Probation, comm service for poachers turned gamekeepers The three brains behind the Mirai malware, which infects and pressgangs Internet-of-Things devices into a botnet army, have avoided jail.…
See more here:
No, the Mirai botnet masters aren’t going to jail. Why? ‘Cos they help Feds nab cyber-crims
This comes after more than 18 months of already helping the FBI stop cyberattacks Three young hackers went from believing they were “untouchable” to helping the FBI stop future cyberattacks. The trio of hackers behind the Mirai botnet — one of the most powerful tools used for cyberattacks — has been working with the FBI for more than a year, according to court documents filed last week. Now the government is recommending they be sentenced to continue assisting the FBI, instead of a maximum five years in prison and a $250,000 fine. “By working with the FBI, the defendants assisted in thwarting potentially devastating cyberattacks and developed concrete strategies for mitigating new attack methods,” US attorneys said in a motion filed Sept. 11. “The information provided by the defendants has been used by members of the cybersecurity community to safeguard US systems and the Internet as a whole.” Originally, a probation officer on the case recommended that all three defendants be sentenced to five years’ probation and 200 hours of community service. Because of the hackers’ help, prosecutors have asked that the community service requirement be bumped up to 2,500 hours, which would include “continued work with the FBI on cybercrime and cybersecurity matters.” The three defendants are set to be sentenced by a federal judge in Alaska. The sentencing plea Tuesday was earlier reported by Wired. Hacker rehab Governments have taken a new approach with young, first-offender hackers, in the hopes of rehabilitating them and recruiting them to help defend against future attacks. The UK offers an alternative called the “cybercrime intervention workshop,” essentially a boot camp for young hackers who have technical talent but poor judgment. The three defendants — Josiah White, Paras Jha and Dalton Norman — were between the ages of 18 and 20 when they created Mirai, originally to take down rival Minecraft servers with distributed denial-of-service attacks. DDoS attacks send massive amounts of traffic to websites that can’t handle the load, with the intention of shutting them down. Mirai took over hundreds of thousands of computers and connected devices like security cameras and DVRs, and directed them for cyberattacks and traffic scams. In one conversation, Jha told White that he was “an untouchable hacker god” while talking about Mirai, according to court documents. The botnet was capable of carrying out some of the largest DDoS attacks ever recorded, including one in 2016 that caused web outages across the internet. The three defendants weren’t behind the massive outage, but instead were selling access to Mirai and making thousands of dollars, according to court documents. Helping the FBI The three hackers pleaded guilty in December, but had been helping the government with cybersecurity for 18 months, even before they were charged. Prosecutors estimated they’ve worked more than 1,000 hours with the FBI — about 25 weeks in a typical workplace. That includes working with FBI agents in Anchorage, Alaska, to find botnets and free hacker-controlled computers, and building tools for the FBI like a cryptocurrency analysis program. In March, the three hackers helped stop the Memcached DDoS attack, a tool that was capable of blasting servers with over a terabyte of traffic to shut them down. “The impact on the stability and resiliency of the broader Internet could have been profound,” US attorneys said in a court document. “Due to the rapid work of the defendants, the size and frequency of Memcache DDoS attacks were quickly reduced such that within a matter of weeks, attacks utilizing Memcache were functionally useless.” According to US officials, the three hackers also last year helped significantly reduce the number of DDoS attacks during Christmas, when activity usually spikes. Along with helping the FBI, the three defendants have also worked with cybersecurity companies to identify nation-state hackers and assisted on international investigations. Jha now works for a cybersecurity company in California while also attending school. Dalton has been continuing his work with FBI agents while attending school at the University of New Orleans, and White is working at his family’s business. Prosecutors heavily factored their “immaturity” and “technological sophistication” as part of the decision. “All three have significant employment and educational prospects should they choose to take advantage of them rather than continuing to engage in criminal activity,” the court documents said. Source: https://www.cnet.com/news/hackers-behind-mirai-botnet-could-be-sentenced-to-working-for-the-fbi/
Two separate reports have detailed the biggest threats to businesses this year Two separate reports have highlighted the mounting threat of DDoS and mobile fraud attacks, demonstrating the shifting security landscape and the need for businesses to adapt their security policies. Corero Network Security’s DDoS report revealed attacks were up 40% year-on-year, with 77% of them lasting ten minutes or less and 63% less than five minutes. Companies that have experienced an attack have a one in five chance of finding themselves under siege less than 24 hours after the first. The most common type of DDoS attack on organisations is low volume strikes, with 4% less than 5Gbps. However, the number of high-volume attacks (over 10Gbps) have more than doubled over the last year, suggesting they will rise in intensity in the coming period. “Organisations are dependent on the Internet as a means to conduct business and deliver consumer/citizen services,” Corero’s CEO Ashley Stephenson said. “Any event that affects this ability to function will have a significant impact on that business. “With Internet resilience coming down to a fraction of a second, it’s easy to see why DDoS attacks are considered one of the most serious threats to Internet availability today resulting in damage to a brand’s reputation, customer trust and revenue.” ThreatMetrix’s investigation into mobile threats revealed that mobile attacks in the US have risen by 44% year-on-year (24% worldwide), as criminals take advantage of mobile usage to complete digital transactions such as mobile banking and purchasing. Additionally, it noted that because 85% of social media and dating site activity happens on mobile, these are becoming targets for hackers. Now, a third of all fraud-related activities originate from mobile devices, which although highlights the need for mobile security, suggests desktop is still the less secure platform. Device spoofing is the biggest threat to financial services, while mule networks and bot attacks are on the rise. ThreatMetrix explained large retailers are the biggest targets as criminals attempt to break into user accounts and steal payment information. “Mobile is quickly becoming the predominant way people access online goods and services, and as a result, organisations need to anticipate that the barrage of mobile attacks will only increase,” said Alisdair Faulkner, Chief Identity Officer at ThreatMetrix. “The good news is that as mobile usage continues to increase, so too does overall customer recognition rates, as mobile apps offer a wealth of techniques to authenticate returning customers with a very high degree of accuracy.” He added that the key vulnerability in the mobile atmosphere is during the app registration and account creation step. To prevent criminals from breaking into the system using this security hole, businesses must use global intelligence that can uncover their true digital identity, with information compiled from the various places customer information is available on. Source: http://www.itpro.co.uk/security/31906/ddos-attacks-and-mobile-fraud-are-surging-in-2018
Read More:
DDoS attacks and mobile fraud are surging in 2018
The frequency of DDoS attacks have once again risen, this time by 40% year on year, according to Corero Network Security. While frequency has increased, the duration of attacks decreased with 77% lasting ten minutes or less, of which 63% last five minutes or less. Perhaps more concerning is that, having faced one attack, one in five organisations will be targeted again within 24 hours. “With Internet resilience coming down to a fraction of a … More ? The post DDoS attack frequency grows 40%, low volume attacks dominate appeared first on Help Net Security .
Read the original post:
DDoS attack frequency grows 40%, low volume attacks dominate
A new version of Mirai exploits the Apache Struts flaw linked to the Equifax breach, while Gafgyt targets an old flaw in SonicWall. Well-known Internet of Things (IoT) botnets Mirai and Gafgyt have resurfaced with new variants targeting vulnerabilities in Apache Struts and SonicWall, respectively. Researchers in Palo Alto Networks’ Unit 42 detected the new versions of Mirai and Gafgyt, both of which have been linked to massive distributed denial of service (DDoS) attacks since November 2016. They suggest both botnets are veering away from consumer targets and toward the enterprise. The Mirai samples were found in the first week of September, while the Gafgyt samples were available on and off throughout the month of August. Both were using the same domain. Mirai is an evolution of the Gafgyt botnet (also known as Bashlite or Torlus), an IoT/Linux botnet, explains Ryan Olson, vice president of threat intelligence for Unit 42. It was originally designed to spread across Linux devices by brute-forcing default credentials so the attacked devices could then be commanded to launch DDoS attacks. “Neither is more inherently dangerous than the other, though, as we note, these samples of Mirai are notable for how many vulnerabilities they target,” Olson says of the recent findings. On Sept. 7, Unit 42 discovered samples of another Mirai variant packing exploits targeting 16 distinct vulnerabilities. It’s not the first time the botnet has been seen leveraging multiple exploits in a single sample. However, it is the first time Mirai has leveraged a vulnerability in Apache Struts – the same bug associated with the massive Equifax data breach in September 2017. The other 15 vulnerabilities all target IoT devices and have previously been seen in different combinations within different Mirai variants, says Olson, who adds that “the Struts addition is the most notable change in this version of Mirai we found.” It’s also worth noting these samples don’t include the brute-force functionality generally used in the Mirai botnet. Researchers found the same domain hosting the Mirai samples previously resolved to a different IP in August. During that time, the IP was sporadically hosting samples of Gafgyt that included an exploit against CVE-2018-9866, a SonicWall bug affecting older versions of the SonicWall Global Management System (GMS). Both the Apache Struts and SonicWall exploits are deemed Critical, with a CVSS score of 10. Their effectiveness depends on the number of exposed systems, Olson says. The Apache Struts vuln has been public for a year. The SonicWall bug only affects unsupported versions; the company advises users running GMS software to ensure they’re upgraded to version 8.2 as GMS version 8.1 went out of support in Feb. 2018. “For either to be effective, an organization needs to be behind on their versions and updates,” he says. Olson believes the two new variants of Mirai and Gafgyt come from the same actor but couldn’t speak to why they might have chosen to leverage two botnets instead of one. “Seeing as the samples originated from IPs that resolved to the same domain at different times, and based on some other OPSEC failures, I’m fairly certain these originate from the same actor/group,” says Olson of their starting point. “I can’t pinpoint any advantage one has over the other to explain the choice of using different base source codes.” For now, it seems the attackers are testing different vulnerabilities to gauge their efficiency at herding the maximum number of bots, giving them greater power for a DDoS, Olson says. A move to the enterprise would allow the botnets access to greater Internet bandwidth than individual home users and connections, he adds – a sign the bots may be targeting businesses. Source: https://www.darkreading.com/vulnerabilities—threats/mirai-gafgyt-botnets-resurface-with-new-tricks/d/d-id/1332789
Continued here:
Mirai, Gafgyt Botnets Resurface with New Tricks
Digital connectivity continues apace – but brings with it increased cyber risks. These relatively new and complex risk profiles require approaches that go far beyond traditional insurance, argues Munich Re’s reinsurance boss Torsten Jeworrek. Self-learning machines, cloud computing, digital ecosystems: in the steadily expanding Internet of Things, all objects communicate with others. In 2017, 27 billion devices around the world were online, but this number is set to increase five-fold to 125 billion by the year 2030. And many industries are profiting from the connectivity megatrend. In virtually every sector, automated processes are delivering greater efficiency and therefore higher productivity. By analysing a wide range of data, businesses also hope to gain new insights into existing and prospective customers, their purchasing behaviour, or the risk that they might represent. This will facilitate a more targeted customer approach. At the same time, greater levels of interconnection are leading to new business models. Examples include successful sharing concepts and online platforms. Growing risk of ransomware But just as there are benefits to growing connectivity, there are also risks. Ensuring data security at all times is a serious challenge in this complex world. When setting up and developing digital infrastructure, companies must constantly invest in data-security expertise and in technical security systems, not least to protect themselves against cyber attacks. This became clear in 2017, when the WannaCry and NotPetya malware attacks caused business interruption and production stoppages around the world. T he costs of WannaCry in the form of lost data and business interruption were many times greater than the losses from ransom demands. With other attacks, the objective was not even extortion – but rather to sabotage business operations or destroy data. Phishing, which is the attempted capture of sensitive personal and log-in data, and distributed denial of service (DDoS) attacks, which take down entire servers by systematically overloading them, also cause billions of dollars in damage each year. It is difficult to calculate the exact amounts involved, but business losses from cyber attacks are currently estimated at between $400bn and $1tn each year. And the number of cyber attacks continues to rise – as do the resulting losses. According to estimates from market research institute Cybersecurity Ventures, companies around the world will fall victim to such attacks every 14 seconds on average in 2019. Europol also notes that there have been attacks on critical national infrastructure in the past, in which people could have died had the attacks succeeded. Increasing demand for cyber covers from SMEs as well As the risks increase, so too does the number of companies that attach importance to effective prevention measures and that seek insurance cover. The pressure to improve data protection has also increased as a result of legal requirements such as the EU’s General Data Protection Regulation, which came into force in May 2018 and provides for severe penalties in the event of violations. In a world of digital dependency, automated processes, and networked supply chains, small- and medium- sized companies in particular realise that it is no longer enough to focus on IT security within their own four walls. For the insurance industry, cyber policies are gradually becoming an important field of business in their own right. According to estimates, further significant increases in premium volume are on their way. In 2017, premium volume was at between $3.5bn and $4bn. That figure is expected to increase to between $8bn and $9bn by 2020. So there will be good growth opportunities over the next few years, particularly in Europe. Cyber risks difficult to assess Cyber risks pose unique challenges for the insurance industry, above all in connection with accumulation risk: a single cyber event can impact many different companies at the same time, as well as leading to business interruption for other companies. How can the market opportunities be exploited, while at the same time managing the new risks? Are cyber risks ultimately uninsurable, as many industry representatives have said? One thing is certain: there are a number of extreme risks that the insurance industry cannot bear alone. At present, these include network outages that interrupt the electricity supply, or internet and telecommunication connections. Scenarios like these, and the costs that come with them, should be borne jointly by governments and companies, for example in the form of pool solutions. Cyber as a new type of risk There are key differences between cyber risks and traditional risks. Historical data such as that applied to calculate future natural hazards, for example, cannot tell us much about future cyber events. Data from more than ten years ago, when there was no such thing as cloud computing and smartphones had not yet taken off, are of little use when assessing risks from today’s technologies. Insurers and reinsurers must be able to recognise and model the constantly evolving risks over the course of these rapid advances in technology. An approach that relies on insurance expertise alone will rapidly reach its limits. Instead, the objective of all participants should be to create as much transparency as possible with regard to cyber risks. IT specialists, authorities, and the scientific and research communities can all help to raise awareness of the risks and contribute their expertise for the development of appropriate cyber covers. Working together to enhance security Munich Re relies on collaboration with technology companies and IT security providers to develop solutions for cyber risks. This is because the requirements for comprehensive protection are complex, and safeguarding against financial losses is only one component of an overall concept. Accordingly, in consultation with our technology partners, we are developing highly effective, automated prevention services for our clients. These are designed to permanently monitor the client infrastructure, identify risks promptly, and prevent losses. And – importantly – a company needs to respond quickly to limit the loss from an event and allow it to resume normal operations without delay. In this context, we assist our clients with a network of experts. But cyber risks remain a challenge, and one that the insurance industry needs to tackle. Insurers can only remain relevant for their clients if they constantly adapt their offerings to new or changed risks and requirements. Opportunities for new fields of business are arising. Source: https://www.re-insurance.com/opinion/cyber-policies-more-than-just-risk-transfer/1687.article
Read More:
Cyber policies: More than just risk transfer
As healthcare’s digital transformation continues, security remains a top priority — especially as distributed denial-of-service (DDoS) attacks target the click-to-call features on websites. Click-to-call defines the services that enable patients to immediately call a hospital or clinic directly from a button on their website, either using a traditional phone service or Voice over Internet Protocol (VoIP) technology. This is different from click-to-callback features, which are used for less pressing medical needs, and is an important differentiation when securing hospital communications from DDoS attacks. Because direct click-to-call scenarios use more resources, such as audio streams and interactive voice response (IVR) systems, these types of connections are much easier to effect using an application-layer DDoS attack. When a DDoS attack affects a healthcare system, click-to-call features are often taken fully offline. If this occurs during a health emergency, the implications can mean life or death. However, click-to-call features also offer enhanced and more personalized engagement in a cost-effective manner, so simply removing them could result in delayed care or service abandonment as well as raise the cost of future care. So what’s the best move? Neustar’s 2017 Worldwide DDoS Attacks and Cyber Insights Research Report found that while 99% of the organizations it surveyed had some sort of DDoS protection in place, the vast majority of them (90%) were planning to invest more than in the previous year, and 36% thought they should be investing even more than that. The same way that keeping protected health information (PHI) secure continues to be of the utmost importance, further steps must be taken to protect healthcare organizations from DDoS attacks. Gated access through proper authentication One of the primary ways healthcare organizations can prevent a DDoS attack is through proper authentication. Proper authentication reduces the attack surface by providing a gate of access to those systems and rules out certain flavors of anonymous attacks. Anonymous DDoS attacks use an open access or resource and distribute/coordinate mass usage of the access, and are challenging to thwart as it is difficult to differentiate an attack from actual usage. Proper authentication provides a simple differentiation. Credential loss is a possible attack vector even with authentication; however, coordinating DDoS attacks with authentication credentials is much more difficult due to the distribution of credentials. For instance, if an attacker has compromised a single access point and distributes the single authentication to all endpoints, a properly protected account could easily thwart an attack with access rate-limiting. Securing Patient Portals Implementing secure patient portals is another way to prevent DDoS attacks on medical call centers. Patient portals require strong authentication. If proper authentication is required before using resources such as call centers and call agents, then the ability to launch a large-scale attack would require numerous credentials. In circumstances where multi-factor authentication is required, the complexity of a successful DDoS attack only increases — thereby making it more difficult to pull off. For example, if a username/password entry into a patient portal required a text or email verification as well — or even a prompt on an installed smartphone application — then the loss of even a large set of credentials could not be used in an attack without also compromising some other form(s) of communication. Since patient portals also contain mass amounts of private data, securing that information to the highest degree in order to safeguard it properly is key and can also help prevent a large-scale attack on a hospital’s click-to-call functionality. What the threat of DDoS attacks means to the global security community Today it’s obviously critical that global security managers remain aware of the daunting DDoS threat. When (not “if”) an attack occurs, critical resources are consumed — sometimes even resources that are unrelated. For example, a DDoS attack against a website might consume networking resources, bringing down a patient portal, and an attack against a patient portal may consume database resources and prevent normal internal operations. DDoS attacks on weak targets are relatively inexpensive for attackers — existing botnets with simple traffic flooding exist and await the next purchase — and simple networking attacks can be thwarted with up-to-date networking equipment front-ending services. However, application-aware and custom attacks are much more expensive to create, and can be made prohibitively expensive by taking simple steps like requiring authentication before allowing access to resource offerings. Additionally, keeping software up-to-date is critical as software flaws are discovered, and quickly updating components is effective at blocking attacks before they can be crafted and deployed. Regularly updating systems and keeping them free of malware not only reduces available botnet size, amplification points and reflection points, but may also prevent a hop-off point for more sophisticated attacks. As more tech companies enter the healthcare field to enable its digitization, and information security continues to be top of mind in every field, it’s important for those in the security industry — some of whom may directly dabble in healthcare — as well as the healthcare organizations themselves to focus on increasing their security measures and to know what they should be doing to prevent this type of communications attack. Source: https://www.infosecurity-magazine.com/opinions/mcdreary-medical-ddos/
Original post:
McDreary? The Future of Medical Call Centers & DDoS
WP Engine announced the launch of Global Edge Security, an enterprise-class security solution built from Cloudflare’s Internet performance and security solutions. Global Edge Security integrates WP Engine’s platform, which powers more than 80,000 global customers, with Cloudflare’s managed web application firewall (WAF), distributed denial of service (DDoS) mitigation, SSL/TLS encryption, and CDN across a global edge network spanning more than 70 countries to deliver digital experiences on WordPress. WP Engine’s Global Edge Security is a … More ? The post WP Engine launches Global Edge Security for WordPress with Cloudflare appeared first on Help Net Security .
View original post here:
WP Engine launches Global Edge Security for WordPress with Cloudflare
Researchers uncover botnet malware pouncing on security holes More than 7,500 Mikrotik routers have been compromised with malware that logs and transmits network traffic data to an unknown control server.…
Read More:
Mikrotik routers pwned en masse, send network data to mysterious box
Also: Belarus barely brushes botnet builder’s bankroll Another week has come and gone. This one included some Fortnite flaws , a nasty Intel bug , and a voting machine maker whining about hacking contests.…