Attackers Clobbering Victims with One-Two Punch of Ransomware and DDoS.

Encrypted systems now being added to botnets in the latest incarnations of ransomware attacks, with experts expecting this to become standard practice.

As if ransomware weren’t bad enough, attackers are now making the most of their attacks by adding victimized machines to distributed denial of service (DDoS) botnets at the same time that they’re encrypted and held hostage, according to warnings from several security research organizations in the last week.

This one-two punch is a natural “Gimme” for profit-minded attackers and one which security pundits expect will be standard issue for most ransomware kits in the near future.

Adding DDoS capabilities to ransomware is one of those ‘evil genius’ ideas,” says Stu Sjouwerman, CEO of KnowBe4, which today issued an alert that a new variant of Cerber ransomware has added DDoS capabilities to its payloads. “Renting out DDoS botnets on the Dark Web is a very lucrative business, even if prices have gone down in recent years. You can expect [bundling] it to become a fast-growing trend.”


The new trend was first detailed by researchers with Invincea last week, which found attackers using weaponized Office documents to deliver the threat via a Visual Basic exploit that allows them to conduct a file-less attack. That delivers malware with the underlying binary, giving the bad guys “two attacks for the price of one,” says Ikenna Dike of Invincea.

“First, it is a typical ransomware binary that encrypts the user’s file system and files while displaying a ransom note. Second, the binary could also be used to carry out a DDoS attack,” Dike said in a post. “The observed network traffic looks to be flooding the subnet with UDP packets over port 6892. By spoofing the source address, the host could direct all response traffic from the subnet to a targeted host, causing the host to be unresponsive.”

Seen by many as a perfect example of the mercenary nature of cybercrime, ransomware’s evolution has been driven entirely by black market ROI. According to the FBI, by the end of the year the ransomware market is expected to net the crooks at least $1 billion.

“Relatively high profit margins coupled with the relatively low overhead required to operate a ransomware campaign have bolstered the appeal of this particular attack type, fueling market demand for tools and services corresponding to its propagation,” explained FireEye researchers in an update last week on ransomware activity.

FireEye’s data shows that there was a noticeable spike in ransomware in March this year and that overall figures are on track for ransomware to exceed 2015 levels. This latest trend of DDoS bundling once again shows the lengths to which the criminals will squeeze every last bit of profitability and efficiency from ransomware attacks. It also offers fair warning to enterprises that even with backups, ransomware can pose threats to their endpoints and networks at large.

Even if data is restored on systems plagued by ransomware, there’s no guarantee that a system wouldn’t be used to continue to remain a part of the botnet or be used as a foothold for further attacks if the threat isn’t properly contained.


‘Anonymous’ Declares War On Corrupt Mainstream Media

As of June 1st, Ghost Squad Hackers – the same group leading #OpIcarus – have launched a series of coordinated attacks against leading members of the corporate mainstream media. Giving credit where credit is due, Tec.mic and Softpedia were the first to report the operation. But their reports only tell a portion of the whole story, we will explain why in a moment.


Broadly speaking, the goal of the #OpSilence is to attack all the corrupt major news networks that mislead and censor information from the general public. More specifically, the news agencies who conceal the crimes of Israel, while misleading the population about the mistreatment of the Palestinian people. The operation is off to a quick start, Ghost Squad has successfully” carried out DDoS attacks on CNN and FOX News” already just this month. More attacks are promised, NBC and MSM appears to be their next target. “FOXNEWS” Email server has been crashed for 8+ hours by #GhostSquadHackers

— s1ege (@s1ege_) June 1, 2016



When Tech.mic and Softpedia presented their coverage of the hacks, they included images and references directly to Anonymous. But upon reading these articles, Ghost Squad had a message of their own that they want everyone to hear:



— s1ege (@s1ege_) June 1, 2016



It is no secret Ghost Squad has a close affiliation with Anonymous; I am sure this is how the group got started in the first place. The group insists they speak for themselves, they are essentially trying to get their own reputation – credibility.


But there is a second layer to this discussion highlighting the recent divide within Anonymous. There has been a “Civil War” of sorts in recent months, and the reputation of the Anonymous collective as a whole has been damaged. Last winter, prominent hacktivist group Ghostsec also cut their ties with Anonymous. In a statement they said “Anonymous has a habit of shooting in every direction and asking questions later.” In other interviews they imply that Anonymous has developed a reputation for behaving immature – more concerned with silly DDoS’ing attacks than changing the world.


Since the quarreling of #OpWhiteRose many people have splintered off, or left Anonymous entirely – just another in the long list of strange effects Donald Trump has had on the entire world. Ghost Squad is one of the groups effected by this ‘Civil War.’ In the time since this happened last March, the group has exploded onto the scene, quickly becoming one of the most influential and talked about hacking groups in the entire world in 2016.


I have no doubt about the origins of this operation though, this goes back to#OpMediaControl which began last June. The operation called for the hacking of every major news network in the United States, testing their email systems, DDoS’ing web sites, attempting to hack in teleprompters or live feeds – anything you could think of. Last I heard back in December, they were still trying to recruit people to join them for an event this summer. Sound familiar to what Ghost Squad is doing right now?


For the purposes of accuracy, AnonHQ News reached out to our contacts in #OpMediaControl. We gave them a preview of the article and asked them what they thought. They showed us a press release dating May 28, 2016, a video proclaiming that#OpMediaControl has been re-engaged. Of course, #OpSilence proceeded to begin June 1st. In another interesting note, earlier last month Anonymous Resistance Movement, one of the groups behind #OpMediaControl, conducted an interview with GhostSquad. So as you can see, the two groups are well acquainted with one another – these operations are no coincidence.

Ghost Squad may be stepping up from the pack here, but make no mistake, this operation has been in the making for over a year and Anonymous led the way.




Hackers have attacked Czech Republic government websites to protest the country’s decision to block the domains of unauthorized online gambling operators.

Last week, the Czech senate overwhelmingly approved the country’s new gambling legislation, which would open up the market to international online operators for the first time, while imposing blocks on the domains of sites not holding a Czech license.

On Tuesday, reported that the Senate’s official website had been knocked offline Monday night following a distributed denial of service (DDoS) attack by someone claiming to be associated with the Anonymous hackers collective.

An English-language statement accompanying the attack claimed that the Senate’s website had been targeted “because you passed a law to prevent free access to the Internet.” The statement warned that this wasn’t the last time the government would hear from the hackers on this issue.

The Czech News Agency reported that the attack also affected websites belonging to the Interior Ministry and its affiliated police and firefighters’ organizations, as well as the Social Democratic Party (CSSD), which holds a majority in the Czech parliament.

A CSSD spokesman dismissed the disruption as “no massive, dangerous or successful attack,” while claiming that the average visitor to the party’s website wouldn’t have noticed anything was amiss.

The Interior Ministry brushed off the “unsuccessful attempts” at public disruption, saying they’d managed to restore their website’s functionality within a few hours. The ministry said its information systems weren’t affected and steps were being taken to ensure defenses were in place against future attacks.

The Canadian province of Quebec may wish to take similar precautions. Last month, the province approved the Ministry of Finance’s proposal to block unauthorized gambling sites in a bid to bolster the bottom line of EspaceJeux, the online gambling site of provincial gaming monopoly Loto-Quebec.

Loto-Quebec’s plans, which have no precedent in Canada, have been condemned by free-speech advocates, who wonder what other types of websites might be next on the province’s blacklist.



Anonymous DDoS and shutdown London Stock Exchange for two hours

Anonymous hacktivists take down the London Stock Exchange website for more than two hours as part of protest against world’s banks

The online hacktivist group, Anonymous reportedly shut down the London Stock Exchange (LSE) website last week for more than two hours as part of a protest against world’s banks and financial institutions.

According to the Mail on Sunday, the attack was carried out by Philippines unit of Anonymous on June 2 at 9am. Previous targets have included the Bank of Greece, the Central Bank of the Dominican Republic and the Dutch Central Bank.

The newspaper says: “Anonymous claims the incident was one of 67 successful attacks it has launched in the past month on the websites of major institutions, with targets including the Swiss National Bank, the Central Bank of Venezuela and the Federal Reserve Bank of San Francisco.”

A spokesperson for the LSE declined to comment on the incident, however, the attack most likely took the form of a distributed denial of service (DDoS) attack, meaning trading would not have been affected and no sensitive data would have been compromised.

In the 24 hours before the LSE site went down, the group also claims that the attack on the LSE was the latest in a series that has also seen it target the websites of NYSE Euronext, the parent company of the New York Stock Exchange and the Turkey Stock Exchange, as part of a campaign called Operation Icarus.

According to the newspaper, City of London Police said it was not informed that the LSE website had gone down and had no knowledge of the attack.

However, the latest attack may not be a complete surprise.

In a video posted to YouTube on May 4, a member of the amorphous group announced in that “central bank sites across the world” would be attacked as part of a month-long Operation Icarus campaign.

The video statement said: “We will not let the banks win, we will be attacking the banks with one of the most massive attacks ever seen in the history of Anonymous.”

By using a distributed-denial-of-service (DDoS) cyberattack, the group also successfully disrupted the Greek central bank’s website.

In light of that event, a separate video was posted to YouTube on May 2.

The masked individual representing Anonymous group said: “Olympus will fall. How fitting that Icarus found his way back to Greece. Today, we have continuously taken down the website of the Bank of Greece. Today, Operation Icarus has moved into the next phase.”

The Anonymous spokesperson added: “Like Icarus, the powers that be have flown too close to the sun, and the time has come to set the wings of their empire ablaze, and watch the system their power relies on come to a grinding halt and come crashing down around them. We must strike at the heart of their empire by once again throwing a wrench into the machine, but this time we face a much bigger target – the global financial system.”


Anonymous Announces #OpSilence, Month-Long Attacks on Mainstream Media

Members of the Ghost Squad Hackers team, one of most active Anonymous sub-divisions, have carried out DDoS attacks on CNN and FOX News as part of a new hacktivism campaign.

Called OpSilence, the campaign’s goal is to attack all mainstream media that fails to report on the Palestine war or the true crimes happening in Syria, one of the hackers told Mic.

#OpSilence will take place during the entire month of June 2016

The operation will be run similarly to #OpIcarus, a month-long series of attacks that took place in the month of May against various banks around the world.

Any hacktivism group is welcomed to join, and the campaign comes on the heels of OpIcarus, which just ended yesterday.

Ghost Squad Hackers didn’t wait for June to start to begin their attacks, and they’ve already hit the email servers of FOX News and CNN. The group has been changing tactics lately, switching from DDoSing public websites to attacking mail servers, as they did most recently against the Bank of England.

Other hackers have taken a pro-Palestine stance before

Taking a pro-Palestine stance isn’t something strange for hackers, many others supporting this cause as well. The previous group that did so was CWA (Crackas With Attitude), whose hacked targets include CIA Director John Brennan’s personal AOL email account, FBI Deputy Director Mark Giuliano, US National Intelligence Director James Clapper, and President Barack Obama’s Senior Advisor on science and technology John Holdren.

The group is also responsible for hacking the JABS US national arrests database. They also leaked details for 2,400 US government officials, 80 Miami police officers, 9,000 DHS employees, and 20,000 FBI staffers.

Back in February, the group’s leader, a sixteen-year-old boy, was arrested in East Midlands, England.

External Source:


Internal source:

Anonymous vigilantes expose cheating firms who inflate their value on the stock market

The hackers’ collective, Anonymous, seems to be slowly changing how they do things, to the extent that one division is now hacking for trading financial reports in order to expose firms in the US and China that are trying to cheat on the stock market. This particular group of hackers goes by the name Anonymous Analytics.

According to Softpedia, the division was formed in 2011 by ex-Anonymous hackers who got tired of launching Distributed Denial of Service (DDoS) attacks and hacking into companies to make a point.

In order to find the hidden information about companies that might be inflating their values, Anonymous Analytics spend their time analysing the stock market and searching the internet for clues.  This is often done using techniques that might not be legal or ethical.  And once they have the information, this group of hackers will publish financial reports exposing companies. This has caused at least one company’s stock price to fall. So far, Anonymous Analytics has compiled publicly available financial reports on 11 firms, most of which are from China and the US.

Anonymous Analytics efforts in releasing the truth has damaged buyers’ confidence in the stocks belonging to a Chinese lottery machine service provider and games developer called REXLot Holdings.  This company along with others had inflated its revenue and the amount of cash it had from interest earned on its balance sheet before being caught by the Anonymous Analytics.


Bringing down stock market cheats

On 24 June 2015, Anonymous Analytics published a report on REXLot’s activities, which caused the stock price to plummet from $HK0.485 (4p, 6¢) down to $HK0.12, before the firm completely suspended its shares from trading. Bloomberg reported on the incident at the time but RexLot refused to respond despite repeated attempts.

When REXLot decided to return to the stock market on 18 April and they submitted a 53-page report about their financial status. Anonymous Analytics read the report and decided to publish a countering report. The second report was even worse and advised investors to urgently sell their stock, causing the company’s stock price to fall again by 50%.

A week after the report which exposed REXLot was released, the company had to admit in a report to the Hong Kong stock exchange that it could not honour all the bond redemptions requested by holders; which amounted to HK$1.85bn, due to the fact that it just didn’t have sufficient cash resources.

In fact, REXLot said it was trying to gain the bondholders’ consent to let it have more time to dispose of some assets in order to generate the cash needed to make the payments.

While it is a rather unusual approach for the hacking collective, Anonymous Analytics’ efforts seem to having a much greater impact than its attempts to troll Islamic State with Rick Astley music videos or DDoS-ing random companies in different countries to make a point.


Anonymous Hackers Turned Stock Analysts Are Targeting US & Chinese Corporations

A relatively unknown division of the Anonymous hacker collective that goes by the name of Anonymous Analytics has been sabotaging companies on the stock market by revealing flaws in their financial statements, with catastrophic results.

The group, which was founded in 2011, is comprised of former Anonymous hackers who decided that hacking into companies, dumping data, or launching DDoS attacks is not enough.

Anonymous Analytics are the stock market’s vigilantes

Instead, they decided to use their skills as market analysts and black hat hackers to scour the Internet for clues, sometimes with less-than-ethical techniques, and then compile financial reports on the companies they find cheating on the stock market.

Until now, the group has published reports on eleven companies. The list includes mostly US and Chinese corporations, among which the most recognizable names are Qihoo 360 and Western Union.

Its most resounding success was the report on REXLot, a Chinese-based lottery machine service. Anonymous Analytics revealed that REXLot inflated its revenue and the amount of cash on its balance sheet, based on the amount of interest earned.

Anonymus Analytics sends REXLot stock into a downward spiral

The group published its findings on June 24, 2015, and REXLot stock price plummeted from 0.485 Hong Kong dollar per share to 0.12, before trading was suspended.

REXLot rejoined the market on April 18, this year, but even after submitting a 53-page report, the company stock fell again by 50 percent.

After reading REXLot’s report, the group tweeted, “After 10 months, REXLot publishes a confused clarification announcement. We read it and endless laughs were had. We will respond shortly.” And they did, a day after. Another day after that, the group published a second report on the company and modified its rating from “sell” to “strong sell.”

A week later, news outlets reported that REXLot did not have enough cash to make due bond payments, which meant the company had to sell assets to repay bonds, proving the group right, and also showing its power and influence in the financial world.

For an Anonymous sub-division, the group has caused more financial damages to companies around the globe than any fourteen-year-old teen with a rented DDoS stressor, which would make them more qualified to get involved into #OpIcarus more than anyone else.


Anonymous Launches DDoS Attacks on Banks in “Op Icarus”

Headlines have been dominated this week by the Anonymous campaign of DDoS attacks against financial institutions all over the world. Named “Op Icarus” in honor of the character from Greek mythology, the campaign seeks to punish what Anonymous views as “corrupt” banks and individuals in the financial sector.

As we all know, distributed denial of service (DDoS) attacks can strike any industry or any organization at any time and without warning. Hacktivism like that carried out by Anonymous and their base of dedicated hackers often involves the use of DDoS attacks, since they provide quick results at low cost, and with minimal risk of compromising the identities of the perpetrators. What’s more, the service downtime they bring about can cause damage to the tune of six-figure sums, so it’s an ideal part of the toolkit for the hacktivist – a fact that is bolstered by people diversifying the techniques behind DDoS attacks.

Distributed denial of service attacks have been a threat to service availability for more than a decade. However, these DDoS attacks have become increasingly sophisticated and multi-vector in nature, overcoming traditional defense mechanisms or reactive countermeasures. These pointed attack campaigns continue to reinforce a growing need for DDoS attack mitigation solutions that can properly defeat attacks at the network edge, and ensure the accessibility required for the financial institutions to maintain business operations in the face of an attack.

While the impact on the individual targets of the DDoS attack campaign, “Op Icarus” is unclear; obstructing or eliminating the availability of email servers is significant. In an online world any type of service outage is barely tolerated, especially in the banking industry where transactions and communications are often time-sensitive, and account security is of utmost importance.

Until distributed denial of service attacks are effectively mitigated as a norm, we can expect hacker communities such as Anonymous to continue gaining notoriety as they bring services down, take websites offline and cause havoc on the internet in pursuit of their goals. 2016 has been a tough year for finance in regard to their cybersecurity, with the massive cyber heist of the Bangladesh Bank as well as the Qatar National Bank data leak having taken place already. It’s safe to say that banks across the globe need maximum security not only for their safes and vaults, but also for their networks. Regardless of the motivations for these attacks, financial firms must be proactive in their defenses.


Chinese hackers prowling Taiwan’s systems: Chang

China’s attempts to hack Taiwanese databases did not halt regardless of the state of cross-strait relations in the past eight years, as Beijing epitomizes Sun Tzu’s (孫子) maxim in the Art of War (孫子兵法): “Know your enemy,” Premier Simon Chang (張善政) said in an exclusive report published by the Liberty Times (the Taipei Times’ sister paper).

Taiwan’s information security systems found traces of Chinese hackers every time a cross-strait negotiation event occurred over the past eight years, primarily in the systems of the Ministry of Economic Affairs, Premier Simon Chang (張善政) said.

“Chinese cyberattacks have not been deterred by the calming of cross-strait relations as Beijing wishes to know what we are doing and our modes of thought, especially during negotiations,” he said.

The information obtained might not be used during the actual negotiation, but officials might be completely unaware that their limits or strategies are already known by China, Chang added.

While saying that Chinese probably do not have access to Taiwan’s policies and decisions on the draft cross-strait service trade accords and the draft cross-strait goods trade accords, Chang said that there is no way of being absolutely certain.

The policies of the incoming government might discourage Chinese from hacking if it has no plans to negotiate or interact with China, but the attacks could come in a different form, Chang said.

Chang said that cyberattacks came in two ways — one in which Web sites crash or get a denial of service or distributed denial of service (DDOS) message, and the other in which backdoors are opened into Web sites that allow hackers to steal sensitive information.

An index on Chinese hacking activity would depend on whether Taiwan’s Web sites are attacked openly — such as the Presidential Office’s Web site displaying the People’s Republic of China (PRC) national flag — which might indicate that more subtle hacking is also in progress, Chang said.

China’s efforts at bypassing Taiwan’s firewalls are mostly custom-designed and are extremely hard to detect, Chang said, adding that over the years, Taiwan has uncovered many different methods that are being noticed by other nations.

Chang said that after his dealings with information security, he does not harbor impractical illusions toward China and is of the mind that it is, for the most part, unfriendly toward Taiwan.

Chang said he counts the abolition of regulations on the establishment of the information security center as one of the greatest regrets during his term as premier, adding that the incoming government should seek to retain these regulations and staff.

He said that the staff at the center were the most experienced in dealing with Chinese hackers and they would be of invaluable service to the nation.

When asked whether Taiwan should be on alert in terms of corporations and the Chinese market, Chang said Taiwanese companies are even more concerned than the government over their goods or technologies slipping out of their fingers, adding that all the government had to do was hear what the companies and corporations are saying.

Chang also said that it is highly likely that Taiwanese Web sites would be targeted over the recent World Health Assembly issue, as China might be “afraid that we would say things we should not.”



Student shuts down 444 school websites to ‘remind teachers they are incompetent’


On May 11, police filed obstruction of business charges against a 16-year-old student, alleging that he launched a denial-of-service (DoS) attack against the Osaka Board of Educations server which holds the webpages of 444 elementary, junior high, and high schools in the area.

Although in high school now, at the time of the attacks last November, the student was in junior high school. According to police, he said his own school environment is what motivated his actions.

“I hate how the teachers talk down to us and never let us express ourselves. So, I thought I would remind them of their own incompetence. It felt good to see them have problems. I did it several times,” the boy said.

Police seized the student’s computer and some books about hacking. It is believed that he downloaded a tool which sent large volumes of data to the Board of Education servers, rendering access impossible for periods of about an hour. He would then confirm the take-down by monitoring the websites with his smartphone.

He also told police that he had wanted to join the hacking group Anonymous and that he didn’t know schools other than his own would be affected in the attack. Both statements are ironic in that, as a minor, his identity remains anonymous and apparently he turned out to be a little incompetent himself when it came to hacking.

This incident would mark the first time in the history of Japan that a cyberattack was launched against a local government, and punishments for such a crime include a maximum three-year-prison sentence or 500,000 yen fine.

However, considering the student is a minor and the number of people actually affected (i.e. people who wanted to access a school website during those times) was likely in the high single digits at most, he ought to get off lightly.

Source: Sankei West News