Tag Archives: blocking-ddos

Expect an increase in ransomware and DDoS attack combos in 2017

“Follow the money” is a popular catchphrase attributed to the 1976 movie All The President’s Men suggesting a money trail or corruption scheme within high (often political) office. Cybercriminal actors are certainly following the advice. The Deloitte Global Cyber Executive Briefing on E-Commerce & Online payments suggests that as retailers discover the financial rewards of having an e-commerce website, criminals are not far behind. But while robbing a brick and mortar store is wrought with risk of getting caught, the cyber world is proving much more lucrative relative to the effort and investments needed to execute a digital heist. For every e-commerce site that goes up, the potential target expands to include merchant, payment service provider, card company, suppliers, banks and buying customer. That is because e-commerce websites are directly connected both to the internet and to the business’ back-end systems for data processing and supply management. This makes e-commerce website a prime attack point for gaining access to crucial information assets within the organization according to Deloitte. The fourth Neustar annual Worldwide DDoS Attacks and Cyber Insights Research Report reveals that attacks against the financial services and retail industries are on the rise. Industry respondents confirm that it is getting much longer for organizations to detect and respond as cyberattacks grow in volume, complexity and frequency. Financial services institutions (FSIs) under attack There is recognition among industry players that they remain at high risk of malware and data theft (44% in 2017 versus 37% in 2016). Ransomware appears to be on the rapid rise in financial services industry as respondents to the survey indicate an increase in reported attacks from 17% in 2016 to 28% a year later. Financial institutions are also investing against Distributed Denial of Service (DDoS) attacks with 91% of organizations putting in more resources in 2017 compared to 79% in 2016. FSIs continue to be one of the favored targets of hackers as 86% of surveyed respondents confirm being under attack in 2017, up 10% from the previous year. More worrisome is that 88% reported being under attack more than once. Retailers under attack Eighty percent of respondents said they were under attack in 2017, up 7% from 2016. Respondents to the survey also noted that it took longer for them to detect and respond to the attacks in 2017 compared to 2016 suggesting that attack are getting sophisticated. Retailers responding to the survey Industry confirmed that they are spending more for security in 2017 (87%) compared to 2016 (76%). Respondents also report that ransomware attacks have increased from 13% in 2016 to 21% in 2017. Asia Pacific under attack Among respondents in Asia Pacific, 33% reported average revenue loss of at least US$250,000 with 49% reporting ransomware and DDoS attacks occurring in concert. Time to detect for 49% of respondents in the region stood at about three hours while 42% said it was taking them at least three hours to respond following discovery of the attack. In response to escalating frequency, complexity and severity of malware and DDoS attacks, Robin Schmitt, general manager, APAC at Neustar recommended that IT and business leaders need to evaluate the effectiveness of existing security strategies. “The research shows that simply identifying an attack and depending on basic defenses is not enough. Organizations in the region need to adopt stronger defenses and innovative solutions to more quickly and effectively mitigate the growing risk and likely impact of a major DDoS attack,” he said. According to Neustar the data from the research suggests that 2017 will be another challenging one from a DDoS threat landscape perspective. Generic Routing Encapsulation (GRE) based flood attacks and Connectionless Lightweight Directory Access Protocol (CLDAP) reflection attacks are emerging as the new hot attack trends for 2017, suggesting that attackers are constantly eyeing new ways to turn legitimate infrastructure elements against their owners. Source: https://www.enterpriseinnovation.net/article/expect-increase-ransomware-and-ddos-attack-combos-2017-145803210

Original post:
Expect an increase in ransomware and DDoS attack combos in 2017

Major French news sites victim of DDoS attack

Major news sites in France including Le Monde and Le Figaro went down yesterday in the fallout of a DDoS attack. Many of the biggest French news sites were hit by a DDoS attack on a Portland, Oregon cloud computing company – Cedexis. The attack caused the sites to go dark. Dr Malcolm Murphy, technology director at Infoblox said “This is the latest in a run of cyber attacks in France – only a week ago newly elected French President Macron’s emails were leaked by hackers. This latest attack highlights the importance of organisations prioritising cyber defences at a time when commonly deployed cyberattacks are being used to disrupt both political processes and organisations.” Bloomberg reported that Le Monde and Le Figaro were two of the websites that crashed. “At approximately 2 p.m. GMT (7 a.m. Pacific time), the Cedexis infrastructure came under a unique and sophisticated distributed denial of service (DDOS) attack,” Cedexis said in a written statement. “This attack caused a partial but widespread outage that affected many of our customers. Our customers are our number one priority and at this time, the attack is being mitigated, and services are being restored.” DDoS attacks have grown in prevalence as more and more unsecure Internet of Things (IoT) devices have entered the market. Murphy suggested that “DDoS attacks in particular are growing in both frequency and sophistication. Whilst there is no easy solution to securing DNS, there are a few steps that an organisation’s IT team can take to help mitigate and respond to DNS-based DDoS attacks.” “Organisations who don’t know their query load will never know when they’re under attack. By using statistical support, administrators can help analyse their data for attack indicators. Whilst it may not always be clear what an attack looks like, anomalies will be more easily identifiable. IT teams should also continually scrutinise internet-facing infrastructure for single points of failure by going beyond external authoritative name servers, and checking on the switch and router interactions, firewalls, and connections to the internet.” Source: http://www.information-age.com/major-french-news-sites-victim-ddos-attack-123466206/

More:
Major French news sites victim of DDoS attack

How Shall DDoS Attacks Progress In The Future?

In recent months we have witnessed a rise in new and significantly high-volume distributed denial of service (DDoS) attacks. The venomous nature Mirai botnet Mirai botnet is a prime example in this case. Involved in a string of DDoS attacks in recent months, including the one on DNS provider Dyn in October, the botnet is said to have a population of around 300,000 compromised IoT devices. Its population could increase significantly if hackers somehow amend the source code to include the root credentials of many other devices not currently employed by the botnet. Cybersecurity experts predict that Mirai botnet, and others like it, will become more complex as 2017 progresses. Hackers are always to evolve, and once they do, they’d adapt the botnet to new DDoS attacking methods. It is believed that Mirai currently contains around 10 different DDoS attack techniques which are being utilized by hackers to initiate an attack. These will obviously increase as 2017 progresses. Corporate giants need to fear the possibility of more DDoS attacks Mirai botnet is only the first of many examples. The motivation for DDoS attacks are endless, and the range of these attacks is expanding into political and economic domains. Though, previously these attacks were restricted to small websites. Now, they have the potential to disrupt websites of internet giants including BBC, Dyn and Twitter. Our entire digital economy depends upon access to the Internet, so organizations should think carefully about business continuity in the wake of such events. Individual DDoS attacks, on average, cost large enterprises $444,000 per incident in lost business and IT spending, so the combined economic impact from an entire region being affected would be extremely damaging. Some argue that companies must place back-up telephone systems in place to communicate with customers in case of a DDoS attack. Though, beneficial for small companies, this will certainly not help internet giants like Amazon, Alibaba and other such services. DDoS attacks on gamers According to multiple surveys, gamers are a big target of DDoS attacks. Over recent years, gaming has gradually shifted towards an online model, and things will continue moving in this direction. However, sometimes to get undue advantage, hackers often hit rival gamers with DDoS attacks in order to win the game in a cheap manner. ISPs Need to Play a Role in Reducing DDoS Attacks In the wake of recent IoT-related DDoS attacks, experts encourage manufacturers to install multiple security protocols on internet connected devices before they are sold to customers. Though, this may help in reducing the strength of future DDoS attacks, ISPs still need to play a major role in eliminating the threat of future DDoS attacks. At least on a local level, ISPs could reduce the overall volume of DDoS attacks significantly under their domain by employing systems and features which could help detect and remediate infected bots that are used to launch DDoS attacks. A nexus of ISPs, device manufacturers, the government and internet giants can greatly help in reducing the threat of future DDoS attacks. The internet community is paying attention to problems related to DDoS attacks, and network operators and internet giants are looking for ways to address this issue. If this nexus operates together and works hard enough to protect the integrity of the internet, we may make tremendous progress in defeating the threat of DDoS attacks once and for all! Source: http://www.informationsecuritybuzz.com/articles/shall-ddos-attacks-progress-future/

See more here:
How Shall DDoS Attacks Progress In The Future?

Teenage hacker jailed for masterminding attacks on Sony and Microsoft

Adam Mudd jailed for two years for creating attack-for-hire business responsible for more than 1.7m breaches worldwide. A man has been jailed for two years for setting up a computer hacking business that caused chaos worldwide. Adam Mudd was 16 when he created the Titanium Stresser program, which carried out more than 1.7m attacks on websites including Minecraft, Xbox Live and Microsoft and TeamSpeak, a chat tool for gamers. He earned the equivalent of more than £386,000 in US dollars and bitcoins from selling the program to cyber criminals. Mudd pleaded guilty and was sentenced at the Old Bailey. The judge, Michael Topolski QC, noted that Mudd came from a “perfectly respectable and caring family”. He said the effect of Mudd’s crimes had wreaked havoc “from Greenland to New Zealand, from Russia to Chile”. Topolski said the sentence must have a “real element of deterrent” and refused to suspend the jail term. “I’m entirely satisfied that you knew full well and understood completely this was not a game for fun,” he told Mudd. “It was a serious money-making business and your software was doing exactly what you created it to do.” Mudd showed no emotion as he was sent to a young offender institution. During the two-day hearing, Jonathan Polnay, prosecuting, said the effect of Mudd’s hacking program was “truly global”, adding: “Where there are computers, there are attacks – in almost every major city in the world – with hotspots in France, Paris, around the UK.” The court heard that Mudd, who lived with his parents, had previously undiagnosed Asperger syndrome and was more interested in status in the online gaming community than the money. The court heard that the defendant, now 20, carried out 594 of the distributed denial of service (DDoS) attacks against 181 IP addresses between December 2013 and March 2015. He has admitted to security breaches against his college while he was studying computer science. The attacks on West Herts College crashed the network, cost about £2,000 to investigate and caused “incalculable” damage to productivity, the court heard. On one occasion in 2014, the college hacking affected 70 other schools and colleges, including Cambridge, Essex and East Anglia universities as well as local councils. Mudd’s explanation for one of the attacks was that he had reported being mugged to the college but claimed no action was taken. Polnay said there were more than 112,000 registered users of Mudd’s program who hacked about 666,000 IP addresses. Of those, nearly 53,000 were in the UK. Among the targets was the fantasy game RuneScape, which had 25,000 attacks. Its owner company spent £6m trying to defend itself against DDoS attacks, with a revenue loss of £184,000. The court heard that Mudd created Titanium Stresser in September 2013 using a fake name and address in Manchester. He offered a variety of payment plans to his customers, including discounts for bulk purchases of up to $309.99 for 30,000 seconds over five years as well as a refer-a-friend scheme. Polnay said: “This is a young man who lived at home. This is not a lavish lifestyle case. The motivation around this we tend to agree is about status. The money-making is by the by.” When he was arrested in March 2015, Mudd was in his bedroom on his computer, which he refused to unlock before his father intervened. Mudd, from Kings Langley in Hertfordshire, pleaded guilty to one count of committing unauthorised acts with intent to impair the operation of computers; one count of making, supplying or offering to supply an article for use in an offence contrary to the Computer Misuse Act; and one count of concealing criminal property. Ben Cooper, defending, appealed for his client to be given a suspended sentence. He said Mudd had been “sucked into” the cyber world of online gaming and was “lost in an alternate reality” after withdrawing from school because of bullying. Mudd, who was expelled from college and now works as a kitchen porter, had been offline for two years, which was a form of punishment for any computer-obsessed teenager, Cooper said. The “bright and high-functioning” defendant understood what he did was wrong but at the time he lacked empathy due to his medical condition, the court heard. Cooper said: “This was an unhappy period for Mr Mudd, during which he suffered greatly. This is someone seeking friendship and status within the gaming community.” But the judge said: “I have a duty to the public who are worried about this, threatened by this, damaged by this all the time … It’s terrifying.” Source: https://www.theguardian.com/technology/2017/apr/25/teenage-hacker-adam-mudd-jailed-masterminding-attacks-sony-microsoft

Link:
Teenage hacker jailed for masterminding attacks on Sony and Microsoft

‘One in five’ British firms hit by cyber attack in 2016

One in five British firms was hit by a cyber attack last year, research from the British Chambers of Commerce suggests Cyber attacks are a growing threat to global business operations. This was confirmed by research from the British Chambers of Commerce (BCC), which surveyed 1,200 companies, revealing that one in five British businesses experienced a cyber attack last year. Larger businesses – defined as those with over 100 staff – were more likely to be attacked than smaller counterparts, according to the survey. The report found that 42% of larger organisations had suffered a cyber attack, compared with 18% of smaller ones. Clearly, more needs to be done by businesses to protect themselves. Indeed, the BCC’s report alos found that only a quarter of the firms surveyed had put in security protocols to protect themselves from hackers and cyber threats. The well documented data breaches of web giant Yahoo, telecoms firm TalkTalk and the dating website Ashley Madison have all hit the headlines in recent years. But this survey has shown just how widespread the problem is. It is endemic. “Cyber attacks risk companies’ finances, confidence and reputation, with victims reporting not only monetary losses, but costs from disruption to their business and productivity,” said BCC director-general Adam Marshall. “Firms need to be proactive about protecting themselves from cyber attacks.” Reacting to the news, Anton Grashion, managing director-security practice at Cylance, said “This is probably an underestimate if anything. Two reasons for this, firstly, this assumes they even know they have been hit, secondly people are more likely to under-report.” “Evidence of our testing when we run a POC with prospective customers is that we almost invariably discover active malware on their systems so it’s the unconscious acceptance of risk that plagues both large and small businesses.” Stephanie Weagle, VP at Corero Network Security, has identified DDoS attacks as the greatest cyber threat facing business. She said “Attackers will always find new exploits, and new attack methods of disrupting financial opportunity, extortion, accessing personally identifiable data, and disrupting an organisations online availability. Cyber attack activity is prevalent today, more than ever – especially when it comes to DDoS attacks.” DDoS attacks are on the rise and “continue to increase in frequency, scale and sophistication over the last year. 31% of IT security professional and network operators polled in a 2017 survey conducted by Corero experienced more DDoS attacks than usual in recent months, with 40% now experiencing attacks on a monthly, weekly or even daily basis. Source: http://www.information-age.com/major-flaws-devops-teams-security-123465765/

See more here:
‘One in five’ British firms hit by cyber attack in 2016

Did hackers fix the Brexit vote with DDoS?

The concerns around nation-state hackers echoes recent concerns regarding the US and French presidential elections. A new report has raised concerns about the possible interference by nation-state hackers in the run-up to the Brexit vote. The Commons Public Administration and Constitutional Affairs Committee (PACAC) said that MPs were concerned about foreign interference in last year’s Brexit vote. Although the report does not specifically identify the hackers or malicious actors responsible, it was noted that Russia and China were known to launch cyber attacks based on an understanding of mass psychology. Many will note that the report echoes the recent claims and concerns surrounding Russia and its influence in the US and French presidential elections. The report was launched to investigate the outage of the voter registration government website, with the outage hitting on one of the last days in the run-up to the vote, June 7. The government was forced to extend the deadline to register to vote in the EU referendum, allowing two further days for people to register. The outage left tens of thousands of potential voters unable to complete registration, sparking a major voter registration row amongst the UK government and the Electoral Commission. Debate was further fuelled by arguments that the outage may disenfranchise voters and swing important votes. John Rakowski, Director of Technology Strategy at AppDynamics, said at the time: “”Digital technology has revolutionised the way we interact with organisations – from shopping to banking, and now voting. The impact of young voters on the outcome of the EU referendum is unquestionable and technology plays a vital role. It’s unacceptable that thousands of Brits were left unable to vote due to an IT glitch that should have been anticipated and planned for months ago.” Although an IT glitch was blamed at the time of the outage, the new report by MP’s points to a possible DDoS attack, but downplays its role in the referendum outcome. “The crash had indications of being a DDOS ‘attack’. We understand that this is very common and easy to do with botnets… The key indicants are timing and relative volume rate,” the committee’s report said. While the committee did not point the Brexit finger of blame at the website outage, it did note that lessons must be learned. While pointing to other nation states, the MP’s report said that it was crucial that the lessons learnt from this incident must extend past the purely technical. “The US and UK understanding of ‘cyber’ is predominantly technical and computer network-based,” the report said. “For example, Russia and China use a cognitive approach based on understanding of mass psychology and of how to exploit individuals. “The implications of this different understanding of cyber-attack, as purely technical or as reaching beyond the digital to influence public opinion, for the interference in elections and referendums are clear. “PACAC is deeply concerned about these allegations about foreign interference,” the report concluded. However, due to the simplistic nature of the supposed DDoS attack on the voter registration site, many experts are saying that it is not the work of state hackers. “This is a very serious allegation, and it should be thoroughly investigated by all appropriate means. However, I doubt that a serious actor, such as a nation state for example, can be behind this particular DDoS attack,” said Ilia Kolochenko, CEO of web security firm, High-Tech Bridge. “Governments have enough technical and financial resources to create smart botnets, simulating human behavior that would be hardly distinguishable from legitimate website visitors. Running a classic DDoS attack is too coarse, and would rather attract unnecessary attention to the external interference, trigger investigations and all other outcomes that smart attackers would avoid at any price.” Source: http://www.cbronline.com/news/cybersecurity/breaches/hackers-fix-brexit-vote-ddos/

See original article:
Did hackers fix the Brexit vote with DDoS?

Canada one of sources for destructive IoT botnet

Canada is among the countries that have been stung by a mysterious botnet infecting Internet-connected devices using the Linux and BusyBox operating systems that essentially trashes the hardware, according to a security vendor. Called a Permanent Denial of Service attack (PDoS) – also called “plashing” by some – the attack exploits security flaws or misconfiguration and goes on to destroy device firmware and/or basic functions of a system, Radware said in a blog released last week. The first of two versions has rendered IoT devices affected into bricks, which presumably is why the attack has been dubbed the BrickerBot. A second version goes after IoT devices and Linux servers. “Over a four-day period, Radware’s honeypot recorded 1,895 PDoS attempts performed from several locations around the world,” the company said in the blog. “Its sole purpose was to compromise IoT devices and corrupt their storage.” After accessing a device by brute force attacks on the Telnet login, the malware issues a series of Linux commands that will lead to corrupted storage, followed by commands to disrupt Internet connectivity, device performance, and the wiping of all files on the device. Vulnerable devices have their Telnet port open. Devices tricked into spreading the attack — mainly equipment from Ubiquiti Networks Inc. including wireless access points and bridges with beam directivity — ran an older version of the Dropbear secure shell (SSH) server. Radware estimates there are over 20 million devices with Dropbear connected to the Internet now which could be leveraged for attacks. Targets include digital video cameras and recorders, which have also been victimized by the Mirai or similar IoT botnets. According to Radware, the PDoS attempts it detected came from a limited number of IP addresses in Argentina, the U.S., Canada, Russia, Iran, India, South Africa and other countries. Two versions of the bot were found starting March 20: Version one, which was short-lived and aimed at BusyBox devices, and version two, which continues and has a wider number of targets. While the IP addresses of servers used to launch the first attack can be mapped, the more random addresses of servers used in the second attack have been obscured by Tor egress nodes. The second version is not only going after IoT devices but also Unix and Linux servers by adding new commands. What makes this botnet mysterious is that it wipes out devices, rather than try to assemble them into a large dagger that can knock out web sites – like Mirai. “BrickerBot 2 is still ongoing,” Pascal Geenens, a Radware security evangelist based in Belgium, said in a phone interview this morning. “We still don’t have an idea who it is because it’s still hiding behind the Tor network.” “We still have a lot of questions like where was it originating from, what is the motivation? One of them could be someone who’s angry at IoT manufacturers for not solving that [security] problem, maybe somebody who suffered a DDoS attack and wants to get back at manufacturers by bricking the devices. That way it solves the IoT problem and gets back at manufacturers. “Another idea that I have is maybe its a hacker that is running Windows-based botnets, which are more costly to maintain.” It’s easy to inspect and compromise an IoT device through a Telnet command, he explained, so IoT botnet are easy to assemble. That lowers the cost for a botnet-for-hire. By comparison Windows devices have to be compromised through phishing campaigns that trick end users into downloading binaries that evade anti-virus software. It’s complex. So Geenens wonders if a hacker’s goal here is to get into IoT botnets and destroy the devices, which then raises the value of his Windows botnet. Another theory is the attacker is searching for Linux-based honeypots — traps set by infosec pros — with default passwords. He also pointed out Unix or Linux-based servers with default credentials are vulnerable to the BrickerBot 2 attack. However, he added, there wouldn’t be many of those because during installation process Linux ask for creation of a root password, so there isn’t a default credential. The exception, he added, is a pre-installed image downloaded from the Internet. Administrators who have these devices on their networks are urged to change factory default credentials and disable Telnet access. Network and user behavior analysis can detect anomalies in traffic, says Radware. Source: http://www.itworldcanada.com/article/canada-one-of-sources-for-destructive-iot-botnet/392242

Read the original:
Canada one of sources for destructive IoT botnet

Identifying the three steps of DDoS mitigation

It’s not a matter of if you’re going to be DDoS attacked, it’s a matter of when – many APAC organisations fail to understand the threat and quantify the risk – right-sizing and verifying the solution is a must. When an attack occurs, the mature organisation is prepared to effectively mitigate the attack – protecting themselves (and in turn their clients and partners) from unacceptable financial and reputational impact. Let us look at these three steps, understand, quantify and mitigate, in detail. 1.Understand the threat The threat imposed by DDoS attacks in APAC is more significant than global counterparts. A recent Neustar survey showed that 77 percent of organisations within APAC have been attacked at least once, compared to 73 percent globally. Organisations within the region are also getting attacked more frequently, with 83 percent of those attacked being attacked more than once, and 45 percent having been attacked more than six times. In addition, attack sizes are steadily growing. In 2015, the average attack size identified by Neustar was about 5GB per second. By September 2016, average attack sizes had reached up to 7GB per second – and this was prior to the Mirai driven – IoT fuelled attacks – like those on Krebs, OVH and Dyn. Given this, we should expect a considerable rise in the mean size of volumetric attacks during 2017. We’ve also seen a steady increase in the number of multi-vector attacks – which now equates to about 50 percent of all DDoS attacks. In a multi-vector attack – the criminals are potentially aiming to distract an organisation with the DDoS attack while they go after their main target. They use the DDoS attack to draw away the organisations defensive capacity while they plant ransomware, breach the network or steal valuable data. Within APAC, compared to the global average of 25 percent, network breaches associated with a multi-vector attack is sitting at 33 percent, according to Neustar’s own data. This begs the question, are APAC organisations deficient when it comes to perimeter protection? When dealing with an attack, speed is critical. But surprisingly, within APAC, on average almost half of all organisations take over three hours to detect an attack and an additional three hours to respond. This is significantly higher than the global average of 29 percent and 28 percent respectively. Worryingly, slow detection and response can lead to huge damages financially. Around half of all organisations stand to lose an average of $100,000 per hour of peak downtime during an attack. To exacerbate this, half the attacked organisations were notified of the attack by a third party, inflicting additional potential reputational damage. 2.Quantify the risk If a person goes to insure their car, they’re not going to over or underinsure it. That is, they’re not going to pay a premium associated with a higher value car – if the car gets written-off, they’re only going to get the value of the car, not the extra value associated with the premium. Alternatively, if they are underinsured, they’re not going to get back the full value of the car – they will need to pay an additional amount to replace the car. When looking at a DDoS environment, it is a similar scenario. An organisation will want to make sure it understands the level of risk and apply the right mitigation and the right cost to protect that risk. Paying the cost for a DDoS mitigation that exceeds their requirements is like over insuring the car – you are paying a premium for a service that does not match your level of risk/potential loss. Similarly, implementing a DDoS mitigation that does not cover the risk will likely lead to additional costs, resulting from greater organisational impact and additional emergency response activities. Risk management is critical – rightsizing is a must – organisations need to prepare and implement a sound mitigation plan. To understand the severity of the risk DDoS imposes, organisations must quantify both probability and impact – tangible and intangible – and know the risk appetite and technical environment of the organisation. Once this information is gathered and the severity of the risk is understood, there are three key critical elements of producing a good mitigation plan that must be enacted: detection, response and rehearsal. 3.Mitigate the attack Detection; Timely detection is critical – slow detection greatly increases potential financial and reputational loss, and allows the attackers valuable time to initiate other attack vectors. Fortunately, there are several technologies out there that can be used to monitor both the physical and cloud-based environment. For example, organisations can use Netflow monitoring on border routers to detect a volumetric attack, or provide this data to a third-party for analysis and detection. Organisations can also look at using appliances to conduct automatic detection and response, again managed internally or by a third-party. In a cloud environment, there are plenty of cloud monitoring tools out there that allow companies to identify degradation and performance, CPU utilisation and latency, giving them an indication of when an attack occurs. Response; There are many DDoS mitigation solutions available, allowing organisations to match the solution to their requirements. In selecting a mitigation solution, it is important to review a complete range of options, and align the selected solution to the organisation’s risk exposure and technology infrastructure. For example an organisation operating in the cloud with a moderate risk exposure, might opt for a cloud based solution, pay-on-occurrence model. While a financial services company, operating its own infrastructure and exposed to substantial financial and reputational risk, would look for a hybrid solution, providing the best time to mitigate, low latency and near immediate failover to cloud mitigation for large volumetric attacks. Rehearsing; Once a DDoS mitigation service is selected and implemented, the detection and mitigation plan must be document and verified through testing. The frequency of testing a mitigation plan should be dependent on the level of risk. If in a high-risk environment, a business might want to rehearse monthly or quarterly. In a lower-risk environment, the organisation might stretch it out to yearly or biannually. By understanding the threat, quantifying the risk to the organisation and implementing a right-sized mitigation solution organisations can effectively and efficiently mitigate the risk of DDoS attacks. A well implemented and tested plan will protect an organisation from both financial and reputational damage, discouraging attackers, leading the wolf from your door, leaving them hunting for a softer target. Source: http://www.cso.com.au/article/617417/identifying-three-steps-ddos-mitigation/

Read the original post:
Identifying the three steps of DDoS mitigation

Identifying the three steps of DDoS mitigation

Read the original post:
Identifying the three steps of DDoS mitigation

Why hardware configurations could be the downfall of IoT

According to Trend Micro, The Internet of Things is opening up new opportunities for businesses as well as introducing a new era of convenience for consumers. However, in a blogpost, they warn of issues that can lead to the downfall of IoT and called for countries stiving to be a smart nation to be wary. More than 24 billion IoT devices will connect to each other and the internet by 2020, according to Business Insider, and that’s a conservative estimate. The Motley Fool noted that other tech giants are predicting anywhere from 50 billion to 200 billion IoT devices within the next three years. One thing is clear: The IoT is going to be big, and require a lot of management. After all, handling devices the wrong way could leave security gaps in your network. Hardware configurations could be the downfall of IoT, and it’s important for you to enable your systems appropriately. Systems at risk Most devices, including routers and printers, come with preset, easy passwords and inactivated security capabilities. A number of organizations may simply install this hardware without changing the standard authorizations, leaving significant holes that attackers can exploit. This type of situation is only magnified by the number of active IoT devices. After all, who wants to configure every sensor or create a firewall for their coffee maker? However, you must do exactly that to enable IoT without compromising security. IoT technology is still developing, and you must ask critical questions to understand how these devices handle your sensitive information. The Global Privacy Enforcement Network Privacy Sweep found that it wasn’t clear how IoT devices collected, used and disclosed information. Many companies also neglect to explain how user data would be secured or how to delete personal information. With so many entry points to your network, your system could be at risk if you don’t have definitive answers concerning their requirements and capabilities. “If you think your IoT devices aren’t at risk, you’re wrong.” Sitting targets for malicious attacks Unsecured IoT devices are gateways for hackers to stroll into your critical business systems and execute attacks on a larger scale. In fact, major internet services including Twitter, Spotify and Netflix were disrupted when an attacker leveraged IoT devices to deliver a series of massive DDoS attacks to Dyn. According to Fast Company, the hacker leveraged the digital traffic from internet-enabled hardware and sent the noise to the domain name service provider, disrupting its ability to translate addresses into IP networks. Hundreds of thousands of cameras, routers, DVRs and other household appliances were used to carry out this attack. Security experts had warned that such a situation could occur, serving as a reminder why hardware configurations are critical for business and user security. If you think your IoT devices aren’t at risk, you’re wrong. Attackers can use tools like Shodan to easily search for exposed cyber assets. Trend Micro noted this system can show a hacker any connected device’s IP address, application and firmware versions as well as other critical information to make it easier to compromise. This research also found web servers, webcams, wireless access points and routers were the most unsecured cyber assets in the top 10 most populous U.S. cities. Protecting your IoT devices Security capabilities across IoT devices will only continue to improve, but in the meantime, organizations must take steps to protect this hardware. The first step is to configure your equipment correctly to your business and set passwords that will be difficult for a hacker to guess. You should also leverage data breach systems to detect unusual behavior within your network as it occurs. This solution will help catch malicious access to your IoT devices, enabling you to act quickly to reinstate and improve security. Source: http://www.networksasia.net/article/why-hardware-configurations-could-be-downfall-iot.1491403560

Read this article:
Why hardware configurations could be the downfall of IoT