliance assessment
• 29%: Web threat management

Beyond this, they are also purchasing services for email security, vulnerability scanning, penetration testing, and staff augmentation amongst other things.

Large organizations typically consume IT services a number of reasons. At the one extreme, they outsource mundane tasks rather than take these on themselves. At the other end of the spectrum, they seek out specialized skills for more esoteric high-value activities. Somewhere in the middle, they purchase services to supplement what they are doing in house. The ESG Research indicates that enterprises are most interested in supplementing internal efforts and paying for outside security expertise.

Given the combination of a security skills shortage and the increasingly sophisticated threat landscape, it is highly likely that the security services segment will see healthy growth over the next few years.

---

Apreciacion Personal

Tal y como se aprecia en la noticia, en los últimos años se ha podido ver el crecimiento de las empresas encargadas de la seguridad de la información. Así también, podemos observar que las empresas optan por adquirir servicios de terceros en vez de implementarlos ellos mismos. Esto no quiere decir que ellos no se encarguen en absoluto de la seguridad de su información, en una sección del proceso ellos toman especial cuidado en mantener la información segura.

Esto ultimo ocurre en su mayoria en empresas grandes y le toman especial cuidado a algunos sectores. Seguridad de la Infraestructura, Servicios de Inteligencia contra amenazas y Servicios de Monitoreo de redes.

Marcelo Tinelli habló del Hackeo de su Twitter

Notica Tomada de Ciudad (www.ciudad.com.ar)

Marcelo Tinelli habló del hackeo de su Twitter: "También, con la contraseña que le puse soy un pavote..."

El conductor de ShowMatch explicó cómo vivió la intromisión en su cuenta de la red social e hizo una autocrítica por el "password fácil" que utilizó. Además, confesó cómo es el vínculo con sus hijos. ¡Mirá!

Mucho se especuló con el supuesto genio informático que habría hackeado la cuenta de Marcelo Tinelli en Twitter, pero el propio Marcelo se encargó de disipar las intrigas y admitió haber creado una contraseña muy fácil de adivinar. Además, en el móvil para Este es el show, el conductor de ShowMatch habló de la relación actual con sus hijos.

En cueros, desde la puerta de su camarín en Ideas del Sur, mientras se cambiaba para la grabación de las galas del Bailando, Tinelli aseguró: "Ya recuperé mi cuenta de Twitter, es @cuervotinelli. Lo hackearon, y después cuando uno reporta un hackeo a Twitter, te la suspenden por tres días. Pero también yo soy un pavote... ¡La contraseña que le puse! Soy un tarado. No voy a decir la clave, pero soy un idiota. Creo que la descifraba hasta Juanita (su hija de 9 años). No es que se metió un hacker profesional, yo creo que se metió una amiga de Juanita y ya...".

Luego de manifestar su deseo de que Magdalena Bravi continúe en Bailando 2012, al ver a Francesca, la beba recién nacida de Martín Campilongo y Denise Dumas, Marcelo confesó cómo es el vínculo con sus hijos. "No pienso en este momento en tener otro hijo, ya tengo cuatro… Estuve en todos los partos de mis hijos. Poder sacarlos de la panza de la Flaca (por Paula Robles) fue hermoso. Y en los partos de Sole, que fueron por cesárea, también", reveló el dueño de Ideas.

Pero al instante agregó: “Ser padre es un aprendizaje permanente. Son muchísimas las cosas que los chicos nos enseñan a nosotros. Yo he cambiado mucho como papá. Siento que con mis hijas más grandes tengo una relación mucho más profunda y presente de lo que tenía antes. Juanita es por ahí la que más exige desde la edad que tiene, es puro amor”.

Sobre Francisco, contó: “Lo defenestré durante un año por tener Twitter, y hoy me doy cuenta que es una buena herramienta para comunicar cosas y estar cerca de la gente”.

Evidentemente, Marcelo Tinelli se adapta a los tiempos que corren. Tal vez esa sea la clave de su vigencia. No la de su Twitter, claro.

---

Apreciacion Personal

Aqui tenemos un claro ejemplo de la rápida intromision que puede tener un hacker ante una cuenta desprotegida, con desprotegida no quiere decir que Twitter no haya tenido la proteccion suficiente para con esta cuenta, en este caso la culpa la tiene el mismo Marcelo por haber hecho uso de una contraseña no recomendable para cuentas de esa magnitud, una contraseña sencilla de adivinar, en el medio que sea, siempre representara un peligro inminente y una puerta abierta para los hackers que deseen hacer de las suyas. Es por esto que siempre se debe prestar especial cuidado con la contraseñas, nada muy personal ni nada muy sencillo de adivinar.