Author Archives: Enurrendy

It’s Time To Protect Your Enterprise From DDoS Attacks

DDoS (Distributed Denial of Service) attacks feature amongst the most dreaded kinds of cyber attacks, for any enterprise today. This is especially because, as the name itself suggests, there it causes a total denial of service; it exhausts all resources of an enterprise network, application or service and consequently it becomes impossible to gain access to the network, application or the service. In general, a DDoS attack is launched simultaneously from multiple hosts and it would suffice to host the resources, the network and the internet services of enterprises of any size. Many prominent organizations today encounter DDoS attacks on a daily basis. Today DDoS attacks are becoming more frequent and they are increasing in size, at the same time becoming more sophisticated. In this context, it becomes really important that enterprises look for DDoS attack prevention services, in fact the best DDoS attack prevention services, so as to ensure maximum protection for their network and data. The different kinds of DDoS attacks Though there are different kinds of DDoS attacks, broadly speaking there are three categories into which all the different kinds of DDoS attacks would fit. The first category is the volumetric attacks, which include those attacks that aim at overwhelming network infrastructure with bandwidth-consuming traffic or by deploying resource-sapping requests. The next category, the TCP state-exhaustion attacks, refer to the attacks that help hackers abuse the stateful nature of the TCP protocol to exhaust resources in servers, load balancers and firewalls. The third category of DDoS attacks, the application layer attacks, are basically the ones targeting any one aspect of an application or service at Layer 7. Of the above-mentioned three categories, volumetric attacks are the most common ones; at the same time there are DDoS attacks that combine all these three vectors and such attacks are becoming commonplace today. DDoS attacks getting sophisticated, complex and easy-to-use Cybercriminals today are getting cleverer and smarter. They tend to package complex, sophisticated DDoS attack tools into easy-to-use downloadable programs, thereby making it easy even for non-techies to carry out DDoS attacks against organizations. What are the main drivers behind DDoS attacks? Well, there could be many, ranging from ideology or politics to vandalism and extortion. DDoS is increasingly becoming a weapon of choice for hacktivists as well as terrorists who seek to disrupt operations or resort to extortion. Gamers too use DDoS as a means to gain competitive advantage and win online games. There are clever cybercriminals who use DDoS as part of their diversionary tactics, intending to distract organizations during APT campaigns that are planned and executed in order to steal data. How to prevent DDoS attacks The first thing that needs to be done, to prevent DDoS attacks from happening, is to secure internet-facing devices and services. This helps reduce the number of devices that can be recruited by hackers to participate in DDoS attacks. Since cybercriminals abuse protocols like NTP, DNS, SSDP, Chargen, SNMP and DVMRP to generate DDoS traffic, it’s advisable that services that use any of these ought to be carefully configured and run on hardened, dedicated servers. Do repeated tests for security issues and vulnerabilities. One good example is doing penetration tests for detecting web application vulnerabilities. Ensure that your enterprise implements anti-spoofing filters as covered in IETF Best Common Practices documents BCP 38 and BCP 84. This is because hackers who plan DDoS attacks would generate traffic with spoofed source IP addresses. Though there are no fool-proof techniques that can prevent DDoS attacks completely, you can ensure maximum protection by ensuring proper configuration of all machines and services. This would ensure that attackers don’t harness publicly available services to carry out DDoS attacks. It’s to be remembered that it’s difficult to predict or avoid DDoS attacks and also that even an attacker with limited resources can bring down networks or websites. Hence, for any organization, it becomes important that the focus is always on maximum level protection for enterprise networks, devices, websites etc. Source: https://ddosattacks.net/wp-admin/post-new.php

See more here:
It’s Time To Protect Your Enterprise From DDoS Attacks

DDoS Attack Volume Rose 50% in Q2 2018

Distributed Denial of Service (DDoS) attacks aimed at disruption remain a massive problem for businesses big and small, despite the shutdown of the Webstresser DDoS-for-hire service. Attackers are also increasingly striking outside of normal business hours, researchers have found. A new report shows attack volumes rose 50% to an average 3.3 Gbps during May, June and July 2018, from 2.2 Gbps in Q1. Despite a 36% decrease in the overall number of attacks – likely as a result of DDoS-as-a-service website Webstresser being shuttered in an international police operation – attack volumes increased. 46% of incidents used two or more vectors in Q2, with a total of 9,325 attacks recorded during the quarter. That’s 102 per day, on average. A 50% increase in hyper-scale attacks (80 Gbps+) was also recorded, while the most complex attacks used 13 vectors in total, researchers found. Broadly speaking, DDoS attacks can be divided into three main categories, which point to the attack vectors employed by bad actors: Volume Based Attacks – bad actors saturate the bandwidth of the attacked site (measured in bits per second / Bps) Protocol Attacks – attackers consume actual server resources (measured in packets per second / Pps). Application Layer Attacks – hackers seek to crash the web server (measured in requests per second / Rps) High-volume attacks were assisted by Memcached reflection, SSDP reflection and CLDAP. The highest attack bandwidth was recorded at 156 Gbps (gigabits per second), while the total duration of attacks during the quarter was 1,221 hours. Attackers used two vectors 17% of the time, and three vectors 16% of the time. The most-frequently observed attacks were UDP floods (59.7%), TCP SYN floods (3.3%) and ICMP floods (0.9%). 773 attacks used the Memcached reflection amplification technique, while the SSDP reflection technique generated the greatest proportion of DDoS packets. New data from a similar study, by Nexusguard, recently showed that the number of unguarded Memcached servers is dropping, yet many remain vulnerable to attacks. The same research uncovered that DNS amplification attacks have increased 700% worldwide since 2016 and, in the first quarter of 2018, 55 DNS amplification attacks relied on vulnerable Memcached servers to amplify their DDoS efficiency by a factor of 51,000. Source: https://securityboulevard.com/2018/08/ddos-attack-volume-rose-50-in-q2-2018/

Alleged head of BitConnect cryptocurrency scam arrested in Dubai

BitConnect has been accused of operating an exit scam after duping investors out of millions of rupees. If it sounds too good to be true, it probably is — and certainly appears to have been the case when it comes to BitConnect, a folded cryptocurrency project that has been accused of scamming millions out of investors. BitConnect, touted as a “self-regulating financial system” which is part of the “cryptocurrency revolution,” used many buzzwords and the hype of celebrities to lure investors to participate, and also offered an incredibly high interest rate of at least one percent per day, leading many to believe it was a scam. Investors would “lend” funds in Bitcoin (BTC) to various projects and these funds were converted to the platform’s coin, BCC. Divyesh Darji, the Indian head of BitConnect and believed to be a core promoter of the scheme, has reportedly been arrested by the Gujarat Criminal Investigation Department (CID) after arriving in Dubai on his way from Ahmedabad. According to local publication the Financial Express, law enforcement believes that the promoters of BitConnect gained Rs 1.14 crore, roughly $14.5 million, from “thousands of investors” before the exchange closed its doors. BitConnect launched after India’s Prime Minister Narendra Modi demonetized 500 and 1000 rupee notes in the region. In 2016, 90 percent of the country’s financial transactions were made in cash and the change was apparently made in order (.PDF) to crack down on corruption, counterfeiters and so-called “black money,” otherwise known as undeclared income. The unexpected changes caused economic chaos. From farmers struggling to keep their businesses afloat to banks attempting to cope with floods of customers, India’s upheaval was severe — and while the country has pulled through, at the time, the option of a digital currency outside of the government’s grasp may have been extremely enticing. However, the dream of controlling currency outside of the government’s demonetization efforts and earning interest by the day did not last. In January, BitConnect closed its exchange platform, with all loans offered on the platform released — but all were converted to BCC rather than reverted to investors’ original Bitcoin. The price of BCC at the time was $363.62. However, now the system has closed and the founders are silent, the coin is worth $0.67, rendering the virtual asset effectively useless and leaving investors severely out of pocket. “The company was registered in the UK and had an office in Surat,” said DGP Ashish Bhatia of CID crime. “They launched their own ‘Bitconnect coins’ soon after demonetization. They promoted the company on social media and by holding gala functions in cities across the world. They lured investors with 60 percent monthly interest and incentives in the form of ‘referral interest.” The only exchange which still permits the trade of BCC is Trade Satoshi, which intends to delist the coin in September. BitConnect cited bad press, distributed denial-of-service (DDoS) attacks and US regulator scrutiny as reasons for the closure. Source: https://www.zdnet.com/article/alleged-bitconnect-head-arrested-in-dubai/

See the article here:
Alleged head of BitConnect cryptocurrency scam arrested in Dubai

Lawmakers want to know when Ajit Pai knew FCC’s cyberattack claim was false

Democratic lawmakers want to know why the agency didn’t inform consumers of the falsity of its claim sooner A group of House democrats want to know when FCC Chairman Ajit Pai knew that the agency’s claims of a DDoS attack were false. Last week, the FCC’s Office of Inspector General released a report that found no evidence to support the claims of DDoS attacks in May of 2017. The agency had previously blamed multiple DDoS attacks for temporarily taking down a comment section of its website following a segment of Last Week Tonight, in which comedian John Oliver asked viewers to submit comments to the FCC and speak out in support of net neutrality. However, viewers were unable to voice their opinion on the proposed rollback of net neutrality because the comment submission section wasn’t available at the time. Now that it has come to light that the agency’s claims of a DDoS attack were false, a handful of Democratic lawmakers want to know when Pai became aware that there was no DDoS attack and why the agency didn’t correct its public statements alleging a DDoS attack before now. Misrepresented facts “We want to know when you and your staff first learned that the information the Commission shared about the alleged cyberattack was false,” Democratic lawmakers wrote in a letter to Pai. “It is troubling that you allowed the public myth created by the FCC to persist and your misrepresentations to remain uncorrected for over a year,” they wrote. The letter was signed by Representatives Frank Pallone Jr. (NJ), Mike Doyle (PA), Jerry McNerney (CA) and Debbie Dingell (MI). The results of the investigation concluded that FCC officials deliberately misrepresented facts in responses to Congressional inquiries. “Given the significant media, public and Congressional attention this alleged cyberattack received for over a year, it is hard to believe that the release of the IG’s report was the first time that you and your staff realized that no cyberattack occurred,” wrote the lawmakers. “Such ignorance would signify a dereliction of your duty as the head of the FCC, particularly due to the severity of the allegations and the blatant lack of evidence.” The Democratic lawmakers have asked Pai for complete written responses to their questions by August 28. Pai is also scheduled to appear before a Senate Commerce, Science and Transportation Committee oversight hearing on Thursday where he is expected to face questions about the results of the investigation. Source: https://www.consumeraffairs.com/news/lawmakers-want-to-know-when-ajit-pai-knew-fccs-cyberattack-claim-was-false-081518.html

The complete guide to understanding web applications security

MODERN businesses use web applications every day to do different things, from interacting and engaging with customers to supporting sales and operations. As a result, web applications are rich with data and critical to the functioning of the company – which means, special precautions must be taken in order to protect them from hackers. However, not all organizations or their applications are subject to the same level of threats and attacks. In an exclusive interview with Gartner’s Research Director Dale Gardner, Tech Wire Asia learns how businesses can best protect their web applications. Gartner splits attacks on web and mobile applications and web APIs into four categories: # 1 | Denial of service (DoS) DoS is a specific subtype of abuse where the attacker’s goal is to disrupt the availability of the web application or service. In particular, this attack type covers volumetric attacks, which overwhelm network capabilities, and so-called “low and slow” attacks, which overwhelm application or service resources. # 2 | Exploits Exploits take advantage of design, code or configuration issues that cause unintended behaviour of the application. Some common examples include SQL Injection (SQLi), cross-site scripting (XSS), buffer overflows, and various Secure Sockets Layer (SSL) and Transport Layer Security (TLS) manipulation attacks. # 3 | Abuse Abuse covers many non-exploit types of attack that primarily take advantage of business logic. This includes scraping, aggregating, account brute-forcing, scalping, spamming and other — often automated — scenarios. # 4 | Access Access violations occur when an attacker or legitimate user takes advantage of weaknesses in the authentication (AuthN) or authorization (AuthZ) policies of a web application or service. Of the four categories, Gardner says only exploits can be potentially addressed with secure coding and configuration. The others require design-level considerations that cannot be reasonably compensated for in code. For example, although it’s arguably possible to defend against account takeovers in individual application code, it is much more economical and error-proof to do so in the identity and access management (IAM) system or another external capability. In an ideal world, the highest level of protection would be available at all times or as needed, but this isn’t feasible due to complexity and cost factors. And continuously providing the highest level of protection to all web assets can be an expensive proposition, both from economic and operational perspectives. Securing web applications and web APIs from attacks and abuse requires businesses to assess what level of protection is necessary. “Security teams must first pick a protection baseline. Then they must decide what extra protections are necessary to apply to specific assets,” recommends Gardner. When thinking of protecting web applications, security teams often first look to existing network technologies, such as next-generation firewall (NGFW) platforms and intrusion detection and prevention systems (IDPSs). But these do not provide strong-enough capabilities in any of the protection areas, warns Gardner. They are not easily integrated to intercept TLS and do not have the same signatures, rules, behavioral analysis and business logic insight as security solutions that focus on web applications and APIs. Organizations often first look at a “completely automated public Turing test to tell computers and humans apart” (CAPTCHA) when they suffer from abuse of functionality. But an always-on CAPTCHA creates user-experience hurdles for legitimate users, and it is also no guarantee to keep the abuser out (attackers keep finding ways to circumvent or solve many CAPTCHAs). Multifactor authentication (MFA) and out of band (OOB) challenges are often used to enable strong access control, as well as to try to thwart abuse. Unfortunately, they suffer from similar issues as CAPTCHA, and in addition are often complex and expensive to implement. Currently, no single security platform or solution implements the highest possible level of protection in each of the exploit, abuse of functionality, access violation and DoS mitigation categories. Some organizations will still be able to start with a single solution to address the biggest potential risks. But they often find themselves needing greater security capabilities over time due to changes in threats and the application landscape. Web application firewalls (WAFs) are broadly deployed, but buyers routinely express disappointment and frustration over factors such as accuracy, the ability to prevent attacks, the administrative overhead required to maintain attack detection profiles and price. Incumbent vendors have begun addressing emerging requirements, but many products still lag. The market for solutions to protect web applications will continue to grow, but given buyer dissatisfaction, vendors with innovative approaches and new product packaging will capture the bulk of new spending. Buyers are shifting to service-based offerings, and demand for infrastructure as a service (IaaS) deployable products is growing. These shifts pose risks, especially to incumbents, but also present opportunities for new offerings and greater growth. Gartner believes that by 2020, stand-alone WAF hardware appliances will represent less than 20 percent of new WAF deployments, down from 40 percent today. By 2020, more than 50 percent of public-facing web applications will be protected by cloud-based WAAP services that combine content delivery networks, DDoS protection, bot mitigation and WAFs, which is an increase from fewer than 20 percent today. Web applications, mobile applications, and web APIs are subject to increased numbers and complexity of attacks. Gardner, who will be speaking at the Gartner Security & Risk Management Summit in Sydney later this month explains what organizations must keep in mind when planning and implementing solutions: Public, limited-access external, and internal applications require different levels of security. No one capability covers all types of attack. No two capabilities have interchangeable protection efficacy. Some of the capabilities have strong overlaps in addressing specific attack subcategories. Enforcement of policy may be centralized or distributed (for example, use of micro-gateways). “As a result, a mix of capabilities, though not necessarily separate products, have to be put in place as a layered approach,” concludes Gardener. Considering the range of exploits and abuse that can occur with web and mobile applications and web APIs, technical professionals must leverage a mix of externalized security controls to deliver appropriate protection and alleviate burdens to development staff. Source: https://techwireasia.com/2018/08/the-complete-guide-to-understanding-web-applications-security/

Continue Reading:
The complete guide to understanding web applications security

DDoS attackers increasingly strike outside of normal business hours

DDoS attack volumes have increased by 50% to an average of 3.3 Gbps during May, June and July 2018, compared to 2.2 Gbps during the previous quarter, according to Link11. Attacks are also becoming increasingly complex, with 46% of incidents using two or more vectors. While attack volumes increased, researchers recorded a 36% decrease in the overall number of attacks. There was a total of 9,325 attacks during the quarter: an average of 102 attacks … More ? The post DDoS attackers increasingly strike outside of normal business hours appeared first on Help Net Security .

Read the original:
DDoS attackers increasingly strike outside of normal business hours

Week in review: IoT security, cyber hygiene, Social Mapper

Here’s an overview of some of last week’s most interesting news and articles: Intensifying DDoS attacks: ?Choosing your defensive strategy One of the biggest misconception regarding DDoS attacks is that they are a once-in-a-lifetime event for organizations, says Josh Shaul, VP of Web Security at Akamai. “Our State of the Internet Report found that companies suffered 41 DDoS attacks on average over the last six months,” he points out. August Patch Tuesday forecast: Looking ahead … More ? The post Week in review: IoT security, cyber hygiene, Social Mapper appeared first on Help Net Security .

Taken from:
Week in review: IoT security, cyber hygiene, Social Mapper

A botnet of smart irrigation systems can deplete a city’s water supply

Ben-Gurion University of the Negev (BGU) cyber security researchers warn of a potential distributed attack against urban water services that uses a botnet of smart irrigation systems that water simultaneously. The researchers analyzed and found vulnerabilities in a number of commercial smart irrigation systems, which enable attackers to remotely turn watering systems on and off at will. They tested three of the most widely sold smart irrigation systems: GreenIQ, BlueSpray, and RainMachine smart irrigation systems. … More ? The post A botnet of smart irrigation systems can deplete a city’s water supply appeared first on Help Net Security .

See original article:
A botnet of smart irrigation systems can deplete a city’s water supply

Researchers open source tools to identify Twitter bots at scale

Duo Security published technical research and methodology detailing how to identify automated Twitter accounts, known as bots, at a mass scale. Using machine learning algorithms to identify bot accounts across their dataset, Duo Labs researchers also unraveled a sophisticated cryptocurrency scam botnet consisting of at least 15,000 bots, and identified tactics used by malicious bots to appear legitimate and avoid detection, among other findings. The research From May to July 2018, researchers collected and analyzed … More ? The post Researchers open source tools to identify Twitter bots at scale appeared first on Help Net Security .

Intensifying DDoS attacks: ?Choosing your defensive strategy

One of the biggest misconception regarding DDoS attacks is that they are a once-in-a-lifetime event for organizations, says Josh Shaul, VP of Web Security at Akamai. “Over the last six months, our State of the Internet Report found that companies suffered 41 DDoS attacks on average over the last six months,” he points out. The rise and rise of DDoS attacks As Arbor Networks CTO Darren Anstee recently pointed out, DDoS attacks have become a … More ? The post Intensifying DDoS attacks: ?Choosing your defensive strategy appeared first on Help Net Security .