November 22, 2015

Reporter Under Siege & Emergence of KilerRat

Here are some key recent stories from distributed denial of service (DDoS) news:

  • Security Writer Being Pummeled
  • United Kingdom Getting Inundated
  • KilerRat Undetectable by Most Antivirus
  • Gaming Company Hit with 30-40 DDoS PER DAY


Security Writer Being Pummeled

Be careful not to say anything about DDoS, or you could be a target. That seems to be the message of the latest attack from Armada Collective, as reported by International Business Times.


The hacker ring has been going after numerous Swiss companies, financial firms in Thailand, and encrypted email providers. However, the group most recently turned its sights on a security professional who wrote an article on his website describing its activities.


Graham Cluley was pummeled with traffic from a botnet after he published a piece about attacks the collective carried out against seven secure email companies, including ProtonMail, Hushmail, and Runbox. The group demanded ransoms from each of the organizations to stop the assaults, suggesting that it would unleash extraordinarily large attacks at rates of up to 1Tbps.


ProtonMail was the only company to pay the ransom (20 bitcoins, or roughly $6400), and that tactic unfortunately didn’t work. “We hoped that by paying, we could spare the other companies impacted by the attack against us, but the attacks continued nevertheless,” the company wrote on its blog. “ProtonMail will NEVER pay another ransom.”

United Kingdom Getting Inundated

Sometimes, you don’t want to be right.


Early last week, the UK government issued an alert that ISIS could be getting ready to go after the country with widescale DDoS attacks.  On November 18th, that warning proved legitimate when the nation started getting hit with widespread distributed denial of service incidents, as indicated by Telecoms Tech.


As of that date, there was more malicious traffic hitting the UK than ever before, with the bulk of it using IP fragmentation, which slows down servers by making it extremely difficult to put together the pieces.


Context is key with this assault, because it arrives in the wake of Paris and other attacks by ISIS, along with increasing raids targeting militants in Belgium and France.


It’s debatable if the attacks are actually coming from ISIS, but Anonymous has definitely been under attack for announcing that it would go after the terrorists with “the launch of their #OpParis campaign for anyone to disrupt social network accounts used for propaganda and recruitment by the group,” explained Telecoms Tech. “An IRC used by Anonymous has temporarily had to shut-off external connections from third-party clients.”

KilerRat Undetectable by Most Antivirus

As defense gets more sophisticated, offense continues to adapt – and the RAT is no exception.


The Remote Access Trojan (RAT) is an ever-changing beast, reported SC Magazine. RATs, used to spy on PCs, phones, and tablets, are released in new variations so that the security community has a difficult time keeping up with each version. Plus, the capabilities are becoming more advanced.


KilerRat  is a new strain built from the njRAT malware that infiltrates Windows computers and gives the invading party control, allowing them to “remotely delete, edit, and rename files or folders; view the webcam of infected computers; monitor key logging on infected computers; and collect stored passwords in the computers’ browsers,” noted SC Magazine.


It escapes detection by allowing the attacker to change an executable file (.exe) to any of various other file types (.jpg, .txt, .mp4, etc.). Plus, KilerRat allows its controller to leverage the penetrated device as a proxy for DDoS attacks.


Most antivirus programs are struggling to identify this malware, according to security specialist Peter Ewane. That’s all the more disturbing for personal privacy given the revelation in October that a British man used the spyware Blackshades to control webcams in unsuspecting people’s bedrooms, effectively becoming a virtual peeping Tom.

Gaming Company Hit with 30-40 DDoS PER DAY

In the good old days, you had to have real skills to be a hacker. That’s no longer the case.


Distributed denial of service (DDoS) tools are now incredibly accessible and easy to use, with Lizard Squad and others offering botnet rental as a service, as described by International Business Times.


This type of attack has been around for years but has grown exponentially. Companies are getting hit increasingly, with the average American business going down for about nine hours at a total cost of about $360,000.


“The number of these things has exploded over the past five years,” Nexusguard DDoS Defense Expert Shawn Marck told International Business Times. “Last year and into this year, the size of the attacks has set records for how big they were.”


The largest independent game developer in the UK, Jagex, said that it is being inundated with 30-40 DDoS attacks daily, with most relatively minor at 15-20 GB per second but some substantial enough to cause 30-second performance delays.

DDoS: All About Prevention

Do you need protection against distributed denial of service attacks? At Nexusguard, our four-part DDoS Penetration Testing (reconnaissance, enumeration, exploitation, and documentation) can help you identify needed changes. Learn more.

Get the latest cybersecurity news and expert insights direct to your inbox

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.