Tag Archives: ddos news

Did hackers fix the Brexit vote with DDoS?

The concerns around nation-state hackers echoes recent concerns regarding the US and French presidential elections. A new report has raised concerns about the possible interference by nation-state hackers in the run-up to the Brexit vote. The Commons Public Administration and Constitutional Affairs Committee (PACAC) said that MPs were concerned about foreign interference in last year’s Brexit vote. Although the report does not specifically identify the hackers or malicious actors responsible, it was noted that Russia and China were known to launch cyber attacks based on an understanding of mass psychology. Many will note that the report echoes the recent claims and concerns surrounding Russia and its influence in the US and French presidential elections. The report was launched to investigate the outage of the voter registration government website, with the outage hitting on one of the last days in the run-up to the vote, June 7. The government was forced to extend the deadline to register to vote in the EU referendum, allowing two further days for people to register. The outage left tens of thousands of potential voters unable to complete registration, sparking a major voter registration row amongst the UK government and the Electoral Commission. Debate was further fuelled by arguments that the outage may disenfranchise voters and swing important votes. John Rakowski, Director of Technology Strategy at AppDynamics, said at the time: “”Digital technology has revolutionised the way we interact with organisations – from shopping to banking, and now voting. The impact of young voters on the outcome of the EU referendum is unquestionable and technology plays a vital role. It’s unacceptable that thousands of Brits were left unable to vote due to an IT glitch that should have been anticipated and planned for months ago.” Although an IT glitch was blamed at the time of the outage, the new report by MP’s points to a possible DDoS attack, but downplays its role in the referendum outcome. “The crash had indications of being a DDOS ‘attack’. We understand that this is very common and easy to do with botnets… The key indicants are timing and relative volume rate,” the committee’s report said. While the committee did not point the Brexit finger of blame at the website outage, it did note that lessons must be learned. While pointing to other nation states, the MP’s report said that it was crucial that the lessons learnt from this incident must extend past the purely technical. “The US and UK understanding of ‘cyber’ is predominantly technical and computer network-based,” the report said. “For example, Russia and China use a cognitive approach based on understanding of mass psychology and of how to exploit individuals. “The implications of this different understanding of cyber-attack, as purely technical or as reaching beyond the digital to influence public opinion, for the interference in elections and referendums are clear. “PACAC is deeply concerned about these allegations about foreign interference,” the report concluded. However, due to the simplistic nature of the supposed DDoS attack on the voter registration site, many experts are saying that it is not the work of state hackers. “This is a very serious allegation, and it should be thoroughly investigated by all appropriate means. However, I doubt that a serious actor, such as a nation state for example, can be behind this particular DDoS attack,” said Ilia Kolochenko, CEO of web security firm, High-Tech Bridge. “Governments have enough technical and financial resources to create smart botnets, simulating human behavior that would be hardly distinguishable from legitimate website visitors. Running a classic DDoS attack is too coarse, and would rather attract unnecessary attention to the external interference, trigger investigations and all other outcomes that smart attackers would avoid at any price.” Source: http://www.cbronline.com/news/cybersecurity/breaches/hackers-fix-brexit-vote-ddos/

See original article:
Did hackers fix the Brexit vote with DDoS?

Spanish cops snatch suspected top spammer as US moves against Kelihos botnet

Trump hacking claims look like red herring Police in Barcelona have arrested a man suspected of being one of the web’s top spammers and the possible operator of a major botnet.…

Read More:
Spanish cops snatch suspected top spammer as US moves against Kelihos botnet

Identifying the three steps of DDoS mitigation

It’s not a matter of if you’re going to be DDoS attacked, it’s a matter of when – many APAC organisations fail to understand the threat and quantify the risk – right-sizing and verifying the solution is a must. When an attack occurs, the mature organisation is prepared to effectively mitigate the attack – protecting themselves (and in turn their clients and partners) from unacceptable financial and reputational impact. Let us look at these three steps, understand, quantify and mitigate, in detail. 1.Understand the threat The threat imposed by DDoS attacks in APAC is more significant than global counterparts. A recent Neustar survey showed that 77 percent of organisations within APAC have been attacked at least once, compared to 73 percent globally. Organisations within the region are also getting attacked more frequently, with 83 percent of those attacked being attacked more than once, and 45 percent having been attacked more than six times. In addition, attack sizes are steadily growing. In 2015, the average attack size identified by Neustar was about 5GB per second. By September 2016, average attack sizes had reached up to 7GB per second – and this was prior to the Mirai driven – IoT fuelled attacks – like those on Krebs, OVH and Dyn. Given this, we should expect a considerable rise in the mean size of volumetric attacks during 2017. We’ve also seen a steady increase in the number of multi-vector attacks – which now equates to about 50 percent of all DDoS attacks. In a multi-vector attack – the criminals are potentially aiming to distract an organisation with the DDoS attack while they go after their main target. They use the DDoS attack to draw away the organisations defensive capacity while they plant ransomware, breach the network or steal valuable data. Within APAC, compared to the global average of 25 percent, network breaches associated with a multi-vector attack is sitting at 33 percent, according to Neustar’s own data. This begs the question, are APAC organisations deficient when it comes to perimeter protection? When dealing with an attack, speed is critical. But surprisingly, within APAC, on average almost half of all organisations take over three hours to detect an attack and an additional three hours to respond. This is significantly higher than the global average of 29 percent and 28 percent respectively. Worryingly, slow detection and response can lead to huge damages financially. Around half of all organisations stand to lose an average of $100,000 per hour of peak downtime during an attack. To exacerbate this, half the attacked organisations were notified of the attack by a third party, inflicting additional potential reputational damage. 2.Quantify the risk If a person goes to insure their car, they’re not going to over or underinsure it. That is, they’re not going to pay a premium associated with a higher value car – if the car gets written-off, they’re only going to get the value of the car, not the extra value associated with the premium. Alternatively, if they are underinsured, they’re not going to get back the full value of the car – they will need to pay an additional amount to replace the car. When looking at a DDoS environment, it is a similar scenario. An organisation will want to make sure it understands the level of risk and apply the right mitigation and the right cost to protect that risk. Paying the cost for a DDoS mitigation that exceeds their requirements is like over insuring the car – you are paying a premium for a service that does not match your level of risk/potential loss. Similarly, implementing a DDoS mitigation that does not cover the risk will likely lead to additional costs, resulting from greater organisational impact and additional emergency response activities. Risk management is critical – rightsizing is a must – organisations need to prepare and implement a sound mitigation plan. To understand the severity of the risk DDoS imposes, organisations must quantify both probability and impact – tangible and intangible – and know the risk appetite and technical environment of the organisation. Once this information is gathered and the severity of the risk is understood, there are three key critical elements of producing a good mitigation plan that must be enacted: detection, response and rehearsal. 3.Mitigate the attack Detection; Timely detection is critical – slow detection greatly increases potential financial and reputational loss, and allows the attackers valuable time to initiate other attack vectors. Fortunately, there are several technologies out there that can be used to monitor both the physical and cloud-based environment. For example, organisations can use Netflow monitoring on border routers to detect a volumetric attack, or provide this data to a third-party for analysis and detection. Organisations can also look at using appliances to conduct automatic detection and response, again managed internally or by a third-party. In a cloud environment, there are plenty of cloud monitoring tools out there that allow companies to identify degradation and performance, CPU utilisation and latency, giving them an indication of when an attack occurs. Response; There are many DDoS mitigation solutions available, allowing organisations to match the solution to their requirements. In selecting a mitigation solution, it is important to review a complete range of options, and align the selected solution to the organisation’s risk exposure and technology infrastructure. For example an organisation operating in the cloud with a moderate risk exposure, might opt for a cloud based solution, pay-on-occurrence model. While a financial services company, operating its own infrastructure and exposed to substantial financial and reputational risk, would look for a hybrid solution, providing the best time to mitigate, low latency and near immediate failover to cloud mitigation for large volumetric attacks. Rehearsing; Once a DDoS mitigation service is selected and implemented, the detection and mitigation plan must be document and verified through testing. The frequency of testing a mitigation plan should be dependent on the level of risk. If in a high-risk environment, a business might want to rehearse monthly or quarterly. In a lower-risk environment, the organisation might stretch it out to yearly or biannually. By understanding the threat, quantifying the risk to the organisation and implementing a right-sized mitigation solution organisations can effectively and efficiently mitigate the risk of DDoS attacks. A well implemented and tested plan will protect an organisation from both financial and reputational damage, discouraging attackers, leading the wolf from your door, leaving them hunting for a softer target. Source: http://www.cso.com.au/article/617417/identifying-three-steps-ddos-mitigation/

Read the original post:
Identifying the three steps of DDoS mitigation

Identifying the three steps of DDoS mitigation

It’s not a matter of if you’re going to be DDoS attacked, it’s a matter of when – many APAC organisations fail to understand the threat and quantify the risk – right-sizing and verifying the solution is a must. When an attack occurs, the mature organisation is prepared to effectively mitigate the attack – protecting themselves (and in turn their clients and partners) from unacceptable financial and reputational impact. Let us look at these three steps, understand, quantify and mitigate, in detail. 1.Understand the threat The threat imposed by DDoS attacks in APAC is more significant than global counterparts. A recent Neustar survey showed that 77 percent of organisations within APAC have been attacked at least once, compared to 73 percent globally. Organisations within the region are also getting attacked more frequently, with 83 percent of those attacked being attacked more than once, and 45 percent having been attacked more than six times. In addition, attack sizes are steadily growing. In 2015, the average attack size identified by Neustar was about 5GB per second. By September 2016, average attack sizes had reached up to 7GB per second – and this was prior to the Mirai driven – IoT fuelled attacks – like those on Krebs, OVH and Dyn. Given this, we should expect a considerable rise in the mean size of volumetric attacks during 2017. We’ve also seen a steady increase in the number of multi-vector attacks – which now equates to about 50 percent of all DDoS attacks. In a multi-vector attack – the criminals are potentially aiming to distract an organisation with the DDoS attack while they go after their main target. They use the DDoS attack to draw away the organisations defensive capacity while they plant ransomware, breach the network or steal valuable data. Within APAC, compared to the global average of 25 percent, network breaches associated with a multi-vector attack is sitting at 33 percent, according to Neustar’s own data. This begs the question, are APAC organisations deficient when it comes to perimeter protection? When dealing with an attack, speed is critical. But surprisingly, within APAC, on average almost half of all organisations take over three hours to detect an attack and an additional three hours to respond. This is significantly higher than the global average of 29 percent and 28 percent respectively. Worryingly, slow detection and response can lead to huge damages financially. Around half of all organisations stand to lose an average of $100,000 per hour of peak downtime during an attack. To exacerbate this, half the attacked organisations were notified of the attack by a third party, inflicting additional potential reputational damage. 2.Quantify the risk If a person goes to insure their car, they’re not going to over or underinsure it. That is, they’re not going to pay a premium associated with a higher value car – if the car gets written-off, they’re only going to get the value of the car, not the extra value associated with the premium. Alternatively, if they are underinsured, they’re not going to get back the full value of the car – they will need to pay an additional amount to replace the car. When looking at a DDoS environment, it is a similar scenario. An organisation will want to make sure it understands the level of risk and apply the right mitigation and the right cost to protect that risk. Paying the cost for a DDoS mitigation that exceeds their requirements is like over insuring the car – you are paying a premium for a service that does not match your level of risk/potential loss. Similarly, implementing a DDoS mitigation that does not cover the risk will likely lead to additional costs, resulting from greater organisational impact and additional emergency response activities. Risk management is critical – rightsizing is a must – organisations need to prepare and implement a sound mitigation plan. To understand the severity of the risk DDoS imposes, organisations must quantify both probability and impact – tangible and intangible – and know the risk appetite and technical environment of the organisation. Once this information is gathered and the severity of the risk is understood, there are three key critical elements of producing a good mitigation plan that must be enacted: detection, response and rehearsal. 3.Mitigate the attack Detection; Timely detection is critical – slow detection greatly increases potential financial and reputational loss, and allows the attackers valuable time to initiate other attack vectors. Fortunately, there are several technologies out there that can be used to monitor both the physical and cloud-based environment. For example, organisations can use Netflow monitoring on border routers to detect a volumetric attack, or provide this data to a third-party for analysis and detection. Organisations can also look at using appliances to conduct automatic detection and response, again managed internally or by a third-party. In a cloud environment, there are plenty of cloud monitoring tools out there that allow companies to identify degradation and performance, CPU utilisation and latency, giving them an indication of when an attack occurs. Response; There are many DDoS mitigation solutions available, allowing organisations to match the solution to their requirements. In selecting a mitigation solution, it is important to review a complete range of options, and align the selected solution to the organisation’s risk exposure and technology infrastructure. For example an organisation operating in the cloud with a moderate risk exposure, might opt for a cloud based solution, pay-on-occurrence model. While a financial services company, operating its own infrastructure and exposed to substantial financial and reputational risk, would look for a hybrid solution, providing the best time to mitigate, low latency and near immediate failover to cloud mitigation for large volumetric attacks. Rehearsing; Once a DDoS mitigation service is selected and implemented, the detection and mitigation plan must be document and verified through testing. The frequency of testing a mitigation plan should be dependent on the level of risk. If in a high-risk environment, a business might want to rehearse monthly or quarterly. In a lower-risk environment, the organisation might stretch it out to yearly or biannually. By understanding the threat, quantifying the risk to the organisation and implementing a right-sized mitigation solution organisations can effectively and efficiently mitigate the risk of DDoS attacks. A well implemented and tested plan will protect an organisation from both financial and reputational damage, discouraging attackers, leading the wolf from your door, leaving them hunting for a softer target. Source: http://www.cso.com.au/article/617417/identifying-three-steps-ddos-mitigation/

Read the original post:
Identifying the three steps of DDoS mitigation

Why hardware configurations could be the downfall of IoT

According to Trend Micro, The Internet of Things is opening up new opportunities for businesses as well as introducing a new era of convenience for consumers. However, in a blogpost, they warn of issues that can lead to the downfall of IoT and called for countries stiving to be a smart nation to be wary. More than 24 billion IoT devices will connect to each other and the internet by 2020, according to Business Insider, and that’s a conservative estimate. The Motley Fool noted that other tech giants are predicting anywhere from 50 billion to 200 billion IoT devices within the next three years. One thing is clear: The IoT is going to be big, and require a lot of management. After all, handling devices the wrong way could leave security gaps in your network. Hardware configurations could be the downfall of IoT, and it’s important for you to enable your systems appropriately. Systems at risk Most devices, including routers and printers, come with preset, easy passwords and inactivated security capabilities. A number of organizations may simply install this hardware without changing the standard authorizations, leaving significant holes that attackers can exploit. This type of situation is only magnified by the number of active IoT devices. After all, who wants to configure every sensor or create a firewall for their coffee maker? However, you must do exactly that to enable IoT without compromising security. IoT technology is still developing, and you must ask critical questions to understand how these devices handle your sensitive information. The Global Privacy Enforcement Network Privacy Sweep found that it wasn’t clear how IoT devices collected, used and disclosed information. Many companies also neglect to explain how user data would be secured or how to delete personal information. With so many entry points to your network, your system could be at risk if you don’t have definitive answers concerning their requirements and capabilities. “If you think your IoT devices aren’t at risk, you’re wrong.” Sitting targets for malicious attacks Unsecured IoT devices are gateways for hackers to stroll into your critical business systems and execute attacks on a larger scale. In fact, major internet services including Twitter, Spotify and Netflix were disrupted when an attacker leveraged IoT devices to deliver a series of massive DDoS attacks to Dyn. According to Fast Company, the hacker leveraged the digital traffic from internet-enabled hardware and sent the noise to the domain name service provider, disrupting its ability to translate addresses into IP networks. Hundreds of thousands of cameras, routers, DVRs and other household appliances were used to carry out this attack. Security experts had warned that such a situation could occur, serving as a reminder why hardware configurations are critical for business and user security. If you think your IoT devices aren’t at risk, you’re wrong. Attackers can use tools like Shodan to easily search for exposed cyber assets. Trend Micro noted this system can show a hacker any connected device’s IP address, application and firmware versions as well as other critical information to make it easier to compromise. This research also found web servers, webcams, wireless access points and routers were the most unsecured cyber assets in the top 10 most populous U.S. cities. Protecting your IoT devices Security capabilities across IoT devices will only continue to improve, but in the meantime, organizations must take steps to protect this hardware. The first step is to configure your equipment correctly to your business and set passwords that will be difficult for a hacker to guess. You should also leverage data breach systems to detect unusual behavior within your network as it occurs. This solution will help catch malicious access to your IoT devices, enabling you to act quickly to reinstate and improve security. Source: http://www.networksasia.net/article/why-hardware-configurations-could-be-downfall-iot.1491403560

Read this article:
Why hardware configurations could be the downfall of IoT

Recognizing the New Face of Cyber-Security

Threats, risks and dangers related to cyber-security are changing. CIOs must respond with a well-defined strategy and the right mix of processes and tools. Over the past few years, digital technologies have rippled through the business world and unleashed unprecedented innovation and disruption. Yet today’s technology framework also has put businesses in the crosshairs and created new levels of risk. No longer are cyber-threats thwarted by clearly defined perimeters such as firewalls. No longer are malware and cyber-attacks blocked by traditional security tools designed to identify specific viruses and code. “It’s an entirely different landscape,” observes Oswin Deally, vice president of cyber-security at consulting firm Capgemini. To be sure, mobility, clouds, the internet of things (IoT) and the increasingly interconnected nature of business and IT systems have radically changed the stakes. There’s a growing need for security transformation. Yet, at the same time, attacks are becoming more insidious and sophisticated. Phishing, spear-phishing, whaling, ransomware, hacking, hacktivism and corporate espionage are now mainstream problems. Data breaches and DDoS attacks are a daily concern. “Cyber-security has moved from a compliance and regulatory topic to front-page headline news,” says Dan Logan, director of enterprise and security architecture for Tata Consultancy Services (TCS). No Space Is Safe The scope of today’s cyber-security challenge is mind-boggling. Gartner predicts that more than 8.4 billion IoT devices will be used in 2017, and the number will swell to more than 20 billion by 2020. Meanwhile, 74 percent of organizations now store some, if not all, sensitive data in the public cloud, according to a February 2017 Intel Security study. Not surprisingly, the stakes are growing, and achieving digital transformation while ensuring security is not a simple task. An October 2016 Ponemon Institute study found that the average cost of cyber-crime to a large organization in the United States rose to more than $17 million in 2016. An interconnected world with intertwined data means that threats can come from anywhere at any time. Business disruption, information loss, a diminished brand image and revenue, and damage to equipment are constant risks. Nevertheless, organizations are struggling to keep up. Ponemon points out that only 39 percent of companies deploy advanced backup and recovery operations, though it reduces the average cost of cyber-crime by nearly $2 million. Similarly, only 28 percent of companies have a formal information governance program, though this typically reduces the cost of cyber-crime by nearly $1 million. Capgemini’s Deally says that a starting point for dealing with today’s threat landscape is to recognize that there are two primary areas to focus on: business-driven events and threat-driven events. The former revolves around things like digital commerce, innovation, intellectual property, products and supply chains that present targets and create risks for the enterprise. The latter encompasses attack methods and vectors, including email, mobile devices, the IoT, and other systems and software. “It is becoming more and more of a borderless world where the devices that drive productivity also represent risk,” he points out. CIOs and other enterprise leaders must understand business and technology intersection points and how they introduce risks at various levels—from application security to APIs and network design to clouds. It’s also important to clearly understand business and data assets and identify priorities in terms of value, sensitivity and risk. Not all data is created equal and not all systems require equal protection. This approach, when layered over specific industry risks, begins to deliver some clarity about how and where to focus a cyber-security strategy and select the right protections and processes. o be sure, cyber-security must take a multilayered approach, and it must focus on defense-in-depth. One of today’s challenges is that intruders may gain entry to a network through a vulnerability or breach and worm their way through systems and files over a period of weeks, months or years. These advanced persistent threats (APTs) use multiple tools, technologies and methods to take intrusions to a deeper and more dangerous level. In some cases, the intruders may never make their presence known. They simply pull information—everything from employee or customer data to intellectual property—to perpetuate attacks that monetize their efforts. Secure Horizons CIOs and other enterprise leaders must ultimately focus on strategies that rely on multiple tools, technologies and methods to address the problem on several fronts. This may include everything from reviewing privileges and reexamining authentication methods to analyzing coding practices and reviewing the way encryption is used for data at rest and in transit. It could also address everything from vendor relationships to coding practices. For example, as organizations migrate to DevOps, it’s possible to use automated code scanning to detect vulnerabilities before software goes live. In addition, emerging cyber-security tools use artificial intelligence (AI), machine learning or deep learning, along with analytics, to detect unusual behavior and patterns. If an employee logs in at an unusual time from an unknown device or IP address, the system may require re-authentication. However, TCS’ Logan also stresses the urgency of employee education and training. Many of today’s breaches are caused by inattentive employees, sometimes even those in the C-suite, who click a link and infect a system with malware, including ransomware. In other cases, employees circumvent policies because they interfere with their work, or they turn to shadow IT and rogue applications to complete work easier or faster. “Ongoing employee education about phishing—and the use of anti-phishing campaigns that send test emails to users and then respond to clicks with just-in-time education—is an effective addition to employee security awareness efforts,” Logan says. Likewise, intelligence sharing services can help organizations identify new risks quickly. In the end, Logan says that a simple mnemonic is useful for security transformation: ARM. This translates to assess, remediate and monitor. Best-practice organizations embed cyber-security into the foundation of day-to-day IT operations. They have robust backup and recovery systems in place to guard against ransomware and other problems. They handle basic blocking and tackling but also examine how more advanced tools, technologies and practices can boost protection. To be sure, the road to security transformation is long and winding. “A world-class organization must excel at the basics of identity management, vulnerability management, configuration management, incident management, incident response, backup and recovery,” Logan explains. Capgemini’s Deally adds: “From a CIO’s perspective, it’s essential to look at what are you doing from a business perspective and build security protections from there. The most important question—and the one to work backward from in every case—is, ‘How can I best mitigate risk?’ Source: http://www.cioinsight.com/security/recognizing-the-new-face-of-cyber-security.html

Read More:
Recognizing the New Face of Cyber-Security

UK nuclear stations on terror alert for cyber attacks

The cyber security industry has been urged to co-operate with government to protect UK critical national infrastructure from cyber attacks. UK security services have reportedly told nuclear power stations to bolster their cyber defences in the face of increased threats. Government officials have warned that terrorists, foreign spies and “hacktivists” are looking to exploit “vulnerabilities” in the nuclear industry’s internet defences, according to the Telegraph. UK energy minister Jesse Norman is quoted as saying that nuclear plants must make sure that they “remain resilient to evolving cyber threats”. However, he said the government is fully committed to defending the UK against cyber threats, and that the Civil Nuclear Cyber Securty Strategypublished in February 2017 sets out ways to ensure that the civil nuclear sector can defend against, recover from and remain resilient to evolving cyber threats. According to the strategy, the volume and complexity of cyber attacks against the UK are growing and the range of actors is widening. “The threat is becoming increasingly global and asymmetric. Both states and non-state actors can use easily-available cyber tools for destructive purposes,” the strategy states. The strategy sets out a voluntary roadmap to enable organisations in the civil nuclear sector to meet the increasing threat from cyber, and will support the development of cyber security capability of the sector, ensuring organisations will be able to comply with current and new regulation as well as being able to recover from compromises. However, for this to be achieved, the strategy said civil nuclear sector needs to work as a partnership between the government, regulator and industry, with clear roles and responsibilities which are understood and agreed. The strategy warns that the nuclear industry has to do more to protect itself, saying current mechanisms for sharing information in relation to vulnerabilities and how compromises have been addressed will need to be strengthened and enhanced to ensure good practice is shared, and continuous improvement can be made. In November 2016, veteran US investigative reporter Ted Koppel said a cyber attack on the US power grid is likely, but preparations for such an event are not up to scratch. “We are our own worst enemies,” he told Intel Security’s annual Focus conference in Las Vegas, saying that despite the risk of a cyber attack blackout, the US is unprepared for the consequences. Peter Carlisle, vice-president for Europe, Middle East and Africa at Thales e-Security believes cyber attacks against critical national infrastructure are set to increase dramatically as criminals develop “increasingly heinous methods” to jeopardise the UK’s national security. “From power stations to the transport network, the risk to the public remains severe, especially if hackers are able to gain access to electronic systems. “To tackle this, the security industry must stand shoulder to shoulder with the government to protect data and critical infrastructure from attack, and ensure hostile forces never have the opportunity to do us harm,” he said. Malcolm Murphy, technology director at network management firm Infoblox said attacks against IT networks are becoming increasingly common, and, if carried out against critical national infrastructure, can represent a significant threat to national security. “In addition to the damage caused to the networks themselves, a DDoS [distributed denial of service] attack on an organisation’s domain name system [DNS] can be used to prevent communication of and around the attacks, causing confusion and panic as seen in the attack on the Ukraine power grid in 2015,” he said. “The DNS is a mission-critical piece of network infrastructure used by all organisations without which networks cannot function. Often inadequately protected by traditional security solutions, it remains a vulnerable network component frequently used as an attack vector by cyber-criminals. “With botnets available for hire for relatively small sums of money online, DNS-based DDoS attacks are becoming increasingly easy for cyber criminals to carry out, and in their efforts to defend the country against the growing cyber threat, organisations responsible for the security of critical infrastructure should be making DNS protection a top priority,” he said. Most UK businesses have little visibility or control over their DNS servers and services, even though they are a key component of businesses’ infrastructure and security profile, a report published in March 2017 revealed. Only 8% of companies polled claim to have full visibility across all areas of DNS, including frequency of dropped requests, cache poisoning, latency and overall load on DNS infrastructure, rendering it impossible to ensure a consistent service to internal and external internet users. Source: http://www.computerweekly.com/news/450416097/UK-nuclear-stations-on-terror-alert-for-cyber-attacks

See the article here:
UK nuclear stations on terror alert for cyber attacks

Cyber-Attacks Cost Almost Twice What You May Think

What do cyber-attacks have in common with hurricanes, tornados and earthquakes? All are realities in our world. No matter how common or uncommon they may be, failing to prepare for any of them will lead to costs that could be unbearable—or worse. These were the thoughts of Nikhil Taneja, MD Radware as he shared the company’s annual Global Application & Network Security Report 2016-17 that identifies major attack trends of 2016, outlines industry preparedness, and offers predictions for in 2017. The report finds that 98% of Organizations Experienced Attacks in 2016, indicating that cyber-attacks became a way of life for nearly every organization in 2016. This trend will continue in 2017, predicts Radware. While understanding some crucial aspects such as The threat landscape—who the attackers are, their motives and tools, what will be the potential impact on businesses, including associated costs of different cyber-attacks, how a company’s preparedness level compares to other organizations etc, the report comes up with some of the key findings: – IoT Botnets Open the 1TBps Floodgates- This exemplifies why preparing for “common” attacks is no longer enough. This event introduced sophisticated vectors, such as GRE floods and DNS water torture. – Cyber-Ransom Proves Easiest, Most Lucrative Tool for Cybercriminals- Almost all ransom events have a different attack vector, technique or angle. There are hundreds of encrypting malware types, many of which were developed and discovered this year as part of the hype. Also, DDoS for ransom groups are professionals who leverage a set of network and application attacks to demonstrate their intentions and power. – Cyber-Attacks Cost Almost Twice What You May Think- Most companies have not come up with a precise calculation of the losses associated with a cyber-attack. Those who have quantified the losses estimate the damage at nearly double the amount compared to those who estimate. – Stateful Devices: #1 Point of Failure- Common IT devices, including firewalls, application delivery controllers and intrusion protection systems, now represent the greatest risk for an outage. Consequently, they require a dedicated attack mitigation solution to protect them. Threat Landscape Trends The report identifies top five trends that dominated 2016 threat landscape and will continue to haunt CISOs in the coming years. These include: – Data Leakage + SLA Impact Are Top Concerns – Data leakage and service level impact often come together, with a DDoS attack serving as a smokescreen that distracts IT teams so data can be infiltrated. – Mirai Rewrites the Rules- As the first IoT open-source botnet, Mirai is changing the rules of real-time mitigation and makes security automation a must. It isn’t just that IoT botnets can facilitate sophisticated L7 attack launches in high volumes. The fact that Mirai is open-source code means hackers can potentially mutate and customize it—resulting in an untold variety of new attack tools that can be detected only through intelligent automation. – Non-Volumetric DoS: Alive and Kicking – Despite astonishing volumes, neither the number of victims nor the frequency of attacks has grown. Most non-volumetric DDoS attacks are in relatively lower volumes, with 70% below 100Mbps. Rate-based security solutions continue to fall short, requiring companies to rethink their security strategy and embrace more sophisticated solutions. Without those upgrades, there is a good chance an organization will experience, yet lack visibility into service degradation. – Increased Attacks against Governmental Institutions- 2016 brought a new level of politically affiliated cyber protests. While the U.S. presidential election was in the spotlight, the media reported on a different breach almost weekly. These incidents happened across the globe, with regimes suffering from cyber-attacks due to alleged corruption or perceived injustices. – SSL-Based Attacks Continue to Grow- Although 39% report suffering an SSL-based attack, only 25% confidently state they can mitigate it. – DDoS Attacks Are Becoming Shorter- Burst attacks are increasing thanks to their effectiveness against most mitigation solutions. Security Strategy Evolves Rather Slowly These trends and findings indicate that while hackers continue to develop new attack tools and techniques, 40% of organizations do not have an incident response plan in place. Seventy percent do not have cyber-insurance. And despite the prevalence of ransomware, only 7% keep Bitcoin on hand. Another interesting finding of the study was three-fourths of companies do not employ hackers in their security teams, and 43% say they could not cope with an attack campaign lasting more than 24 hours. “Combining statistical research and frontline experience, the Radware report identifies trends that can help educate the security community. It draws information from sources such as the information security industry survey, where this year, 598 individual respondents representing a wide variety of organizations around the world participated,” Taneja commented. On average, responding organizations have annual revenue of USD $1.9 billion and about 3,000 employees. Ten percent are large organizations with at least USD 5 billion in annual revenue. Respondents represent more than 12 industries, with the largest number coming from the following: professional services and consulting (15%), high tech products and services (15%), banking and financial services (12%) and education (9%), the study notes. Source: http://www.cxotoday.com/story/cyber-attacks-cost-almost-twice-what-you-may-think/

Continue reading here:
Cyber-Attacks Cost Almost Twice What You May Think

New Mirai IoT variant launched 54-hour DDoS attack against a U.S. college

Researchers have spotted a new Mirai variant in the wild that is better at launching application layer attacks; other researchers spotted a new Cerber ransomware variant that can evade machine learning. A new variant of the Mirai IoT malware was spotted in the wild when it launched a 54-hour DDoS attack against an unnamed U.S. college. While the attack occurred on February 28, Imperva Incapsula is informing the world about it today. The researchers believe it is a new variant of Mirai, one that is “more adept at launching application layer assaults.” The average traffic flow was 30,000 requests per second (RPS) and peaked at about 37,000 RPS, which the DDoS mitigation firm said was the most it has seen out of any Mirai botnet so far. “In total, the attack generated over 2.8 billion requests.” During the 54-hour DDoS attack on the college, researchers observed a pool of attacking devices normally associated with Mirai such as CCTV cameras, DVRs and routers. Attack traffic originated from 9,793 IPs worldwide, but 70% of the botnet traffic came from 10 countries. The U.S. topped the list by having 18.4 percent of the botnet IPs. Israel was next with 11.3 percent, followed by Taiwan with 10.8 percent. The remaining seven countries of the top 10 were India with 8.7 percent, Turkey with 6 percent, Russia with 3.8 percent, Italy and Mexico both with 3.2 percent, Colombia with 3 percent and Bulgaria with 2.2 percent of the botnet traffic. Other signature factors such as header order and header values also helped the researchers identify the attack as a Mirai-powered botnet, yet the DDoS bots hid behind different user-agents than the five hardcoded in the default Mirai version; it used 30 user-agent variants. Incapsula said, “This–and the size of the attack itself–led us to believe that we might be dealing with a new variant, which was modified to launch more elaborate application layer attacks.” Less than a day after the 54-hour hour attack on the college ended, another was launched which lasted for an hour and half; during the second attack, the average traffic flow was 15,000 RPS. 90% of application layer attacks last less than six hours, Incapsula said, so “an attack of this duration stands in a league of its own.” The researchers said they “expect to see several more bursts before the offender(s) finally give up on their efforts.” Cerber ransomware variant evades machine learning Elsewhere, Trend Micro also has bad news in the form of a new Cerber ransomware variant. Cerber has “adopted a new technique to make itself harder to detect: it is now using a new loader that appears to be designed to evade detection by machine learning solutions.” The newest Cerber variant is still being delivered via phishing emails, but those emails now include a link to Dropbox which downloads and self-extracts the payload. If the loader detects it is running in a virtual machine, in a sandbox, or if certain analysis tools or anti-virus are running, then the malware stops running. Cerber stops, Trend Micro said, if it detects any of the following are running: msconfig, sandboxes, regedit, Task Manager, virtual machines, Wireshark, or if security products from the vendors 360, AVG, Bitdefender, Dr. Web, Kaspersky, Norton or Trend Micro are running. Trend Micro explained: Self-extracting files and simple, straightforward files could pose a problem for static machine learning file detection. All self-extracting files may look similar by structure, regardless of the content. Unpacked binaries with limited features may not look malicious either. In other words, the way Cerber is packaged could be said to be designed to evade machine learning file detection. For every new malware detection technique, an equivalent evasion technique is created out of necessity. Source: http://www.computerworld.com/article/3186175/security/new-mirai-iot-variant-launched-54-hour-ddos-attack-against-a-us-college.html

Read the article:
New Mirai IoT variant launched 54-hour DDoS attack against a U.S. college

CyberSecurity Malaysia in Asia Pacific drill to combat DDOS attacks

National digital security specialist CyberSecurity Malaysia has taken part in an Asia Pacific drill to test preparedness for DDOS attacks. Themed ‘Emergence of a New Distributed Denial of Service (DDoS) Threat,’ this year’s Asia Pacific Computer Emergency Response Team’s (APCERT) drill tested different response capabilities of leading Computer Security Incident Response Teams (CSIRT) from the Asia Pacific economies. Throughout the exercise, which was completed on 22 March 2017, the participating teams activated and tested their incident handling arrangements. Commenting on the operation, Dato’ Dr. Haji Amirudin Abdul Wahab, chief executive officer of CyberSecurity Malaysia, said: “Our participation in the APCERT drill is very important indeed as we believe nations in the Asia Pacific region should band together and collaborate more closely to enhance our skills, expertise and process in incident response handling to increase our vigilance against the current trends of DDoS threats.” Dr Amirudin said that CyberSecurity Malaysia and its counterparts in the region are deepening collaboration to target and mitigate DDoS threats. DDOS increase in Malaysia He added that in Malaysia, incidents involving DDoS attacks have been on the rise for the past three years. Such attacks reported to CyberSecurity Malaysia increased to 66 in 2016, almost double from 38 incidents in 2015. In 2014, the incidents recorded stood at 38. As of February 2017, CyberSecurity Malaysia has recorded 11 incidents involving DDoS attacks. The APCERT drill included interaction with local and international CSIRTs/CERTs, and victim organisations, for the coordinated suspension of malicious infrastructure, analysis of malicious code, as well as notification and assistance to affected entities. In addition to Malaysia, 23 APCERT teams from 17 other economies (Australia, Brunei, People’s Republic of China, Chinese Taipei, Hong Kong, India, Indonesia, Japan, Korea, Lao People’s Democratic Republic, Macao, Mongolia, Myanmar, Singapore, Sri Lanka, Thailand and Vietnam) along with 4 CSIRTs from 4 member countries (Egypt, Morocco, Nigeria and Pakistan) of the OIC-CERT participated in the drill. Held for the sixth time, this year’s drill also involved the participation of members from the Organisation of the Islamic Cooperation – Computer Emergency Response Team (OIC-CERT). CyberSecurity Malaysia, which is the permanent secretariat for the OIC-CERT, leads the cyber security efforts among the OIC member countries. APCERT was established by leading and national Computer Security Incident Response Teams (CSIRTs) from the economies of the Asia Pacific region to improve cooperation, response and information sharing among CSIRTs in the region. APCERT Operational Members consist of 28 CSIRTs from 20 economies. OIC-CERT was established in January 2009, to provide a platform for member countries to explore and to develop collaborative initiatives and possible partnerships in matters pertaining to cyber security that shall strengthen their self-reliant in the cyberspace. OIC-CERT consists of 33 CERTs, cyber security related agencies and professional from 20 economies. Source: https://www.mis-asia.com/tech/security/cybersecurity-malaysia-in-asia-pacific-drill-to-combat-ddos-attacks/

More here:
CyberSecurity Malaysia in Asia Pacific drill to combat DDOS attacks