Hacking attempts come amid diplomatic crisis in the Gulf Qatar-based news network Al Jazeera yesterday said it was being targeted with systematic hacking attempts.…
Original post:
DDoS attack brings Qatar’s Al Jazeera website to its knees
Monthly Archives: June 2017
If You Learn of DDoS Attacks from Customers, You’ve Already Failed
If your customers notice something’s wrong before your own security specialists do, you’ve failed on multiple levels When Benjamin Franklin said, “Time is money,” he gave the world an aphorism that would be quoted frequently by businesspeople for more than 200 years. For all his wit and insight, of course, Franklin could never have foreseen the many scenarios for which his pithy observation would come to apply. It turns out that among the most relevant applications of the quote in today’s digitally driven world is in the realm of cybersecurity. Why? Because for organizations that suffer a cyberattack, a slow response can prove very costly. In an early 2017 survey of more than 1,000 IT and business decision makers, nearly two-thirds of the respondents said they could lose $100,000 per hour or more if a distributed denial of service (DDoS) attack were to disrupt their peak business periods. On the bright side, 8 in 10 of the organizations responding to the Neustar-sponsored survey said they’ve learned about new DDoS attacks from their internal security and IT teams – at least sometimes. Less encouraging is the fact that 40% also said they have, at times, received their first notification of attacks from their customers. If your customers notice something’s wrong before your own security specialists do, you’ve failed on multiple levels. The ideal DDoS defense is to recognize an emerging threat and neutralize it before it even gains a foothold – and certainly before your customers experience any negative impacts. If customers start complaining about an inability to access your websites or other services, you’ve already started to lose money before you’re even aware of the problem. Beyond causing staggering monetary losses for many corporations, successful DDoS attacks can alienate customers and shake their confidence in the victim’s ability to secure its own systems. By extension, customer then worry about the security of their own interactions with the company, and about the safety of any customer data the company may hold. The resulting customer churn and reduced loyalty can result in additional financial consequences. In this regard, another Franklin quote sadly holds true: “It takes many good deeds to build a good reputation, and only one bad one to lose it.” Fortunately, there are many security tools and services available to organizations that decide to be proactive in their DDoS defenses. As is often the case when it comes to cybersecurity, the most effective defenses will leverage a layered approach. The first-level of defense for DDoS attacks ideally will be provided by the network or Internet service provider, which is often the first to see – and block – suspicious network activity. For those attacks that still manage to get through, companies need their own DDoS identification and mitigation solutions. Some of those solutions may be on-premises appliances and other controls, while others may be provided by cloud-based or managed security services providers. Such “security-as-a-service” offerings are rapidly gaining in popularity, especially if an attack’s scale exceeds the capabilities of the on-premises protections. In short, there’s little excuse to be reactive, rather than proactive, when it comes to DDoS defenses. And, yes, Franklin once again provides some sage advice to those who may be too cavalier in their attitudes about DDoS threat. “By failing to prepare, you are preparing to fail.” Source: http://www.csoonline.com/article/3200084/leadership-management/if-you-learn-of-ddos-attacks-from-customers-you-ve-already-failed.html
See the original article here:
If You Learn of DDoS Attacks from Customers, You’ve Already Failed
Attack rates are increasing across the board
Finance and technology are the sectors most resilient to cyber intrusions, new research from Vectra Networks has found. The company released the results of its Post-Intrusion Report, based on data from a sample set of nearly 200 of its enterprise customers. They looked at the prevalence of strategic phases of the attack lifecycle: command-and-control (C&C), reconnaissance, lateral movement, botnet, and exfiltration attacker behaviours across thirteen industries. Over 90 days (January-March 2017), the company monitored 2,145,708 … More ?
Follow this link:
Attack rates are increasing across the board
Operators beware: DDoS attacks—large and small—keep increasing
Despite years’ worth of warnings and countermeasures, distributed denial of service (DDoS) attacks continue to escalate. Every year sees more of them, with increasing duration and severity. The frequency was up by 380% in the first quarter of 2017 compared to the first quarter of 2016, according to Nexusguard, which compiled this set of statistics (PDF) in a new report. From the fourth quarter of 2016 to the first quarter of 2017, HTTP attack counts and total attack counts increased by 147% and 37% respectively. Examples of increasing severity include a 275 Gbps attack that took place during Valentine’s Day (there have been significantly larger attacks) and an attack spanning 4,060 minutes that occurred over the Chinese New Year, the company said. The percentage of days with sizable attacks (larger than 10Gbps) grew appreciably within the quarter for 48.39% in January to 64.29% in March. Lengthier attacks at erratic intervals are becoming the norm, the company said. A separate, simultaneously published report from Corero Network Security said its customers have been hit by an increasing number of small DDoS attacks. Though attacks of 10 Gbps or smaller would seem less severe, what’s insidious about them is that they are apt to sneak under minimum detection thresholds. Though the DDoS attacks themselves might not be that disruptive, they can give hackers the access to wreak plenty of other damage. Corero CEO Ashley Stephenson said in a statement, “Short DDoS attacks might seem harmless, in that they don’t cause extended periods of downtime. But IT teams who choose to ignore them are effectively leaving their doors wide open for malware or ransomware attacks, data theft or other more serious intrusions. Just like the mythological Trojan Horse, these attacks deceive security teams by masquerading as a harmless bystander—in this case, a flicker of internet outage—while hiding their more sinister motives.” Nextguard believes part of the increase in DDoS activity is a ripple effect of increased botnet activity that occurred in the fourth quarter. This is in part a reference to the Mirai botnet, which was first identified in the latter half of 2016. Mirai provided a means to take over connected deviceswith inadequate built-in security safeguards (webcams, some set-top boxes, etc.), and use them to launch sustained attacks, sometimes with spectacular results. Those attacks revealed the Achilles’ heel in the internet of things: Many IoT applications are based on the distribution of large numbers of very inexpensive devices, which can be made so cheaply in part by adopting only minimal security, if any. The DDoS problem is worldwide, but nearly a quarter of the attacks are launched from the U.S. (followed by China and Japan). That’s likely to remain the case, as more U.S. households install “smart” devices that have poorly guarded IP addresses, making them susceptible to hijacking in the service of more DDoS attacks. “IoT botnets are only the beginning for this new reign of cyberattacks. Hackers have the scale to conduct gigantic, continuous attacks; plus, teams have to contend with attacks that use a combination of volumetric and application aspects,” said Nexusguard CTO Juniman Kasman, in a statement. The two largest sources of DDoS attacks were China and Japan, with Russia a distant third. The release of such results is meant to emphasize what should be obvious: companies that haven’t upgraded their security are the most vulnerable. Source: http://www.fiercetelecom.com/telecom/operators-beware-ddos-attacks-large-and-small-keep-increasing
More:
Operators beware: DDoS attacks—large and small—keep increasing
Mini but mighty: Beware minor DDoS attacks that mask graver threats, warns report
Despite detecting an increase in large distributed denial of service attacks in the first quarter of 2017, Corero Network Security has reported that the greatest DDoS threat currently comes from smaller attacks designed to either hide other malicious activities or set the stage for future malicious actions. Corero, which specializes in DDoS prevention, noted in its just released Q4 2016 – Q1 2017 Trends Report that these “sub-saturation” attacks typically fall within a certain sweet spot: They are short enough in duration and small enough in size to avoid detection by mitigation tools, yet they are still significant enough to serve the attacker’s purpose. According to the company, many legacy and homegrown mitigation tools will not respond to attacks that are less than one Gbps in size and under than 10 minutes in duration, because they do not meet a certain pre-programmed threshold. “…They are just disruptive enough to knock a firewall or intrusion prevention system (IPS) offline so that the hackers can target, map and infiltrate a network to install malware and engage data exfiltration activity,” said Ashley Stephenson, CEO at Corero Network Security, in a company press release. In other cases, the attackers may simply be testing a network for weaknesses, in anticipation of a future malicious action down the line. But even if the DDoS attack is detected, network administrators may too busy responding to the outage to realize that there is actually a bigger threat at hand. In an email to SC Media, Stephanie Weagle, vice president at Corero, cited UK-based telecom company TalkTalk as a recent example. In 2015, hackers stole the company’s customer data using a DDoS attack as an effecitve distraction. “Short DDoS attacks might seem harmless, in that they don’t cause extended periods of downtime. But IT teams who choose to ignore them are effectively leaving their doors wide open for malware or ransomware attacks, data theft or other more serious intrusions,” Stephenson explained. “Just like the mythological Trojan Horse, these attacks deceive security teams by masquerading as a harmless bystander – in this case, a flicker of internet outage – while hiding their more sinister motives.” According to the report, 80 percent of attempted DDoS attacks that were launched against Corero customers in Q1 2017 were less than 1 Gbps in volume, while 71 percent lasted 10 minutes or less. In Q4, 77 percent of DDoS attacks were less than 1 Gbps in volume, while 73 percent were 10 minutes or less in duration. While smaller attacks remain the norm, Corero did see a 55 percent rise in DDoS attacks that were 10 Gbps or larger in Q1, compared to the previous quarter. Corero customers averaged 124 attacks per month in Q1, an increase of nine percent over Q4 2016. Source: https://www.scmagazine.com/mini-but-mighty-beware-minor-ddos-attacks-that-mask-graver-threats-warns-report/article/666432/
Read More:
Mini but mighty: Beware minor DDoS attacks that mask graver threats, warns report
Stealthy DDoS attacks distract from more destructive security threats
The greatest DDoS risk for organisations is the barrage of short, low volume attacks which mask more serious network intrusions. Despite several headline-dominating, high-volume DDoS attacks over the past year, the vast majority (98%) of the DDoS attack attempts against Corero customers during Q1 2017 were less than 10 Gbps per second in volume. In addition, almost three quarters (71%) of the attacks mitigated by Corero lasted 10 minutes or less. Due to their small … More ?
Link:
Stealthy DDoS attacks distract from more destructive security threats
Why IoT Botnets Might be the Next Big Worry ?
Rise of IoT globally is still in its early days hence the level of protection is on the lower end. We all love Internet of Things (IoT), isn’t it? It has brought ‘things’ a.k.a devices, around us to life – from watch, bed, luggage, bulb and clothes to even buildings (in some time). But that love is now turning into a spoiler. The smart band or watch on your wrist and other IoT electronics are being hacked by malware attackers to turn them into an army of zombie machines, and launch botnet attacks. Much like October 2016 attack that used IoT webcams and video recorders to block user access to many sites including Twitter, Reddit, Spotify, etc., by spamming the domain name service used by them. Read on as Dhruv Khanna, CEO, Data Resolve – cyber intelligence company shares insights on it. Distributed denialof-service (DDoS) attacks aren’t new. So using IoT devices are of a new type? There are multiple types. First is the conventional botnets that target your laptop and desktop servers to track your online activity. Second is the enterprise specific attacks called distributed denial-ofservice attack(DDoS) when botnets blocks all your access to the device. Third is where your activity and data is captured and sent to a third party. Fourth is where your device is remotely controlled and access is blocked until some money is paid to the attacker. IoT botnets are like DDoS attacks that not just use computers in a conventional botnet way but also IoT devices to break into information and data. But why IoT devices have become favourites to launch attacks? Rise of IoT globally is still in its early days hence the level of protection is on the lower end. Moreover there are constraints in IoT devices such as using basic version of the operating system, less processing, storage and computational power in terms of setting up anti-virus and firewall and other security applications to them. This makes them an easy target for attackers to use to them as botnet for attack in comparison to using just computers and laptops which are relatively better secured. For e.g. Mirai botnet that target consumer devices like remote cameras, and home appliances. The ecosystem in India too isn’t making efforts to be ready. Right? That’s because IoT here is beginning to take its first step, hence, the awareness around it is not significant. On the enterprise side before pushing business services on IOT devices, as a best practice chief information security officers of the company eventually would have to frame a security manual and controls around IOT devices in terms of IOT device on-boarding, incident monitoring and control. Also, there is a need of regulation to control and monitor them. Are we better off without IoT? Not really. Advantage of IoT is that it is part of the cloud ecosystem. Securing the cloud is as good as securing the device. That’s why people are not spending too much on the device level but more on the cloud side. In a typical malware attack you are not able to control the source of attack but in IoT device you can as you know where your service is based on the cloud. But if your cloud application is compromised, it would be difficult to trace it. So, this is next level of cyber security challenge? It is certainly the next level of attack. For large businesses, it will be a significant hit on their brand along with data. If10,000 of ant vendor devices in the market get compromised then it will impact on the company. It is not impacting just you as an individual but all the devices that are interconnected to your device and vice versa. Source: https://www.entrepreneur.com/article/295274
View article:
Why IoT Botnets Might be the Next Big Worry ?