The Department of Homeland Security and the Federal Bureau of Investigation issued a rare cybersecurity bulletin linking North Korea to a series of attacks that have targeted global businesses and critical infrastructure since 2009. The alert focuses on a malware strain called DeltaCharlie, which DHS and FBI say was used by the North Korean government to launch distributed denial of service attacks. DDoS attacks use floods of web traffic from compromised devices to knock websites or services offline. North Korea targeted “the media, aerospace, financial, and critical infrastructure sectors in the United States and globally,” the alert says. The US government refers to North Korea’s hacking team as Hidden Cobra, but cybersecurity firms often use the slightly less sinister name Lazarus Group. The North Koreans have also been linked to the WannaCry ransomware that spread virally in May and shut down hospitals and businesses. WannaCry primarily targeted unpatched Windows machines, and it sounds like the Lazarus Group’s DDoS malware is also primarily exploiting devices that run old versions of Windows. “The multiple vulnerabilities in these older systems provide cyber actors many targets for exploitation,” the alert notes. Windows typically stops issuing patches for older operating systems after they have been retired, but the company today released patches that thwart WannaCry on outdated devices, ZDNet reports. Although DHS and FBI released data that will help detect and mitigate Lazarus Group attacks, the agencies said more research is necessary to “understand the full breadth” of the group’s capabilities. Source: https://www.gizmodo.com.au/2017/06/us-blames-north-korea-for-series-of-ddos-attacks/
Tag Archives: ddos-attacks
DDoS attacks hitting ‘record-breaking’ levels as volumes increase 380%
DDoS attackers are hitting hard, fast and with no breaks in between, leading to record-breaking attacks over hours or even days, according to Nexusguard’s Q1 2017 Threat Report. Those record-breaking attacks over Valentine’s Day, Chinese New year and other ‘typically quiet’ periods during the season. “In APAC, a lengthy attack January 28-31, the period of Chinese New Year, lasted 2 days, 19 hours, and 40 minutes. It was a widespread, disruptive event that left celebrants weary and exhausted upon returning to work,” the report says. DDoS attack volumes have also risen 380% since the same time last year, according to Nexusguard’s statistics, based on 16,600 attacks. While 51% of attacks lasted fewer than 90 minutes, 4% exceeded 1440 minutes. 77.3% of attacks were less than 10Gbps, while 20% were between 10-200Gbps and 2% exceeded 200Gbps. The United States, China and Japan rounded out the top three sources for attacks. The rest of APAC was relatively unused as an attack source. However it’s not just DDoS attacks that are on the rise: HTTP flood attacks jumped 147% in the last quarter alone. It is now one of the leading volumetric attacks, exceeding both TCP and DNS attacks. The company cites the Internet of Things as a major weak point, particularly as the range of insecure devices and connections expodes. DDoS attacks can be persistent and long-lasting, which is a major area of concern. “IoT botnets are only the beginning for this new reign of cyber attacks. Hackers have the scale to conduct gigantic, continuous attacks; plus, teams have to contend with attacks that use a combination of volumetric and application aspects,” comments Nexusguard’s CTO Juniman Kasman. Those attacks are not happening in isolation. 93% of attacks combine application and volumetric vulnerabilities. Multiple DDoS attacks can also overwhelm systems. The company warns that organisations that haven’t invested in – or haven’t upgraded – multi-layered defense mechanisms run the highest risk of attack exposure. “This early data for 2017 shows that enterprises need to employ multi-layered defenses that use nimble resources, including large, redundant scrubbing networks and around-the-clock security operations if they hope to keep from drowning in the deluge of new attacks,” Kasman adds. Source: https://securitybrief.co.nz/story/ddos-attacks-hitting-record-breaking-levels-volumes-increase-380/
Continue reading here:
DDoS attacks hitting ‘record-breaking’ levels as volumes increase 380%
If You Learn of DDoS Attacks from Customers, You’ve Already Failed
If your customers notice something’s wrong before your own security specialists do, you’ve failed on multiple levels When Benjamin Franklin said, “Time is money,” he gave the world an aphorism that would be quoted frequently by businesspeople for more than 200 years. For all his wit and insight, of course, Franklin could never have foreseen the many scenarios for which his pithy observation would come to apply. It turns out that among the most relevant applications of the quote in today’s digitally driven world is in the realm of cybersecurity. Why? Because for organizations that suffer a cyberattack, a slow response can prove very costly. In an early 2017 survey of more than 1,000 IT and business decision makers, nearly two-thirds of the respondents said they could lose $100,000 per hour or more if a distributed denial of service (DDoS) attack were to disrupt their peak business periods. On the bright side, 8 in 10 of the organizations responding to the Neustar-sponsored survey said they’ve learned about new DDoS attacks from their internal security and IT teams – at least sometimes. Less encouraging is the fact that 40% also said they have, at times, received their first notification of attacks from their customers. If your customers notice something’s wrong before your own security specialists do, you’ve failed on multiple levels. The ideal DDoS defense is to recognize an emerging threat and neutralize it before it even gains a foothold – and certainly before your customers experience any negative impacts. If customers start complaining about an inability to access your websites or other services, you’ve already started to lose money before you’re even aware of the problem. Beyond causing staggering monetary losses for many corporations, successful DDoS attacks can alienate customers and shake their confidence in the victim’s ability to secure its own systems. By extension, customer then worry about the security of their own interactions with the company, and about the safety of any customer data the company may hold. The resulting customer churn and reduced loyalty can result in additional financial consequences. In this regard, another Franklin quote sadly holds true: “It takes many good deeds to build a good reputation, and only one bad one to lose it.” Fortunately, there are many security tools and services available to organizations that decide to be proactive in their DDoS defenses. As is often the case when it comes to cybersecurity, the most effective defenses will leverage a layered approach. The first-level of defense for DDoS attacks ideally will be provided by the network or Internet service provider, which is often the first to see – and block – suspicious network activity. For those attacks that still manage to get through, companies need their own DDoS identification and mitigation solutions. Some of those solutions may be on-premises appliances and other controls, while others may be provided by cloud-based or managed security services providers. Such “security-as-a-service” offerings are rapidly gaining in popularity, especially if an attack’s scale exceeds the capabilities of the on-premises protections. In short, there’s little excuse to be reactive, rather than proactive, when it comes to DDoS defenses. And, yes, Franklin once again provides some sage advice to those who may be too cavalier in their attitudes about DDoS threat. “By failing to prepare, you are preparing to fail.” Source: http://www.csoonline.com/article/3200084/leadership-management/if-you-learn-of-ddos-attacks-from-customers-you-ve-already-failed.html
See the original article here:
If You Learn of DDoS Attacks from Customers, You’ve Already Failed
Operators beware: DDoS attacks—large and small—keep increasing
Despite years’ worth of warnings and countermeasures, distributed denial of service (DDoS) attacks continue to escalate. Every year sees more of them, with increasing duration and severity. The frequency was up by 380% in the first quarter of 2017 compared to the first quarter of 2016, according to Nexusguard, which compiled this set of statistics (PDF) in a new report. From the fourth quarter of 2016 to the first quarter of 2017, HTTP attack counts and total attack counts increased by 147% and 37% respectively. Examples of increasing severity include a 275 Gbps attack that took place during Valentine’s Day (there have been significantly larger attacks) and an attack spanning 4,060 minutes that occurred over the Chinese New Year, the company said. The percentage of days with sizable attacks (larger than 10Gbps) grew appreciably within the quarter for 48.39% in January to 64.29% in March. Lengthier attacks at erratic intervals are becoming the norm, the company said. A separate, simultaneously published report from Corero Network Security said its customers have been hit by an increasing number of small DDoS attacks. Though attacks of 10 Gbps or smaller would seem less severe, what’s insidious about them is that they are apt to sneak under minimum detection thresholds. Though the DDoS attacks themselves might not be that disruptive, they can give hackers the access to wreak plenty of other damage. Corero CEO Ashley Stephenson said in a statement, “Short DDoS attacks might seem harmless, in that they don’t cause extended periods of downtime. But IT teams who choose to ignore them are effectively leaving their doors wide open for malware or ransomware attacks, data theft or other more serious intrusions. Just like the mythological Trojan Horse, these attacks deceive security teams by masquerading as a harmless bystander—in this case, a flicker of internet outage—while hiding their more sinister motives.” Nextguard believes part of the increase in DDoS activity is a ripple effect of increased botnet activity that occurred in the fourth quarter. This is in part a reference to the Mirai botnet, which was first identified in the latter half of 2016. Mirai provided a means to take over connected deviceswith inadequate built-in security safeguards (webcams, some set-top boxes, etc.), and use them to launch sustained attacks, sometimes with spectacular results. Those attacks revealed the Achilles’ heel in the internet of things: Many IoT applications are based on the distribution of large numbers of very inexpensive devices, which can be made so cheaply in part by adopting only minimal security, if any. The DDoS problem is worldwide, but nearly a quarter of the attacks are launched from the U.S. (followed by China and Japan). That’s likely to remain the case, as more U.S. households install “smart” devices that have poorly guarded IP addresses, making them susceptible to hijacking in the service of more DDoS attacks. “IoT botnets are only the beginning for this new reign of cyberattacks. Hackers have the scale to conduct gigantic, continuous attacks; plus, teams have to contend with attacks that use a combination of volumetric and application aspects,” said Nexusguard CTO Juniman Kasman, in a statement. The two largest sources of DDoS attacks were China and Japan, with Russia a distant third. The release of such results is meant to emphasize what should be obvious: companies that haven’t upgraded their security are the most vulnerable. Source: http://www.fiercetelecom.com/telecom/operators-beware-ddos-attacks-large-and-small-keep-increasing
More:
Operators beware: DDoS attacks—large and small—keep increasing
Mini but mighty: Beware minor DDoS attacks that mask graver threats, warns report
Despite detecting an increase in large distributed denial of service attacks in the first quarter of 2017, Corero Network Security has reported that the greatest DDoS threat currently comes from smaller attacks designed to either hide other malicious activities or set the stage for future malicious actions. Corero, which specializes in DDoS prevention, noted in its just released Q4 2016 – Q1 2017 Trends Report that these “sub-saturation” attacks typically fall within a certain sweet spot: They are short enough in duration and small enough in size to avoid detection by mitigation tools, yet they are still significant enough to serve the attacker’s purpose. According to the company, many legacy and homegrown mitigation tools will not respond to attacks that are less than one Gbps in size and under than 10 minutes in duration, because they do not meet a certain pre-programmed threshold. “…They are just disruptive enough to knock a firewall or intrusion prevention system (IPS) offline so that the hackers can target, map and infiltrate a network to install malware and engage data exfiltration activity,” said Ashley Stephenson, CEO at Corero Network Security, in a company press release. In other cases, the attackers may simply be testing a network for weaknesses, in anticipation of a future malicious action down the line. But even if the DDoS attack is detected, network administrators may too busy responding to the outage to realize that there is actually a bigger threat at hand. In an email to SC Media, Stephanie Weagle, vice president at Corero, cited UK-based telecom company TalkTalk as a recent example. In 2015, hackers stole the company’s customer data using a DDoS attack as an effecitve distraction. “Short DDoS attacks might seem harmless, in that they don’t cause extended periods of downtime. But IT teams who choose to ignore them are effectively leaving their doors wide open for malware or ransomware attacks, data theft or other more serious intrusions,” Stephenson explained. “Just like the mythological Trojan Horse, these attacks deceive security teams by masquerading as a harmless bystander – in this case, a flicker of internet outage – while hiding their more sinister motives.” According to the report, 80 percent of attempted DDoS attacks that were launched against Corero customers in Q1 2017 were less than 1 Gbps in volume, while 71 percent lasted 10 minutes or less. In Q4, 77 percent of DDoS attacks were less than 1 Gbps in volume, while 73 percent were 10 minutes or less in duration. While smaller attacks remain the norm, Corero did see a 55 percent rise in DDoS attacks that were 10 Gbps or larger in Q1, compared to the previous quarter. Corero customers averaged 124 attacks per month in Q1, an increase of nine percent over Q4 2016. Source: https://www.scmagazine.com/mini-but-mighty-beware-minor-ddos-attacks-that-mask-graver-threats-warns-report/article/666432/
Read More:
Mini but mighty: Beware minor DDoS attacks that mask graver threats, warns report
Why IoT Botnets Might be the Next Big Worry ?
Rise of IoT globally is still in its early days hence the level of protection is on the lower end. We all love Internet of Things (IoT), isn’t it? It has brought ‘things’ a.k.a devices, around us to life – from watch, bed, luggage, bulb and clothes to even buildings (in some time). But that love is now turning into a spoiler. The smart band or watch on your wrist and other IoT electronics are being hacked by malware attackers to turn them into an army of zombie machines, and launch botnet attacks. Much like October 2016 attack that used IoT webcams and video recorders to block user access to many sites including Twitter, Reddit, Spotify, etc., by spamming the domain name service used by them. Read on as Dhruv Khanna, CEO, Data Resolve – cyber intelligence company shares insights on it. Distributed denialof-service (DDoS) attacks aren’t new. So using IoT devices are of a new type? There are multiple types. First is the conventional botnets that target your laptop and desktop servers to track your online activity. Second is the enterprise specific attacks called distributed denial-ofservice attack(DDoS) when botnets blocks all your access to the device. Third is where your activity and data is captured and sent to a third party. Fourth is where your device is remotely controlled and access is blocked until some money is paid to the attacker. IoT botnets are like DDoS attacks that not just use computers in a conventional botnet way but also IoT devices to break into information and data. But why IoT devices have become favourites to launch attacks? Rise of IoT globally is still in its early days hence the level of protection is on the lower end. Moreover there are constraints in IoT devices such as using basic version of the operating system, less processing, storage and computational power in terms of setting up anti-virus and firewall and other security applications to them. This makes them an easy target for attackers to use to them as botnet for attack in comparison to using just computers and laptops which are relatively better secured. For e.g. Mirai botnet that target consumer devices like remote cameras, and home appliances. The ecosystem in India too isn’t making efforts to be ready. Right? That’s because IoT here is beginning to take its first step, hence, the awareness around it is not significant. On the enterprise side before pushing business services on IOT devices, as a best practice chief information security officers of the company eventually would have to frame a security manual and controls around IOT devices in terms of IOT device on-boarding, incident monitoring and control. Also, there is a need of regulation to control and monitor them. Are we better off without IoT? Not really. Advantage of IoT is that it is part of the cloud ecosystem. Securing the cloud is as good as securing the device. That’s why people are not spending too much on the device level but more on the cloud side. In a typical malware attack you are not able to control the source of attack but in IoT device you can as you know where your service is based on the cloud. But if your cloud application is compromised, it would be difficult to trace it. So, this is next level of cyber security challenge? It is certainly the next level of attack. For large businesses, it will be a significant hit on their brand along with data. If10,000 of ant vendor devices in the market get compromised then it will impact on the company. It is not impacting just you as an individual but all the devices that are interconnected to your device and vice versa. Source: https://www.entrepreneur.com/article/295274
View article:
Why IoT Botnets Might be the Next Big Worry ?
Lawmakers seek answers on alleged FCC DDoS attack
Five Democratic senators are seeking an FBI investigation into possible cyberattacks on the Federal Communication Commission’s online comment system. The FCC’s Electronic Comment Filing System crashed in the early hours of May 8 in what the agency called “deliberate attempts by external actors to bombard” the commission and render its systems unusable by legitimate commenters. Sens. Brian Schatz (D-Hawaii), Al Franken (D-Minn.), Patrick Leahy (D-Vt.), Ed Markey (D-Mass.) and Ron Wyden (D-Ore.) want acting FBI director Andrew McCabe to make an investigation of that May disruption a priority, and also called for an investigation into the source of the attack. The senators’ letter emphasized that they were especially troubled by the disruption of the process of public commentary given that public participation is crucial to the integrity of the FCC’s regulatory process. The request comes as FCC Chairman Ajit Pai is moving to roll back Obama-era net neutrality regulations over the objections of Democrats in Congress and internet freedom activists. “Any cyberattack on a federal network is very serious,” the senators wrote. “This particular attack may have denied the American people the opportunity to contribute to what is supposed to be a fair and transparent process, which in turn may call into question the integrity of the FCC’s rulemaking proceedings.” The senators seek a reply by June 23. It’s possible, however, that what the FCC is reporting as a DDoS attack was in fact a traffic spike spurred by TV comedian John Oliver, who urged viewers to register their opposition to the net neutrality rollback in an May 7 broadcast. The partisan fight over FCC actions on net neutrality has cast a political shadow over the attack, the follow-up and any future investigation. Three of the letter’s five signatories (Schatz, Markey, Franken) also signed a May 17 open letter lambasting the FCC’s possible net neutrality rollback. Wyden and Schatz also sought clarification from Pai about the ability of the agency to protect against DDoS attacks in a separate May 9 letter. The two sought details on the user capacity of the FCC’s website and requested a reply by June 8. Meanwhile, the FCC is accepting comments on its net neutrality proceeding through Aug. 16. Source: https://fcw.com/articles/2017/05/31/fcc-ddos-senators-berliner.aspx
View article:
Lawmakers seek answers on alleged FCC DDoS attack
7 nightmare cyber security threats to SMEs and how to secure against them
Small businesses face a range of cyber threats daily and are often more vulnerable than the larger organisations. Small businesses that see themselves as too small to be targeted by cyber criminals are putting themselves at direct risk. In fact, small businesses are at an equal, if not greater risk of being victims of cyber crime – two thirds of small UK firms were attacked by hackers between 2014-2016, according to a report from the Federation of Small Businesses. Cyber crime can cause massive damage to a young business’s reputation, result in loss of assets and incur expenses to fix the damage caused. These attacks could mean the difference between cutting a profit or going bust. Legal action could also be taken if businesses are found to have failed to put proper safeguards in place. When new data protection laws are introduced in 2018 under GDPR, complacent businesses risk fines of up to £17 million or 4% of annual turnover (whichever is higher) if they suffer a data breach. So what can small businesses do to protect themselves and the sensitive data of their customers? These are 7 nightmare cyber security threats and how to secure against them. Threat 1: internal attacks This shouldn’t come as a surprise to readers, but internal attacks are one of the largest cyber security threats facing small businesses today. Rogue employees, especially those with access to networks, sensitive data or admin accounts, are capable of causing real damage. Some theories even suggest that the notorious 2014’s Sony Pictures hack – typically linked to North Korea – was actually an insider attack. To reduce the risk of insider threats, businesses must identify privileged accounts – accounts with the ability to significantly affect or access internal systems. Next, terminate those that are no longer in use or are connected with employees no longer working in the business. Businesses can also implement tools to track the activity of privileged accounts. This allows for a swift response if malicious activity from an account is detected before the damage can be dealt. Threat 2: phishing and spear phishing Despite constant warnings from the cyber security industry, people still fall victim to phishing every day. As cyber crime has become well-funded and increasingly sophisticated, phishing remains one of the most effective methods used by criminals to introduce malware into businesses. Spear phishing is a targeted form of phishing in which phishing emails are designed to appear to originate from someone the recipient knows and trusts – like senior management or a valued client. To target victims deemed ‘high value’ — i.e. those with access to privileged accounts — cyber criminals may even study their social media to gain valuable insights which can then be used to make their phishing emails appear highly authentic. If an employee is tricked by a malicious link in a phishing email, they might unleash a ransomware attack on their small business. Once access is gained, ransomware quickly locks down business computers as it spreads across a network. Until a ransom is paid, businesses will be unable to access critical files and services. To mitigate the risk posed by phishing – and ransomware – organisations must ensure staff are aware of the dangers and know how to spot a phishing email. Businesses must also ensure they have secure backups of their critical data. Because ransomware locks down files permanently (unless businesses want to cough up the ransom) backups are a crucial safeguard to recover from the hack. But as ransomware attacks are on the rise, prevention remains better than treatment. Education is the best way of ensuring protection for small businesses. Threat 3: a dangerous lack of cyber security knowledge Entire cyber security strategies, policies and technologies are worthless if employees lack cyber security awareness. Without any kind of drive to ensure employees possess a basic level of cyber security knowledge, any measure or policy implemented will be undermined. A well-targeted spear phishing email could convince an employee to yield their password and user information. An IT team can’t be looking over everyone’s shoulders at once. Because of this, education and training are essential to reduce the risk of cyber crime. Some employees may not know (or care enough) to protect themselves online, and this can put businesses at risk. Hold training sessions to help employees manage passwords (hint: two-factor authentication for business accounts) and identify phishing attempts. Then provide support to ensure employees have the resources they need to be secure. Some small businesses will also consider up-skilling members of their IT teams in incident handling, often through popular GCIH training from security vendor GIAC. Incident handling professionals are able to manage security incidents as they happen, and speed the process of recovery if hacks do occur. Ultimately, even a basic level of knowledge and awareness could mean the difference between being hacked or avoiding the risk altogether. Threat 4: DDoS attacks Distributed Denial of Service (DDoS) attacks have overwhelmed some of the largest websites in the world, including Reddit, Twitter, and Netflix. DDoS attacks, which ambush businesses with massive amounts of web traffic, slow websites to a crawl and, more often than not, force crucial services offline. If a small businesses relies on a website or other online service to function, the outages caused by DDoS attacks will be catastrophic. Most DDoS attacks last between 6-24 hours and cause an estimated £30,000 per hour, according to data from Incapsula, a DDoS prevention firm. Whilst businesses can’t stop a website or service being targeted in a DDoS attack, they can work to absorb some of the increased traffic, giving them more time to form a response or filter out the spam data. Ensuring there is extra bandwidth available, creating a DDoS response plan in the event of an attack or using a DDoS mitigation service are all great steps towards reducing the impact of an attack. But that’s just scratching the surface of DDoS mitigation – here are more ways to prevent a DDoS attack. Threat 5: malware Malware is a blanket term that encompasses any software that gets installed on a machine to perform unwanted tasks for the benefit of a third party. Ransomware is a type of malware, but others exist, including spyware, adware, bots and Trojans. To prevent malware from taking hold, businesses should invest in solid anti-virus technology. Plus, operating systems, firewalls and firmware, and previously mentioned anti-virus software must be kept up-to-date. If services are outdated or not updated regularly, businesses are at a serious risk. Just look at the damage caused when malware infected the UK’s National Health Service through an exploit within an outdated version of Windows XP. And that was just one of the high profile targets affected by the global WannaCry ransomware attack. Threat 6: SQL Injection Almost every business relies on websites to operate and many depend entirely on the service they provide online. However, poorly secured websites could be wide open to data theft by cyber criminals. Of the many attacks that can be staged against a website, SQL injection is amongst the most dangerous and even the largest companies fall victim to it. SQL injection refers to vulnerabilities that allow hackers to steal or tamper with the database sitting behind a web application. This is achieved by sending malicious SQL commands to the database server, typically by inputting code into forms – like login or registration pages. It takes a few well-calculated steps to protect against SQL injection. As a precaution, businesses should assume all user-submitted data is malicious, get rid of database functionality that isn’t needed and consider using a web application firewall. For a closer look at SQL injection, take a look at this documentation from Cisco. Properly preventing SQL injection is primarily a responsibility for a web development or security team, but the change has to be driven from the top. Still not convinced? Take a look at this video from Computerphile to see how effective and dangerous SQL injection can be. Threat 7: BYOD Businesses are vulnerable to data theft, especially if employees are using unsecure mobile devices to share or access company data. As more small businesses make use of bring your own device (BYOD) technology, corporate networks could be at risk from unsecured devices carrying malicious applications which could bypass security and access the network from within the company. The solution is nailing down a defined BYOD policy. A comprehensive BYOD policy educates employees on device expectations and allow companies to better monitor email and documents that are being downloaded to company-owned devices. Ensure employee-owned devices can access the business network through a VPN which connects remote BYOD users with the organisation via an encrypted channel. A VPN is crucial if employees are using public WiFi networks to access business data. Public Wi-Fi is notoriously unsecure and provides little protection against criminals that might be watching the transfer of sensitive data. If an attacker does capture encrypted VPN traffic they will only see incomprehensible characters going from you to a VPN server – meaning no sensitive data is leaked. Source: http://www.information-age.com/7-nightmare-cyber-security-threats-smes-secure-123466495/
See more here:
7 nightmare cyber security threats to SMEs and how to secure against them
What’s business continuity management and why does your business need it?
Reality check: Modern businesses rely on their digital capabilities now more than ever. Downtime has become a terrifying thing to even utter, let alone consider. This is why an effective business continuity plan has become a cornerstone in every business, with IT-centric businesses being no exception. Business Continuity is all about identifying what your key products are and what you can do to ensure that business continues as usual even in the case of disruptions or catastrophes, no matter the size or cause. In truth, business continuity planning is not such an alien concept even to regular consumers. Ever planned a holiday? Whenever planning a holiday, we think of the worst case scenarios and how we can come out of them unscathed, without ruining our well-earned trip. We set up plans in case something goes wrong with our ‘core services’ and we’re prepared for it. We search for additional taxi services in the area despite having booked a cab already, or we check for alternate routes should we rent a car. It’s never a good idea to go on a vacation unprepared for something to go wrong, and a business should be no different. Being the largest multi-site data centre provider in Malta, we are experienced in the business of keeping our customers’ systems online at all costs. The ideal IT services provider should strive to deliver a redundant solution in every component within their setup. At BMIT, we take great care in adopting this approach, from upgrading our core infrastructure services all the way to training our technical team to adopt best-practice methods for optimal business continuity management. Improving redundancy should always be the utmost priority when it comes to introducing new products within an IT Services provider’s portfolio. Business continuity planning is not such an alien concept even to regular consumers Studies show that the average total cost of unplanned application downtime per year is €1 billion to €2.5 billion for the Fortune 1000 companies. An hour of infrastructure failure costs an average of €100,000 with the number jumping fivefold to €500,000 to €1m in the case of a critical application failure; certainly not numbers to scoff at. The digital world undergoes changes every day and it is imperative to constantly keep working to ensure that the systems are up-to-date and relevant to the present realities. The introduction of new ranges of systems and services that protect customers against common business continuity pitfalls always helps to cement the provider’s commitment to ensure the clients’ uptime. With the world fast approaching an almost completely digitally-dependent era, the dangers of the dark side of the internet become an ever-present reality for the modern digital business. In recent years Distributed Denial of Service attacks, otherwise known as DDoS attacks, have emerged as one of the most disruptive ways in which a business can be brought down to its knees. DDoS attacks are weapons of mass disruption aimed at paralysing internet systems including networks, websites and servers, resulting in lost revenues, compromised site performance and tarnished reputations. BMIT has had to take these dangers into consideration, especially since even ISPs can be targeted, which would put us at a risk of not being able to provide a connection for our customers. In recent years, we’ve launched a multi-tiered DDoS protection and mitigation system to protect our customers from even the most vicious of DDoS attacks. From our experience in the industry, we learnt that best-practice is for our private network’s bandwidth needs to be sourced from multiple providers and delivered across multiple redundant links in order to eliminate the risks of our customers going offline through an outage. This setup ensures that our clients are hosted on a reliable and certified ISO27001 network which does not rely on a singular connection. At BMIT we offer clients various features which help ensure continuity for their business. We now have a multi-tiered DDoS protection and mitigation system protecting our redundant 40gbps private international network. This network consists of multiple geographically-separated links, each of which can take over traffic load should there be any faults in the other links. Moreover, we have multiple data centres and international points of presence which form a key part of business continuity plans for our customers. Geo-redundancy is a critical aspect of business continuity for international customers, and our presence across countries addresses this. For example, some clients mirror their servers from one data centre to another. In addition, we also offer several backup options as well as managed services options to help our clients achieve a robust business continuity plan. As part of our portfolio, our customers can also tap into several tools to manage their systems, including advanced firewall solutions as well as virtual load-balancing services. Ultimately, each of our redundant service offerings is a step forward in our customers’ pursuit to ensuring their business stays up. Customers’ feedback is vital and should always be taken into consideration. Good business continuity practices are a top priority for clients and usually the main reason why providers with great core infrastructures for business continuity retain customers. Sources: https://www.timesofmalta.com/articles/view/20170528/business-news/What-s-business-continuity-management-and-why-does-your-business-need.649236
See more here:
What’s business continuity management and why does your business need it?
The dark, dangerous, and insanely profitable world of DDoS attacks
Imagine a business model with a 95 percent profit margin. As wonderful as this sound, this business is certainly not something that most would want to get into. We’re talking, of course, about the criminal enterprise of Distributed Denial of Service (DDoS) attacks. This form of cyber-crime has grown exponentially over the past few years, giving CIOs and digital business leaders sleepless nights about whether they’ll be the next victim. Powerful DDoS attacks have a devastating effect: flooding web servers and hauling companies offline, causing untold financial and reputational damage. “The popularity of DDoS has spawned a criminal underworld, with thousands of service providers hiding out on the so-called ‘Dark Web’,” explains Arbor Network’s territory manager for Sub-Sahara, Bryan Hamman. These nefarious organisations offer to execute DDoS attacks for as little as just a few dollars. One simply chooses the type of attack (do you want to use web servers or connected botnets?), the magnitude, the duration, and indicates the victim that they’re targeting. “These Dark Web services have made it very simple to enlist the resources needed for a DDoS attack. Self-service portals and bitcoin payment systems guarantee one’s anonymity and eliminate the need for direct contact with the service provider,” says Hamman. He adds that reports and status updates are all published via these portals, allowing customers to track the impact of their attacks. In some cases, there are even bonuses for each attack that’s commissioned – so DDoS providers even have a form of loyalty programme. Soft targets Cyber-security company Kaspersky Lab recently found that the most basic attack (sold at about USD25 per hour) resulted in a profit to the service provider of about USD18 per hour. But the second revenue stream emerges with those DDoS attacks that demand a ransom from companies in return for restoring services and bringing the victim back online. In these cases, profit shares from the ransoms can push the overall profit margins to over 95 percent. The intended victims themselves are priced differently – with the likes of government websites, and organisations known to have some form of defence in place, commanding a much higher premium, notes Hamman. “It’s interesting to note the level of awareness and information held by the DDoS service providers, as they distinguish between the soft targets and the more difficult quests. Those organisations with the most advanced DDoS defences are far less likely to be targeted,” he explains. The answer “With such rich pickings available for cyber-criminals, it shows that the scourge of DDoS isn’t likely to slow down anytime soon,” highlights Hamman. Almost all types of organisations today are totally dependent on connectivity to sustain their business. As we rapidly adopt Cloud architectures and new mobility or virtual office solutions, all of our data, applications and services are only available when we’re connected. So it stands to reason that organisations should ensure they have professional and dedicated DDoS prevention solutions in place. “Companies need to have what we term ‘layered protection’ – incorporating broad DDoS attack detection and mitigation, alongside network visibility and actionable security intelligence.” “By remaining on the cusp of the latest DDoS protection tools, it becomes possible to thwart any attacks from the growing legion of DDoS attackers out there,” he adds. And, when these criminal services are so immediately available for hire, with just a few clicks of the mouse, the threat of DDoS is ever-present for all businesses and industries. By Bryan Hamman, Arbor Network’s territory manager for Sub-Sahara Source: http://www.itnewsafrica.com/2017/05/the-dark-dangerous-and-insanely-profitable-world-of-ddos-attacks/
More here:
The dark, dangerous, and insanely profitable world of DDoS attacks