Tag Archives: ddos news

Data-centres and the DDoS risk

It is imperative that cloud users ensure that their vendor(s) of choice can provide the visibility and protection they need. Cloud adoption continues to accelerate as businesses look to reap the cost, scale and flexibility benefits that are on offer. Whether a business uses a large, well-known public cloud operator or one of the smaller, more focused, specialist cloud / outsourcing organisations they are becoming more reliant on data and application services which are, in most cases, accessible via the Internet. Unfortunately, this means that access to these services is conditional on the availability of connectivity – and a significant threat here is a Distributed Denial of Service (DDoS) attack – a threat that exhausts the resources available to a network, application or service so that genuine users cannot gain access. Increasing attacks on data-centres According to Arbor’s Worldwide Infrastructure Security Report (WISR) the majority of data-centre operators now offer cloud services. In fact they are as common as managed hosting and colocation, demonstrating how rapidly ‘cloud’ has been adopted. Data-centres have been a magnet for DDoS activity for a number of years, but 2016 saw a step change with the WISR indicating that nearly two-thirds of data-centres saw DDoS attacks, with over 20 per cent of those seeing more than 50 attacks per month – a big jump from 8 per cent in 2015. Data-centres are now being targeted more frequently and with larger attacks, and they will only continue to grow. Worryingly, Arbor’s WISR also revealed that 60 per cent of data-centre operators had seen an attack that completely saturated their Internet connectivity last year. This is significant, as if Internet bandwidth is completely saturated then all data-centre infrastructure is effectively cut-off from the outside world – regardless of whether it was a part of the original target. For cloud and data-centre environments ensuring shared infrastructure is protected is of utmost importance given the size and complexity of today’s DDoS attacks. The weaponisation of DDoS has made it easy for anyone to launch a large volumetric or advanced multi-vector attack and this shows through in the data we have from data-centre operators. For example, 60 per cent of data-centres who experienced a DDoS attack in 2016 saw at least one attack that completely saturated their Internet connectivity – effectively disconnecting them, and their customers, from the connected world. The impact of a successful DDoS attack to a data-centre operator can be significant from an operational and customer churn / revenue loss perspective. The proportion of data-centre operators experiencing revenue loss due to DDoS attacks grew from 33 per cent to 42 per cent from 2015 to 2016, with nearly a quarter of data-centre respondents to the WISR indicated that the cost of a successful DDoS attack was in excess of $100K, illustrating the importance of the right defensive services and solutions. Before we discuss defences though, it is almost impossible to right a DDoS related article without mentioning IoT. 2016 was without doubt the year where weaponised IoT botnets came to the fore, with attacks against Dyn and more garnering significant media attention. Cloud processing of IoT related data is driving increases in scale for data-centre connectivity, but IoT devices can just as easily be subsumed into botnets and used to send unwanted DDoS traffic at those same data-centres. Given the numbers of IoT devices out there, the likelihood of an attack against one piece of cloud infrastructure having a broader impact is only going to increase. Combating today’s attackers To deal with high magnitude attacks, in most cases, data-centres need to leverage a cloud or ISP based DDoS protection service –and this is happening. Data-centre operators have been one of the top organisation types driving the growth in cloud and ISP managed DDoS protection services over the past couple of years. The WISR shows us that over a half of data-centre operators now implement layered DDoS protection, a proportion that has been steadily increasing year-on-year. This is the recognised best-practice and allows data-centre operators to protect themselves and their customers from the impact of an attack. Layered DDoS protection employs a cloud and ISP based DDoS protection service to deal with high magnitude attacks, plus a defensive solution at the data-centre perimeter to proactively deal with more focused, advanced attacks. Integrating these two layers together, so that they work in harmony, can provide complete protection from the DDoS threat – protecting the availability of both infrastructure and customer services. In fact, many data-centre operators are now leveraging the protections they have put in place to offer add-on, sticky DDoS protection services to their customers. Businesses are increasingly aware of both their dependence on cloud, and the threat DDoS poses, and are looking to ensure that their providers are adequately protected. Technology and services are however only a part of the solution, having incident response plans in place is also important so that businesses can deal efficiently and effectively with any attack. Arbor’s WISR reveals that 57 per cent of data-centre operators carried out DDoS defence simulations in 2016, up from 46 per cent in 2015. This is very encouraging, as exercising incident responses plans, on at least a quarterly basis, is best-practice. Future security of data centres The data-centres that support cloud application and data services are becoming ever more important to our businesses, but with nearly two-thirds of data-centres experiencing DDoS attacks last year, and over 20 per cent of those seeing more than 50 attacks per month, it has never been more important to ensure the right defences are in place. It is imperative that cloud users ensure that their vendor(s) of choice can provide the visibility and protection they need, and the telemetry that allows them to monitor what is going on. Increasingly customers of cloud services want a holistic view of the threats they face, across the 3 pillars of security and their cloud, on-premise data and applications services. This isn’t easy to achieve, but to balance the benefits of cloud against business risks it is something we need, especially in today’s cyber threat landscape. Source: http://www.itproportal.com/features/data-centres-and-the-ddos-risk/

View article:
Data-centres and the DDoS risk

Ubisoft Servers Hit with DDoS Attack – All Online Titles Affected

It’s been a rough morning for Ubisoft servers, as folks trying to login to Rainbow Six Siege , Ghost Recon Wildlands , For Honor and other popular online titles haven’t had a very high success rate. After initially announcing some general server issues close to 10 a.m., Ubisoft announced officially via Twitter that they are monitoring a DDoS attack. It doesn’t appear that this is related to last night’s Ubisoft server issues, but it appears this DDoS attack has no clear end in sight. The official Ubisoft forums state that they are “taking steps to mitigate this issue,” but that people will experience problems connecting to their games and server latency when they do connect. The forums also confirmt hat this is impacting Rainbow Six siege , Steep , For Honor , Ghost Recon Wildlands and the Uplay PC client as a whole. GameRevolution will update this story as more details become available. Source: http://www.gamerevolution.com/news/338483-ubisoft-servers-hit-ddos-attack-online-titles-affected

Hackers threaten South Korean banks with DDoS attacks following record ransomware payment

The Armada Collective hacking group has issued a ransom demand of approximately $315,000 to seven South Korean banks, threatening to launch distributed denial of service attacks against each of their organizations. The threat came just days after fellow South Korean firm NAYANA negotiated a record $1.01 million ransom payment on June 14 to remedy an unrelated ransomware attack that locked up its systems. The timing of this latest threat has reportedly prompted some observers to wonder if NAYANA’s actions encouraged the Armada Collective to test the resolve of other South Korean companies. Citing financial authorities, the Yonhap News Agency on June 21 named the threatened banks as KB Kookmin Bank, Shinhan Bank, Woori Bank, KEB Hana Bank, NH Bank and two other lenders. The banks were given a deadline of June 26. The Armada Collective has engaged in this behavior before. For instance, in April 2016 Cloudfare published a report detailing an Armada Collective campaign that issued empty DDoS threats against a wide range of businesses extorting hundreds of thousands of dollars in the process. Source: https://www.scmagazine.com/hackers-threaten-south-korean-banks-with-ddos-attacks-following-record-ransomware-payment/article/671377/

Excerpt from:
Hackers threaten South Korean banks with DDoS attacks following record ransomware payment

$1 Million Ransomware Payment Has Spurred New DDoS-for-Bitcoin Attacks

The $1 million ransom payment paid last week by South Korean web hosting company Nayana has sparked new extortion attempts on South Korean companies. According to local media, seven banks have received emails that asked the organizations to pay ransoms of nearly $315,000 or suffer downtime via DDoS attacks. Only five of the seven targets are publicly known, which are also the country’s biggest financial institutions: KB Kookmin Bank, Shinhan Bank, Woori Bank, KEB Hana Bank, and NH Bank. Ransom demands made by Armada Collective The ransom demands were signed by a group of “Armada Collective,” a name that has a long history behind it. The group first appeared in 2015, and they are considered one of the hacker groups that popularized ransom DDoS (RDoS) attacks alongside another group known as DD4BC (DDoS-for-Bitcoin). While Europol apprehended suspects behind the DD4BC group, the people behind Armada Collective were never caught, and their tactics seem to have evolved across time. Armada Collective and RDoS attacks over time Radware, a cyber-security company that tracks RDoS attacks on a consistent basis, says the group has gone through two main stages. In the beginning, the group targeted a small number of targets, all from the same industry, and launched demo DDoS attacks to prove their claims and force the hand of victims into paying the ransom. After a successful extortion of the ProtonMail secure email service in late 2015 that got a lot of media attention, the group appeared to have gone into hiding, but then returned in 2016. This time around, the group’s tactics changed, and Armada Collective — or impostors posing as the group — only made empty threats, targeting a large number of companies, all at the same time, from different sectors, and rarely launched any DDoS attacks to prove their claims. Armada Collective’s RDoS attacks in 2016 were hardly noticed. Because of the group and DD4BC’s success, numerous other actors entered the DDoS ransom market niche, such as New World Hackers, Lizard Squad (copycats), Kadyrovtsy, RedDoor, ezBTC, Borya Collective, and others. Most of these groups issued empty threats, a common theme with RDoS groups in 2016, also continued in 2017, with new groups such as Stealth Ravens, XMR Squad, ZZb00t, Meridian Collective, Xball Team, and Collective Amadeus. Furthermore, empty DDoS threats from groups posing as Anonymous have been the norm for the past two years, with the most recent wave being detected just last week. Nayana’s payment may lead to more attacks on South Korea Last week, Armada Collective’s name resurfaced after a long period of silence. The ransom demands were sent — not surprisingly — just two days after news broke in the international press that a South Korean web hosting company paid over $1 million in a ransomware demand. Nayana’s payment was the largest ransomware payment ever made and may have involuntarily put a giant bullseye on the backs of all South Korean businesses, now considered more willing to pay outrageous ransom demands to be left alone. The Armada Collective ransom letters sent last week to South Korean banks said the group would launch DDoS attacks on the targeted banks today, June 26, and double their ransom demand. At the time of writing, the attacks didn’t take place, based on evidence available in the public domain. Nonetheless, the attackers won’t be discouraged by this initial refusal, and if they truly have the ability to launch crippling DDoS attacks like the ones that targeted ProtonMail, then South Korean banks and other businesses are in for a long summer. Source: https://www.bleepingcomputer.com/news/security/-1-million-ransomware-payment-has-spurred-new-ddos-for-bitcoin-attacks/

See the original post:
$1 Million Ransomware Payment Has Spurred New DDoS-for-Bitcoin Attacks

Dems: FCC DDoS Attack Raises Cybersecurity Questions

Looking for lots more answers on net neutrality docket. If the FCC was subject to multiple DDoS attacks that affected input in the Open Internet comment docket, leading House Democrats say that raises questions about the FCC’s cybersecurity preparedness that need answers. That came in letters to the FCC and National Cybersecurity and Communications Integration Center. “We ask you to examine these serious problems and irregularities that raise doubts about the fairness, and perhaps even the legitimacy, of the FCC’s process in its net neutrality proceeding,” the Democratic legislators said. “Giving the public an opportunity to comment in an open proceeding such as this one is crucial – so that the FCC can consider the full impact of its proposals, and treat everyone who would be affected fairly.” Democratic Sens. Ron Wyden of Oregon and Brian Schatz of Hawaii had asked FCC Chairnman Ajit Pai for an explanation of the attacks. But the response—that they were “non-traditional” attaocks–only created new questions, the letters to the FCC and NCCIC said. That includes: •”What ‘additional solutions’ is the FCC pursuing to ‘further protect the system,’ as was mentioned in the FCC’s response? •”According to the FCC, the alleged cyberattacks blocked ‘new human visitors … from visiting the comment filing system.’ Yet, the FCC, consulting with the FBI, determined that ‘the attack did not rise to the level of a major incident that would trigger further FBI involvement.’ What analysis did the FCC and the FBI conduct to determine that this was not a ‘major incident?’ •”What specific ‘hardware resources’ will the FCC commit to accommodate people attempting to file comments during high-profile proceedings? Does the FCC have sufficient resources for that purpose? •”Is the FCC making alternative ways available for members of the public to file comments in the net neutrality proceeding?” Signing on to the letters were Energy and Commerce Ranking Member Frank Pallone, Jr. (N.J.), Oversight and Government Reform (OGR) ranking member Elijah Cummings (Md.), E&C Communications and Technology Subcommittee Ranking Member Mike Doyle (Pa.), Oversight and Investigations Subcommittee ranking member Diana DeGette (Colo.), OGR Information Technology Subcommittee ranking member Robin Kelly (Ill.), and Government Operations Subcommittee ranking member Gerald Connolly (Va.) Some of the same Dems have asked Republican leadership of the House E&C to hold a hearing on the FCC Web issues. And last month, another group of Democrats called on the FBI to investigate the multiple DDoS attacks the FCC said it had suffered related to the docket. http://www.multichannel.com/news/congress/dems-fcc-ddos-attack-raises-cybersecurity-questions/413693

See original article:
Dems: FCC DDoS Attack Raises Cybersecurity Questions

Why the Internet of Things could lead to the next great wave of DDoS attacks

Businesses should ensure that they are still securely protected against DDoS attacks, despite the recent growth of other trends such as ransomware. That’s the warning from Arbor Networks, which is urging organisations of all sizes to make sure they stay safe online as DDoS attacks are still rife around the world. Speaking to ITProPortal at the recent InfoSecurity Europe 2017 event in London, Arbor CTO Darren Anstee reinforced the need for businesses to maintain their DDoS protection, despite it being hard to predict who might be hit next. “DDoS is all about targeting the availability of those services that modern businesses rely on,” he noted. In order to combat this growing threat, the company recently revealed an updated version of its APS on-premise, distributed DDoS detection and mitigation platform for enterprise customers. The new release includes Arbor’s latest Cloud Signalling tool, which can help reduce the time to attack mitigation, bringing together on-premise and hybrid cloud migration efforts. The Internet of Things is also set to provide a major new threat landscape for DDoS attacks, Arbor Networks believes, with past attacks such as Mirai and Dyn showing the potential for chaos. “There are a lot of IoT DDoS attacks going on out there”, Anstee says, noting that most people only hear about these assaults when a big brand is affected. Poor regulation of IoT products has not helped with the spread of potential attacks, with many consumers unaware that the items they are buying will pose some kind of security risk. But Anstee says that commercial pressure could instead play a big role in changing the current landscape, as vendors often return to market trends faster than regulatory pressure. “If you want things to change quickly, you have to get people to get security implemented into their buying process,” he notes, adding that it is a “valid worry” that IoT attacks could scale to affect areas such as smart cities and infrastructure networks soon. “We are going to see IoT devices being used for more nefarious purposes over the next few years…I don’t see the problem going away”. As the recent WannaCry ransomware attack showed, however, businesses need to be protected against all kinds of threats. Anstee noted that ransomware should remain a major concern for companies both large and small likely to be targeted. “It’s a numbers game when it comes to ransomware,” he noted, “it is a very broad brush – if just one or two people pay, it makes it all worthwhile.” In order to stay protected, there are several central steps that companies can take, Anstee added. This includes network segmentation, which would allow infections such as WannaCry to be quickly and easily contained. “It’s not a sexy topic, but it needs to happen in many businesses,” he says. “We’ve all focused on agility, and flattening network infrastructure…but this is really important, as it can stop such attacks propagating within networks, if it’s done properly.” But companies also need to ensure they have proper IT risk management systems, with Anstee noting that some infections WannaCry could have been blocked quickly if proper processes had been in place – and various departments had communicated properly. “You can’t really blame anyone for this,” he concludes, “it really is a lot about talking to each other.” Source: http://www.itproportal.com/news/why-the-internet-of-things-could-lead-to-the-next-great-wave-of-ddos-attacks/

Taken from:
Why the Internet of Things could lead to the next great wave of DDoS attacks

Risk Management Pros Say an IoT Security Incident Could Be Catastrophic

A recent survey by the Ponemon Insitute and the Shared Assessments Program of 553 people with a role in risk management in their organizations found that 94 percent of those surveyed said a security incident related to unsecured IoT devices or applications could be catastrophic. Still, just 44 percent of respondents said their organization has the ability to protect their network or enterprise systems from risky IoT devices, and only 25 percent said their boards require assurances that IoT risks are being appropriately assessed, managed and monitored. Additionally, 77 percent of respondents said they don’t consider IoT-related risks in their third party due diligence, and 67 percent don’t evaluate IoT security and privacy practices before engaging in a business relationship. Just 30 percent of respondents said managing third-party IoT risks is a priority in their organization. “Ready or not, IoT third party risk is here,” Shared Assessments senior vice president Charlie Miller said in a statement. “Given the proliferation of connected devices, today’s cyber climate is evolving and organizations have to shift their focus to the security of external parties, now more than ever.” “In order to avoid becoming the next big headline, our security tactics have to evolve along with the threats,” Miller added. “New technology and practices are needed to ensure security, and this starts by communicating the risks to the right people and acknowledging potential devastating outcomes when engaging with a third party. Avoiding these problems can no longer be the solution.” Preventative Measures In response, the report urges organizations to take the following key steps: Ensure inclusion of third-party and IoT risks occurs at all governance levels including the board. Update asset management processes and inventory systems to include IoT devices, and understand the security characteristics of all inventoried devices. When devices are found to have inadequate security controls, replace them. Continue to leverage and enhance contracts and policies and expand scope to include IoT specific requirements. Expand third-party assessment techniques and processes to ensure presence and effectiveness of controls specific to IoT devices. Develop specific sourcing and procurement requirements to ensure only IoT devices that are designed with security functions included and enabled are considered for product selection or acquisition. Devise new strategies, technologies and tactics directed specifically at reducing threats posed by IoT devices. Collaborate with industry experts, peers, associations and regulators to ensure IoT risk management best practices are devised, communicated and implemented. Include IoT in communication, awareness and training at all levels: board, executive, corporate, business unit and third-party. Recognize the increasing dependence on technology to support the business and the risk posed by this dependence. Embrace new technologies and innovations, but not at the expense of security, and ensure security controls are included as fundamental and core requirements. Seventy-two percent of respondents said the pace of innovation in IoT and the varying standards for security make it hard to ensure the security of IoT devices and applications, and 65 percent said the drive for innovation in the IoT ecosystem requires new approaches to IT strategies and tactics. Breaches and DDoS Attacks Strikingly, 78 percent of respondents said a data breach involving an unsecured IoT device is likely to occur within the next two years, and 76 percent said the same of a DDoS attack involving an unsecured IoT device. The concerns come as DDoS attacks become more and more frequent — according to Nexusguard’s Q1 2017 DDoS Threat Report, DDoS attack frequency surged by 380 percent in the first quarter of 2017, compared to the same time period the previous year. The percentage of days with attacks larger than 10 Gbps rose significantly between January 2017 (48.39 percent) and March 2017 (64.29 percent). Radware vice president of security Carl Herberger told eSecurity Planet by email that the rapid proliferation of unsecured IoT devices is driving the increase in DDoS attacks. “The Mirai attack made headlines last year, but it should not be considered a one-off,” he said. “Instead, this event was a predictor of what is to come.” “Hackers are constantly developing new ways to leverage connected devices with little to no security protections to form larger and larger botnets that are able to execute dangerous and sizable DDoS attacks,” Herberger added. “We’ve seen various botnets appear over the last year, including Hajime, BricketBot and Persirai, demonstrating that IoT devices have become a new battleground for hackers.” “Until manufacturers, the government, and consumers take a hard look at IoT security, the threat of bigger, more frequent IoT-fueled DDoS attacks will only loom larger,” Herberger said. Source: http://www.esecurityplanet.com/network-security/risk-management-pros-say-an-iot-security-incident-could-be-catastrophic.html

DDOS Attacks on the Rise

Distributed Denial of Service (DDoS) attacks leverage compromised devices to generate a flood of traffic, overwhelming online services and rendering them unresponsive. DDoS services are widely available on the internet, with research by Trend Micro finding that the small cost of US$150 can buy a DDoS attack for a week. (It also brings organised crime into your life – but that’s a different point!) The latest statistics from Cisco reveal that the number of DDoS attacks grew by 172% in 2016. Combine this with an average DDoS attack size of 1.2Gbps, capable of taking most organisations offline, and there is real cause for concern among cyber security experts. It is hard to trace DDoS attacks to their proprietors, as the majority of devices used in attacks belong to innocent users. Organisations must understand the risk and impact posed by DDoS attacks, and implement mitigation strategies that promote business continuity in the face of these attacks. Industry peers must share knowledge where appropriate, and keep government agencies adequately informed, to deter hackers from launching a DDoS attack. Cisco expects that the number of DDoS attacks in the future will only get worse, with 3.1 million predicted attacks in 2021 globally. Source: http://www.natlawreview.com/article/ddos-attacks-rise

See the original article here:
DDOS Attacks on the Rise

It’s 2017, and UPnP is helping black-hats run banking malware

Pinkslipbot malware copies Conflicker for C&C channel Another banking malware variant has been spotted in the wild, and it’s using UPnP to pop home routers to expose unsuspecting home users, recruited as part of the botnet.…

Read the article:
It’s 2017, and UPnP is helping black-hats run banking malware

Bigger & smaller – DDoS threats here to stay with conflicting trends

The noise created by distributed denial of service attacks is higher than ever – with vendors and attackers complicating the picture – but what do enterprises need to worry about? Distributed Denial of Service (DDoS) attacks were one of the most talked about threats at InfoSecurity Europe 2017. One of the things vendors couldn’t agree on however, is the trend for their size and thus whether we should be defending against increasing numbers of small attacks or more frequent mega-attacks. Corero Network Security, who met with SC during the conference, said in a press release that, “the greatest DDoS risk for organisations is the barrage of short, low volume attacks which mask more serious network intrusions”. Research from the firm says that “despite several headline-dominating, high-volume DDoS attacks over the past year, the vast majority (98 percent) of the DDoS attack attempts against Corero customers during Q1 2017 were less than 10 Gbps per second in volume.” It added: “they are just disruptive enough to knock a firewall or intrusion prevention system (IPS) offline so that the hackers can target, map and infiltrate a network to install malware and engage data exfiltration activity.” Ashley Stephenson, CEO at Corero Network Security, explains: “Short DDoS attacks might seem harmless, in that they don’t cause extended periods of downtime. But IT teams who choose to ignore them are effectively leaving their doors wide open for malware or ransomware attacks, data theft or other more serious intrusions. Just like the mythological Trojan Horse, these attacks deceive security teams by masquerading as a harmless bystander – in this case, a flicker of internet outage – while hiding their more sinister motives.” DDoS protection has traditionally been something that major enterprises were able to deploy by having their traffic run through a supplier network at huge cost. The alternative was to switch traffic over to their DDoS protection provider in the event of an attack – but this could cause a delay of about 20 minutes while the company under attack found who to call and explain what was happening, the whole time that the attack was escalating. Instead, Laurent Gil, co-founder at Zenedge, explained to SC Media UK how his company’s approach to DDoS protection is different. “We have an always-on monitoring system on the cloud so there is nothing to install for the customer, it’s the same SSL as an ‘always on’ solution, but always on in the cloud for monitoring and analysing of traffic patterns and when the early signs of an attack are spotted, we automatically re-route traffic to our scrubbing centre within 60 seconds – down from the 20 minutes it takes non-automated systems,” Gil told SC. He added that because the traffic only switched on demand, when there is an attack, it is less cost than if it had to be handled all the time and with a 60 second response, it still mitigated against the attack ramping up. “It’s a tectonic shift in the market,” says Gil, adding, “We we can onboard many more enterprises, without them spending millions of dollars, which is what’s needed for a for mid-market enterprise. DDoS protection did not exist for these companies because they couldn’t afford it. It’s not that the traditional prime protection providers are losing revenues, but the market is much wider now than it was previously.” In contrast to Corero, veteran vendor Imperva, hosted sessions which could be misconstrued as ‘humble-brags’ named “how we stopped a 650Gbps DDoS attack over lunch”. Imperva points out that the source code of the Mirai botnet going open source has meant that the Tools, Tactics and Procedures (TTP) of botnet criminals have taken a step up. And naturally, it is prepared to protect against this threat with one of it’s “behemoth” data centre appliances. Imperva’s Robert Hamilton, director of product marketing, hosted the sessions and said “DDoS attacks aren’t going away anytime soon”. Raj Samani, chief scientist of Mcafee told SC: “The number is completely subjective. When we saw the beginnings of DDoS as an extortion tactic it was brushed off since the throughput wasn’t significant enough to worry most enterprises, then all of a sudden the firepower increased to in excess of 50Gbps. Whilst this number for many organisations can be easily managed (as we saw with DDoS providers withstanding 620Gbps attacks), the reality is that the firepower of DDoS attacks are on the up. What is the magic number that will cause concern? Well, it will be whatever hasn’t been tested against!” That may be the case, but then Akamai, another DDoS protection giant says in its Q1 2017 State of the Internet report that “the mega attacks are outliers that represent the limits enterprises must be prepared to defend against. However, the overwhelming number of smaller attacks means that these mega attacks have little impact on the trend lines that defend the median attack size, which is a better indicator of what an organisation is most likely to see.” Akamai raises another important point: the rise in use of IoT devices which are compromised for malicious use – such as using an “internet-enabled toaster to mine bitcoins” – are likely to end up contributing to harsher DDoS attacks as these devices are eventually recruited into the mega-botnets which carry out such attacks. A new report from Kaspersky Lab, also released after InfoSec, shows that when organisations are attacked by a DDoS, “customer-facing resources suffer more in banking, than in any other sector.” “For example, 49 per cent of banks that have suffered a DDoS attack have had their public website affected (compared to 41 percent of non-financial institutions) and 48 percent have had their online banking affected when they’ve been targeted by DDoS.” “Recovering from DDoS is also more expensive for banks than non-financial organisations. The report shows that a DDoS incident can cost a financial institution US$ 1,172,000 (£917,427) to recover from, compared to US$ 952,000 (£745,000) for businesses in other sectors.” Kirill Ilganaev, head of Kaspersky DDoS Protection, Kaspersky Lab said in a press release, “In the banking sector reputation is everything, and security goes hand-in-hand with this. If a bank’s online services come under attack, it is very difficult for customers to trust that bank with their money, so it’s easy to see why an attack could be so crippling. If banks are to protect themselves effectively from the price tag of an online banking cybersecurity incident, they first need to become more prepared for the dangers DDoS attacks pose to their online banking services. This threat should be featuring higher on banks’ security priorities.” Kaspersky Lab is encouraging financial institutions to share security intelligence to be better prepared for dealing with the threat of an attack on their online banking services. Source: https://www.scmagazineuk.com/bigger-smaller–ddos-threats-here-to-stay-with-conflicting-trends/article/668725/

Read this article:
Bigger & smaller – DDoS threats here to stay with conflicting trends