Category Archives: Security Websies

How Big is Your DDoS Mitigation Gap?

The DDoS mitigation industry is scaling up capacity following a consistent increase in the number of DDoS attacks and recent indications that IoT-based DDoS attacks are expected to grow significantly. The DDoS attack vector continues to wreak havoc in 2017, with a reported 380% spike in the number of DDoS attacks identified in Q1, compared to the same period last year. A recent study shows a year on year increase of 220% in the number of different types of malware designed to hijack IoT devices. DDoS Mitigation providers are taking heed, with Arbor dedicated to quadrupling their capacity to 8Tbps by the end of 2017, and both Neustar and OVH committing to capacities of over 10Tbps. A DDoS mitigation Gap occurs whenever DDoS traffic bypasses a company’s DDoS mitigation defenses, and penetrates the target network. The reasons for such gaps vary from some types of DDoS attacks that are completely unnoticed by DDoS mitigation, to a range of configuration issues that let through traffic that should be mitigated. However the problem is that visibility of DDoS mitigation gaps is currently nonexistent to those cybersecurity practitioners who are responsible for production uptime. Companies do not know how well their mitigation is performing, or where their configuration problems are, leaving them and their vendors to troubleshoot issues at the very worst possible time, that is, when systems are down at the height of a DDoS attack. Results from over 500 DDoS tests run by MazeBolt on companies from a wide range of industries, shows that on their first test, companies failed 41% (on average) of DDoS tests – simulations of real DDoS attacks conducted in a highly controlled manner to help companies understand their mitigation gap so they can strengthen their mitigation proactively. This means that after a company has deployed their DDoS mitigation strategy, on average it will stop only six out of ten attacks. To solve this, with insight about where their DDoS mitigation posture was leaking, companies could go back to vendors to reconfigure settings and harden their DDoS mitigation posture. As depicted in the bar chart below, by repeating the testing cycle only three times, companies were able to reduce their mitigation gap from an average of 41% in the first test to an average of 25% in the second and only 15% in the third – reflecting a 65% strengthening of their DDoS mitigation. Paraphrasing Heraclitus one might say you can never test the same DDoS mitigation twice, but our data clearly shows that testing it three times will strengthen it considerably. Source: https://www.infosecurity-magazine.com/opinions/big-ddos-mitigation-gap/

Continued here:
How Big is Your DDoS Mitigation Gap?

CHJ Tech. Teams up with DOSarrest to deliver Internet Security Solutions for the Singapore Government

SINGAPORE, Sept. 25, 2017 (GLOBE NEWSWIRE) — CHJ Technologies Singapore announced today that they have been chosen as one of the 6 approved vendors to supply cloud based DDoS protection and Web Application security services for the Singapore government over the next 3 years. The Singapore Government expects to spend SGD $50m to keep government websites going even under an attack. CHJ is the exclusive distributor of DOSarrest Internet security services in Singapore and is utilizing their DDoS and WAF solutions to satisfy the Singapore government’s security requirements. Linus Choo, Managing Director of CHJ Technologies states “CHJ Technologies has a substantial track record providing cyber security services in Singapore. Having first been awarded DDoS mitigation contracts with the Singapore government in 2014, we are both elated and honored to have been awarded for a second time in this latest tender. We feel that this renewal of our services is a testament to the calibre of services our team provides and our partnership with DOSarrest. “Understanding the strategic importance of cyber security services, we align and integrate perfectly with the investments our government is making in DDoS protection and other cyber security services, this makes the continuation of our collaboration with the government all the more valued. This is a very significant accomplishment for both CHJ Technologies and DOSarrest.” Mark Teolis, CEO of DOSarrest explains “It was a very rigorous process to meet all the requirements of the Singapore government’s security specifications, in the end we beat out many competitors 3 years ago and we did it again this year.” Teolis adds “CHJ Tech is a great match for us, their staff on the ground and customer support paired with our technology is a home run.” Choo adds “We are actively exploring other opportunities in the Asean region as a partner with DOSarrest.“ About DOSarrest Internet Security: DOSarrest, founded in 2007 in Vancouver, B.C., Canada, is one of only a couple of companies worldwide to specialize in only cloud based DDoS protection services. Additional Web security services offered are Cloud based W eb A pplication F irewall (WAF) , V ulnerability T esting and O ptimization (VTO), DataCenter Defender – GRE as well as cloud based global load balancing and a simulated DDoS attack Platform. For more information: DOSarrest.com About CHJ Technologies: Founded in 1987 and headquartered in Singapore, we have become one of Asia’s leading and fastest-growing managed cybersecurity service providers. Our expertise and product lines enable organizations to discover, risks and mitigate them. Continually pushing boundaries, we protect our customers’ critical assets and information wherever it lives – in the cloud and on-premises. For more information: http://www.chjtech.com.sg Contact Information: Lew Yong-He +65 6896 7998 sales@chjtech.com.sg Source: https://www.dosarrest.com/news-and-events/chj-tech-teams-up-with-dosarrest-to-deliver-internet-security-solutions-for-the-singapore-government/

Continue reading here:
CHJ Tech. Teams up with DOSarrest to deliver Internet Security Solutions for the Singapore Government

How enterprises can fend off DDoS attacks

Though distributed denial of service attacks have been around more than two decades, recently we have seen a spate of DDoS attacks that have increased in complexity and variability. Both the size and frequency of DDoS attacks have gone up, and criminals use these sophisticated attacks to target sensitive data, not just to disrupt businesses. Some recent attacks have exceeded 1 Tbps while the average DDoS attack peaked at 14.1 Gbps in the first quarter of 2017, according to Verisign’s DDoS trends report. The largest volumetric and highest intensity DDoS attack observed by Verisign in Q1 2017 was a multi-vector attack that peaked over 120 Gbps and around 90 Million packets per second (Mpps). This attack sent a flood of traffic to the targeted network inexcess of 60 Gbps for more than 15 hours. In a new report, Imperva warns about a new type of ferocious DDoS attack that uses ‘pulse waves’ to hit multiple targets. “Comprising a series of short-lived bursts occurring in clockwork-like succession, pulse wave assaults accounted for some of the most ferocious DDoS attacks we mitigated in the second quarter of 2017. In the most extreme cases, they lasted for days at a time and scaled as high as 350 gigabits per second (Gbps). We believe these represent a new attack tactic, designed to double the botnet’s output and exploit soft spots in traditional mitigation solutions,“ says Robert Hamilton, director, Imperva. “DDoS attacks are rarely complex. They are the result of a volumetric based attack which results in a platform, application or service being rendered unavailable for the user. The biggest changes we have seen through evolution over the last few years are mostly within the amount of bandwidth attackers have at their disposal. This is due to the amount of more interconnected devices we now have on the Internet. We have three main types of DDoS attack, one is a volumetric, which accounts for most DDoS attacks, secondly we have application and lastly protocol level attacks,” says Warren Mercer, security researcher at Cisco Talos. Ransom is another growing trend in DDoS. “Ransom related attacks seem to be a trending issue as of late. Too many organisations are paying out these ransom requests, in an effort to remove themselves from the cross hairs of a DDoS attack – this behaviour likely causes an increase in ransom attack activity. Besides the financial loss that a company may experience by paying the ransom, companies must consider that they will still be subject to a DDoS attack even after the ransom has been paid,” says Stephanie Weagle, VP, Corero. What do you do if you are a CISO dealing with massive DDoS attack? What are your tips for CISOs dealing with massive DDoS attacks? “First thing would be to make sure the network is well prepared for such attacks. Making sure that there are protections and processes in place is critical. It’s also important to remember that the DDoS attack might not be the actual attack but just a distraction,” says Kalle Bjorn, director-systems engineering, Fortinet. Mohammed Al Moneer, regional director, A10 Networks, says the challenge for defenders is to distinguish good and bad behaviour largely by analysing the instrumented data available from server logs and traffic behaviour reported from networking tools. In effect, threat hunting is the act of finding a needle in a haystack of logs and flow data. Unlike the stealth required for dropping malware or stealing data, DDoS is loud and does not hide in the shadows. Alaa Hadi, regional director, Arbor Networks, says these very large attacks must be mitigated in the cloud, as close to the source as possible. I would also caution CISOs that to have cloud protection is only a partial defence against modern DDoS attacks. They also target applications and infrastructure, like firewalls, with low and slow attacks that cannot be detected in the cloud. The place to protect against these attacks is on-premise, with a tight connection to the cloud, as a means of providing mitigation support for large attacks. Only with this multi-layer, hybrid approach is a business fully protected from DDoS attacks. Another alarming trend in DDoS has been the rise of DDoS attacks using IoT devices, as we have seen in the case of Mirai botnet, which infected tens of millions of connected devices. “IoT can have positive implications across several core industries such as manufacturing, retail, transportation, and healthcare. However, it’s important to bear in mind that a higher number of connected devices translates to more points of entry for attackers to penetrate. Criminals can leverage these end points to steal confidential information from businesses, distribute malware, or takeover the capacity and network bandwidth of connected ‘things’ to carry out massive strikes. The necessary tools and best practices to mitigate such threats are well-known and available in the application security field,” says Hadi Jaafarawi, managing director, Qualys Middle East. Bjorn from Fortinet adds compromised IoT devices are a massive potential traffic generator source for attackers. Securing the organisations own systems would prevent them from being used in attacks against others. Manufacturers should also work actively to ensure their own devices are fixed when vulnerabilities are found, unfortunately there are multiple IoT devices on the market that cannot be even upgraded, this means that the security will lie on the network where the devices connect to. Source: http://www.tahawultech.com/securityadvisorme/features/enterprises-fend-off-ddos/

View article:
How enterprises can fend off DDoS attacks

DDoS Extortion Group Sends Ransom Demand to Thousands of Companies

A group of DDoS extortionists using the name of Phantom Squad has sent out a massive spam wave to thousands of companies all over the globe, threating DDoS attacks on September 30, if victims do not pay a ransom demand. The emails spreading the ransom demands were first spotted by security researcher Derrick Farmer and the threats appear to have started on September 19 and continued ever since. Hackers looking for small $700 ransoms The emails contain a simple threat, telling companies to pay 0.2 Bitcoin (~$720) or prepare to have their website taken down on September 30. Sample of a Phantom Squad DDoS ransom email Usually, these email threats are sent to a small number of companies one at a time, in order for extortionists to carry out attacks if customers do not pay. This time, this group appears to have sent the emails in a shotgun approach to multiple recipients at the same time, a-la classic spam campaigns distributing other forms of malware. Because of this, several experts who reviewed the emails and ransom demands reached the conclusion that the group does not possess the firepower to launch DDoS attacks on so many targets on the same day, and is most likely using scare tactics hoping to fool victims into paying. Extortionists are not the sharpest tool in the shed The size of this email spam wave is what surprised many experts. Its impact was felt immediately on social media [1, 2, 3, 4] and on webmaster forums, where sysadmins went looking for help and opinions on how to handle the threat. Bleeping Computer reached out to several security companies to get a general idea of the size of this spam wave. “Not sure how widespread it is in terms of volume, but they are certainly spamming a lot of people,” Justin Paine, Head of Trust & Safety at Cloudflare, told Bleeping . “We’ve had 5 customers so far report these ‘Phantom Squad’ emails,” he added. “These geniuses even sent a ransom threat to the noc@ address for a major DDoS mitigation company.” Extortionists are “recycling” email text Radware engineers received similar reports, so much so that the company issued a security alert of its own. Radware security researcher Daniel Smith pointed out that the extortionists may not be the real Phantom Squad, a group of DDoS attackers that brought down various gaming networks in the winter of 2015 [1, 2]. Smith noticed that the ransom note was almost identical to the one used in June 2017 by another group of extortionists using the name Armada Collective. Those extortion attempts through the threat of DDoS attacks also proved to be empty threats, albeit some were successful. “The part that I find interesting is the low ransom request compared to the ransom request last month,” Smith told Bleeping Computer . “Last month a fake RDoS group going by the name Anonymous ransomed several banks for 100 BTC.” Experts don’t believe the group can launch DDoS attacks This shows an evolution in ransom DDoS (RDoS) attacks, with groups moving from targeting small groups of companies within an industry vertical to mass targeting in the hopes of extracting small payments from multiple victims. “This is what the modern RDoS campaign has come to,” Smith also said. “In the spring of 2016 after a lull in RDoS attacks, a group emerged calling themselves the Armada Collective, but their modus operandi had clearly changed. This group claiming to be Armada Collective was no longer targeting a small number of victims but instead were targeting dozens of victims at once without launching a sample attack.” “As a result, these attackers were able to make thousands of dollars by taking advantage of public fear and a notorious name. Several other copycat groups that emerged in 2016 and 2017 also leveraged the names of groups like, New World Hackers, Lizard Squad, LulzSec, Fancy Bear, and Anonymous.” “To launch a series of denial-of-service attacks, this group will require vast resources. Therefore, when a group sends dozens of extortion letters, they typically will not follow through with a cyber-attack,” Smith said. Smith’s opinion is also shared by Paine, who recently tweeted “ransom demands from this group = spam” and “empty threats, zero attacks from this copycat.” Victims should report extortion attempts to authorities Japan CERT has issued a security alert informing companies how to handle the fake demands by reporting the emails to authorities. Today, security researcher Brad Duncan also published an alert on the ISC SANS forums, letting other sysadmins and security researchers know not to believe the ransom threats. Source: https://www.bleepingcomputer.com/news/security/ddos-extortion-group-sends-ransom-demand-to-thousands-of-companies/

View original post here:
DDoS Extortion Group Sends Ransom Demand to Thousands of Companies

DDoS protection, mitigation and defense: 7 essential tips

Protecting your network from DDoS attacks starts with planning your response. Here, security experts offer their best advice for fighting back. DDoS attacks are bigger and more ferocious than ever and can strike anyone at any time. With that in mind we’ve assembled some essential advice for protecting against DDoS attacks. 1. Have your DDoS mitigation plan ready Organizations must try to anticipate the applications and network services adversaries will target and draft an emergency response plan to mitigate those attacks. [ Find out how DDoS attacks are evolving and bookmark CSO’s daily dashboard for the latest advisories and headlines. | Sign up for CSO newsletters. ] “Enterprises are paying more attention to these attacks and planning how they’ll respond. And they’re getting better at assembling their own internal attack information as well as the information their vendors are providing them to help fight these attacks,” says Tsantes. IBM’s Price agrees. “Organizations are getting better at response. They’re integrating their internal applications and networking teams, and they know when the attack response needs to be escalated so that they aren’t caught off guard. So as attackers are becoming much more sophisticated, so are the financial institutions,” she says. “A disaster recovery plan and tested procedures should also be in place in the event a business-impacting DDoS attack does occur, including good public messaging. Diversity of infrastructure both in type and geography can also help mitigate against DDoS as well as appropriate hybridization with public and private cloud,” says Day. “Any large enterprise should start with network level protection with multiple WAN entry points and agreements with the large traffic scrubbing providers (such as Akamai or F5) to mitigate and re-route attacks before they get to your edge. No physical DDoS devices can keep up with WAN speed attacks, so they must be first scrubbed in the cloud. Make sure that your operations staff has procedures in place to easily re-route traffic for scrubbing and also fail over network devices that get saturated,” says Scott Carlson, technical fellow at BeyondTrust. 2. Make real-time adjustments While it’s always been true that enterprises need to be able to adjust in real-time to DDoS attacks, it became increasingly so when a wave of attacks struck many in the financial services and banking industry in 2012 and 2013, including the likes of Bank of America, Capital One, Chase, Citibank, PNC Bank and Wells Fargo. These attacks were both relentless and sophisticated. “Not only were these attacks multi-vector, but the tactics changed in real time,” says Gary Sockrider, solutions architect for the Americas at Arbor Networks. The attackers would watch how sites responded, and when the site came back online, the hackers would adjust with new attack methods. “They are resolute and they will hit you on some different port, protocol, or from a new source. Always changing tactics,” he says. “ Enterprises have to be ready to be as quick and flexible as their adversaries.” 3. Enlist DDoS protection and mitigation services John Nye, VP of cybersecurity strategy at CynergisTek explains that there are many things enterprises can do on their own to be ready to adjust for when these attacks hit, but enlisting a third-party DDoS protection service may be the most affordable route. “Monitoring can be done within the enterprise, typically in the SOC or NOC, to watch for excessive traffic and if it is sufficiently distinguishable from legitimate traffic, then it can be blocked at the web application firewalls (WAF) or with other technical solutions. While it is possible to build a more robust infrastructure that can deal with larger traffic loads, this solution is substantially costlier than using a third-party service,” Nye says. Chris Day, chief cybersecurity officer at data center services provider Cyxtera, agrees with Nye that enterprises should consider getting specialty help. “Enterprises should work with a DDoS mitigation company and/or their network service provider to have a mitigation capability in place or at least ready to rapidly deploy in the event of an attack.” “The number one most useful thing that an enterprise can do — if their web presence is that critical to their business — is to enlist a third-party DDoS protection service,” adds Nye. “I will not recommend any particular vendor in this case, as the best choice is circumstantial and if an enterprise is considering using such a service they should thoroughly investigate the options.” 4. Don’t rely only on perimeter defenses Everyone we interviewed when reporting on the DDoS attacks that struck financial services firms a few years ago found that their traditional on-premises security devices — firewalls, intrusion-prevention systems, load balancers —were unable to block the attacks. “We watched those devices failing. The lesson there is really simple: You have to have the ability to mitigate the DDoS attacks before it gets to those devices. They’re vulnerable. They’re just as vulnerable as the servers you are trying to protect,” says Sockrider, when speaking of the attacks on banks and financial services a few years ago. Part of the mitigation effort is going to have to rely on upstream network providers or managed security service providers that can interrupt attacks away from the network perimeter. It’s especially important to mitigate attacks further upstream when you’re facing high-volume attacks. “If your internet connection is 10GB and you receive a 100GB attack, trying to fight that at the 10GB mark is hopeless. You’ve already been slaughtered upstream,” says Sockrider. 5. Fight application-layer attacks in-line Attacks on specific applications are generally stealthy, much lower volume and more targeted. “They’re designed to fly under the radar so you need the protection on-premises or in the data center so that you can perform deep-packet inspection and see everything at the application layer. This is the best way to mitigate these kinds of attacks,” says Sockrider. “Organizations will need a web protection tool that can handle application layer DoS attacks,” adds Tyler Shields, VP of Strategy, Marketing & Partnerships at Signal Sciences. “Specifically, those that allow you to configure it to meet your business logic. Network based mitigations are no longer going to suffice,” he says. Amir Jerbi, co-founder and CTO is Aqua Security, a container security company, explains how one of the steps you can take to protect against DDoS attacks is to add redundancy to an application by deploying it on multiple public cloud providers. “This will ensure that if your application or infrastructure provider is being attacked then you can easily scale out to the next cloud deployment,” he says. 6. Collaborate The banking industry is collaborating a little when it comes to these attacks. Everything they reveal is carefully protected and shared strictly amongst themselves, but in a limited way, banks are doing a better job at collaborating than most industries . “They’re working among each other and with their telecommunication providers. And they’re working directly with their service providers. They have to. They can’t just work and succeed in isolation,” says Lynn Price, IBM security strategist for the financial sector. For example, when the financial services industry was targeted, they turned to the Financial Services Information Sharing and Analysis Center for support and to share information about threats. “In some of these information-sharing meetings, the [big] banks are very open when it comes to talking about the types of attacks underway and the solutions they put into place that proved effective. In that way, the large banks have at least been talking with each other,” says Rich Bolstridge, chief strategist of financial services at Akamai Technologies. The financial sector’s strategy is one that could and should be adopted elsewhere, regardless of industry. 7. Watch out for secondary attacks As costly as DDoS attacks can be, they may sometimes be little more than a distraction to provide cover for an even more nefarious attack. “DDoS can be a diversion tactic for more serious attacks coming in from another direction. Banks need to be aware that they have to not only be monitoring for and defending the DDoS attack, but they also have to have an eye on the notion that the DDoS may only be one aspect of a multifaceted attack, perhaps to steal account or other sensitive information,” Price says. 8. Stay vigilant Although many times DDoS attacks appear to only target high profile industries and companies, research shows that’s just not accurate. With today’s interconnected digital supply-chains (every enterprise is dependent on dozens if not hundreds of suppliers online), increased online activism expressed through attacks, state sponsored attacks on industries in other nations, and the ease of which DDoS attacks can be initiated, every organization must consider themselves a target. So be ready, and use the advice in this article as a launching point to build your organization’s own anti-DDoS strategy. Source: https://www.csoonline.com/article/2133613/network-security/malware-cybercrime-ddos-protection-mitigation-and-defense-7-essential-tips.html

More:
DDoS protection, mitigation and defense: 7 essential tips

Destructive cyberattacks are only going to get worse

Overlooked among the stark headlines of the sheer scale of personal information hackers stole from credit monitor Equifax, was a Symantec reportdemonstrating that Dragonfly, a cyber-espionage group, continues to escalate its access to energy facilities’ operational systems in the United States, Turkey, and Switzerland. More than simple exploration and espionage, the report shows a clear step towards pursuing sabotage and destruction, a trend that’s become more common alongside rising geopolitical tensions. This latest cause for alarm should not be viewed as an anomaly but as the current state-of-cyber in 2017 and beyond. Over the last decade, destructive attacks have been targeting an increasing number and variety of organizations and critical infrastructure, but there has been a noticeable spike over the last year. In December, Crash Override, destructive malware largely attributed to Russia, struck the Ukraine power grid with a highly customized attack that could control the grid circuit switches and breakers. A few weeks earlier, Shamoon 2.0 surfaced, targeting Saudi government entities, infecting thousands of machines and spreading to Gulf states. Soon after, Stonedrill, another destructive malware, surfaced, targeting Saudi entities and at least one European organization. These attacks are also evolving and bringing additional effects into play. For example, KillDisk, malware with a wiper component, has recently been updated with a ransomware component. On the other hand, NotPetya masqueraded as ransomware, but was likely a targeted wiper malware attack focused on destabilizing business and state organizations in Ukraine. Dragonfly itself reflects an escalation in objectives from general intelligence gathering towards the system control that necessary for more damaging sabotage. This sort of escalation to destructive attacks usually occurs between interstate rivals with a higher propensity for conflict. In 2009, the North Korea-linked Dark Seoul gang was among the first to deploy wiper malware within a larger campaign, targeting the United States and South Korea with a combination of DDoS attacks and wiper malware. Similarly, following the Iran nuclear agreement, Iran and Saudi Arabia’s relative cyber ceasefire from 2012-15 gave way to a major escalation of tit-for-tat attacks on websites prior to Shamoon 2.0 and Stonedrill. More recently, the back-and-forth between Russia and Ukraine represents the most prominent use of these destructive attacks and the best example of a major power attacking smaller country. In many of these instances, private sector organizations are caught in the crossfires. NotPetya may cost shipping giant Maersk $300 million even though, by most accounts, it was not the intended target. Unfortunately, many of these attack vectors and destructive malware are now in the wild and are likely to be deployed by other groups. Dragonfly is just the latest reminder that attackers are increasingly brazen, and critical infrastructure remains a prime target. Unlike the series of publicized destructive attacks that have been slowly on the rise for the last decade, we see no proof of actual sabotage with Dragonfly, but pre-positioning is probably underway. We should not panic that the grid is about to go down, but we must pay attention to the trend. Furthermore, although the energy sector is a prime target for destructive attacks, enterprises in other industries including media (I’m looking at you, HBO), finance and beyond must also be ready to protect themselves. As long as geopolitical tensions remain high, and with the growing open source proliferation of nation-state malware, this trend is unlikely to abate any time soon. Source: http://www.businessinsider.com/equifax-breach-proves-that-cyber-attacks-are-only-going-to-get-worse-2017-9

View original post here:
Destructive cyberattacks are only going to get worse

DOSarrest Rolls Out all New DDoS Protection Software

VANCOUVER, British Columbia, Sept. 11, 2017 (GLOBE NEWSWIRE) — DOSarrest Internet Security announced today that they have released their new DDoS protection software, along with a number of other advances and upgrades. This is DOSarrest’s 5th major release since starting in the fully managed cloud based DDoS protection service in 2007. This latest release is a complete rewrite of DOSarrest’s front end and backend systems utilizing the latest software development tools and technologies. Some of the new enhancements include. All new customer facing portal with 15 real-time, interactive traffic statistics displays. Complete new back end with new security features that can be deployed live in seconds All new big data analytics engine for faster real-time and historical statistics displays Machine learning module for traffic anomaly and bot detection All new larger routers and increased upstream capacity in all global locations Mark Teolis, CEO at DOSarrest, explains, “We are in our 11th year of providing a fully managed cloud based DDoS protection service, and if there’s one thing we have learned it’s that you’d better be ahead of the bad actors. This new release was developed with extreme flexibility in mind; we can basically analyze and create a feature that will stop any sophisticated attacks not yet even seen in the wild.” Teolis adds, “The biggest misconception in the DDoS protection world is that you only need capacity to fend off DDoS attacks, but in reality your chance of being hit by a small 10Mb/sec attack that will take your site down is millions of times greater.” About DOSarrest Internet Security: DOSarrest founded in 2007 in Vancouver, B.C., Canada is one of only a couple of companies worldwide to specialize in only cloud based DDoS protection services. Additional Web security services offered are Cloud based W eb A pplication F irewall (WAF) , V ulnerability T esting and O ptimization (VTO) , DataCenter Defender-GRE as well as cloud based global load balancing . Source: https://www.dosarrest.com/news-and-events/dosarrest-rolls-out-all-new-ddos-protection-software/

Continued here:
DOSarrest Rolls Out all New DDoS Protection Software

Sharing is caring, but keep your botnets to yourself

Sharing economy apps are prime targets for malicious attacks. The boom of mobile applications has superseded traditional services, revolutionising customer experience as we know it. In Australia, peer-to-peer services are being embraced by millions of consumers. A 2017 report by RateSetter revealed, 65% of Australians used sharing economy services like Uber and Airbnb in the past 6 months, with that set to increase to 75% in the next six months. With users willing to share personal details and financial information for the benefit of convenience or speed, these apps themselves are now a prime target for malicious attacks. These attacks paralyse services potentially for ransom, or worse, to unleash or amplify Distributed Denial of Service (DDoS) attacks to exploit users’ data. The very nature of DDoS attacks are changing to reflect the app boom. Old fashioned ‘network-layer’ DDoS attacks (the big bandwidth volumetric ones we read about) are being overtaken by smarter ‘application-layer’ attacks which interject the good application requests with the bad, harder to identify ones. As sharing economy apps become prime targets for malicious attacks, so do the services they connect to – and digital transformation means that many of those services are now in the cloud, or were born there natively. Big brands that have a huge amount of consumer data like Airbnb or Uber are moving quickly to the cloud. Airbnb migrated almost all of its cloud computing functions to Amazon Web Services (AWS) only after a year of starting and Uber has been in talks with the likes of Google, Microsoft and Amazon. The underlying danger of DDoS According to Neustar’s 2017 ‘Worldwide DDoS Attacks and Cyber Insights Research Report’, 84% of organisations surveyed globally were hit by a DDoS attack in the last 12 months, and 86% of these organisations were hit multiple times. Within the broader spectrum of risks for corporate security and IT decision makers, DDoS attacks present a growing challenge for several reasons. Firstly, the number of vulnerable devices has dramatically increased and so too has the level to which DDoS attacks have become automated and commoditised. Where a connection to the Internet previously required something that was more traditionally like a computer, IoT and cloud convergence have enabled even light bulbs to be connected to a network – providing an increased number of sources generating traffic. Secondly, according to Telstra’s 2017 cybersecurity report, 59% of Australian businesses experienced a DDoS attack on at least a yearly basis, with only 36% reporting a recovery time of within 30 minutes – and that’s a potential 30 minutes of app downtime in an economy where the patience of web and mobile users is measured in seconds. Security must be embedded in company culture Large scale DDoS attacks, like the Mirai botnet, gained significant media coverage after successfully impacting sites and services like Amazon, PayPal, Reddit and Twitter. If DDoS can disrupt giants like Amazon, then sharing economy apps like GoGet and Airtasker can become prime targets too, resulting in loss of revenue or customer loyalty. Organisations should strengthen their stance against all types of attacks and invest in smarter cyber security solutions. An important first step should be to cultivate a culture of cyber security awareness to create on-going conversations across all business units and functions. Anyone who has low awareness of cyber security and does not embrace good digital hygiene can be a weak link. Most importantly, security assessments must be an integral part of the application development framework, not an afterthought. Having securely coded applications will not only protect critical data at source, but will also enhance customer experiences and their confidence in an organisation. Ultimately, these simple yet effective measures integrated into every aspect of the organisation will ensure that customer trust is retained and the organisation’s bottom line is protected. Whilst the sharing economy is a prime target for attacks, with well-designed security infrastructure and best practices in place, we can be confident that it will continue to thrive and users’ personal data will remain secure. Source: https://www.computerworld.com.au/article/627122/sharing-caring-keep-your-botnets-yourself/?

Continue reading here:
Sharing is caring, but keep your botnets to yourself

Machine Learning in the DOSarrest Operations

Machine Learning can appear in many different forms and guises, but a general definition of Machine Learning usually incorporates something about computers learning without explicit programming and being able to automatically adapt. And while Machine Learning has been around for decades as a concept, it’s become more of a reality as computational power continues to increase, and the proliferation of Big Data platforms making it easier to capture floods of data. These developments have made ML practical and garnered a lot of interest, as evidenced by the large number of articles in the last two years surrounding AI and machine Learning However despite all this, the adoption of this Machine Learning is still relatively low amongst companies in the tech landscape (Gartner estimating that fewer than 15 percent of enterprises successfully get machine learning into production). And even when you hear about Company X adopting a machine learning strategy, it’s often conflated with another strategy or service within that company, and not truly realizing the automated ‘adaptiveness’ inherent within ML. Those companies that do realize a proper machine learning strategy, understanding and grooming their data as well as identifying the appropriate model/s can see real benefits to their operations, which is why DOSarrest has been developing such a strategy over the last year. Here at DOSarrest, we’ve been focusing on building an Anomaly Detection engine, focusing on the constantly evolving sophisticated application layer attacks. We collect huge amounts of data from disparate sources (e.g. Customized web logs, snmp and flow data, IDS logs, etc.), even when customers are not under attack. This provides an opportunity to identify baselines even in a multi tenant environment. As you would expect, there is a high degree of cardinality within some of the data fields, which can be challenging to work with when working with data in motion, but can have great benefits. With these huge structured data sets, we are able to identify KPI’s (Key Performance Indicators) and statistics that can be leveraged by the engine to identify anomalous behavior and brought to the attention of the Security Ops team, who are then able to investigate and act on the identified pattern. The engine continues to refine the probability of a metric, becoming more accurate over time in determining the severity of an anomaly. The strategy holds great promise, and further developments and refinements to this model will continue to evolve the best Security Operations Center in the business. A more detailed view of an anomaly – this shows a single IP requesting more than 60 times more frequently than a normal visitor. This screen gives an overview of any anomalies, organized by relevant factors. In this case the remote IP address of the requestor. Jag Bains CTO, DOSarrest Internet Security Source: https://www.dosarrest.com/ddos-blog/machine-learning-in-the-dosarrest-operations

Read the article:
Machine Learning in the DOSarrest Operations

Bigger Online Super Series Cancelled due to DDoS Attacks

The Winning Poker Network has cancelled the third leg of its OSS Cub3d series – the Bigger Online Super Series – due to the threat of further DDoS attacks. The Winning Poker Network´s Bigger Online Super Series (BOSS) was scheduled to be a superb finale to a hugely successful three-tiered OSS Cub3d tournament series. The series had started incredibly well, with events in the Mini Online Super Series beating their guarantees by an average of 67% and the “meat in the sandwich” – the Online Super Series – performing much better than had been expected . However, towards the end of last week, a series of DDoS attacks disrupted the series. Connection issues resulted in the cancellation of tournaments – not only the feature events in the Online Super Series, but also many qualifying satellites for the Million Dollar Sunday. Fortunately, the Million Dollar Sunday event was able to go ahead but, due to fears of further disruption, the Winning Poker Network has decided to cancel the remaining events in the OSS Cub3d schedule. New OSS Cub3d Series Scheduled for Later this Month Announcing the cancellation of the Bigger Online Super Series via the Americas Cardroom Twitch stream, the Winning Poker Network´s CEO – Phil Nagy – explained that the measures needed to be put in place to mitigate the threat of further DDoS would not be completed by Wednesday (the start date for the Bigger Online Super Series). He said rather than risk further frustration and disappointment , he was cancelling the series and rescheduling it for later in the month. Rather than just run the seventeen events cancelled from this week, the Winning Poker Network´s CEO announced a whole new OSS Cub3d series that will run from September 24th to October 22nd and feature two Million Dollar Sunday events – one with a half-price buy-in of just $265.00. Nagy said he would also honour the current finishing positions in the OSS Cub3d leaderboard promotion and give Punta Cana Poker Classic packages to the players occupying the top three positions. New Software and Updated Servers will Help Mitigate DDoS Threat Nagy is confident the rescheduled OSS Cub3d series will be able to go ahead without players suffering the disconnection issues that disrupted last weekend´s events. Within two weeks, new software will be released on updated servers that should be able to withstand DDoS attacks . The long-awaited WPN V2 poker client should also provide players with a more enjoyable online poker experience as many of the bugs that exist with the current version of the software have reportedly been fixed. Nagy also announced the Americas Cardroom mobile app is due to be released next week. First put into development in January, and expected to take between nine and twelve weeks, the app will support games of Jackpot Poker and Sit & Go 2.0 . It is not known whether the app will be available for all skins on the Winning Poker Network so, players wanting to play these games on the go may have to create an account with Americas Cardroom in order to access them. Bad Pelican Takes Million Dollar Sunday for $269,800 The fact that the Million Dollar Sunday event was able to go ahead last weekend was good news for “Bad Pelican”. The infrequent visitor to the Winning Poker Network topped a field of 2,698 to collect the $269,800 first prize after fourteen hours of play . The massive field ensured the million dollar guarantee was met and, in total, 405 players cashed in the event. The volume of players on the Winning Poker Network also ensured guarantee-busting prize pools for most of the weekend´s tournaments. Hopefully the next OSS Cub3d series should go without a hitch. As sites on the Winning Poker Network continue to add new features and player benefits, there will be huge expectations for the next OSS Cub3d series , and it will be a huge disappointment – not least for CEO Phil Nagy – if any of the tournaments have to be cancelled due to DDoS attacks or other connection issues. Source: http://www.pokernewsreport.com/bigger-online-super-series-cancelled-due-to-ddos-attacks-21870

Link:
Bigger Online Super Series Cancelled due to DDoS Attacks