Tag Archives: ddos-defense

DDoS attacks and mobile fraud are surging in 2018

Two separate reports have detailed the biggest threats to businesses this year Two separate reports have highlighted the mounting threat of DDoS and mobile fraud attacks, demonstrating the shifting security landscape and the need for businesses to adapt their security policies. Corero Network Security’s DDoS report revealed attacks were up 40% year-on-year, with 77% of them lasting ten minutes or less and 63% less than five minutes. Companies that have experienced an attack have a one in five chance of finding themselves under siege less than 24 hours after the first. The most common type of DDoS attack on organisations is low volume strikes, with 4% less than 5Gbps. However, the number of high-volume attacks (over 10Gbps) have more than doubled over the last year, suggesting they will rise in intensity in the coming period. “Organisations are dependent on the Internet as a means to conduct business and deliver consumer/citizen services,” Corero’s CEO Ashley Stephenson said. “Any event that affects this ability to function will have a significant impact on that business. “With Internet resilience coming down to a fraction of a second, it’s easy to see why DDoS attacks are considered one of the most serious threats to Internet availability today resulting in damage to a brand’s reputation, customer trust and revenue.” ThreatMetrix’s investigation into mobile threats revealed that mobile attacks in the US have risen by 44% year-on-year (24% worldwide), as criminals take advantage of mobile usage to complete digital transactions such as mobile banking and purchasing. Additionally, it noted that because 85% of social media and dating site activity happens on mobile, these are becoming targets for hackers. Now, a third of all fraud-related activities originate from mobile devices, which although highlights the need for mobile security, suggests desktop is still the less secure platform. Device spoofing is the biggest threat to financial services, while mule networks and bot attacks are on the rise. ThreatMetrix explained large retailers are the biggest targets as criminals attempt to break into user accounts and steal payment information. “Mobile is quickly becoming the predominant way people access online goods and services, and as a result, organisations need to anticipate that the barrage of mobile attacks will only increase,” said Alisdair Faulkner, Chief Identity Officer at ThreatMetrix. “The good news is that as mobile usage continues to increase, so too does overall customer recognition rates, as mobile apps offer a wealth of techniques to authenticate returning customers with a very high degree of accuracy.” He added that the key vulnerability in the mobile atmosphere is during the app registration and account creation step. To prevent criminals from breaking into the system using this security hole, businesses must use global intelligence that can uncover their true digital identity, with information compiled from the various places customer information is available on. Source: http://www.itpro.co.uk/security/31906/ddos-attacks-and-mobile-fraud-are-surging-in-2018

DDoS attacks are getting even larger

Average DDoS attack is five times stronger this year, compared to the year before. The average DDoS attack is five times stronger this year, compared to the year before, and the biggest DDoS attack is four times stronger than last year’s strongest, according to new reports. Nexusguard’s Q2 2018 Threat Report analysed thousands of DDoS attacks worldwide and came to the conclusion that the average DDoS attack is now bigger than 26 Gbps, and the maximum attack size is now 359 Gbps. IoT botnets are still largely in use, mostly because of the increasing number of IoT-related malware exploits, as well as the huge growth in large-scale DDoS attacks. The report says that CSPs and susceptible operations should ‘enhance their preparedness to maintain their bandwidth, especially if their infrastructure don’t have full redundancy and failover plans in place’. “The biggest zero-day risks can stem from various types of home routers, which attackers can exploit to create expansive DDoS attacks against networks and mission-critical services, resulting in jumbo-sized attacks intended to cripple targets during peak revenue-generating hours,” said Juniman Kasman, chief technology officer for Nexusguard. “Telcos and other communications service providers will need to take extra precautions to guard bandwidth against these supersized attacks to ensure customer service and operations continue uninterrupted.” Universal datagram protocol, or UDP, is the hacker’s favourite attack tool, with more than 31 per cent of all attacks using this approach. This is a connectionless protocol which helps launch mass-generated botnets. Top two sources of these attacks are the US and China. Source: https://www.itproportal.com/news/ddos-attacks-are-getting-even-larger/

Link:
DDoS attacks are getting even larger

Mirai, Gafgyt Botnets Resurface with New Tricks

A new version of Mirai exploits the Apache Struts flaw linked to the Equifax breach, while Gafgyt targets an old flaw in SonicWall. Well-known Internet of Things (IoT) botnets Mirai and Gafgyt have resurfaced with new variants targeting vulnerabilities in Apache Struts and SonicWall, respectively. Researchers in Palo Alto Networks’ Unit 42 detected the new versions of Mirai and Gafgyt, both of which have been linked to massive distributed denial of service (DDoS) attacks since November 2016. They suggest both botnets are veering away from consumer targets and toward the enterprise. The Mirai samples were found in the first week of September, while the Gafgyt samples were available on and off throughout the month of August. Both were using the same domain. Mirai is an evolution of the Gafgyt botnet (also known as Bashlite or Torlus), an IoT/Linux botnet, explains Ryan Olson, vice president of threat intelligence for Unit 42. It was originally designed to spread across Linux devices by brute-forcing default credentials so the attacked devices could then be commanded to launch DDoS attacks. “Neither is more inherently dangerous than the other, though, as we note, these samples of Mirai are notable for how many vulnerabilities they target,” Olson says of the recent findings. On Sept. 7, Unit 42 discovered samples of another Mirai variant packing exploits targeting 16 distinct vulnerabilities. It’s not the first time the botnet has been seen leveraging multiple exploits in a single sample. However, it is the first time Mirai has leveraged a vulnerability in Apache Struts – the same bug associated with the massive Equifax data breach in September 2017. The other 15 vulnerabilities all target IoT devices and have previously been seen in different combinations within different Mirai variants, says Olson, who adds that “the Struts addition is the most notable change in this version of Mirai we found.” It’s also worth noting these samples don’t include the brute-force functionality generally used in the Mirai botnet. Researchers found the same domain hosting the Mirai samples previously resolved to a different IP in August. During that time, the IP was sporadically hosting samples of Gafgyt that included an exploit against CVE-2018-9866, a SonicWall bug affecting older versions of the SonicWall Global Management System (GMS). Both the Apache Struts and SonicWall exploits are deemed Critical, with a CVSS score of 10. Their effectiveness depends on the number of exposed systems, Olson says. The Apache Struts vuln has been public for a year. The SonicWall bug only affects unsupported versions; the company advises users running GMS software to ensure they’re upgraded to version 8.2 as GMS version 8.1 went out of support in Feb. 2018. “For either to be effective, an organization needs to be behind on their versions and updates,” he says. Olson believes the two new variants of Mirai and Gafgyt come from the same actor but couldn’t speak to why they might have chosen to leverage two botnets instead of one. “Seeing as the samples originated from IPs that resolved to the same domain at different times, and based on some other OPSEC failures, I’m fairly certain these originate from the same actor/group,” says Olson of their starting point. “I can’t pinpoint any advantage one has over the other to explain the choice of using different base source codes.” For now, it seems the attackers are testing different vulnerabilities to gauge their efficiency at herding the maximum number of bots, giving them greater power for a DDoS, Olson says. A move to the enterprise would allow the botnets access to greater Internet bandwidth than individual home users and connections, he adds – a sign the bots may be targeting businesses. Source: https://www.darkreading.com/vulnerabilities—threats/mirai-gafgyt-botnets-resurface-with-new-tricks/d/d-id/1332789

Continued here:
Mirai, Gafgyt Botnets Resurface with New Tricks

DDoS Protection is the Foundation for Application, Site and Data Availability

When we think of DDoS protection, we often think about how to keep our website up and running. While searching for a security solution, you’ll find several options that are similar on the surface. The main difference is whether your organization requires a cloud, on-premise or hybrid solution that combines the best of both worlds. Finding a DDoS mitigation/protection solution seems simple, but there are several things to consider. It’s important to remember that DDoS attacks don’t just cause a website to go down. While the majority do cause a service disruption, 90 percent of the time it does not mean a website is completely unavailable, but rather there is a performance degradation. As a result, organizations need to search for a DDoS solution that can optimize application performance and protect from DDoS attacks. The two functions are natural bedfellows. The other thing we often forget is that most traditional DDoS solutions, whether they are on-premise or in the cloud, cannot protect us from an upstream event or a downstream event. If your carrier is hit with a DDoS attack upstream, your link may be fine but your ability to do anything would be limited. You would not receive any traffic from that pipe. If your infrastructure provider goes down due to a DDoS attack on its key infrastructure, your organization’s website will go down regardless of how well your DDoS solution is working. Many DDoS providers will tell you these are not part of a DDoS strategy. I beg to differ. Finding the Right DDoS Solution DDoS protection was born out of the need to improve availability and guarantee performance. Today, this is critical. We have become an application-driven world where digital interactions dominate. A bad experience using an app is worse for customer satisfaction and loyalty than an outage. Most companies are moving into shared infrastructure environments—otherwise known as the “cloud”— where the performance of the underlying infrastructure is no longer controlled by the end user. Keeping the aforementioned points in mind, here are three key features to consider when looking at modern enterprise DDoS solutions: Data center or host infrastructure rerouting capabilities gives organizations the ability to reroute traffic to secondary data centers or application servers if there is a performance problem caused by something that the traditional DDoS prevention solution cannot negate. This may or may not be caused by a traditional DDoS attack, but either way, it’s important to understand how to mitigate the risk from a denial of service caused by infrastructure failure. Simple-to-use link or host availability solutions offer a unified interface for conducting WAN failover in the event that the upstream provider is compromised. Companies can use BGP, but BGP is complex and rigid. The future needs to be simple and flexible. Infrastructure and application performance optimization is critical. If we can limit the amount of compute-per-application transactions, we can reduce the likelihood that a capacity problem with the underlying architecture can cause an outage. Instead of thinking about just avoiding performance degradation, what if we actually improve the performance SLA while also limiting risk? It’s similar to making the decision to invest your money as opposed to burying it in the ground. Today you can look at buying separate products to accomplish these needs but you are then left with an age old problem: a disparate collection of poorly integrated best-of-breed solutions that don’t work well together. These products should work together as part of a holistic solution where each solution can compensate and enhance the performance of the other and ultimately help improve and ensure application availability, performance and reliability. The goal should be to create a resilient architecture to prevent or limit the impact of DoS and DDoS attacks of any kind. Source: https://securityboulevard.com/2018/09/ddos-protection-is-the-foundation-for-application-site-and-data-availability/

Read this article:
DDoS Protection is the Foundation for Application, Site and Data Availability

Cyber policies: More than just risk transfer

Digital connectivity continues apace – but brings with it increased cyber risks. These relatively new and complex risk profiles require approaches that go far beyond traditional insurance, argues Munich Re’s reinsurance boss Torsten Jeworrek. Self-learning machines, cloud computing, digital ecosystems: in the steadily expanding Internet of Things, all objects communicate with others. In 2017, 27 billion devices around the world were online, but this number is set to increase five-fold to 125 billion by the year 2030. And many industries are profiting from the connectivity megatrend. In virtually every sector, automated processes are delivering greater efficiency and therefore higher productivity. By analysing a wide range of data, businesses also hope to gain new insights into existing and prospective customers, their purchasing behaviour, or the risk that they might represent. This will facilitate a more targeted customer approach. At the same time, greater levels of interconnection are leading to new business models. Examples include successful sharing concepts and online platforms. Growing risk of ransomware But just as there are benefits to growing connectivity, there are also risks. Ensuring data security at all times is a serious challenge in this complex world. When setting up and developing digital infrastructure, companies must constantly invest in data-security expertise and in technical security systems, not least to protect themselves against cyber attacks. This became clear in 2017, when the WannaCry and NotPetya malware attacks caused business interruption and production stoppages around the world. T he costs of WannaCry in the form of lost data and business interruption were many times greater than the losses from ransom demands. With other attacks, the objective was not even extortion – but rather to sabotage business operations or destroy data. Phishing, which is the attempted capture of sensitive personal and log-in data, and distributed denial of service (DDoS) attacks, which take down entire servers by systematically overloading them, also cause billions of dollars in damage each year. It is difficult to calculate the exact amounts involved, but business losses from cyber attacks are currently estimated at between $400bn and $1tn each year. And the number of cyber attacks continues to rise – as do the resulting losses. According to estimates from market research institute Cybersecurity Ventures, companies around the world will fall victim to such attacks every 14 seconds on average in 2019. Europol also notes that there have been attacks on critical national infrastructure in the past, in which people could have died had the attacks succeeded. Increasing demand for cyber covers from SMEs as well As the risks increase, so too does the number of companies that attach importance to effective prevention measures and that seek insurance cover. The pressure to improve data protection has also increased as a result of legal requirements such as the EU’s General Data Protection Regulation, which came into force in May 2018 and provides for severe penalties in the event of violations. In a world of digital dependency, automated processes, and networked supply chains, small- and medium- sized companies in particular realise that it is no longer enough to focus on IT security within their own four walls. For the insurance industry, cyber policies are gradually becoming an important field of business in their own right. According to estimates, further significant increases in premium volume are on their way. In 2017, premium volume was at between $3.5bn and $4bn. That figure is expected to increase to between $8bn and $9bn by 2020. So there will be good growth opportunities over the next few years, particularly in Europe. Cyber risks difficult to assess Cyber risks pose unique challenges for the insurance industry, above all in connection with accumulation risk: a single cyber event can impact many different companies at the same time, as well as leading to business interruption for other companies. How can the market opportunities be exploited, while at the same time managing the new risks? Are cyber risks ultimately uninsurable, as many industry representatives have said? One thing is certain: there are a number of extreme risks that the insurance industry cannot bear alone. At present, these include network outages that interrupt the electricity supply, or internet and telecommunication connections. Scenarios like these, and the costs that come with them, should be borne jointly by governments and companies, for example in the form of pool solutions. Cyber as a new type of risk There are key differences between cyber risks and traditional risks. Historical data such as that applied to calculate future natural hazards, for example, cannot tell us much about future cyber events. Data from more than ten years ago, when there was no such thing as cloud computing and smartphones had not yet taken off, are of little use when assessing risks from today’s technologies. Insurers and reinsurers must be able to recognise and model the constantly evolving risks over the course of these rapid advances in technology. An approach that relies on insurance expertise alone will rapidly reach its limits. Instead, the objective of all participants should be to create as much transparency as possible with regard to cyber risks. IT specialists, authorities, and the scientific and research communities can all help to raise awareness of the risks and contribute their expertise for the development of appropriate cyber covers. Working together to enhance security Munich Re relies on collaboration with technology companies and IT security providers to develop solutions for cyber risks. This is because the requirements for comprehensive protection are complex, and safeguarding against financial losses is only one component of an overall concept. Accordingly, in consultation with our technology partners, we are developing highly effective, automated prevention services for our clients. These are designed to permanently monitor the client infrastructure, identify risks promptly, and prevent losses. And – importantly – a company needs to respond quickly to limit the loss from an event and allow it to resume normal operations without delay. In this context, we assist our clients with a network of experts. But cyber risks remain a challenge, and one that the insurance industry needs to tackle. Insurers can only remain relevant for their clients if they constantly adapt their offerings to new or changed risks and requirements. Opportunities for new fields of business are arising. Source: https://www.re-insurance.com/opinion/cyber-policies-more-than-just-risk-transfer/1687.article

A Scoville Heat Scale For Measuring Cybersecurity

The Scoville Scale is a measurement chart used to rate the heat of peppers or other spicy foods. It can also can have a useful application for measuring cybersecurity threats. Cyber-threats are also red hot as the human attack surface is projected to reach over 6 billion people by 2022. In addition, cyber-crime damage costs are estimated to reach $6 trillion annually by 2021. The cybersecurity firm RiskIQ states that every minute approximately 1,861 people fall victim to cyber-attacks, while some $1.14 million is stolen. In recognition of these alarming stats, perhaps it would be useful to categorize cyber-threats in a similar scale to the hot peppers we consume. I have provided my own Scoville Scale-like heat characterizations of the cyber threats we are facing below. Data Breaches: According to Juniper Research, over The Next 5 Years, 146 Billion Records Will Be Breached. The 2017 Annual Data Breach Year-end Review (Identity Theft Resource Center) found that 1,946,181,599 of records containing personal and other sensitive data that have been in compromised between Jan. 1, 2017, and March 20, 2018. The true tally of victims is likely much greater as many breaches go unreported. According to the Pew Research Center, a majority of Americans (65%) have already personally experienced a major data breach. On the Scoville scale, data breaches, by the nature of their growing exponential threat can be easily categorized at a “Ghost Pepper ” level. Malware: According to Forrester Research’s 2017 global security survey, there are 430 million types of malware online—up 40 percent from just three years ago. The Malware Tech Blog cited that 100,000 groups in at least 150 countries and more than 400,000 machines were infected by the Wannacry virus in 2017, at a total cost of around $4 billion. Malware is ubiquitous and we deal with it. It is a steady “Jalepeno Pepper” on the scale. Ransomware: Cybersecurity Ventures predicts that ransomware damage costs will rise to $11.5 billion in 2019 with an attack occurring every 14 seconds. According to McAfee Lab’s Threat Report covering Q4 2017, eight new malware samples were recorded every second during the final three months of 2017. Cisco finds that Ransomware attacks are growing more than 350 percent annually. Experts estimate that there are more than 125 separate families of ransomware and hackers have become very adept at hiding malicious code. Ransomware is scary and there is reason to panic, seems like a ”Fatali Pepper.” Distributed Denial of Service (DDoS): In 2016, DDoS attacks were launched against a Domain Name System (DNS) called Dyn. The attack directed thousands of IoT connected devices to overload and take out internet platforms and services. The attack used a simple exploit of a default password to target home surveillance cameras, and routers. DDoS is like a “Trinidad Pepper” as it can do quick massive damage and stop commerce cold. DDoS is particularly a frightening scenario for the retail, financial. and healthcare communities. Phishing: Phishing is a tool to infect malware, ransomware, and DDoS. The 2017 Ponemon State of Endpoint Security Risk Report found that 56% of organizations in a survey of 1,300 IT decision makers identified targeted phishing attacks as their biggest current cybersecurity threat. According to an analysis by Health Information Privacy/Security Alert, 46,000 new phishing sites are created every day. According to Webroot, An average of 1.385 million new, unique phishing sites are created each month. The bottom line it is easy anyone to be fooled by a targeted phish. No one is invulnerable to a crafty spear-phish, especially the C-Suite. On the Scoville Scale, Phishing is prolific, persistent, and often causes harm. I rate it at the “Habanero Pepper” level. Protecting The Internet of Things : The task of securing IoT is increasingly more difficult as mobility, connectivity and the cyber surface attack space grows. Most analysts conclude that there will be more than 20 billion connected Internet devices by 2020. According to a study conducted in April of 2017 by The Altman Vilandrie & Company, neary half of U.S. firms using The Internet of Things experienced cybersecurity breaches. Last year, Symantec noted that IoT attacks were up 600 percent. Analysts predict 25 percent of cyber-attacks in 2020 will target IoT environments. Protect IoT can be the “ Carolina Reaper” as everything connected is vulnerable and the consequences can be devastating. Lack of Skilled Cybersecurity Workers : Both the public and private sectors are facing major challenges from a dearth of cybersecurity talent. As companies evolve toward digital business, people with cybersecurity skills are becoming more difficult to find and more expensive for companies to hire and keep . A report out from Cybersecurity Ventures estimates there will be 3.5 million unfilled cybersecurity jobs by 2021. A 2017 research project by the industry analyst firm Enterprise Strategy Group (ESG ) and the Information Systems Security Association (ISSA) found that 70 percent of cybersecurity professionals claimed their organization was impacted by the cybersecurity skills shortage. On the Scoville Scale, I rate the skills shortage as a “Scotch Bonett,” dangerous but perhaps automation, machine learning and artificial intelligence can ease the pain. Insider Threats: Insider threats can impact a company’s operational capabilities, cause significant financial damages, and harm a reputation. The IBM Cyber Security Index found that 60% of all cyber- attacks were carried out by insiders. And according to a recent Accenture HfS Research report 69% of enterprise security executives reported experiencing an attempted theft or corruption of data by insiders over one year. Malicious insider intrusions can involve theft of IP, social engineering; spear-phishing attacks, malware, ransomware, and in some cases sabotage. Often overlooked, insider threats correlate to a “Red Savina Habanero.” Identity Theft : Nearly 60 million Americans have been affected by identity theft, according to a 2018 online survey by The Harris Poll. The reason for the increased rate of identity fraud is clear. As we become more and more connected, the more visible and vulnerable we become to those who want to hack our accounts and steal our identities. We are often enticed via social media or email phishing. Digital fraud and stealing of our identities is all too common and associated closely to data breaches, a “Chocolate Habanero.” Crypto-mining and Theft : Crypto poses relatively new threats to the cybersecurity ecosystem. Hackers need computing power to find and “mine” for coins and can hijack your computer processor while you are online. Hackers place algorithm scripts on popular websites that people innocently visit. You might not even know you are being hijacked. Trend Micro disclosed that Crypto-mining malware detections jumped 956% in the first half of 2018 versus the whole of last year. Also, paying ransomware in crypto currencies seems to be a growing trend. The recent WannaCry and the Petya ransomware attackers demanded payment in bitcoin. On The Scoville Scale, it’s still early for crypto and the threats may evolve but right now a “Tabasco Pepper.” Potential Remedies: Cybersecurity at its core essence is guided by risk management: people, process, policies, and technologies. Nothing is completely invulnerable, but there are some potential remedies that can help us navigate the increasingly malicious cyber threat landscape. Some of these include: Artificial Intelligence and Machine Learning Automation and Adaptive Networks Biometrics and Authentication Technologies Blockchain Cloud Computing Cryptography/Encryption Cyber-hygiene Cyber Insurance Incident Response Plans Information Threat Sharing Managed Security Services Predictive Analytics Quantum-computing and Super-Computing And … Cold Milk The bottom line is that as we try to keep pace with rising cybersecurity threat levels, we are all going to get burned in one way or another. But we can be prepared and resilient to help mitigate the fire. Keeping track of threats on any sale can be useful toward those goals. Chuck Brooks is the Principal Market Growth Strategist for General Dynamics Mission Systems for Cybersecurity and Emerging Technologies. He is also Adjunct Faculty in Georgetown University’s Graduate Applied Intelligence program. Source: https://www.forbes.com/sites/cognitiveworld/2018/09/05/a-scoville-heat-scale-for-measuring-cybersecurity/#15abda233275

View the original here:
A Scoville Heat Scale For Measuring Cybersecurity

Brit teen arrested for involvement in DDoS attack on ProtonMail

George Duke-Cohan was recruited by criminal group Apophis Squad A 19-YEAR-OLD MEMBER of hacking group Apophis Squad has been arrested by British cops. George Duke-Cohan from Watford, who uses the aliases ‘7R1D3N7?, ‘DoubleParalla’ and ‘optcz1?, was identified after the criminal group launched a series of DDoS attacks on Swiss-based encrypted email and VPN provider ProtonMail in June. Writing on the ProtonMail blog, CEO Andy Yen said that a team of security researchers had assisted the firm in investigating those responsible for the attacks. “Our security team began to investigate Apophis Squad almost immediately after the first attacks were launched. In this endeavour, we were assisted by a number of cybersecurity professionals who are also ProtonMail users,” he said. “It turns out that despite claims by Apophis Squad that federal authorities would never be able to find them, they themselves did not practice very good operational security. In fact, some of their own servers were breached and exposed online.” Yen did not go into details about how Duke-Cohan was ‘conclusively’ identified, save to say that “intelligence provided by a trusted source” played a part. The group attacked ProtonMail in June, apparently on a whim, but the attacks intensified after CTO Bart Butler responded to a tweet from the group, saying “we’re back you clowns”. Apophis Squad also attacked Tutanota, another encrypted email provider. Users of ProtonMail email and VPN services saw them briefly disrupted, but “due to the efforts of Radware, F5 Networks, and our infrastructure team, we were able keep service disruptions to a minimum,” Yen said. As a member of Apophis Squad, Duke-Cohan was also involved in making hoax bomb threats to schools and colleges and airlines which saw 400 educational facilities in the UK and USA evacuated and a United Airlines flight grounded in San Francisco in March. He pleaded guilty in Luton Magistrates Court to three counts of making bomb threats and is due to appear before Luton Crown Court on September 21 to face further charges. He also faces possible extradition to the US. Marc Horsfall, senior investigating officer at the National Crime Agency said: “George Duke-Cohan made a series of bomb threats that caused serious worry and inconvenience to thousands of people, not least an international airline. He carried out these threats hidden behind a computer screen for his own enjoyment, with no consideration for the effect he was having on others.” Duke-Cohan’s parents have said he was “groomed” by “serious people” online through playing the game Minecraft. Apophis Squad is thought to be based in Russia. ProtonMail’s Yen said other attackers have also been identified and the authorities notified. “We will investigate to the fullest extent possible anyone who attacks ProtonMail or uses our platform for crime. We will also cooperate with law enforcement agencies within the framework of Swiss law,” he said. Source: https://www.theinquirer.net/inquirer/news/3062293/brit-teen-arrested-for-involvement-in-ddos-attack-on-protonmail

More here:
Brit teen arrested for involvement in DDoS attack on ProtonMail

McDreary? The Future of Medical Call Centers & DDoS

As healthcare’s digital transformation continues, security remains a top priority — especially as distributed denial-of-service (DDoS) attacks target the click-to-call features on websites. Click-to-call defines the services that enable patients to immediately call a hospital or clinic directly from a button on their website, either using a traditional phone service or Voice over Internet Protocol (VoIP) technology. This is different from click-to-callback features, which are used for less pressing medical needs, and is an important differentiation when securing hospital communications from DDoS attacks. Because direct click-to-call scenarios use more resources, such as audio streams and interactive voice response (IVR) systems, these types of connections are much easier to effect using an application-layer DDoS attack. When a DDoS attack affects a healthcare system, click-to-call features are often taken fully offline. If this occurs during a health emergency, the implications can mean life or death. However, click-to-call features also offer enhanced and more personalized engagement in a cost-effective manner, so simply removing them could result in delayed care or service abandonment as well as raise the cost of future care. So what’s the best move? Neustar’s 2017 Worldwide DDoS Attacks and Cyber Insights Research Report found that while 99% of the organizations it surveyed had some sort of DDoS protection in place, the vast majority of them (90%) were planning to invest more than in the previous year, and 36% thought they should be investing even more than that. The same way that keeping protected health information (PHI) secure continues to be of the utmost importance, further steps must be taken to protect healthcare organizations from DDoS attacks. Gated access through proper authentication One of the primary ways healthcare organizations can prevent a DDoS attack is through proper authentication. Proper authentication reduces the attack surface by providing a gate of access to those systems and rules out certain flavors of anonymous attacks. Anonymous DDoS attacks use an open access or resource and distribute/coordinate mass usage of the access, and are challenging to thwart as it is difficult to differentiate an attack from actual usage. Proper authentication provides a simple differentiation. Credential loss is a possible attack vector even with authentication; however, coordinating DDoS attacks with authentication credentials is much more difficult due to the distribution of credentials. For instance, if an attacker has compromised a single access point and distributes the single authentication to all endpoints, a properly protected account could easily thwart an attack with access rate-limiting. Securing Patient Portals Implementing secure patient portals is another way to prevent DDoS attacks on medical call centers. Patient portals require strong authentication. If proper authentication is required before using resources such as call centers and call agents, then the ability to launch a large-scale attack would require numerous credentials. In circumstances where multi-factor authentication is required, the complexity of a successful DDoS attack only increases — thereby making it more difficult to pull off. For example, if a username/password entry into a patient portal required a text or email verification as well — or even a prompt on an installed smartphone application — then the loss of even a large set of credentials could not be used in an attack without also compromising some other form(s) of communication. Since patient portals also contain mass amounts of private data, securing that information to the highest degree in order to safeguard it properly is key and can also help prevent a large-scale attack on a hospital’s click-to-call functionality. What the threat of DDoS attacks means to the global security community Today it’s obviously critical that global security managers remain aware of the daunting DDoS threat. When (not “if”) an attack occurs, critical resources are consumed — sometimes even resources that are unrelated. For example, a DDoS attack against a website might consume networking resources, bringing down a patient portal, and an attack against a patient portal may consume database resources and prevent normal internal operations. DDoS attacks on weak targets are relatively inexpensive for attackers — existing botnets with simple traffic flooding exist and await the next purchase — and simple networking attacks can be thwarted with up-to-date networking equipment front-ending services. However, application-aware and custom attacks are much more expensive to create, and can be made prohibitively expensive by taking simple steps like requiring authentication before allowing access to resource offerings. Additionally, keeping software up-to-date is critical as software flaws are discovered, and quickly updating components is effective at blocking attacks before they can be crafted and deployed. Regularly updating systems and keeping them free of malware not only reduces available botnet size, amplification points and reflection points, but may also prevent a hop-off point for more sophisticated attacks. As more tech companies enter the healthcare field to enable its digitization, and information security continues to be top of mind in every field, it’s important for those in the security industry — some of whom may directly dabble in healthcare — as well as the healthcare organizations themselves to focus on increasing their security measures and to know what they should be doing to prevent this type of communications attack. Source: https://www.infosecurity-magazine.com/opinions/mcdreary-medical-ddos/

Original post:
McDreary? The Future of Medical Call Centers & DDoS

Department of Labour denies server compromise in recent cyberattack

The government department says the attack did not expose any sensitive or confidential information. The South African Department of Labour has confirmed a recent cyberattack which disrupted the government agency’s website. In a statement, the Department of Labour said that a distributed denial-of-service (DDoS) attack was launched against the organization’s front-facing servers over the weekend. According to the department’s acting chief information officer Xola Monakali, the “attempt was through the external Domain Name Server (DNS) server which is sitting at the State Information Technology Agency,” and “no internal servers, systems, or client information were compromised, as they are separated with the relevant protection in place.” The government agency has asked external cybersecurity experts to assist in the investigation. DDoS attacks are often launched through botnets, which contain countless enslaved devices — ranging from standard PCs to IoT devices — which are commanded to flood a domain with traffic requests. When the volume reaches peak levels, this can prevent legitimate traffic from being able to access the same resource, leading to service disruption. Some of the worst we have seen in recent times include the Mirai botnet, made up of millions of compromised IoT devices, which was powerful enough to disrupt online services across an entire country. With the rapid adoption of IoT and connected devices, including mobile products, routers, smart lighting and more, botnets have become more powerful. Unfortunately, many of our IoT products lag behind in security and the use of lax or default credentials, open ports, and unpatched firmware has led to botnets which automatically scan for vulnerable devices online and add them to the slave pool with no-one the wiser. In July, a threat actor was able to create a botnet 18,000 device-strong in only 24 hours. The botnet scanned the Internet for connected devices left unpatched against Huawei router vulnerability CVE-2017-17215. It is not known who is behind the DDoS attack against the government agency. However, News24 reports that hacker “Paladin” may be responsible. The individual reportedly tipped off reporters that the attack was taking place as a test for a “full-scale attack” due to take place in the future against another government website. Paladin is also believed to be responsible for DDoS attacks launched against SA Express, the country’s Presidency domain, and the Department of Environmental Affairs. Source: https://www.zdnet.com/article/department-of-labour-denies-server-compromise-in-recent-cyberattack/

View the original here:
Department of Labour denies server compromise in recent cyberattack

How to Protect Businesses Against DDoS Attacks

Security, for any business today, is important; we, at HackerCombat, have already reported on the rising costs of IT security on the global level. More and more business today invest heavily in security; they have started realizing that without security, it’s almost impossible for any business to flourish in today’s circumstances. We have arrived at a stage when businesses cannot handle security by simply relying on their ISPs. Proactive measures that businesses adopt for ensuring proper and better security really counts. Businesses today are often targeted by DDoS (Distributed Denial of Service) attacks, planned and executed by cybercriminals all the world over. Hence it becomes important that every business today is armed, in all ways possible, to combat DDoS attacks, in the most effective of manners. Let’s discuss how businesses can secure themselves against such attacks. Let’s begin by discussing how DDoS attacks happen and what they are, in the first place… DDoS Attacks: An Introduction The basic principle of a DDoS attack is this- a very large number of requests are sent from several points targeting a network or server, and that too in a very short span of time. This kind of bombardment causes an overload on the server, which consequently leads to the exhaustion of its resources. The obvious result is that the server would fail and sometime would even become inaccessible, thereby causing a total denial of service, hence the name Distributed Denial of Service attack. The main issue, however, is not that the server or network becomes inaccessible; on the other hand, it pertains to the security of the data stored in the network. A DDoS attack makes a server vulnerable and hackers can penetrate the information system and cause huge losses to the business that’s targeted. The cybercriminals behind a DDoS attack can thus make big money at the expense of the company that’s targeted. The motives behind DDoS attacks vary; such attacks could be carried out for political or financial gains, while some such attacks would have retaliation as the sole purpose. Those who look for political gains would target those who hold contradicting political, social or religious beliefs. Crippling them through a well-planned and well-executed DDoS attack would be the motive here. Retaliatory attacks happen when a botnet or a large cybercriminal network is dismantled and those who stood by the authorities need to be targeted. DDoS attacks that are carried out for financial gains follow a simple pattern. Those who want a business targeted would hire the services of cybercriminals who would carry out the DDoS attack. The hackers are paid for the work they do. Well, irrespective of the motive, the end result for the business that’s targeted is always the same. The network and online services become unavailable, sometimes for a short period and sometimes for a really long period of time, and data security also is at risk. How to protect a business from DDoS attacks ISPs may offer layer 3 and layer 4 DDoS protection, which would help businesses save themselves from many volumetric attacks. But most such ISPs fail when it comes to detecting small, layer 7 attacks. That’s why it’s said that businesses should not depend on their ISPs alone for protecting themselves against DDoS attacks. They should be set to implement measures that ensure comprehensive protection against DDoS attacks. Here’s a look at the different things that need to be done to combat DDoS attacks in the most effective of manners: Go for a good solution provider- There are many service providers who provide Layer 3, 4 and 7 protection against DDoS attacks. There are providers of all kinds, ranging from those that offer low-cost solutions for small websites to those that provide multiple coverages for large enterprises. Most of them would offer custom pricing option, based on your requirements. If yours is a large organization, they would offer advanced layer 7 discovery services with sensors to be installed in your data center. Well, always go for a good provider of security solutions, as per your needs. Always have firewall or IPS installed- Modern firewall software and IPS (Intrusion Prevention Systems) claim to provide a certain level of protection against DDoS attacks. The New Generation Firewalls offers both DDoS protection as well as IPS services and thus would suffice to protect you against most DDoS attacks. There, of course, are some other aspects that need to be kept in mind. Your New Generation Firewall might get overwhelmed by volumetric attacks and might not even suffice for layer 7 detections. Similarly, enabling DDoS protection on your firewall or IPS could even impact the overall performance of your system/network in an adverse manner. Use dedicated appliances that fight DDoS attacks- Today, there are many hardware devices that protect you from DDoS attacks. Some of these provide protection against layer 3 and 4 attacks while some advanced ones give protection against layer 7 DDoS attacks. Such appliances are deployed at the main point of entry for all web traffic and they monitor all incoming and outgoing network traffic. They can detect and block layer 7 threats. There are two versions of these hardware solutions- one for enterprises and the other for telecom operators. The ones for enterprises are cost-effective ones while the ones for providers are too expensive. Investing in getting such hardware appliances would always be advisable. It’s always good to go for devices that use behavior-based adaptation methods to identify threats. These appliances would help protect from unknown zero-day attacks since there is no need to wait for the signature files to be updated. Remember, for any organization, big or small, it’s really important today to be prepared to combat DDoS attacks. For any organization that has a web property, the probability of being attacked is higher today than ever before. Hence, it’s always good to stay prepared. Prevention, as they say, is always better than cure! Source: https://hackercombat.com/how-to-protect-businesses-against-ddos-attacks/

Visit link:
How to Protect Businesses Against DDoS Attacks