All versions of package pg-native; all versions of package libpq are vulnerable to Denial of Service (DoS) when the addons attempt to cast the second argument to an array and fail. This happens for every non-array argument passed.

**Note:**
pg-native is a mere binding to npm's libpq library, which in turn has the addons and bindings
to the actual C libpq library. This means that problems found in pg-native  may transitively impact 
npm's libpq.




Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

*   **snyk-id**
    
    SNYK-JS-LIBPQ-2392366
    
*   **published**
    
    14 Jun 2022
    
*   **disclosed**
    
    3 Feb 2022
    
*   **credit**
    
    Cristian-Alexandru Staicu, Snyk Security Labs
    

**How to fix?**

There is no fixed version for libpq.

**Overview**

libpq is a node native bindings to the PostgreSQL libpq C client library.

Affected versions of this package are vulnerable to Denial of Service (DoS) when the addons attempt to cast the second argument to an array and fail. This happens for every non-array argument passed.

**Note:** pg-native is a mere binding to npm's libpq library, which in turn has the addons and bindings to the actual C libpq library. This means that problems found in pg-native may transitively impact npm's libpq.

**PoC**

    //pg-native -> poc.js
    
    let Client = require('pg-native') 
    let client = new Client(); 
    client.connectSync(); 
    client.query('some str', 1, function() {});
    
    //libpq -> poc.js
    
    var Libpq = require('libpq') 
    const pq = new Libpq(); 
    pq.sendQueryParams("some str", 1) 
    

**Details**

Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.

When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.

Two common types of DoS vulnerabilities:

*   High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.
    
*   Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm ws package

CVE-2022-25852: Denial of Service (DoS) in libpq | CVE-2022-25852 | Snyk

All versions of package @discordjs/opus are vulnerable to Denial of Service (DoS) when trying to encode using an encoder with zero channels, or a non-initialized buffer. This leads to a hard crash.



Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

*   **snyk-id**
    
    SNYK-JS-DISCORDJSOPUS-2403100
    
*   **published**
    
    16 Jun 2022
    
*   **disclosed**
    
    16 Feb 2022
    
*   **credit**
    
    Cristian-Alexandru Staicu
    

**How to fix?**

There is no fixed version for @discordjs/opus.

**Overview**

@discordjs/opus is a native bindings to libopus.

Affected versions of this package are vulnerable to Denial of Service (DoS) when trying to encode using an encoder with zero channels, or a non-initialized buffer. This leads to a hard crash.

**PoC**

// Zero channels:

    const { OpusEncoder } = require('@discordjs/opus');
     const encoder = new OpusEncoder(48000, 0);
     try {
         const encoded = encoder.encode(Buffer.from("aaa"));
     } catch(e) {
    console.log("This will never run")
         // never executed because of the hard crash
     }
    

// Non-initialized buffer:

    const { OpusEncoder } = require('@discordjs/opus');
    const encoder = new OpusEncoder(48000, 2);
    try {
         const encoded = encoder.encode(null);
    } catch(e) {
    // never executed because of the hard crash
    }
    

**Details**

Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.

When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.

Two common types of DoS vulnerabilities:

*   High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.
    
*   Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm ws package

CVE-2022-25345: Denial of Service (DoS) in @discordjs/opus | CVE-2022-25345 | Snyk

All versions of package fast-string-search are vulnerable to Denial of Service (DoS) when computations are incorrect for non-string inputs. One can cause the V8 to attempt reading from non-permitted locations and cause a segmentation fault due to the violation.




Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

*   **snyk-id**
    
    SNYK-JS-FASTSTRINGSEARCH-2392367
    
*   **published**
    
    15 Jun 2022
    
*   **disclosed**
    
    3 Feb 2022
    
*   **credit**
    
    Cristian-Alexandru Staicu
    

**How to fix?**

There is no fixed version for fast-string-search.

**Overview**

fast-string-search is a module that can search substrings in a string by using N-API and boyer-moore-magiclen.

Affected versions of this package are vulnerable to Denial of Service (DoS) when computations are incorrect for non-string inputs. One can cause the V8 to attempt reading from non-permitted locations and cause a segmentation fault due to the violation.

**PoC**

    const fss = require('fast-string-search');
    
    let res1 = fss.indexOfSkip("no way this will", "w");
    let res2 = fss.indexOfSkip(1, 1); 
    
    console.log(res1);
    console.log(res2);
    
    // you can also crash it after a very long useless computation, by running this instead of lines 6-11: 
    let a = new Array(10000)
    let res2 = fss.indexOfSkip(1, 1); // segfaults after 5 seconds
    

**Details**

Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.

When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.

Two common types of DoS vulnerabilities:

*   High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.
    
*   Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm ws package

CVE-2022-22138: Denial of Service (DoS) in fast-string-search | CVE-2022-22138 | Snyk

Proietti Tech srl Planet Time Enterprise 4.2.0.1,4.2.0.0,4.1.0.0,4.0.0.0,3.3.1.0,3.3.0.0 is vulnerable to Remote code execution via the Viewstate parameter.

**Cloud Cyber Security PlatformEuropean Cyber Research TeamThreat Intelligence PlatformThe Cyber Security Partner**

La piattaforma di Security Testing e Threat Intelligence e il Cyber Competence Center di Swascan per il Cyber Security Framework Aziendale.  
Sicurezza Predittiva. Sicurezza Preventiva. Sicurezza Proattiva.

Prova il Free Trial

**In evidenza**

**Webinar - Framework Nazionale per la Cyber Security e la Data Protection: how to**

All'interno del panorama nazionale italiano, il Framework Nazionale per la Cybersecurity e la Data Protection, rappresenta un punto di riferimento adottato da realtà fortemente eterogenee come strumento per l’organizzazione della propria strategia di difesa rispetto alle minacce informatiche.

Iscriviti

**Corso propedeutico alla certificazione CISSP**

La certificazione CISSP non è solo un riconoscimento oggettivo di eccellenza, ma uno standard riconosciuto a livello globale per i professionisti e i manager chiamati a gestire le problematiche di Cyber Security e Information Security. Registrati al corso e frequenta le lezioni a partire dal 05 settembre 2022.

Scopri di più

**Report Cyber Risk Indicators: Sanità Italiana 2022 e 2021 a confronto**

ll servizio di Cyber Risk Indicators determina e misura il potenziale rischio cyber del settore oggetto di analisi. In questa analisi abbiamo preso in esame il livello di esposizione al rischio cyber delle infrastrutture critiche italiane. Gli indicatori sono stati identificati con il servizio di Domain Threat Intelligence (DTI) e Cyber Threat Intelligence (CTI).

Scopri di più

**Cyber Security Framework**

Il Cyber Security Framework è il fondamento della postura di sicurezza della tua azienda. Un insieme di processi e tecnologie che operano all’unisono per ridurre al minimo l’esposizione al rischio cyber. Si fonda sulla sicurezza predittiva, preventiva e proattiva.

**Sicurezza Predittiva**

La Sicurezza Predittiva opera a livello di Threat Intelligence. Attraverso l’analisi di fonti OSINT e CLOSINT, a livello di Web, Dark Web e Deep Web identifica minacce, rischi e informazioni relativi all’azienda target. La Sicurezza Predittiva permette di anticipare le criticità impostando correttamente la sicurezza preventiva e proattiva.

**Sicurezza Preventiva**

La Sicurezza Preventiva agisce in termini di Analisi del Rischio tecnologico, umano e di processo. Attività che rientrano negli obblighi legislativi e in termini di best practice internazionale. Le attività fanno riferimento a penetration test, vulnerability assessment, ransomware attack simulation, phishing simulation, formazione, CIS, NIST, ISO27001, GDPR Assessment.

**Sicurezza Proattiva**

La Sicurezza Proattiva permette l’adozione degli approcci relativi alla security by detection e alla security by reaction. Attraverso l’adozione di security operation center (SOC) permette di monitorare, identificare, analizzare, gestire e bloccare eventuali minacce in essere all’interno dell’azienda. La componente incident response management garantisce la corretta gestione degli incidenti aziendali attraverso l’utilizzo di Team specializzati e competenti.

Scopri i nostri servizi

**La Piattaforma di Swascan**

Swascan è la prima suite interamente in Cloud di Security Testing e Threat Intelligence: scopri tutti i servizi disponibili ora!

Domain Threat Intelligence

Cyber Threat Intelligence

Phishing Attack Simulation

Smishing Attack Simulation

Prova il Free Trial

**Cyber Security Competence Center**

**Cyber Incident Response**

Un Cyber team dedicato di pronto intervento Cyber per la gestione di Cyber Incident, attacchi DDOS, Data Breach e Attacchi Ransomware.

**Soc as a Service**

Il servizio dedicato di Monitoring & Early Warning di Swascan per la corretta gestione della sicurezza proattiva e sicurezza preventiva.

**Penetration Test**

Le attività di Penetration Test sono svolte Penetration Tester certificati e in linea con gli standard internazionali OWASP, PTES e OSSTMM.

**GRC Management**

Servizi di Security Advisory  a livello consulenziale e a livello operativo per supportare i clienti nei piani di remediation, gestione della Cyber Security, Compliance Management e Risk Management.

**Cyber Academy**

Corsi di formazione dedicati di Cybersecurity in aula o tramite Webinar. Attività di Awareness per il personale tecnico, per i dipendenti e per i Top Manager.

**Cloud Security**

Un Cyber Competence Center dedicato al mondo Cloud per le attività di governance, supporto e tutela dell’ intero insieme di tecnologie, protocolli e best practice degli ambienti cloud computing.

**24/7 Cyber Security Operation Center**

Un team dedicato nell’attività di Sicurezza Proattiva e Reattiva delle minacce informatiche sulle reti locali, ambienti cloud, applicazioni ed endpoint aziendali. Il nostro team di Security Analyst monitora i dati e le risorse, H24, 7 giorni su 7 per 365 giorni all’anno.

Threat Detection & Analysis

Valutazione minacce e vulnerabilità

Endpoint detection and response (EDR)

Network detection response

Event Correlation / Log Management

**Penetration Testing**

Il team offensive di Swascan è certificato ISO27001 e ISO9001  
Tutte le attività rispettano gli standard OWASP, PTES e OSSTMM.

**Cyber Academy**

Nella sicurezza informatica sono indubbiamente i comportamenti umani a fare la differenza, prima ancora che la tecnologia.  
La nostra Cyber Academy offre una vasta gamma di percorsi formativi strutturati per rispondere a differenti livelli di esperienza e di specializzazione tecnica.

Scopri i nostri Corsi

**Cyber Threat Intelligence**

Il servizio di Cyber Threat Intelligence di Swascan ha lo scopo e l’obiettivo di individuare le eventuali informazioni pubbliche disponibili a livello Web, Dark Web e Deep Web relative ad un determinato target. L’attività prevede la raccolta e l’analisi delle informazioni relative ad una serie di macro aree critiche quali:

Domain Threat Intelligence

**Diventa Partner Swascan**

Scopri di più sullo Swascan Partner Program, grazie al quale i nostri partner servono al meglio i clienti, forniscono soluzioni rapide e ne promuovono la crescita.

Scopri il Partner Program

CVE-2022-30422: Home - Swascan

By Deeba Ahmed
The DDoS attack originated from 121 countries and was powered by a small botnet of only 5,067 hacked…
This is a post from HackRead.com Read the original post: Cloudflare Thwarted Largest Ever HTTPS DDoS Attack

****The DDoS attack originated from 121 countries and was powered by a small botnet of only 5,067 hacked IoT devices.****

Cloudflare has reported stopping a record-breaking HTTPS DDoS attack (distributed denial of service attack) this month. The company claims this attack peaked at 26 million requests per second (RPS), making it the largest ever HTTPS DDoS flood recorded.

It is worth noting that in April 2022, Cloudflare reported stopping a similar attack that peaked at 15.3 million rps. Evidently, the latest attack is significantly larger than the previous one. Cloudflare is an American DDoS mitigation, SSL certificate service, and content delivery network. 

**An Unusual Attack**

Cloudflare’s product manager, Omer Yoachimik, noted that the target was a customer using a Free plan. The previous largest DDoS attack reported by the company was also targeted against one of its customers.

The latest attack is far more unusual than the one it mitigated in April. That’s because of several factors, such as the size and the fact that attackers used junk HTTPS requests. 

Moreover, the attack came from Cloud Service Providers instead of Residential ISPs, and virtual servers and machines were hijacked to launch this attack rather than low-bandwidth, infected IoTs (internet of things) devices.

The company reaffirmed that all the customers using its Free and Pro plans are protected against DDoS and similar attacks regardless of the attack duration or size.

**Further Details**

Cloudflare explained that a relatively tiny but powerful botnet was used to carry out this DDoS attack. Surprisingly, the botnet comprised only 5,067 devices. The attack originated from 121 countries, and each node made 5,200 rps at its peak moment. 

Within 30 seconds, the botnet generated 212 million requests over 1,500 networks, which is more powerful than other botnets the company has tracked so far, some of which even comprised over 730,000 devices at an average of 1.3rps/device. 

Most requests came from Indonesia, Brazil, the USA, and Russia. Conversely, around 3% of this attack was carried through TOR connections. Since the attack involved HTTPS, it cost attackers more money to launch it, and the company bore a massive financial burden for mitigating it.

> “HTTPS DDoS attacks are more expensive in terms of required computational resources because of the higher cost of establishing a secure TLS encrypted connection. Therefore, it costs the attacker more to launch the attack, and for the victim to mitigate it. We’ve seen very large attacks in the past over (unencrypted) HTTP, but this attack stands out because of the resources it required at its scale.”
> 
> Cloudflare – Blog post 

**More DDoS Attack News**

*   Imperva mitigated a series of massive ransom DDoS attacks
*   DDoS Attacks by Hacktivists Disrupted Russian Alcohol Supply Chain
*   Growing Threat of Ransom DDoS Attacks Requires Effective Mitigation
*   Pro-Iran Group ALtahrea Hits Port of London Website by DDoS Attacks
*   Admin of DDoS-For-Hire Service “DownThem” Gets 2 Years Prison Sentence

Cloudflare Thwarted Largest Ever HTTPS DDoS Attack

The number and power of DDoS attacks keep growing at an incredible rate year over year. Recently a new HTTPS DDoS attack record was broken.
The post Record breaking HTTPS DDoS attack appeared first on Malwarebytes Labs.

Last week, Cloudflare blocked the largest HTTPS DDoS attack on record. The attack amassed some 26 million requests per second (rps). The previous record for a HTTPS DDoS attack was 15.3 million rps.

The attack targeted an unnamed Cloudflare customer and originated mostly from Cloud Service Providers.

**DDoS over HTTPS**

DDoS stands for Distributed Denial of Service. This type of attack involves sending large amounts of traffic from multiple sources to a service or website, intending to overwhelm it and make it inaccessible for regular users. DDoS attacks have been growing considerably in number and scale over the past years.

DDoS attacks require traffic to come from many sources. Large numbers can be found in IoT botnets, but given the necessary computational resources needed to pull off an attack this powerful, there is no IoT botnet strong enough. This attack originated from a small but powerful botnet of 5,067 devices. This and the fact that the attack originated from Cloud Service Providers indicates the use of hijacked virtual machines and powerful servers to generate the attack.

What makes the HTTPS DDoS attack more expensive, in terms of required computational resources, is the fact that such an attack requires a secure TLS encrypted connection. The advantage of using such a HTTPS DDoS attack is that it also costs the victim more to mitigate it.

**The attack**

Within less than 30 seconds, this botnet generated more than 212 million HTTPS requests from over 1,500 networks in 121 countries.

Even though 30 seconds is not that long, such an attack can disrupt an unprotected internet property like a network or online service for a long time. DDoS attacks can cripple some online businesses for a period of time long enough to set them back considerably, or even put them out of business completely for the length of the attack and some period afterwards.

Without knowing who the target was it is hard to guess at the reason behind the attack. Application-layer denial-of-service attacks disrupt web servers and other kinds of networked software by making them unable to process legitimate requests.

The goal usually is the disruption itself or to abuse the vulnerable state in which it leaves the internet property.

**Good news**

International cooperation between the Federal Bureau of Investigation (FBI), the United Kingdom National Crime Agency, and the Dutch Police has brought an end to a DDoS platform that gave threat actors short-term access to malicious infrastructure, enabling them to carry out damaging attacks by renting and selecting DDoS attacks they would like to launch. In this case an Illinois man running the websites DownThem.org and AmpNode.com was sentenced to 24 months in federal prison.

> “Records from the DownThem service revealed more than 2,000 registered users and more than 200,000 launched attacks, including attacks on homes, schools, universities, municipal and local government websites, and financial institutions worldwide.”

The system was set up to use one or more of their own dedicated attack servers to appropriate the resources of hundreds or thousands of other servers connected to the internet in reflected amplification attacks.

A reflection amplification attack is a technique that allows attackers to both magnify the amount of malicious traffic they can generate and obscure the sources of the attack traffic.

**Mitigation**

Scrambling for a solution at the moment you find out that you are the target of a DDoS attack is not the best strategy, especially if your organization depends on internet-facing servers. Without an automated defense, the attack would very likely have ended even before you noticed. But the damage would have been done.

Ideally, you want to detect, identify, and mitigate DDoS attacks before they reach their target. You can do that through two types of defenses:

*   On-premise protection (e.g. identifying, filtering, detection, and network protection)
*   Cloud-based counteraction (e.g. deflection, absorption, rerouting, and scrubbing)

The best of both worlds is a hybrid solution that detects an attack on-premise early on and escalates to a cloud-based solution when it reaches a volume that the on-premise solution cannot handle.

Stay safe, everyone!

Record breaking HTTPS DDoS attack

In response to a comment about the Prophet Mohammed, a hacktivist group in Malaysia has unleashed a wave of cyber attacks in India.

In response to a comment about the Prophet Mohammed, a hacktivist group in Malaysia has unleashed a wave of cyber attacks in India.

According to a new advisory from Radware, a hacktivist group called DragonForce Malaysia, “with the assistance of several other threat groups, has begun indiscriminately scanning, defacing and launching denial-of-service attacks against numerous websites in India.” In addition to DDoS, their targeted campaign – dubbed “OpsPatuk” – involves advanced threat actors “leveraging current exploits, breaching networks and leaking data.”

DragonForce Malaysia – best known for their hacktivism in support of the Palestinian cause – have turned their attention on India this time, in response to a controversial comment made by a Hindu political spokesperson about the Prophet Mohammed.

According to the advisory, OpsPatuk remains ongoing today.

**The Casus Belli**

In a televised debate last month, Nupur Sharma – a spokesperson for the Hindu nationalist Bharatiya Janata Party (BJP) – made controversial remarks regarding the age of the Prophet Mohammed’s third wife, Aisha. Widespread outrage followed, involving statements from leaders in the Muslim world, widespread protests, and the outsting of Sharma herself from BJP.

Then, beginning on June 10, DragonForce Malaysia entered the fray. Their new offensive against the government of India was first enshrined in a tweet:

_Greetings The Government of India._ _We Are DragonForce Malaysia._ _This is a special operation on the insult of our Prophet Muhammad S.A.W._ _India Government website hacked by DragonForce Malaysia. We will never remain silent._ _Come Join This Operation !_ _#OpsPatuk Engaged_

(image from @DragonForceIO on Twitter)

The new advisory confirms that the group has used DDoS to perform “numerous defacements across India,” pasting their logo and messaging to targeted websites.

The group also “claimed to have breached and leaked data from various government agencies, financial institutions, universities, service providers, and several other Indian databases.”

The researchers also observed other hacktivists – ‘Localhost’, ‘M4NGTX’, ‘1887’, and ‘RzkyO’ – joining the party, “defacing multiple websites across India in the name of their religion.”

**Who are DragonForce Malaysia?**

DragonForce Malaysia is a hacktivist group in the vein of Anonymous. They’re connected by political goals, with a penchant for sensationalism. Their social media channels and website forums – used for everything “ranging from running an eSports team to launching cyberattacks” – are visited by tens of thousands of users.

In the past, DragonForce have launched attacks against organizations and government entities across the Middle East and Asia. Their favorite target has been Israel, having launched multiple operations – #OpsBedil, #OpsBedilReloaded and #OpsRWM – against the nation and its citizens.

According to the authors of the advisory, DragonForce are “not considered an advanced or a persistent threat group, nor are they currently considered to be sophisticated. But where they lack sophistication, they make up for it with their organizational skills and ability to quickly disseminate information to other members.” Like Anonymous and the Low Orbit Ion Cannon, DragonForce weaponizes their own open source DoS tools –  Slowloris, DDoSTool, DDoS-Ripper, Hammer, and more – in choreographed, flashy website defacements.

Some members, “over the last year, have demonstrated the ability and desire to evolve into a highly sophisticated threat group.” Among other things, that’s included leveraing publicly disclosed vulnerabilities. In OpsPatuk, for example, they’ve been working with the recently discovered CVE-2022-26134.

“DragonForce Malaysia and its associates have proven their ability to adapt and evolve with the threat landscape in the last year,” concluded the authors. With no signs of slowing down, “Radware expects DragonForce Malaysia to continue launching new reactionary campaigns based on their social, political, and religious affiliations in the foreseeable future.”

DragonForce Gang Unleash Hacks Against Govt. of India

Cloudflare on Tuesday disclosed that it had acted to prevent a record-setting 26 million request per second (RPS) distributed denial-of-service (DDoS) attack last week, making it the largest HTTPS DDoS attack detected to date.
The web performance and security company said the attack was directed against an unnamed customer website using its Free plan and emanated from a "powerful" botnet of

Cloudflare on Tuesday disclosed that it had acted to prevent a record-setting 26 million request per second (RPS) distributed denial-of-service (DDoS) attack last week, making it the largest HTTPS DDoS attack detected to date.

The web performance and security company said the attack was directed against an unnamed customer website using its Free plan and emanated from a "powerful" botnet of 5,067 devices, with each node generating approximately 5,200 RPS at peak.

The botnet is said to have created a flood of more than 212 million HTTPS requests within less than 30 seconds from over 1,500 networks in 121 countries, including Indonesia, the U.S., Brazil, Russia, and India. Roughly 3% of the attack came through Tor nodes.

The attack "originated mostly from Cloud Service Providers as opposed to Residential Internet Service Providers, indicating the use of hijacked virtual machines and powerful servers to generate the attack — as opposed to much weaker Internet of Things (IoT) devices," Cloudflare's Omer Yoachimik said.

Launching HTTPS-based DDoS attacks tend to be more expensive computationally owing to the higher cost associated with establishing a secure TLS encrypted connection.

This is the second such volumetric HTTPS DDoS attack to be thwarted by Cloudflare in as many months. In late April 2022, it said it staved off a 15.3 million RPS HTTPS DDoS attack aimed at a customer operating a crypto launchpad.

According to the company's DDoS attack trends report for Q1 2022, volumetric DDoS attacks over 100 gigabits per second (gbps) surged by up to 645% quarter-on-quarter.

"Attacks with high bit rates attempt to cause a denial-of-service event by clogging the Internet link, while attacks with high packet rates attempt to overwhelm the servers, routers, or other in-line hardware appliances," the researchers said.

"In such a case, packets are 'dropped,' i.e., the appliance is unable to process them. For users, this results in service disruptions and denial of service."

Found this article interesting? Follow THN on Facebook, Twitter __ and LinkedIn to read more exclusive content we post.

Cloudflare Saw Record-Breaking DDoS Attack Peaking at 26 Million Request Per Second

The distributed denial-as-a-service websites were behind more than 200K attacks on targets including schools and hospitals.

The operator of a distributed denial-of-service (DDoS) attack business was sentenced to two years in federal prison after being found guilty of conspiracy to commit unauthorized impairment of a protected computer, conspiracy to commit wire fraud, and unauthorized impairment of a protected computer.

Matthew Gatrel offered DDoS attacks as a service on sites including DownThem.org and AmpNode.com, along with what was billed as "bulletproof" hosting. The sites offered subscription plans with varying degrees of attack capacity, power, and durations, according to the US Attorney's Office in the Central District of California, which prosecuted the case. 

Records show Gatrel's services were behind more than 200,000 attacks on victims that included homes, schools, universities, local and municipal governments, and financial institutions. 

"Gatrel ran a criminal enterprise designed around launching hundreds of thousands of cyber-attacks on behalf of hundreds of customers," prosecutors explained in court documents. “He also provided infrastructure and resources for other cybercriminals to run their own businesses launching these same kinds of attacks. These attacks victimized wide swaths of American society and compromised computers around the world.”

Gatrel's co-defendant, California resident Juan Martinez, pleaded guilty to participating in the cybercrime and was sentenced to five years' probation, the US Attorney's office said. 

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Subscribe

DDoS Subscription Service Operator Gets 2 Years in Prison

By Waqas
Matthew Gatrel was arrested after an extensive crackdown by the FBI and other agencies against 15 booter service…
This is a post from HackRead.com Read the original post: Admin of DDoS-For-Hire Service “Downthem” Gets 2 Years Prison Sentence

****Matthew Gatrel was arrested after an extensive crackdown by the FBI and other agencies against 15 booter service domains in 2018.****

A 33-year-old St. Charles, Illinois resident, identified as Matthew Gatrel, is sentenced to two years in prison after being convicted last year for facilitating the DDoS-for-hire service. According to the US Department of Justice, Gatrel helped customers launch powerful DDoS attacks against thousands of websites and innocent users.

The accused was found guilty of violating the Computer Fraud and Abuse Act (CFAA) for operating two DDoS-for-hire services through downthemorg and ampnodecom. Through these websites, the accused facilitated people to launch over 200,000 attacks in exchange for money.

Site seized

**Case Details**

Initially, Gatrel admitted to operating these “booter” services and even provided “incriminating evidence” to the authorities. However, he opted to take the case to trial and used public defenders to defend the case.

Before the trial started, his business partner and co-accused, Juan Severon Martinez had already pleaded guilty. Prosecutors alleged that the accused sold subscriptions through Downthem and AmpNode helped provide bulletproof server hosting service to customers, focusing more on spoofing servers pre-configured with DDoS attack scripts.

Dashboard of DownThem

Furthermore, the servers contained lists of vulnerable attack amplifiers used to launch repeated cyberattacks against targets. Prosecutors also claimed that Martinez and Gatrel continuously scanned the web for misconfigured devices and sold lists of their internet addresses to other Booter service providers.

The trial continued for nine days in the Central District of California. Eventually, the court found Gatrel guilty of all three counts, including conspiracy to commit wire fraud, conspiracy to commit unauthorized impairment of a protected computer, and unauthorized impairment of a protected computer.

**More DDoS and Cyber Crime News**

1.  Imperva mitigated a series of massive ransom DDoS attacks
2.  DDoS booter customers received warning letters from Dutch police
3.  Teen arrested for 8 DDoS attacks that disrupted school’s online classes
4.  Teen arrested for DDoS attack on ProtonMail & making fake bomb threats
5.  Hacker arrested for Jamming 911 Emergency Call System with DDoS Attack

**Previous Coverage**

In 2018, the FBI, Dutch Police, National Crime Agency of UK, tech giant Google, cybersecurity firm Flashpoint, and Cloudflare joined hands to launch an operation to take down fifteen popular DDoS-for-hire websites.

These sites were used to launch DDoS attacks against private individuals and businesses such as email service providers, gaming services, and hosting sites.

Resultantly, all the websites were seized and shut down. Criminal charges were filed against three facilitators of these services. One of the defendants operated two of the seized websites, AmpNode and Downthem.

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

Tag

#ddos