Fantasy sports outfit looks to hunt down group that bombarded its site A US sports gaming company is asking permission to unmask 10 people it believes were behind a massive DDoS attack on its website earlier this month.…
Read More:
DraftKings rides to court, asks to unmask 10 DDoS suspects
Data centers are the lifeblood of the enterprise, allowing for scale never before imagined and access to critical information and applications. Businesses are increasingly migrating to the cloud, making the role of the data center more and more valuable. In 2017 alone, companies and funds invested more than $18 billion in data centers, both a record and nearly double that of 2016. But as much growth as this unparalleled level of computing has given SMBs to the enterprise, a level of risk remains — and data center operators often aren’t looking in the right places when identifying security threats. As these data centers evolve, so too do the tools and techniques used by hackers – both novice and pro. Securing the physical spaces that house these critical facilities is becoming more important by the day, and operators are doing themselves a disservice by solely focusing on IT as the only line of defense against attacks. Often, the physical operation of the building is the wide-open door for a hacker to exploit, and if done correctly, can cause as much devastation as an attack on software. Even if data center operators think their security operation is lock-tight, there still are several important considerations to ensure a holistic plan is in place. The bottom line? If these important measures haven’t been incorporated as part of a data center’s security plan and ongoing upgrades, there is risk to the entire operation. Your physical operation is more connected Smoke detection, CCTV, power management systems and your cooling control are all becoming increasingly more connected. The Internet of Things (IoT) has allowed building management systems to become far more advanced than ever imagined when managing the more industrial side of your operation. But as these once-mechanical and manual systems start talking, there also are far more opportunities for malicious damage. If they aren’t already, IT and building operations must be in constant contact, updating one another about the most recent changes to either one’s systems. Without this important dialogue, processes and standards change in a vacuum and can leave back doors open for hackers. Threats are evolving Your security plan should too. Many times, operators are solely worried about the data inside the servers, and don’t consider external threats. Gaining access to secure and encrypted servers takes an extremely experienced and skilled hacker. However, infrastructure like HVAC or fire control sprinkler systems are far less complicated to access for a less seasoned cyber-criminal. While a DDoS attack or breach can be dangerous, a cooling operation taken offline or activated fire sprinklers can be downright devastating. Hackers consider this low-hanging fruit, and are almost always looking to do the most damage. Consider updating your security plan with a roadmap of every physical system in place, and sit down with building operations to address potential new areas of weakness. Consider outside advice to ensure security No single person can be expected to be an expert on the security of all physical assets. Consulting with a third-party that understands how facilities and IT should be working together within a data center can an extremely valuable investment. Consider this: Gartner has estimated that a single minute of network downtime costs $5,600 on average. That’s certainly not a huge sum if the interruption is only 10 minutes due to a DDoS attack, but consider the damage if servers catch fire because of a cooling system shutdown. If a data center spends weeks cleaning up physical damage to a poorly secured physical operation, the results could be devastating. To provide true security, data center operators have to stop assuming hackers can only do damage in the zeros and ones. In reality, as systems become more advanced, true security at data centers is reliant on a close relationship between IT and facilities, making sure they frequently and accurately communicate about changes, upgrades and observations at their operations. Not doing so risks a lot more than a little downtime. Source:https://www.helpnetsecurity.com/2018/08/29/securing-data-centers/
Read More:
Your data center’s IT is lock-tight, are the facility’s operations?
In a distributed-denial-of-service (DDoS) attack that began on Sunday, 26 August, and extended into today, Spain’s central bank was knocked offline. While Banco de Espana struggled to fight off the attack, business operations were not disrupted, according to Reuters . “We suffered a denial-of-service attack that intermittently affected access to our website, but it had no effect on the normal functioning of the entity,” a spokeswoman for Banco de Espana wrote in an email. DDoS attacks interrupt services by overwhelming network resources. Spain’s central bank is a noncommercial bank, which means that it does not offer banking services online or on site, and communications with the European Central Bank were not impacted. “Worryingly, as of Tuesday afternoon their website remained offline despite the attack having started on Sunday. Whether this was as a result of an ongoing attack, recovering from any resulting damage or as a precaution pending a forensic investigation is not clear,” said Andrew Lloyd, president, Corero Network Security. “The recent guidance from the Bank of England (BoE) requires banks to have the cyber-resilience to ‘resist and recover’ with a heavy emphasis on ‘resist.’ The BoE guidance is a modern take on the old adage that ‘prevention is better than cure.’ Whatever protection the Bank of Spain had in place to resist a DDoS attack has clearly proven to be insufficient to prevent this outage.” To help mitigate the risk of a DDoS attack, banks and other financial institutions can invest in real-time protection that can detect attacks before they compromise systems and impact customer service. As of the time of writing this, the bank’s website appears to be back online. Source: https://www.infosecurity-magazine.com/news/ddos-knocked-spains-central-bank/
Read More:
A DDoS Knocked Spain’s Central Bank Offline
DDoS (Distributed Denial of Service) attacks feature amongst the most dreaded kinds of cyber attacks, for any enterprise today. This is especially because, as the name itself suggests, there it causes a total denial of service; it exhausts all resources of an enterprise network, application or service and consequently it becomes impossible to gain access to the network, application or the service. In general, a DDoS attack is launched simultaneously from multiple hosts and it would suffice to host the resources, the network and the internet services of enterprises of any size. Many prominent organizations today encounter DDoS attacks on a daily basis. Today DDoS attacks are becoming more frequent and they are increasing in size, at the same time becoming more sophisticated. In this context, it becomes really important that enterprises look for DDoS attack prevention services, in fact the best DDoS attack prevention services, so as to ensure maximum protection for their network and data. The different kinds of DDoS attacks Though there are different kinds of DDoS attacks, broadly speaking there are three categories into which all the different kinds of DDoS attacks would fit. The first category is the volumetric attacks, which include those attacks that aim at overwhelming network infrastructure with bandwidth-consuming traffic or by deploying resource-sapping requests. The next category, the TCP state-exhaustion attacks, refer to the attacks that help hackers abuse the stateful nature of the TCP protocol to exhaust resources in servers, load balancers and firewalls. The third category of DDoS attacks, the application layer attacks, are basically the ones targeting any one aspect of an application or service at Layer 7. Of the above-mentioned three categories, volumetric attacks are the most common ones; at the same time there are DDoS attacks that combine all these three vectors and such attacks are becoming commonplace today. DDoS attacks getting sophisticated, complex and easy-to-use Cybercriminals today are getting cleverer and smarter. They tend to package complex, sophisticated DDoS attack tools into easy-to-use downloadable programs, thereby making it easy even for non-techies to carry out DDoS attacks against organizations. What are the main drivers behind DDoS attacks? Well, there could be many, ranging from ideology or politics to vandalism and extortion. DDoS is increasingly becoming a weapon of choice for hacktivists as well as terrorists who seek to disrupt operations or resort to extortion. Gamers too use DDoS as a means to gain competitive advantage and win online games. There are clever cybercriminals who use DDoS as part of their diversionary tactics, intending to distract organizations during APT campaigns that are planned and executed in order to steal data. How to prevent DDoS attacks The first thing that needs to be done, to prevent DDoS attacks from happening, is to secure internet-facing devices and services. This helps reduce the number of devices that can be recruited by hackers to participate in DDoS attacks. Since cybercriminals abuse protocols like NTP, DNS, SSDP, Chargen, SNMP and DVMRP to generate DDoS traffic, it’s advisable that services that use any of these ought to be carefully configured and run on hardened, dedicated servers. Do repeated tests for security issues and vulnerabilities. One good example is doing penetration tests for detecting web application vulnerabilities. Ensure that your enterprise implements anti-spoofing filters as covered in IETF Best Common Practices documents BCP 38 and BCP 84. This is because hackers who plan DDoS attacks would generate traffic with spoofed source IP addresses. Though there are no fool-proof techniques that can prevent DDoS attacks completely, you can ensure maximum protection by ensuring proper configuration of all machines and services. This would ensure that attackers don’t harness publicly available services to carry out DDoS attacks. It’s to be remembered that it’s difficult to predict or avoid DDoS attacks and also that even an attacker with limited resources can bring down networks or websites. Hence, for any organization, it becomes important that the focus is always on maximum level protection for enterprise networks, devices, websites etc. Source: https://ddosattacks.net/wp-admin/post-new.php
See more here:
It’s Time To Protect Your Enterprise From DDoS Attacks
Distributed Denial of Service (DDoS) attacks aimed at disruption remain a massive problem for businesses big and small, despite the shutdown of the Webstresser DDoS-for-hire service. Attackers are also increasingly striking outside of normal business hours, researchers have found. A new report shows attack volumes rose 50% to an average 3.3 Gbps during May, June and July 2018, from 2.2 Gbps in Q1. Despite a 36% decrease in the overall number of attacks – likely as a result of DDoS-as-a-service website Webstresser being shuttered in an international police operation – attack volumes increased. 46% of incidents used two or more vectors in Q2, with a total of 9,325 attacks recorded during the quarter. That’s 102 per day, on average. A 50% increase in hyper-scale attacks (80 Gbps+) was also recorded, while the most complex attacks used 13 vectors in total, researchers found. Broadly speaking, DDoS attacks can be divided into three main categories, which point to the attack vectors employed by bad actors: Volume Based Attacks – bad actors saturate the bandwidth of the attacked site (measured in bits per second / Bps) Protocol Attacks – attackers consume actual server resources (measured in packets per second / Pps). Application Layer Attacks – hackers seek to crash the web server (measured in requests per second / Rps) High-volume attacks were assisted by Memcached reflection, SSDP reflection and CLDAP. The highest attack bandwidth was recorded at 156 Gbps (gigabits per second), while the total duration of attacks during the quarter was 1,221 hours. Attackers used two vectors 17% of the time, and three vectors 16% of the time. The most-frequently observed attacks were UDP floods (59.7%), TCP SYN floods (3.3%) and ICMP floods (0.9%). 773 attacks used the Memcached reflection amplification technique, while the SSDP reflection technique generated the greatest proportion of DDoS packets. New data from a similar study, by Nexusguard, recently showed that the number of unguarded Memcached servers is dropping, yet many remain vulnerable to attacks. The same research uncovered that DNS amplification attacks have increased 700% worldwide since 2016 and, in the first quarter of 2018, 55 DNS amplification attacks relied on vulnerable Memcached servers to amplify their DDoS efficiency by a factor of 51,000. Source: https://securityboulevard.com/2018/08/ddos-attack-volume-rose-50-in-q2-2018/
Read More:
DDoS Attack Volume Rose 50% in Q2 2018
Democratic lawmakers want to know why the agency didn’t inform consumers of the falsity of its claim sooner A group of House democrats want to know when FCC Chairman Ajit Pai knew that the agency’s claims of a DDoS attack were false. Last week, the FCC’s Office of Inspector General released a report that found no evidence to support the claims of DDoS attacks in May of 2017. The agency had previously blamed multiple DDoS attacks for temporarily taking down a comment section of its website following a segment of Last Week Tonight, in which comedian John Oliver asked viewers to submit comments to the FCC and speak out in support of net neutrality. However, viewers were unable to voice their opinion on the proposed rollback of net neutrality because the comment submission section wasn’t available at the time. Now that it has come to light that the agency’s claims of a DDoS attack were false, a handful of Democratic lawmakers want to know when Pai became aware that there was no DDoS attack and why the agency didn’t correct its public statements alleging a DDoS attack before now. Misrepresented facts “We want to know when you and your staff first learned that the information the Commission shared about the alleged cyberattack was false,” Democratic lawmakers wrote in a letter to Pai. “It is troubling that you allowed the public myth created by the FCC to persist and your misrepresentations to remain uncorrected for over a year,” they wrote. The letter was signed by Representatives Frank Pallone Jr. (NJ), Mike Doyle (PA), Jerry McNerney (CA) and Debbie Dingell (MI). The results of the investigation concluded that FCC officials deliberately misrepresented facts in responses to Congressional inquiries. “Given the significant media, public and Congressional attention this alleged cyberattack received for over a year, it is hard to believe that the release of the IG’s report was the first time that you and your staff realized that no cyberattack occurred,” wrote the lawmakers. “Such ignorance would signify a dereliction of your duty as the head of the FCC, particularly due to the severity of the allegations and the blatant lack of evidence.” The Democratic lawmakers have asked Pai for complete written responses to their questions by August 28. Pai is also scheduled to appear before a Senate Commerce, Science and Transportation Committee oversight hearing on Thursday where he is expected to face questions about the results of the investigation. Source: https://www.consumeraffairs.com/news/lawmakers-want-to-know-when-ajit-pai-knew-fccs-cyberattack-claim-was-false-081518.html
Read More:
Lawmakers want to know when Ajit Pai knew FCC’s cyberattack claim was false
Here’s an overview of some of last week’s most interesting news and articles: Intensifying DDoS attacks: ?Choosing your defensive strategy One of the biggest misconception regarding DDoS attacks is that they are a once-in-a-lifetime event for organizations, says Josh Shaul, VP of Web Security at Akamai. “Our State of the Internet Report found that companies suffered 41 DDoS attacks on average over the last six months,” he points out. August Patch Tuesday forecast: Looking ahead … More ? The post Week in review: IoT security, cyber hygiene, Social Mapper appeared first on Help Net Security .
Taken from:
Week in review: IoT security, cyber hygiene, Social Mapper
Ben-Gurion University of the Negev (BGU) cyber security researchers warn of a potential distributed attack against urban water services that uses a botnet of smart irrigation systems that water simultaneously. The researchers analyzed and found vulnerabilities in a number of commercial smart irrigation systems, which enable attackers to remotely turn watering systems on and off at will. They tested three of the most widely sold smart irrigation systems: GreenIQ, BlueSpray, and RainMachine smart irrigation systems. … More ? The post A botnet of smart irrigation systems can deplete a city’s water supply appeared first on Help Net Security .
See original article:
A botnet of smart irrigation systems can deplete a city’s water supply
Business-critical applications running the biggest organizations in the world are under attack, according to research from Digital Shadows and Onapsis. The report shows a rise in cyberattacks on widely-used enterprise resource planning (ERP) applications such as SAP and Oracle — which currently have a combined 9,000 known security vulnerabilities. The report also highlights an increase in attacks on these systems by nation-state actors, cybercriminals and hacktivists that include both hacking and DDoS attempts to compromise … More ? The post ERP applications under attack: How criminals target the crown jewels appeared first on Help Net Security .
View original post here:
ERP applications under attack: How criminals target the crown jewels
Threat X announced the addition of capabilities to help global customers identify, profile, and intercept a wide range of threats, including DDoS, Bot and zero-day attacks while increasing application performance. Additionally, cloud-native deployment options mean organizations can deploy and scale Threat X in hours—compared to the weeks associated with traditional WAF deployments. Today, security teams are challenged to protect the large attack surfaces presented by complex technology environments from an ever-evolving threat landscape. These teams … More ? The post Threat X extends SaaS-Based WAF solution with threat detection appeared first on Help Net Security .
See more here:
Threat X extends SaaS-Based WAF solution with threat detection