Category Archives: DDoS Criminals

Two Iranians Charged With Hacking US Defense Contractor

The US Department of Justice (DOJ) unsealed an indictment on Monday against two Iranian nationals accused of hacking a US company and stealing software used in ammunition design. The two suspects are Mohammed Reza Rezakhah, 39 and Mohammed Saeed Ajily, 35, both Iranian businessmen. According to the indictment, Ajily ran a company named Andisheh VesaJ Middle East Company, which he used as a front to obtain and sell software in contravention of Western sanctions against Iran. Ajily’s customers included Iranian private companies, but also Iranian military and government entities. Rezakhah ran his own company called Dongle Labs, which provided DRM and license cracking services. Rezakhah was one of the many hackers Ajily hired to steal software from Western companies. The two orchestrated the 2012 hack of Arrow Tech DOJ officials claim that in 2012, Ajily hired Rezakhah to hack and steal software from a US company called Arrow Tech. The indictment says that Rezakhah, together with another accomplice named Nima Golestaneh, rented a server that they used on October 22, 2016, to hack into the Arrow Tech website and adjacent network. Officials say the two hackers stole a software application named Projectile Rocket Ordnance Design and Analysis System (PRODAS), created by Arrow Tech to aid in the design of bullets, missiles, and other military projectiles. Rezakhah cracked the program, which he later supplied to Ajily to market in the Iranian market, but also elsewhere outside the US. Group worked together for at least six years While officials brought charges only for hacking Arrow Tech, the indictment also claims that Ajily and Rezakhah worked together for years, between 2007 and 2013, hacking several targets and stealing software. The FBI also claims that Ajily had many other partners and hackers that he used to obtain his software, along with a network of companies that he used to sell the stolen goods. US officials charged the two suspects with criminal conspiracy relating to computer fraud and abuse, unauthorized access to, and theft of information from, computers, wire fraud, exporting a defense article without a license, and violating sanctions against Iran. A US judge has issued a warrant in their names. Their partner, Nima Golestaneh pleaded guilty to hacking Arrow Tech back in December 2015. In March 2016, the US also charged seven Iranian nationals on accusations of launching repeated DDoS attacks and orchestrating hacks of industrial SCADA equipment on the behest of the Iranian government. Source: https://www.bleepingcomputer.com/news/security/two-iranians-charged-with-hacking-us-defense-contractor/

Read the original:
Two Iranians Charged With Hacking US Defense Contractor

Cloud is adding to network complexity, report says

A third of respondents indicated that the cloud adds the greatest network complexity to their organisation. Cloud adoption is still the ‘most vexing factor’ in increased network complexity, according to a new report by Kentik. The report, based on a poll of 203 IT professionals attending the Cisco Live 2017 annual conference, says cloud adoption is followed by IoT, SDN, and networks functions virtualisation (NFV). It also says that most organisations still aren’t ready for network automation, even though machine learning is seen as ‘important technology for network management’. More than a third (36 per cent) of respondents said cloud adds the greatest network complexity to their organisations. They can still improve operational visibility for cloud and digital business networking, it was added. According to the report, organisations need to be able to spot DDoS attacks better. A third (32 per cent) said they’re using DDoS detection technology. The majority of organisations (70 per cent) says using the same stack of tools to manage both network performance and security hinders operational efficiency. More than half (59 per cent), however, added that their organisation is not yet using the same stack of tools. “There is a lot of noise in our industry right now about intuitive systems and new-age machine learning that can monitor, identify and react to network conditions before issues occur. However, dozens of our largest customers have been telling us, and our survey results from Cisco Live support, that the key 2016 and 2017 enterprise efforts have focused on getting complete visibility into increasingly hybrid network complexity; detecting and preventing DDoS; and integrating tools that can provide operational and business value from network analytics,” said Avi Freedman, co-founder and CEO of Kentik. “Full automation outside of constrained data centre and cloud topologies is still a vision that customers are tracking, but network operators say that they need deeper and comprehensive visibility into their network’s performance and security before they can let their networks run autonomously.” “Real-time network traffic intelligence is a critical component for network operators supporting their organizations with digital transformation,” he added. Source: http://www.dos-mitigation.com/wp-admin/post-new.php

Visit site:
Cloud is adding to network complexity, report says

The Five Biggest Security Concerns After Petya And WannaCry

With many organisations still reeling in the aftermath of the Petya and WannaCry ransomware attacks, it’s not only sensible, but crucial, that they analyse what other dangers they face in the digital age. When TalkTalk was hacked in 2015, the company lost up to £60m and approximately 101,000 customers, and the damage to the organisation’s reputation was huge. CIOs must avoid this fate, by proactively looking at today’s big security concerns in order to protect their company tomorrow. Security vectors evolve rapidly because the malicious parties responsible are constantly innovating. Many cybercrime operations have organisational charts similar to legitimate businesses and use best practices for management, marketing, pricing and operations etc. To combat this cybercrime wave, companies are ploughing money into efforts to protect themselves. So much so that IDC expects spending on security technology to reach $81.7bn in 2017.  In light of this, what are the biggest security concerns organisations face today?     1.  Data Obfuscation and Ransomware Firstly, ransomware, as illustrated by the Petya, WannaCry and CryptoLocker attacks, are set to continue. These attacks affect the real-time information that underpins business transactions creating chaos in the process. Unfortunately, intelligence agencies believe that this is not only a real and present danger, but also an inevitability. As such, it’s crucial that companies not only encrypt their sensitive information, but also regularly back up this data to hard drives that aren’t connected to the wider network. Leaking Intellectual Property As we have already witnessed, with the threat of release of the latest Disney movie or the theft of the NetFlix series, ‘ Orange is the New Black’ , one new form of cyberattack concerns the unauthorised release of Intellectual Property (IP). Many companies across the globe still do not have systems secured adequately and regularly fail to patch against known vulnerabilities. This is the equivalent of leaving the keys in front door and all your valuables stacked neatly in the hallway. It is vital that companies have full visibility across their technology portfolio and regularly update their security software and patches. The Internet of Things (IoT) Intel estimates that by 2020, the number of devices connected to the Internet of Things   (IoT) will increase from 15 billion to 200 billion. This includes everything from pacemakers to refrigerators to connected cars to our clothing. The platforms these devices are built on often have little or no security. Most operate a self-regulation model; and as a result they are very vulnerable to hacking. This was evidenced during the 2016 Dyn attack, which consisted of multiple distributed denial-of-service (DDoS) attacks using a network of hacked internet connected devices. Companies must carefully review the security of devices before connecting them to the network, as they often serve as vulnerable gateways for hackers to exploit. Artificial Intelligence and Machine Learning Artificial Intelligence (AI) and machine learning are increasingly being used to combat cyber threats. However, access to such tools and platforms is still expensive and beyond the reach of many organisations. This is both a blessing and a curse as when the cost of these technologies falls, hackers will invest in these solutions to further their own criminal exploits. As a result, attacks will be automated and have the ability to morph and change on their own, to continue to spread and create widespread destruction in short periods of time. In comparison, the spread of WannaCry will look like the work of children. These exploits will be more lethal, faster and much more dangerous. This means that not only will companies need to invest in new security technologies as soon as they become available and affordable, but must ensure they follow all best practices religiously – such as encrypting and backing up sensitive data. Quantum Computing  This may be the single biggest threat to cybersecurity that no one is paying attention to. Using quantum computers, which can compute vast quantities of information and massively accelerate computing processes, criminals could crack virtually any encryption mechanism currently used for our most sensitive online tasks – such as online banking and sharing electronic health records. While this threat might yet seem unrealistic, technology is advancing at a rapid rate and this may well become a future factor. While ransomware attacks have grabbed the headlines due to the widespread ramifications of Petya and WannaCry, there are other cyber-threats that organisations need to be concerned about. However, they needn’t lose too much sleep as long as they are following security best practices – such as encrypting data, backing up all sensitive information, and automating the renewal of security patches and licenses – which can mitigate vulnerability to an attack. Source: http://www.informationsecuritybuzz.com/articles/five-biggest-security-concerns-petya-wannacry/

Read this article:
The Five Biggest Security Concerns After Petya And WannaCry

5 Ways To Profit From The $24 Trillion Cyber War

Business is under attack to the point of all out cyber war, and there is nowhere more lucrative right now than cyberspace, where a $200-billion-plus market is ripe for investors looking to turn profits that make the pre-bubble dot.com era look like chump change. There are plenty of catalysts, thanks to hackers who most recently managed to hijack the systems of one of the biggest shipping companies in the world, one of the biggest pharmaceutical companies in the world and thousands of others—forcing them to pay ransom in bitcoins to get their data back. There will be no slowdown in cyber-attacks. On the contrary, by 2019, IDC research estimates that 70 percent of major multinational corporations will “face significant cybersecurity attacks aimed at disrupting the distribution of commodities.” Cybersecurity stocks were soaring already—especially since hackers in May managed to take control of tens of thousands of computers. But the late June perfection of cyber kidnapping for ransom has caused stocks to spike by 4 percent or more. According to giant Cisco, there was a 172 percent jump in DDoS (distributed denial-of-service) attacks in 2016, and we’ll be looking at a near tripling of that by 2021. Just in the first quarter of this year there was a reported 380 percent increase in DDoS attacks, according to Nexusguard. Data breaches cost businesses $5.85 million EACH in 2014. This year, that bill will be in the neighborhood of $7.35 million. In total, last year, cybercrime cost the global economy over $450 billion. The cyber-attack on global business in May this year alone could end up costing $4 billion. So, giant multinational corporations are willing to pay a lot for better cybersecurity—and cyber insurance. Global spending on cybersecurity will hit $1 trillion over the next five years, and cybercrime damages will exceed $24 trillion over the same period, according to the Steven Morgan Cybersecurity Industry Outlook: 2017 to 2021. And this is where the big profits are available for the taking. For the foreseeable future, nothing is more lucrative than data security. Here are our top 5 picks as cybersecurity becomes THE most critical industry of our time: #1 FireEye, Inc. (NASDAQ:FEYE) This is one of the most impressive cybersecurity barnstormers out there. It only went public in September 2013, and by December that same year it was spending $1 billion on a major acquisition, Mandiant, which was one of the top data breach and response companies in the space. This is now a massive and fast-growing company of highly sought-after cyber experts and products, all rolled into a cloud-based platform that is a favorite among key Fortune 500 companies, not to mention Global 2000 companies. There was a very aggressive acquisition spree here—and last year the company moved into the black. FireEye peaked in mid-2015 at $55 a share, and then slid to under $11 in mid-March this year. But since then, it’s gained 42 percent and the trajectory looks fantastic, especially in the current cyber warfare climate. #2 Identillect Technologies Corp. ( TSXV:ID ; IDTLF:US ) This is a little-known company sitting in pole position in a $64-billion market that is up for grabs. It’s come up with a two-minute email security solution that could revolutionize encryption, and could corner the lion’s share of the profits in this segment. Half of all email is unencrypted—and it’s at the mercy of pretty much anyone with decent hacking skills. Existing encryption programs are expensive and can take a month to install, but this company is breaking onto the scene with a simple, 2-minute email install solution. It works with Outlook, Office 365, Hotmail, Gmail…PLUS a phone “app” that works on iPhone, Android, Windows and more. There are only 250 professional cryptographers in the U.S… and two of them work at Identillect – a major selling point for this company coming right out of the gates. Customers are lining up because it’s the first solution to a long-time problem that’s now reaching a climax, with companies being fined for NOT encrypting email. They’re already paying an average of $7 million for every data breach. This company is on its way to Silicon Valley, and its patent on the first easy solution to a massive problem is likely to get it a lot of attention in the form of M&A rumblings that dot this cybersecurity landscape. Even more so right now. Since it went commercial in the first quarter of 2015, subscribers have grown over 663 percent, and 19 out of 20 of them stay. They’re compounding monthly, and the breakeven point is almost there. That’s why we’re looking at a 70 percent profit margin in this one. With 5 million Yahoo accounts breached in just one of many huge-scale incidents, encryption is the Holy Grail of our day, and this company has figured out how to make it cheap and easy. #3 Palo Alto Networks  (NYSE:PANW) For expansion, this $12.7-billion market-cap company is a top pick with its sales of next-generation firewall solutions. It covers 150 countries and it protects data infrastructure of at least 85 Fortune 100 companies and—even better—more than half of the Global 2000. That’s some major market share at a time when there is nothing short of corporate panic over data infrastructure protection. It even beat its own outlook. We’re looking at mind-blowing record earnings ($431.8 million in fiscal Q3). This is the clear advantage in the cybersecurity space right now—and it’s all about continual, relentless expansion. #4 Intel Corporation (NASDAQ:INTC) Nothing dominates the semiconductor industry like INTC. We’re looking at over seven divisions here, but the Client Computing Group (CCG) and the Data Center Group (DCG) are the big ones in terms of financial performance, accounting for 87 percent of the company’s total sales last year. INTC dominates the PC market and the server microprocessor market, and its PC chip market share can be as high as an unbelievable 99 percent. Still, some might say this pick is the counter-intuitive one, but…not really. INTC stock has taken a major beating, but with this sector on fire like no other, this is your way in with the giants in this field. INTC had an official correction this year and April earnings caused Wall Street to beat it down. But INTC is still 10 percent higher than last year, regardless. It’s cheaper than its competitors right now, so this may be a buying opportunity. What investors are afraid of, though, is one competitor in particular…our next pick… #5 Advanced Micro Devices, Inc.   (NASDAQ: AMD ) This stock has seen some unbelievable performance over the past year, and that’s why INTC investors are shying away. But while AMD has been impressing beyond belief, we list it as #5 because it’s largely thanks to enthusiasm and future expectations—so there may be a pullback soon. This is the time to keep a close eye on AMD, but also to be very careful about watching whether the company is now going to actually achieve its goals—because the expectations are quite high and now much more is at stake. It’s the right industry to be doing this in, certainly… While AMD had a truly dynamic growth spurt that began in March last year, since February this year, it hasn’t reached any new highs, and the launch of its Ryzen line of products wasn’t embraced by the market with as much excitement as expected. Now things are getting a bit more volatile, which is why INTC might be a better pick right now. Honorable Mentions in the Cybersecurity Space BlackBerry Ltd. (TSE:BB): Forget about the BlackBerry as something you hold—an electronic gadget. This company is back better than ever with software for industrial customers, including security software and services to stop hackers. Quarterly earnings at the end of March were impressive, and April news of a $1-billion cash win from arbitration with Qualcomm can fund more growth. This is the NEW BlackBerry. Absolute Software Corporation (ABT.TO): Absolute Software Corp provides endpoint security and data risk management solutions for commercial, healthcare, education and government customers, tablets and smartphones. Absolute has seen a strong 21% stock growth year to date and is expected to see strong growth as the cyber security market grows at a rampant pace. Avigilon (TSX.AVO): Avigilon develops, manufactures, markets and sells HD and megapixel network-based video surveillance systems, video analytics and access to control equipment. We expect strong continuous growth in the video analytics business and a company such as Avigilon is well positioned to capture market share in the Canadian markets. Sandvine Corporation (TSE:SVC): Ontario is seeing some a vibrant cybersecurity as well, Sandvine corp. is engaged in the development and marketing of network policy control situations for high-speed fixed and mobile Internet service providers. Products include Business Intelligence, Revenue Generation, Traffic Optimization and Network Security. The company has grown 52% year-to-date and we expect strong growth throughout 2017. Pivot Technology Solutions Inc. (TSX:PTG): Pivot focuses on the strategy to acquire and integrate technology solution providers, primarily in North America. It sells and supports integrated computer hardware, software and networking products for business database, network and network security systems. Pivot has seen explosive growth so far this year and we expect the current cyber threats to add to the already strong sentiment in cyber security stocks. Source: http://www.baystreet.ca/articles/stockstowatch.aspx?articleid=31275

More:
5 Ways To Profit From The $24 Trillion Cyber War

Short, low-volume DDoS attacks pose greatest security and availability threat to businesses

How can your organisation defend against constant DDoS attacks? Think what you can’t see can’t hurt you? A new report from Corero Network Security has shown that, when it comes to DDoS attacks, this is definitely not the case. The report suggests that the barrage of short, low volume DDoS attacks – which often go undetected by IT security staff and many DDoS protection systems – are in fact, the greatest DDoS risk for organisations, because they frequently go undetected and often mask more serious network intrusions. According to the DDoS Trends and Analysis Report, these short, stealth DDoS attacks are often used to disrupt and distract network operators. Typically less than 10Gbps in volume and less than 10 minutes in duration, these sub-saturating attacks are capable of knocking a firewall or intrusion prevention system (IPS) offline so that hackers can target, map and infiltrate a network to install malware and engage data exfiltration activity. These hidden motives have led Corero to describe this type of attack as “Trojan Horse” DDoS. Stephanie Weagle, VP at Corero Network Security discusses the key findings from the report below, and what the increased frequency and sophistication of DDoS attacks means for organisations trying to defend against today’s evolving cyber threat landscape. What were the findings from your latest DDoS Trends report? “The research shows that short, frequent, low-volume DDoS attacks continue to be the norm. Despite several headline-dominating, high-volume DDoS attacks over the past year, the majority (80%) of the DDoS attack attempts against Corero customers during Q1 2017 were less than 1Gbps per second in volume. In addition, almost three quarters (71%) of the attacks mitigated by Corero lasted 10 minutes or less. In total, Corero customers experienced an average of 124 DDoS attack attempts per month, equivalent to 4.1 attacks per day during Q1 of 2017. This is a 9 percent increase in attacks over Q4 2016.” Since last year’s attacks on Krebs on Security and Dyn, have we entered a quiet phase in terms of DDoS attacks? “As the research shows, DDoS attacks are by no means slowing down. The DDoS incidents that are experienced on a daily basis are the short, low volume attacks—just because these attacks aren’t making the evening news, does not mean that they don’t occur. “ Why are these short, sub-saturating denial-of-service attacks so dangerous? “The Internet of Things (IoT) introduced a host of opportunities for DDoS hackers as these devices hold the potential for extremely large botnets. Corero has identified a 55% increase in large DDoS attacks of more than 10Gb per second, in the first quarter of 2017, compared to the previous quarter. However, low-volume, short duration DDoS attacks can also be dangerous. Our report discovered that 73% of attacks in Q4 2016 and 71% of Q1 2017 lasted 10 minutes or less. These attacks can be a smokescreen, designed not to outright deny service but to distract from an alternative motive, usually data theft and network infiltration. This allows hackers to perfect their attack techniques while remaining under the radar. In addition to service outages, latency and downtime, short attacks allow cyber criminals to test for vulnerabilities within a network.” Why would hackers choose to inflict these short attacks, rather than to cause large-scale outages? “These smaller, shorter attacks typically evade detection by most legacy and homegrown DDoS mitigation tools, which are generally configured with detection thresholds that ignore this level of activity. This allows hackers to perfect their attack techniques while remaining under the radar, leaving security teams blindsided by subsequent attacks.” Can you give any examples of these kind of attacks inflicting serious damage? “Luckily for Corero customers, dealing with the repercussions of DDoS is a non-issue. Attacks are mitigated instantaneously, and good user traffic continues to flow and reach its destination as intended. Outside of the Corero customer base, some widely publicized attacks that led to data breach activity include TalkTalk and Carphone Warehouse.” Which are the sectors or organisations that are most at risk of attacks? “The reality is that any business that relies on the Internet to conduct business is at risk of a DDoS attack. But service providers in particular will find themselves at an important crossroads in the near future, as pressure builds from both customers’ and governments’ sides regarding their responsibilities when it comes to protecting their customers. That said, ISP’s and hosting providers can take advantage of the DDoS opportunity to not only protect existing infrastructure and assets, but also roll out profitable and effective DDoS protection services.” Do these kinds of attacks represent an additional risk for organisations preparing for GDPR? “GDPR is the hot buzz word heard around the cyber security industry lately. The risk of data theft resulting from sub-saturating DDoS attacks is extremely serious, and claiming to be ignorant of malicious activity on your network will not substitute a defence. To keep up with the growing sophistication and organization of well-equipped and well-funded threat actors, it’s essential that organizations maintain a comprehensive visibility across their networks to detect and block any potential DDoS incursions as they arise.” How can businesses best defend themselves against the latest DDoS attacks? “The combination of the size, frequency and duration of modern attacks represent a serious security and availability challenge for victims. Minutes or even tens of minutes of downtime or latency significantly impacts brand reputation and, ultimately, revenue generation. When you combine the size, frequency and duration of attacks, and the low volume sub-saturating nature of the threats; victims are faced with a significant security and availability challenge. “Today’s DDoS attacks are almost unrecognizable from the early days of attacks, when most were simple, volumetric attacks intended to cause embarrassment and brief disruption. Nowadays, the motives behind attacks are increasingly unclear and the techniques are becoming ever-more complex. This is particularly true in light of automated attacks, which allow attackers to switch attack vectors faster than any human can respond. “To keep up with the growing sophistication and organization of well-equipped and well-funded threat actors, it’s essential that organizations maintain a comprehensive visibility across their networks to detect and block any potential DDoS incursions as they arise. Automated, real-time mitigation techniques must be in place to eliminate the repercussions of the full spectrum of today’s DDoS attacks.” Source: http://www.itproportal.com/features/short-low-volume-ddos-attacks-pose-greatest-security-and-availability-threat-to-businesses/

Visit site:
Short, low-volume DDoS attacks pose greatest security and availability threat to businesses

Are massive cyberattacks the new normal?

When domain name system services supplier Dyn got hit with a distributed denial of service (DDoS) attack last October, waves of traffic overwhelmed the company’s network and disrupted access to the internet for large swathes of the United States and Europe. The Dyn perpetrators had successfully orchestrated one of the biggest-ever DDoS attacks, powered by a botnet of Internet of Things devices. Whoever was responsible for the Dyn attack showed how easy it was to deploy the Mirai source code, which is publicly available and easy to obtain. Many botnets have since incorporated the code, raising concerns that even worse is yet to come. The Mirai botnet also serves as the basis of an ongoing DDoS-for-hire service. With the number of IoT devices in business now in the billions, the specter of crippling attacks targeting IoT installations found in industrial control systems or critical national infrastructure becomes a possibility. The security world got another reminder of the growing magnitude of the threat when attackers carried out the biggest ransomware attack in history in May, infecting computers operated by more than 200,000 people in 150 countries with the so-called WannaCry virus. Size doesn’t matter The proliferation of these more powerful tools and technologies used to launch cyberattacks means that anyone can get access to a cyberweapon and potentially wreak wide-scale havoc. The irony is that many organizations still fail to enforce basic measures that would otherwise protect themselves from attack. Too many remain unprepared and fail to take simple steps, such as patching software on a routine basis. In theory, attacks like WannaCry should be preventable. Indeed, there was no shortage of warnings that organizations were leaving themselves vulnerable by failing to update aging computer operating systems with the latest software patches. It’s up to IT to be on top of updates for patches issued for any open source software used by the organization, particularly when it comes to their IoT deployments. They also need to be mindful of the lack of security in the IoT ecosystem. According to an AT&T Cybersecurity Insights report, the world of IoT has become a digital Petri dish for hackers and other cybercriminals eager to probe for weak spots. Other IoT must-do’s: Many devices get shipped from the manufacturer preconfigured with usernames and passwords that hackers can locate using search engines. Change them immediately. As DDoS attacks grow ever larger, there’s obvious incentive to take measures that will block as many potential threats as possible at the edge of your network. Along with identifying your vulnerabilities, make sure there are multiple layers of security in place and configure your applications to make them better resistant to exploitation. Make sure there’s a good firewall in place along with rules to drop junk packets or reject unnecessary external protocols. An ISP can help by stopping unnecessary traffic upstream. Also, run constant network scans of the corporate network to locate any security holes before the bad guys find them first. A fail-safe defense may not exist but you can mitigate a threat that, unfortunately, is becoming the new normal in the security world. Source: http://www.csoonline.com/article/3200769/data-breach/are-massive-cyberattacks-the-new-normal.html

Link:
Are massive cyberattacks the new normal?

Building the right defences before the IoT botnets catch you

PayPal, Spotify, Twitter, Airbnb, the Sony PlayStation Network – what is the connection? These were some of the sites and services that were disrupted as a result of the DDoS attack on Dyn, the cloud DNS provider, last October. The attack is believed to have been caused by the Mirai botnet, which takes advantage of unprotected IoT devices such as CCTV cameras, routers, DVRs and even baby monitors. It can rapidly overwhelm DNS servers with requests, cutting off users from connecting to services they want to use. The botnet seized hundreds of thousands of IoT devices from all over the world. Now, with the source code released to the public, hackers have been given the tools to attack millions of smart devices quickly and easily. Experts thus predict a surge in large-scale attacks that could take almost any company offline. Moreover, considering nearly one quarter of consumers today have an Internet-connected device in their home, the number of victims to these attacks could reach unprecedented levels. How to defend your networks and users against IoT botnets Multiple users relying on one DNS provider means an attack on one is an attack on all, as was the case with the DDoS attack on Dyn. Adopting a hybrid DNS architecture, in which your DNS servers are active all the time, is a strong solution. In this hybrid architecture, the protocol service is spread across a number of DNS servers. If one server is attacked, the service will automatically switch to another unaffected server and customers will have uninterrupted access. Using an alternate cloud DNS together with local DNS-based services ensures you are covered in the event of an attack. It is also a good idea to use advanced DNS hardware that can handle very high traffic, as well as identify and block attacks. Defending your own systems is important, but is there any way of cutting the problem at its root? Using the DNS protocol as a defence Consumer internet services are hard to protect against IoT botnets like Mirai because they are open by design. In addition, most users give little thought to their hardware and use solely a basic firewall already built into a router. Users cannot be expected to keep their networks secure or their hardware up to date, especially with vendors who do not always provide appropriate patches and regular bug fixes. This all creates an increasingly vulnerable and hard to manage environment. How can the wider internet be protected from this growing risk? ISPs can take a stronger stance on securing their networks with tighter controls for customer premises equipment (CPE) and for user networks. Their network hardware can be used to identify common attack patterns, especially from known botnets like Mirai. Once jeopardised networks have been detected, DNS security tools can be used to switch the customer’s CPE from an open network to a more restricted one. It can filter both botnet command as well as control packets. Users are also armed with quick access to tools and techniques to fix their networks and update compromised hardware, while disrupting the botnet structure. However, this approach presents itself with a risk, as it changes the relationship between the ISP and the customer (and could be seen as undue interference). It must be handled together with other ISPs at a regional level, and will need to become part of the contract between user and service provider. Services and ISPs join forces to defend the Internet If service and ISP solutions like these are brought together, along with an industry-wide approach to IoT updates and servicing, we might just have a solution. Key elements would be: Advanced DNS services that can handle DDoS traffic Using multiple DNS services to avoid interruption of key services Using a DNS security layer for CPE, linked to attack pattern detection Consumer ISP quarantine services linked to easy update services for IoT hardware Large-scale DDoS attacks via DNS like those on Dyn cannot be prevented by a single action. Providers, consumers, hardware vendors, and ISPs will need to collaborate in order to deliver a functional solution. Source: https://www.iottechnews.com/news/2017/jul/04/building-right-defences-iot-botnets-catch-you/

See the original article here:
Building the right defences before the IoT botnets catch you

UK Teen Charged with Running DDoS Booter Service

UK authorities have charged an eighteen-year-old with running a DDoS booter service that was used to launch DDoS attacks on legitimate businesses across the world. According to authorities, the teenager’s name is Jack Chappell, 18, of Stockport, a small town southeast of Manchester, UK. Investigators say Chappell created malware that he installed on devices around the world. He used this malware to create a DDoS botnet to which he then granted access to paying customers. Clients used this DDoS booter service to launch attacks on various companies across the globe. Investigators say that Chappell’s booter was the one that took down NatWest’s online banking system several times in the summer of 2015. Authorities say Chappell’s DDoS-for-hire platform was also responsible for DDoS attacks on the infrastructure of T-Mobile, EE, Vodafone, O2, BBC, BT, Amazon, Netflix, Virgin Media, and the UK’s National Crime Agency (NCA). Following years of investigations, the West Midlands Regional Cyber Crime Unit, together with Israeli Police, the FBI, and Europol’s European Cybercrime Centre, have tracked down the teenager, currently a student at an unnamed university. Authorities say Chappell had a partner, an American national, about whom they did not reveal any information. West Midlands Police charged the teenager today with impairing the operation of computers under the Computer Misuse Act and encouraging or assisting an offense and money laundering crime proceeds. Chappell will appear in a Manchester court tomorrow, July 4, 2017. Authorities did not release the name of Chappell’s DDoS booter service. Source: https://www.bleepingcomputer.com/news/security/uk-teen-charged-with-running-ddos-booter-service/

See the original article here:
UK Teen Charged with Running DDoS Booter Service

Data-centres and the DDoS risk

It is imperative that cloud users ensure that their vendor(s) of choice can provide the visibility and protection they need. Cloud adoption continues to accelerate as businesses look to reap the cost, scale and flexibility benefits that are on offer. Whether a business uses a large, well-known public cloud operator or one of the smaller, more focused, specialist cloud / outsourcing organisations they are becoming more reliant on data and application services which are, in most cases, accessible via the Internet. Unfortunately, this means that access to these services is conditional on the availability of connectivity – and a significant threat here is a Distributed Denial of Service (DDoS) attack – a threat that exhausts the resources available to a network, application or service so that genuine users cannot gain access. Increasing attacks on data-centres According to Arbor’s Worldwide Infrastructure Security Report (WISR) the majority of data-centre operators now offer cloud services. In fact they are as common as managed hosting and colocation, demonstrating how rapidly ‘cloud’ has been adopted. Data-centres have been a magnet for DDoS activity for a number of years, but 2016 saw a step change with the WISR indicating that nearly two-thirds of data-centres saw DDoS attacks, with over 20 per cent of those seeing more than 50 attacks per month – a big jump from 8 per cent in 2015. Data-centres are now being targeted more frequently and with larger attacks, and they will only continue to grow. Worryingly, Arbor’s WISR also revealed that 60 per cent of data-centre operators had seen an attack that completely saturated their Internet connectivity last year. This is significant, as if Internet bandwidth is completely saturated then all data-centre infrastructure is effectively cut-off from the outside world – regardless of whether it was a part of the original target. For cloud and data-centre environments ensuring shared infrastructure is protected is of utmost importance given the size and complexity of today’s DDoS attacks. The weaponisation of DDoS has made it easy for anyone to launch a large volumetric or advanced multi-vector attack and this shows through in the data we have from data-centre operators. For example, 60 per cent of data-centres who experienced a DDoS attack in 2016 saw at least one attack that completely saturated their Internet connectivity – effectively disconnecting them, and their customers, from the connected world. The impact of a successful DDoS attack to a data-centre operator can be significant from an operational and customer churn / revenue loss perspective. The proportion of data-centre operators experiencing revenue loss due to DDoS attacks grew from 33 per cent to 42 per cent from 2015 to 2016, with nearly a quarter of data-centre respondents to the WISR indicated that the cost of a successful DDoS attack was in excess of $100K, illustrating the importance of the right defensive services and solutions. Before we discuss defences though, it is almost impossible to right a DDoS related article without mentioning IoT. 2016 was without doubt the year where weaponised IoT botnets came to the fore, with attacks against Dyn and more garnering significant media attention. Cloud processing of IoT related data is driving increases in scale for data-centre connectivity, but IoT devices can just as easily be subsumed into botnets and used to send unwanted DDoS traffic at those same data-centres. Given the numbers of IoT devices out there, the likelihood of an attack against one piece of cloud infrastructure having a broader impact is only going to increase. Combating today’s attackers To deal with high magnitude attacks, in most cases, data-centres need to leverage a cloud or ISP based DDoS protection service –and this is happening. Data-centre operators have been one of the top organisation types driving the growth in cloud and ISP managed DDoS protection services over the past couple of years.  The WISR shows us that over a half of data-centre operators now implement layered DDoS protection, a proportion that has been steadily increasing year-on-year.  This is the recognised best-practice and allows data-centre operators to protect themselves and their customers from the impact of an attack. Layered DDoS protection employs a cloud and ISP based DDoS protection service to deal with high magnitude attacks, plus a defensive solution at the data-centre perimeter to proactively deal with more focused, advanced attacks. Integrating these two layers together, so that they work in harmony, can provide complete protection from the DDoS threat – protecting the availability of both infrastructure and customer services. In fact, many data-centre operators are now leveraging the protections they have put in place to offer add-on, sticky DDoS protection services to their customers. Businesses are increasingly aware of both their dependence on cloud, and the threat DDoS poses, and are looking to ensure that their providers are adequately protected. Technology and services are however only a part of the solution, having incident response plans in place is also important so that businesses can deal efficiently and effectively with any attack. Arbor’s WISR reveals that 57 per cent of data-centre operators carried out DDoS defence simulations in 2016, up from 46 per cent in 2015. This is very encouraging, as exercising incident responses plans, on at least a quarterly basis, is best-practice. Future security of data centres The data-centres that support cloud application and data services are becoming ever more important to our businesses, but with nearly two-thirds of data-centres experiencing DDoS attacks last year, and over 20 per cent of those seeing more than 50 attacks per month, it has never been more important to ensure the right defences are in place. It is imperative that cloud users ensure that their vendor(s) of choice can provide the visibility and protection they need, and the telemetry that allows them to monitor what is going on. Increasingly customers of cloud services want a holistic view of the threats they face, across the 3 pillars of security and their cloud, on-premise data and applications services. This isn’t easy to achieve, but to balance the benefits of cloud against business risks it is something we need, especially in today’s cyber threat landscape. Source: http://www.itproportal.com/features/data-centres-and-the-ddos-risk/

View article:
Data-centres and the DDoS risk

Hackers threaten South Korean banks with DDoS attacks following record ransomware payment

The Armada Collective hacking group has issued a ransom demand of approximately $315,000 to seven South Korean banks, threatening to launch distributed denial of service attacks against each of their organizations. The threat came just days after fellow South Korean firm NAYANA negotiated a record $1.01 million ransom payment on June 14 to remedy an unrelated ransomware attack that locked up its systems. The timing of this latest threat has reportedly prompted some observers to wonder if NAYANA’s actions encouraged the Armada Collective to test the resolve of other South Korean companies. Citing financial authorities, the Yonhap News Agency on June 21 named the threatened banks as KB Kookmin Bank, Shinhan Bank, Woori Bank, KEB Hana Bank, NH Bank and two other lenders. The banks were given a deadline of June 26. The Armada Collective has engaged in this behavior before. For instance, in April 2016 Cloudfare published a report detailing an Armada Collective campaign that issued empty DDoS threats against a wide range of businesses extorting hundreds of thousands of dollars in the process. Source: https://www.scmagazine.com/hackers-threaten-south-korean-banks-with-ddos-attacks-following-record-ransomware-payment/article/671377/

Excerpt from:
Hackers threaten South Korean banks with DDoS attacks following record ransomware payment