When domain name system services supplier Dyn got hit with a distributed denial of service (DDoS) attack last October, waves of traffic overwhelmed the company’s network and disrupted access to the internet for large swathes of the United States and Europe. The Dyn perpetrators had successfully orchestrated one of the biggest-ever DDoS attacks, powered by a botnet of Internet of Things devices. Whoever was responsible for the Dyn attack showed how easy it was to deploy the Mirai source code, which is publicly available and easy to obtain. Many botnets have since incorporated the code, raising concerns that even worse is yet to come. The Mirai botnet also serves as the basis of an ongoing DDoS-for-hire service. With the number of IoT devices in business now in the billions, the specter of crippling attacks targeting IoT installations found in industrial control systems or critical national infrastructure becomes a possibility. The security world got another reminder of the growing magnitude of the threat when attackers carried out the biggest ransomware attack in history in May, infecting computers operated by more than 200,000 people in 150 countries with the so-called WannaCry virus. Size doesn’t matter The proliferation of these more powerful tools and technologies used to launch cyberattacks means that anyone can get access to a cyberweapon and potentially wreak wide-scale havoc. The irony is that many organizations still fail to enforce basic measures that would otherwise protect themselves from attack. Too many remain unprepared and fail to take simple steps, such as patching software on a routine basis. In theory, attacks like WannaCry should be preventable. Indeed, there was no shortage of warnings that organizations were leaving themselves vulnerable by failing to update aging computer operating systems with the latest software patches. It’s up to IT to be on top of updates for patches issued for any open source software used by the organization, particularly when it comes to their IoT deployments. They also need to be mindful of the lack of security in the IoT ecosystem. According to an AT&T Cybersecurity Insights report, the world of IoT has become a digital Petri dish for hackers and other cybercriminals eager to probe for weak spots. Other IoT must-do’s: Many devices get shipped from the manufacturer preconfigured with usernames and passwords that hackers can locate using search engines. Change them immediately. As DDoS attacks grow ever larger, there’s obvious incentive to take measures that will block as many potential threats as possible at the edge of your network. Along with identifying your vulnerabilities, make sure there are multiple layers of security in place and configure your applications to make them better resistant to exploitation. Make sure there’s a good firewall in place along with rules to drop junk packets or reject unnecessary external protocols. An ISP can help by stopping unnecessary traffic upstream. Also, run constant network scans of the corporate network to locate any security holes before the bad guys find them first. A fail-safe defense may not exist but you can mitigate a threat that, unfortunately, is becoming the new normal in the security world. Source: http://www.csoonline.com/article/3200769/data-breach/are-massive-cyberattacks-the-new-normal.html
Tag Archives: ddos
Building the right defences before the IoT botnets catch you
PayPal, Spotify, Twitter, Airbnb, the Sony PlayStation Network – what is the connection? These were some of the sites and services that were disrupted as a result of the DDoS attack on Dyn, the cloud DNS provider, last October. The attack is believed to have been caused by the Mirai botnet, which takes advantage of unprotected IoT devices such as CCTV cameras, routers, DVRs and even baby monitors. It can rapidly overwhelm DNS servers with requests, cutting off users from connecting to services they want to use. The botnet seized hundreds of thousands of IoT devices from all over the world. Now, with the source code released to the public, hackers have been given the tools to attack millions of smart devices quickly and easily. Experts thus predict a surge in large-scale attacks that could take almost any company offline. Moreover, considering nearly one quarter of consumers today have an Internet-connected device in their home, the number of victims to these attacks could reach unprecedented levels. How to defend your networks and users against IoT botnets Multiple users relying on one DNS provider means an attack on one is an attack on all, as was the case with the DDoS attack on Dyn. Adopting a hybrid DNS architecture, in which your DNS servers are active all the time, is a strong solution. In this hybrid architecture, the protocol service is spread across a number of DNS servers. If one server is attacked, the service will automatically switch to another unaffected server and customers will have uninterrupted access. Using an alternate cloud DNS together with local DNS-based services ensures you are covered in the event of an attack. It is also a good idea to use advanced DNS hardware that can handle very high traffic, as well as identify and block attacks. Defending your own systems is important, but is there any way of cutting the problem at its root? Using the DNS protocol as a defence Consumer internet services are hard to protect against IoT botnets like Mirai because they are open by design. In addition, most users give little thought to their hardware and use solely a basic firewall already built into a router. Users cannot be expected to keep their networks secure or their hardware up to date, especially with vendors who do not always provide appropriate patches and regular bug fixes. This all creates an increasingly vulnerable and hard to manage environment. How can the wider internet be protected from this growing risk? ISPs can take a stronger stance on securing their networks with tighter controls for customer premises equipment (CPE) and for user networks. Their network hardware can be used to identify common attack patterns, especially from known botnets like Mirai. Once jeopardised networks have been detected, DNS security tools can be used to switch the customer’s CPE from an open network to a more restricted one. It can filter both botnet command as well as control packets. Users are also armed with quick access to tools and techniques to fix their networks and update compromised hardware, while disrupting the botnet structure. However, this approach presents itself with a risk, as it changes the relationship between the ISP and the customer (and could be seen as undue interference). It must be handled together with other ISPs at a regional level, and will need to become part of the contract between user and service provider. Services and ISPs join forces to defend the Internet If service and ISP solutions like these are brought together, along with an industry-wide approach to IoT updates and servicing, we might just have a solution. Key elements would be: Advanced DNS services that can handle DDoS traffic Using multiple DNS services to avoid interruption of key services Using a DNS security layer for CPE, linked to attack pattern detection Consumer ISP quarantine services linked to easy update services for IoT hardware Large-scale DDoS attacks via DNS like those on Dyn cannot be prevented by a single action. Providers, consumers, hardware vendors, and ISPs will need to collaborate in order to deliver a functional solution. Source: https://www.iottechnews.com/news/2017/jul/04/building-right-defences-iot-botnets-catch-you/
See the original article here:
Building the right defences before the IoT botnets catch you
UK Teen Charged with Running DDoS Booter Service
UK authorities have charged an eighteen-year-old with running a DDoS booter service that was used to launch DDoS attacks on legitimate businesses across the world. According to authorities, the teenager’s name is Jack Chappell, 18, of Stockport, a small town southeast of Manchester, UK. Investigators say Chappell created malware that he installed on devices around the world. He used this malware to create a DDoS botnet to which he then granted access to paying customers. Clients used this DDoS booter service to launch attacks on various companies across the globe. Investigators say that Chappell’s booter was the one that took down NatWest’s online banking system several times in the summer of 2015. Authorities say Chappell’s DDoS-for-hire platform was also responsible for DDoS attacks on the infrastructure of T-Mobile, EE, Vodafone, O2, BBC, BT, Amazon, Netflix, Virgin Media, and the UK’s National Crime Agency (NCA). Following years of investigations, the West Midlands Regional Cyber Crime Unit, together with Israeli Police, the FBI, and Europol’s European Cybercrime Centre, have tracked down the teenager, currently a student at an unnamed university. Authorities say Chappell had a partner, an American national, about whom they did not reveal any information. West Midlands Police charged the teenager today with impairing the operation of computers under the Computer Misuse Act and encouraging or assisting an offense and money laundering crime proceeds. Chappell will appear in a Manchester court tomorrow, July 4, 2017. Authorities did not release the name of Chappell’s DDoS booter service. Source: https://www.bleepingcomputer.com/news/security/uk-teen-charged-with-running-ddos-booter-service/
See the original article here:
UK Teen Charged with Running DDoS Booter Service
The Rise Of Web-Dependent Businesses And The Importance Of Choosing The Right Technology Providers
Small businesses have long been the lifeblood of the U.S. economy, creating more than half of the nation’s jobs, spawning new ideas, generating 54% of U.S. sales and fortifying communities across the country. This momentum shows no signs of slowing down, with some predicting 40% of Americans will be self-employed by the year 2020. Websites, stores and applications will be the cornerstones of these new businesses and entrepreneurial ventures. Small businesses have shifted from dabbling on the web with cookie-cutter sites to being completely dependent on the web. At Liquid Web, we refer to these businesses as being web dependent to demonstrate the incredible importance of the web for these online SMBs that derive up to 100% of their revenue from their online presence. These businesses include: Content sites that monetize content via subscriptions, advertising and referrals Online stores Niche application providers that have tapped into the explosive demand for web and mobile applications It’s easier than ever for an entrepreneur to launch a web-dependent business. The first step is to choose and purchase a domain name aligned to the brand. Then, secure a merchant account and payment gateway to start collecting payments. E-commerce sites will also need an SSL (secure sockets layer) certificate to encrypt sensitive data like customer identification and credit card information. Industry Disruption Takes Hold Many of the industries these businesses belong to are facing disruption. What was once housed neatly in a brick-and-mortar location, open 10-6 and competing only with neighborhood offerings is now online 24/7 and facing steep competition from online juggernauts such as Amazon. Uber, Netflix and a dizzying array of other brands have proved that disruption is no longer part of a passing trend but part of the new normal. This means more and more businesses are falling into the category of being web dependent, which is good news for a growing small business segment that has historically been overlooked for being too small. Many of these businesses may have five or fewer employees, but with a robust online presence, they’re able to perform the work of much larger organizations. When the overall success of your business is dependent on a strong web presence, it brings about an entirely new set of considerations — a hosting partner perhaps being the most important. A recent survey we conducted revealed that 86% of respondents believe that selecting the right hosting provider will affect a company’s competitiveness. One of our customers, a software-based marketing company, experienced this firsthand. When launching promotions for new products, it was critical to have a reliable server. Continued issues with server capacity mean downtime for customers. These problems could result in lost sales, and when the hosting company was unresponsive and unable to bring the server back up, it directly impacted the amount of money the company was able to make. When your business is web dependent, security is also of heightened concern. Another one of our customers was at one point faced with client websites under frequent attack by hackers using malware and carrying out DDoS attacks. The consequences for this type of attack can be grave, particularly for banking and insurance companies. If left unchecked, a business can find all of its email servers blacklisted so that its email is not accepted by other web servers. Choosing The Right Partner The dramatic rise in website creation and SMBs has fueled a symbiotic growth in technology to make life easier for these businesses to create and scale their online presence. Previously, these solutions were largely only available for mid-market and large enterprises. Still, tech dependent doesn’t necessarily mean tech savvy, especially if you don’t have a full-time IT team on staff. This leads some SMBs to go the route of least resistance when it comes to hosting. Instead, web-dependent businesses should seek out the right web hosting provider to ensure long-term business success. Here are a few tips: Seek a provider with a broad array of products to meet your business needs. Your business is unique, and a one-size-fits-all solution may not be right for you. Don’t choose a provider that will match you with the products it provides instead of the ones you need. Access to human beings is important. Ensure you choose a provider that is accessible from the initial selection process to going live, whether that’s migration or setup, to ongoing support. If you encounter a problem with your website, your business can’t afford to be sent to a chatbot or wait days for a call to be returned. Select a provider that makes meaningful promises. Don’t be lured by hosting partners that promise the world but fall short when it comes time to deliver. Take the time to ask about guarantees and do your research on their customer satisfaction results. A good partner will have both. Not so long ago, business legitimacy was defined by simply having a viable website. Legitimacy is now called into question by slow load times or server downtime. So choosing your hosting provider should be a strategic move — not an afterthought. When your business is web dependent, choosing the right hosting partner and the right hosting solution might just be the most important business decision you make. Source: https://www.forbes.com/sites/forbestechcouncil/2017/06/30/the-rise-of-web-dependent-businesses-and-the-importance-of-choosing-the-right-technology-providers/#1cc16b471de3
See the original article here:
The Rise Of Web-Dependent Businesses And The Importance Of Choosing The Right Technology Providers
Data-centres and the DDoS risk
It is imperative that cloud users ensure that their vendor(s) of choice can provide the visibility and protection they need. Cloud adoption continues to accelerate as businesses look to reap the cost, scale and flexibility benefits that are on offer. Whether a business uses a large, well-known public cloud operator or one of the smaller, more focused, specialist cloud / outsourcing organisations they are becoming more reliant on data and application services which are, in most cases, accessible via the Internet. Unfortunately, this means that access to these services is conditional on the availability of connectivity – and a significant threat here is a Distributed Denial of Service (DDoS) attack – a threat that exhausts the resources available to a network, application or service so that genuine users cannot gain access. Increasing attacks on data-centres According to Arbor’s Worldwide Infrastructure Security Report (WISR) the majority of data-centre operators now offer cloud services. In fact they are as common as managed hosting and colocation, demonstrating how rapidly ‘cloud’ has been adopted. Data-centres have been a magnet for DDoS activity for a number of years, but 2016 saw a step change with the WISR indicating that nearly two-thirds of data-centres saw DDoS attacks, with over 20 per cent of those seeing more than 50 attacks per month – a big jump from 8 per cent in 2015. Data-centres are now being targeted more frequently and with larger attacks, and they will only continue to grow. Worryingly, Arbor’s WISR also revealed that 60 per cent of data-centre operators had seen an attack that completely saturated their Internet connectivity last year. This is significant, as if Internet bandwidth is completely saturated then all data-centre infrastructure is effectively cut-off from the outside world – regardless of whether it was a part of the original target. For cloud and data-centre environments ensuring shared infrastructure is protected is of utmost importance given the size and complexity of today’s DDoS attacks. The weaponisation of DDoS has made it easy for anyone to launch a large volumetric or advanced multi-vector attack and this shows through in the data we have from data-centre operators. For example, 60 per cent of data-centres who experienced a DDoS attack in 2016 saw at least one attack that completely saturated their Internet connectivity – effectively disconnecting them, and their customers, from the connected world. The impact of a successful DDoS attack to a data-centre operator can be significant from an operational and customer churn / revenue loss perspective. The proportion of data-centre operators experiencing revenue loss due to DDoS attacks grew from 33 per cent to 42 per cent from 2015 to 2016, with nearly a quarter of data-centre respondents to the WISR indicated that the cost of a successful DDoS attack was in excess of $100K, illustrating the importance of the right defensive services and solutions. Before we discuss defences though, it is almost impossible to right a DDoS related article without mentioning IoT. 2016 was without doubt the year where weaponised IoT botnets came to the fore, with attacks against Dyn and more garnering significant media attention. Cloud processing of IoT related data is driving increases in scale for data-centre connectivity, but IoT devices can just as easily be subsumed into botnets and used to send unwanted DDoS traffic at those same data-centres. Given the numbers of IoT devices out there, the likelihood of an attack against one piece of cloud infrastructure having a broader impact is only going to increase. Combating today’s attackers To deal with high magnitude attacks, in most cases, data-centres need to leverage a cloud or ISP based DDoS protection service –and this is happening. Data-centre operators have been one of the top organisation types driving the growth in cloud and ISP managed DDoS protection services over the past couple of years. The WISR shows us that over a half of data-centre operators now implement layered DDoS protection, a proportion that has been steadily increasing year-on-year. This is the recognised best-practice and allows data-centre operators to protect themselves and their customers from the impact of an attack. Layered DDoS protection employs a cloud and ISP based DDoS protection service to deal with high magnitude attacks, plus a defensive solution at the data-centre perimeter to proactively deal with more focused, advanced attacks. Integrating these two layers together, so that they work in harmony, can provide complete protection from the DDoS threat – protecting the availability of both infrastructure and customer services. In fact, many data-centre operators are now leveraging the protections they have put in place to offer add-on, sticky DDoS protection services to their customers. Businesses are increasingly aware of both their dependence on cloud, and the threat DDoS poses, and are looking to ensure that their providers are adequately protected. Technology and services are however only a part of the solution, having incident response plans in place is also important so that businesses can deal efficiently and effectively with any attack. Arbor’s WISR reveals that 57 per cent of data-centre operators carried out DDoS defence simulations in 2016, up from 46 per cent in 2015. This is very encouraging, as exercising incident responses plans, on at least a quarterly basis, is best-practice. Future security of data centres The data-centres that support cloud application and data services are becoming ever more important to our businesses, but with nearly two-thirds of data-centres experiencing DDoS attacks last year, and over 20 per cent of those seeing more than 50 attacks per month, it has never been more important to ensure the right defences are in place. It is imperative that cloud users ensure that their vendor(s) of choice can provide the visibility and protection they need, and the telemetry that allows them to monitor what is going on. Increasingly customers of cloud services want a holistic view of the threats they face, across the 3 pillars of security and their cloud, on-premise data and applications services. This isn’t easy to achieve, but to balance the benefits of cloud against business risks it is something we need, especially in today’s cyber threat landscape. Source: http://www.itproportal.com/features/data-centres-and-the-ddos-risk/
View article:
Data-centres and the DDoS risk
Ubisoft Servers Hit with DDoS Attack – All Online Titles Affected
It’s been a rough morning for Ubisoft servers, as folks trying to login to Rainbow Six Siege , Ghost Recon Wildlands , For Honor and other popular online titles haven’t had a very high success rate. After initially announcing some general server issues close to 10 a.m., Ubisoft announced officially via Twitter that they are monitoring a DDoS attack. It doesn’t appear that this is related to last night’s Ubisoft server issues, but it appears this DDoS attack has no clear end in sight. The official Ubisoft forums state that they are “taking steps to mitigate this issue,” but that people will experience problems connecting to their games and server latency when they do connect. The forums also confirmt hat this is impacting Rainbow Six siege , Steep , For Honor , Ghost Recon Wildlands and the Uplay PC client as a whole. GameRevolution will update this story as more details become available. Source: http://www.gamerevolution.com/news/338483-ubisoft-servers-hit-ddos-attack-online-titles-affected
Read more here:
Ubisoft Servers Hit with DDoS Attack – All Online Titles Affected
Hackers threaten South Korean banks with DDoS attacks following record ransomware payment
The Armada Collective hacking group has issued a ransom demand of approximately $315,000 to seven South Korean banks, threatening to launch distributed denial of service attacks against each of their organizations. The threat came just days after fellow South Korean firm NAYANA negotiated a record $1.01 million ransom payment on June 14 to remedy an unrelated ransomware attack that locked up its systems. The timing of this latest threat has reportedly prompted some observers to wonder if NAYANA’s actions encouraged the Armada Collective to test the resolve of other South Korean companies. Citing financial authorities, the Yonhap News Agency on June 21 named the threatened banks as KB Kookmin Bank, Shinhan Bank, Woori Bank, KEB Hana Bank, NH Bank and two other lenders. The banks were given a deadline of June 26. The Armada Collective has engaged in this behavior before. For instance, in April 2016 Cloudfare published a report detailing an Armada Collective campaign that issued empty DDoS threats against a wide range of businesses extorting hundreds of thousands of dollars in the process. Source: https://www.scmagazine.com/hackers-threaten-south-korean-banks-with-ddos-attacks-following-record-ransomware-payment/article/671377/
Excerpt from:
Hackers threaten South Korean banks with DDoS attacks following record ransomware payment
$1 Million Ransomware Payment Has Spurred New DDoS-for-Bitcoin Attacks
The $1 million ransom payment paid last week by South Korean web hosting company Nayana has sparked new extortion attempts on South Korean companies. According to local media, seven banks have received emails that asked the organizations to pay ransoms of nearly $315,000 or suffer downtime via DDoS attacks. Only five of the seven targets are publicly known, which are also the country’s biggest financial institutions: KB Kookmin Bank, Shinhan Bank, Woori Bank, KEB Hana Bank, and NH Bank. Ransom demands made by Armada Collective The ransom demands were signed by a group of “Armada Collective,” a name that has a long history behind it. The group first appeared in 2015, and they are considered one of the hacker groups that popularized ransom DDoS (RDoS) attacks alongside another group known as DD4BC (DDoS-for-Bitcoin). While Europol apprehended suspects behind the DD4BC group, the people behind Armada Collective were never caught, and their tactics seem to have evolved across time. Armada Collective and RDoS attacks over time Radware, a cyber-security company that tracks RDoS attacks on a consistent basis, says the group has gone through two main stages. In the beginning, the group targeted a small number of targets, all from the same industry, and launched demo DDoS attacks to prove their claims and force the hand of victims into paying the ransom. After a successful extortion of the ProtonMail secure email service in late 2015 that got a lot of media attention, the group appeared to have gone into hiding, but then returned in 2016. This time around, the group’s tactics changed, and Armada Collective — or impostors posing as the group — only made empty threats, targeting a large number of companies, all at the same time, from different sectors, and rarely launched any DDoS attacks to prove their claims. Armada Collective’s RDoS attacks in 2016 were hardly noticed. Because of the group and DD4BC’s success, numerous other actors entered the DDoS ransom market niche, such as New World Hackers, Lizard Squad (copycats), Kadyrovtsy, RedDoor, ezBTC, Borya Collective, and others. Most of these groups issued empty threats, a common theme with RDoS groups in 2016, also continued in 2017, with new groups such as Stealth Ravens, XMR Squad, ZZb00t, Meridian Collective, Xball Team, and Collective Amadeus. Furthermore, empty DDoS threats from groups posing as Anonymous have been the norm for the past two years, with the most recent wave being detected just last week. Nayana’s payment may lead to more attacks on South Korea Last week, Armada Collective’s name resurfaced after a long period of silence. The ransom demands were sent — not surprisingly — just two days after news broke in the international press that a South Korean web hosting company paid over $1 million in a ransomware demand. Nayana’s payment was the largest ransomware payment ever made and may have involuntarily put a giant bullseye on the backs of all South Korean businesses, now considered more willing to pay outrageous ransom demands to be left alone. The Armada Collective ransom letters sent last week to South Korean banks said the group would launch DDoS attacks on the targeted banks today, June 26, and double their ransom demand. At the time of writing, the attacks didn’t take place, based on evidence available in the public domain. Nonetheless, the attackers won’t be discouraged by this initial refusal, and if they truly have the ability to launch crippling DDoS attacks like the ones that targeted ProtonMail, then South Korean banks and other businesses are in for a long summer. Source: https://www.bleepingcomputer.com/news/security/-1-million-ransomware-payment-has-spurred-new-ddos-for-bitcoin-attacks/
See the original post:
$1 Million Ransomware Payment Has Spurred New DDoS-for-Bitcoin Attacks
Dems: FCC DDoS Attack Raises Cybersecurity Questions
Looking for lots more answers on net neutrality docket. If the FCC was subject to multiple DDoS attacks that affected input in the Open Internet comment docket, leading House Democrats say that raises questions about the FCC’s cybersecurity preparedness that need answers. That came in letters to the FCC and National Cybersecurity and Communications Integration Center. “We ask you to examine these serious problems and irregularities that raise doubts about the fairness, and perhaps even the legitimacy, of the FCC’s process in its net neutrality proceeding,” the Democratic legislators said. “Giving the public an opportunity to comment in an open proceeding such as this one is crucial – so that the FCC can consider the full impact of its proposals, and treat everyone who would be affected fairly.” Democratic Sens. Ron Wyden of Oregon and Brian Schatz of Hawaii had asked FCC Chairnman Ajit Pai for an explanation of the attacks. But the response—that they were “non-traditional” attaocks–only created new questions, the letters to the FCC and NCCIC said. That includes: •”What ‘additional solutions’ is the FCC pursuing to ‘further protect the system,’ as was mentioned in the FCC’s response? •”According to the FCC, the alleged cyberattacks blocked ‘new human visitors … from visiting the comment filing system.’ Yet, the FCC, consulting with the FBI, determined that ‘the attack did not rise to the level of a major incident that would trigger further FBI involvement.’ What analysis did the FCC and the FBI conduct to determine that this was not a ‘major incident?’ •”What specific ‘hardware resources’ will the FCC commit to accommodate people attempting to file comments during high-profile proceedings? Does the FCC have sufficient resources for that purpose? •”Is the FCC making alternative ways available for members of the public to file comments in the net neutrality proceeding?” Signing on to the letters were Energy and Commerce Ranking Member Frank Pallone, Jr. (N.J.), Oversight and Government Reform (OGR) ranking member Elijah Cummings (Md.), E&C Communications and Technology Subcommittee Ranking Member Mike Doyle (Pa.), Oversight and Investigations Subcommittee ranking member Diana DeGette (Colo.), OGR Information Technology Subcommittee ranking member Robin Kelly (Ill.), and Government Operations Subcommittee ranking member Gerald Connolly (Va.) Some of the same Dems have asked Republican leadership of the House E&C to hold a hearing on the FCC Web issues. And last month, another group of Democrats called on the FBI to investigate the multiple DDoS attacks the FCC said it had suffered related to the docket. http://www.multichannel.com/news/congress/dems-fcc-ddos-attack-raises-cybersecurity-questions/413693
See original article:
Dems: FCC DDoS Attack Raises Cybersecurity Questions
Why the Internet of Things could lead to the next great wave of DDoS attacks
Businesses should ensure that they are still securely protected against DDoS attacks, despite the recent growth of other trends such as ransomware. That’s the warning from Arbor Networks, which is urging organisations of all sizes to make sure they stay safe online as DDoS attacks are still rife around the world. Speaking to ITProPortal at the recent InfoSecurity Europe 2017 event in London, Arbor CTO Darren Anstee reinforced the need for businesses to maintain their DDoS protection, despite it being hard to predict who might be hit next. “DDoS is all about targeting the availability of those services that modern businesses rely on,” he noted. In order to combat this growing threat, the company recently revealed an updated version of its APS on-premise, distributed DDoS detection and mitigation platform for enterprise customers. The new release includes Arbor’s latest Cloud Signalling tool, which can help reduce the time to attack mitigation, bringing together on-premise and hybrid cloud migration efforts. The Internet of Things is also set to provide a major new threat landscape for DDoS attacks, Arbor Networks believes, with past attacks such as Mirai and Dyn showing the potential for chaos. “There are a lot of IoT DDoS attacks going on out there”, Anstee says, noting that most people only hear about these assaults when a big brand is affected. Poor regulation of IoT products has not helped with the spread of potential attacks, with many consumers unaware that the items they are buying will pose some kind of security risk. But Anstee says that commercial pressure could instead play a big role in changing the current landscape, as vendors often return to market trends faster than regulatory pressure. “If you want things to change quickly, you have to get people to get security implemented into their buying process,” he notes, adding that it is a “valid worry” that IoT attacks could scale to affect areas such as smart cities and infrastructure networks soon. “We are going to see IoT devices being used for more nefarious purposes over the next few years…I don’t see the problem going away”. As the recent WannaCry ransomware attack showed, however, businesses need to be protected against all kinds of threats. Anstee noted that ransomware should remain a major concern for companies both large and small likely to be targeted. “It’s a numbers game when it comes to ransomware,” he noted, “it is a very broad brush – if just one or two people pay, it makes it all worthwhile.” In order to stay protected, there are several central steps that companies can take, Anstee added. This includes network segmentation, which would allow infections such as WannaCry to be quickly and easily contained. “It’s not a sexy topic, but it needs to happen in many businesses,” he says. “We’ve all focused on agility, and flattening network infrastructure…but this is really important, as it can stop such attacks propagating within networks, if it’s done properly.” But companies also need to ensure they have proper IT risk management systems, with Anstee noting that some infections WannaCry could have been blocked quickly if proper processes had been in place – and various departments had communicated properly. “You can’t really blame anyone for this,” he concludes, “it really is a lot about talking to each other.” Source: http://www.itproportal.com/news/why-the-internet-of-things-could-lead-to-the-next-great-wave-of-ddos-attacks/
Taken from:
Why the Internet of Things could lead to the next great wave of DDoS attacks