Archive - April 2019

1
Ecuador Claims It Suffered 40 Million Cyber Attacks Since Julian Assange?s Arrest
2
How HTML5 Ping Is Used in DDoS Attacks

Ecuador Claims It Suffered 40 Million Cyber Attacks Since Julian Assange?s Arrest

Five days ago, Ecuador revoked Julian Assange?s 7-year long asylum and turned him over to the UK authorities, which promptly arrested the Wikileaks chief.

Since then, Ecuador claims to be under siege from Assange supporters and ?groups linked? to him.

Patricio Real, Ecuador?s deputy minister for information and communication technology, said in a statement that the webpages for his country?s public institutions experienced 40 million cyber-attacks.

Among the hardest hit were pages for the central bank, the foreign ministry and the president?s office.

?During the afternoon of April 11 we jumped from 51st place to 31st place worldwide in terms of the volume of cyber attacks,? he said.

The deputy minister said that the attacks ?principally come from the United States, Brazil, Holland, Germany, Romania, France, Austria and the United Kingdom,? but that countries from South America also show up on the list.

No major hacking groups were named in Ecuador?s statement, though famed Anonymous apparently made a threat.

Real also didn?t specify what type of attacks Ecuador?s website experience. He mentioned that no hacker managed to steal government data but that the attacks prevented some employees and citizens from accessing their accounts.

As Real called the attacks ?volumetric,? he most likely referred to a type of DDoS attack in which hackers send a lot of traffic to a website hoping to overwhelm it.

While this is a serious threat to a network, the attack itself can be perpetrated even by those without a lot of technical knowledge.

Ecuador will receive cybersecurity support from Israel to handle the incidents. It has also made motions to arrest a suspect, Swedish citizen close to Assange.

Right now, Julian Assange is in the UK authorities? hands and waiting to see if he will be extradited to the US to face conspiracy charges.

He was also stripped of his Ecuador citizenship, which was granted in 2017 under a different Ecuadorian regime.

Source:?https://techthelead.com/ecuador-claims-it-suffered-40-million-cyber-attacks-since-julian-assanges-arrest/

How HTML5 Ping Is Used in DDoS Attacks

A new type of distributed denial-of-service (DDoS) attack is abusing a common HTML5 attribute to overwhelm targeted victims.

Security firm Imperva reported on April 11 that it has discovered a campaign where hackers abused the <a> tag ping HTML5 attribute in a DDoS attack that generated 70 million requests in four hours. The ping attribute is intended to be used by websites as a mechanism to notify a website if a user follows a given link on a page. Typically, a ping is a single action, but Imperva discovered that hackers have found a way to amplify the ping into a more persistent data flow, triggering the DDoS attack.

“The attacker, probably using social engineering, forced users to visit a website that contained malicious JavaScript,” Vitaly Simonovich, security researcher at Imperva, told eWEEK. “This script generated links with the target site in the ‘ping’ attribute and clicked it without personal involvement of the user. Auto-generated clicks reflected as ping back to the victim, continuously, the entire time the user stayed on the webpage.”

Imperva’s analysis of the attack explained that when the user clicks on the hyperlink, a POST request with the body ?ping? will be sent to the URLs specified in the attribute. It will also include headers ?Ping-From,? ?Ping-To? and a ?text/ping? content type.

“We observe DDoS attacks daily,” Simonovich said. “We discovered this attack?last month. However, when we looked back in our logs, we noticed that the first time the attack occurred on our network in December 2018, it was using the ping feature.”

The attack that Imperva found was able make use of 4,000 user IPs, with a large percentage of them from China. The campaign lasted four hours, with a peak of 7,500 requests per second (RPS), resulting in more than 70 million requests hitting the target victim’s website.

How the Ping Attack Overwhelms a Server

A simple ping on its own is not enough to disturb a web server and, in fact, for basic availability web servers are regularly hit with ping requests. Ping requests are also low bandwidth and would not likely be able to constitute a volumetric DDoS attack, which aims to overwhelm the available bandwidth of a target server.

The DDoS attack discovered by Imperva, however, was not a basic ping and, according to Simonovich, could impact a web application server in a couple ways:

  1. Targeting the web server using high RPS, the server will be forced into processing the DDoS attack and not handle legitimate traffic.
  2. Targeting the web application by finding an injection point will cause a high resource consumption. For example, the login form will cause a query to the database.

“The attack is performed on the application layer aimed to clog server resources by processing several HTTP requests,” Simonovich explained. “As such, attack bandwidth is not the weakest resource in the chain, but CPU or memory of the server.”

He added that 7,500 RPS is far from the most powerful application DDoS attack, which can reach 100,000 RPS and more, but it is enough to deny availability for a midsize website.

Defending Against Ping DDoS

There are several things that organizations can do to minimize the risk of a Ping DDoS attack.

Imperva recommends that organizations that do not need to receive ping requests on a web server block any web requests that contain ?Ping-To? and/or ?Ping-From? HTTP headers on the edge devices (firewall, WAF, etc.). DDoS services, including the one that Imperva offers, also can be employed to help limit risk.

“Attackers are constantly looking for new and sophisticated methods to abuse legitimate services and bypass mitigation mechanisms,” Simonovich?said. “Utilization of the ping functionality is a good example of this, especially since most of the browsers by default support it. The challenge that attackers are facing is how to force legitimate users to visit the malicious page and stay on this page as long as possible to make the attack run longer.”

Source:?https://www.eweek.com/security/how-html5-ping-is-used-in-ddos-attacks

Copyright © 2013. Created by Meks. Powered by WordPress.