DDoS attack is launched from 162,000 WordPress sites

With some old-fashioned trickery, hackers were able to get more than 162,000 legitimate WordPress-powered Web sites to mount a distributed-denial-of-service attack against another Web site, security researchers said Monday.

Security firm Sucuri said hackers leveraged a well-known flaw in WordPress that allows an attack to be amplified by harnessing unsuspecting Web sites. It's unclear which site was the victim of the cyberattack, but Sucuri said it was a "popular WordPress site" that went down for many hours.

"It was a large HTTP-based (layer 7) distributed flood attack, sending hundreds of requests per second to their … Read more

Bitcoin exchanges reportedly served with subpoenas

Mt. Gox and other Bitcoin exchanges have reportedly received subpoenas from a US Attorney investigating their handling of the recent cyberattacks launched against them.

Citing "a source familiar with the probe," Reuters said on Thursday that the subpoenas from Manhattan U.S. Attorney Preet Bharara were sent to Mt. Gox, other Bitcoin exchanges, and businesses that deal in the virtual currency. The investigation is focused on the recent distributed denial of service attacks that forced Mt. Gox and other exchanges to suspend withdrawals.

A spokesman for Bharara declined to comment to Reuters. A spokeswoman for the attorney's … Read more

Namecheap targeted in monumental DDoS attack

The Web-hosting service Namecheap was hit with what it says was one the largest distributed-denial-of-service attacks "anyone has seen or dealt with."

On Thursday morning roughly 300 domain names hosted by Namecheap were targeted in a DDoS attack -- a common hacker tactic that causes sites or servers to be bombarded with illegitimate traffic. The massive attack likely caused wide-spread connectivity issues among the hundreds of thousands of other domain names using Namecheap's DNS platform.

"Today is one of the days that, as a service provider who strives to deliver excellence day in and day out, … Read more

Cyberattacked site offers $13K hacker reward

Gaming site Wurm, a recent victim of a cyberattack, has placed a bounty on hackers.

On Tuesday, Wurm operators said that the massive multiplayer online role-playing game (MMORPG), Wurm Online, was the target of a distributed denial of service attack (DDoS). Denial of service attacks are a common form of cyberthreat that involve large numbers of PCs infected with malware -- which then become slaves to a command center that directs them to flood a target with so much traffic servers cannot handle it, causing a site to crash under the strain.

As a result of the attack, Wurm services … Read more

Record-breaking DDoS attack in Europe hits 400Gbps

A massive distributed-denial-of-service attack Monday reached more than 400Gbps at its peak, about 33 percent greater than last year's Spamhaus attack, the previous DDoS record-holder.

The attack was apparently directed at one of the customers of content delivery network and security provider CloudFlare, which first reported the attack. The company said it appeared that attackers leveraged a flaw in the Network Time Protocol (NTP), a network protocol used to synchronize computer clock times.

"Very big NTP reflection attack hitting us right now. Appears to be bigger than the #Spamhaus attack from last year. Mitigating," Cloudflare CEO Matthew … Read more

British spy unit reportedly hit Anonymous with DDoS attacks

A British spy unit turned a cyberattack method favored by Anonymous against it and other hacktivist groups, according to an NBC report based on documents Edward Snowden removed from the National Security Agency.

A division of the Government Communications Headquarters (GCHQ), the UK's communications intelligence agency, used distributed-denial-of-service attacks to disrupt communications among members of Anonymous, according to the documents. DDoS is the same cyberattack technique used by the hacktivist group to mount online attacks targeting financial institutions, trade groups, and government entities after PayPal and banks refused to process payments for WikiLeaks.

Dubbed "Rolling Thunder" by … Read more

Anonymous hackers plead guilty to 2010 PayPal cyberattack

Thirteen people have pleaded guilty to charges connected to a 2010 cyberattack on PayPal for the eBay unit's refusal to process payments for WikiLeaks.

The hacktivist collective claimed responsibility for engineering the December 2010 distributed-denial-of-service attack in retaliation for the online payment processing company's suspension of an account linked to WikiLeaks after the document-leaking organization released a large number of classified documents.

"Citing violations of the PayPal terms of service, and in response to WikiLeaks' release of the classified cables, PayPal suspended WikiLeaks' accounts such that WikiLeaks could no longer receive donations via PayPal," US Attorney … Read more

Cybercrooks use DDoS attacks to mask theft of banks' millions

Distributed denial of service attacks have been used to divert security personnel attention while millions of dollars were stolen from banks, according to a security researcher.

At least three US banks in recent months have been plundered by fraudulent wire transfers while hackers deployed "low powered" DDoS attacks to mask their theft, Avivah Litan, an analyst at research firm Gartner, told SCMagazine.com. She declined to name the institutions affected but said the attacks appeared unrelated to the wave of DDoS attacks last winter and spring that took down Web sites belonging to JP Morgan , Wells Fargo, Bank of America, Chase, … Read more

See how beautiful a DDoS attack can look

We've all heard of a distributed denial of service (DDoS) attack and know what it is: when a person or people attempt to take down a Web site by flooding it with connection requests. These max out the site's bandwidth, making it unable to accept new requests. The attacks are usually automated and can be accomplished in a variety of ways. The loss of traffic during the attack itself, and the recovery afterward, can end up costing Web sites quite a lot.

But what does that actually look like? Well, nothing by itself; but thanks to a Web site traffic visualization tool called Logstalgia, Ludovic Fauvet, developer of the Web site VideoLAN (which created and distributes the free multimedia player VLC), managed to capture an April 23 DDoS attack on his site. … Read more

Cyberattacks triple in 2012, Akamai says

Cyberwarfare incidences jumped sharply in 2012, Akamai said, with the number of distributed denial of service attacks more than tripling from the previous year.

Akamai, one of the world's largest globally distributed networks, said its customers reported being targeted by 768 DDoS attacks last year, more than three times as many as in 2011. The company's State of the Internet report released Tuesday also found that more than a third of those attacks targeted the commerce sector, while another 20 percent targeted enterprise customers.

"In many ways, DDoS has become the weapon of choice for multiple types … Read more