Distributed Denial of Service (DDoS) attacks are on the rise, affecting individuals , private businesses and government-funded institutions alike. As part of a large warning to cybercriminals, the UK’s National Crime Agency (NCA) has arrested 12 individuals for using a DDoS-for-hire service called Netspoof. “Operation Vulcanialia” targeted 60 citizens in total, and led to 30 cease and desist notices, and the seizure of equipment from 11 suspects. The NCA says it had two focuses: arresting repeat offenders and educating first-time users about the consequences of cybercrime. The work formed part of Operation Tarpit , a larger effort co-ordinated by Europol. Law enforcement agencies from Australia, Belgium, France, Hungary, Lithuania, the Netherlands, Norway, Portugal, Spain, Sweden, the UK and the US targeted users of DDoS tools together, resulting in 34 arrests and 101 suspects being interviewed and cautioned. The UK’s contribution was spearheaded by intelligence gathered by the West Midlands Regional Cyber Crime Unit, and executed by Regional Organised Crime Units under the watchful eye of the NCA. Some of the arrests were detailed in a press release — all but one was under the age of 30. Netspoof allowed anyone to initiate potentially devastating DDoS attacks from as little as £4. Packages soared to as much as £380, however, depending on the user’s requirements. It meant almost anyone, regardless of their technical background, could take down sites and services by flooding them with huge amounts of data. The trend is representative of the increase in cybercrime and how easy it is for people to wield such powers. DDoS attacks aren’t comparable to hacking, but they’re still a worrisome tactic for businesses. Knocking a service offline can affect a company’s finances and reputation, angering customers in the process. Twelve arrests is by no means insignificant, but it almost certainly represents a small number of DDoS users. Still, it’s a warning shot from the NCA — it’s aware of the problem, and officers are putting more resources into tracking those who both use and facilitate such attacks on the internet. Via: Ars Technica Source: Europol , NCA
Read More:
UK police crack down on people paying for DDoS attacks
An anonymous reader quotes a report from BleepingComputer: For the past two months, a new exploit kit has been serving malicious code hidden in the pixels of banner ads via a malvertising campaign that has been active on several high profile websites. Discovered by security researchers from ESET, this new exploit kit is named Stegano, from the word steganography, which is a technique of hiding content inside other files. In this particular scenario, malvertising campaign operators hid malicious code inside PNG images used for banner ads. The crooks took a PNG image and altered the transparency value of several pixels. They then packed the modified image as an ad, for which they bought ad displays on several high-profile websites. Since a large number of advertising networks allow advertisers to deliver JavaScript code with their ads, the crooks also included JS code that would parse the image, extract the pixel transparency values, and using a mathematical formula, convert those values into a character. Since images have millions of pixels, crooks had all the space they needed to pack malicious code inside a PNG photo. When extracted, this malicious code would redirect the user to an intermediary ULR, called gate, where the host server would filter users. This server would only accept connections from Internet Explorer users. The reason is that the gate would exploit the CVE-2016-0162 vulnerability that allowed the crooks to determine if the connection came from a real user or a reverse analysis system employed by security researchers. Additionally, this IE exploit also allowed the gate server to detect the presence of antivirus software. In this case, the server would drop the connection just to avoid exposing its infrastructure and trigger a warning that would alert both the user and the security firm. If the gate server deemed the target valuable, then it would redirect the user to the final stage, which was the exploit kit itself, hosted on another URL. The Stegano exploit kit would use three Adobe Flash vulnerabilities (CVE-2015-8651, CVE-2016-1019 or CVE-2016-4117) to attack the user’s PC, and forcibly download and launch into execution various strains of malware. Read more of this story at Slashdot.