Tag Archives: stop-ddos

Protecting an online presence – DOSarrest’s technology leads the way

With over a decade of experience protecting websites from malicious traffic, DOSarrest has lead the way from the start. It was one of the first to supply its client base with a real-time statistical dashboard and an intuitive configuration management console. Fast forward to today where it has just released its 5 th major software upgrade; it’s these types of leading-edge features and services and a forward-looking road map that keeps it in the top tier of cloud-based DDoS mitigation companies. Some of DOSarrest’s new enhancements, just released, include an all-new front-end which supplies customers with 15 different statistical displays that are fully interactive, allowing customers to view just the statistics they are interested in. It’s clear from the work the company has put into this system that it knows what’s required to stay on ahead of the ‘bad actors’. It has also redeveloped its back-end software using the latest tools, including a new distributed database structure, which has the advantage of allowing it to develop and deploy new features in a matter of minutes, for attacks not yet even known. DOSarrest has also fine-tuned their cloud-based Web Application Firewall (WAF), which unlike many of their competitors’ is based on a positive security model, not a negative security model. Most people and even some security techs are not aware of the difference. Have a quick read of the blog post regarding the latest Equifax breach to get a real-life explanation of what happened and how DOSarrest’s cloud-based WAF would have prevented such a devastating data breach. DOSarrest doesn’t seem to follow its competitors or hyped up media trends; this must be due to its experience over its rivals in the DDoS protection arena. It has just installed a big data analytics cluster, which feeds its customer portal with real-time interactive displays. One asks why big data for a customer portal? DOSarrest will tell you that the real reason is to leverage machine learning. Machine learning, which has been tried by many organizations but proved to be not worth the effort and eventually abandoned by most enterprises, is not the case at DOSarrest. It has leveraged its big data cluster in conjunction with machine learning to yield some impressive results. DOSarrest states that the most difficult attacks to stop are the ones you don’t really notice. By this it articulates that if a website runs 10 Mb/sec of legitimate traffic it’s very possible to throw 75 Kb/sec of sophisticated, well-placed malicious traffic at the website and cause the website to slow considerably and eventually stop responding to legitimate visitors. Its machine learning system finds this small amount of malicious traffic and blocks it. DOSarrest states it’s like being able to find a needle in a haystack. In order to prove the point regarding small sophisticated attacks being the most difficult to detect and mitigate, DOSarrest has developed a website attack/stress simulator. This is a brand-new service called the Cyber Attack Preparation Platform (CAPP) and the company is running beta tests for a select number of customers. This service allows customers to login into a platform, input their attack target website, then choose from a selection of over 30 different attacks and even combination attacks. Along with the attacks, it enables users to choose from a variety of regions where one wants the attack to originate from, some of the choices being Europe, eastern or western US, Canada or Asia, or all of them. It also allows one to choose the size of the botnet and the intensity of each bot. Given that this privately-controlled botnet is dangerous in the wrong hands, it is strictly controlled and throttled on a per-user basis. In summary DOSarrest has proven itself to be a leader in fully-managed cloud-based DDoS protection services and is constantly adding capacity, enhancements, new technology and related security services to its portfolio. Should you be thinking of security for your website operations, DOSarrest is a very experienced, capable and customer-oriented solution provider. Source: http://techwireasia.com/2017/09/protecting-online-presence-dosarrests-technology-leads-way/#5c5GIKukziDpCqd8.97

Read this article:
Protecting an online presence – DOSarrest’s technology leads the way

How enterprises can fend off DDoS attacks

Though distributed denial of service attacks have been around more than two decades, recently we have seen a spate of DDoS attacks that have increased in complexity and variability. Both the size and frequency of DDoS attacks have gone up, and criminals use these sophisticated attacks to target sensitive data, not just to disrupt businesses. Some recent attacks have exceeded 1 Tbps while the average DDoS attack peaked at 14.1 Gbps in the first quarter of 2017, according to Verisign’s DDoS trends report. The largest volumetric and highest intensity DDoS attack observed by Verisign in Q1 2017 was a multi-vector attack that peaked over 120 Gbps and around 90 Million packets per second (Mpps). This attack sent a flood of traffic to the targeted network inexcess of 60 Gbps for more than 15 hours. In a new report, Imperva warns about a new type of ferocious DDoS attack that uses ‘pulse waves’ to hit multiple targets. “Comprising a series of short-lived bursts occurring in clockwork-like succession, pulse wave assaults accounted for some of the most ferocious DDoS attacks we mitigated in the second quarter of 2017. In the most extreme cases, they lasted for days at a time and scaled as high as 350 gigabits per second (Gbps). We believe these represent a new attack tactic, designed to double the botnet’s output and exploit soft spots in traditional mitigation solutions,“ says Robert Hamilton, director, Imperva. “DDoS attacks are rarely complex. They are the result of a volumetric based attack which results in a platform, application or service being rendered unavailable for the user. The biggest changes we have seen through evolution over the last few years are mostly within the amount of bandwidth attackers have at their disposal. This is due to the amount of more interconnected devices we now have on the Internet. We have three main types of DDoS attack, one is a volumetric, which accounts for most DDoS attacks, secondly we have application and lastly protocol level attacks,” says Warren Mercer, security researcher at Cisco Talos. Ransom is another growing trend in DDoS. “Ransom related attacks seem to be a trending issue as of late. Too many organisations are paying out these ransom requests, in an effort to remove themselves from the cross hairs of a DDoS attack – this behaviour likely causes an increase in ransom attack activity. Besides the financial loss that a company may experience by paying the ransom, companies must consider that they will still be subject to a DDoS attack even after the ransom has been paid,” says Stephanie Weagle, VP, Corero. What do you do if you are a CISO dealing with massive DDoS attack? What are your tips for CISOs dealing with massive DDoS attacks? “First thing would be to make sure the network is well prepared for such attacks. Making sure that there are protections and processes in place is critical. It’s also important to remember that the DDoS attack might not be the actual attack but just a distraction,” says Kalle Bjorn, director-systems engineering, Fortinet. Mohammed Al Moneer, regional director, A10 Networks, says the challenge for defenders is to distinguish good and bad behaviour largely by analysing the instrumented data available from server logs and traffic behaviour reported from networking tools. In effect, threat hunting is the act of finding a needle in a haystack of logs and flow data. Unlike the stealth required for dropping malware or stealing data, DDoS is loud and does not hide in the shadows. Alaa Hadi, regional director, Arbor Networks, says these very large attacks must be mitigated in the cloud, as close to the source as possible. I would also caution CISOs that to have cloud protection is only a partial defence against modern DDoS attacks. They also target applications and infrastructure, like firewalls, with low and slow attacks that cannot be detected in the cloud. The place to protect against these attacks is on-premise, with a tight connection to the cloud, as a means of providing mitigation support for large attacks. Only with this multi-layer, hybrid approach is a business fully protected from DDoS attacks. Another alarming trend in DDoS has been the rise of DDoS attacks using IoT devices, as we have seen in the case of Mirai botnet, which infected tens of millions of connected devices. “IoT can have positive implications across several core industries such as manufacturing, retail, transportation, and healthcare. However, it’s important to bear in mind that a higher number of connected devices translates to more points of entry for attackers to penetrate. Criminals can leverage these end points to steal confidential information from businesses, distribute malware, or takeover the capacity and network bandwidth of connected ‘things’ to carry out massive strikes. The necessary tools and best practices to mitigate such threats are well-known and available in the application security field,” says Hadi Jaafarawi, managing director, Qualys Middle East. Bjorn from Fortinet adds compromised IoT devices are a massive potential traffic generator source for attackers. Securing the organisations own systems would prevent them from being used in attacks against others. Manufacturers should also work actively to ensure their own devices are fixed when vulnerabilities are found, unfortunately there are multiple IoT devices on the market that cannot be even upgraded, this means that the security will lie on the network where the devices connect to. Source: http://www.tahawultech.com/securityadvisorme/features/enterprises-fend-off-ddos/

View article:
How enterprises can fend off DDoS attacks

DDoS Extortion Group Sends Ransom Demand to Thousands of Companies

A group of DDoS extortionists using the name of Phantom Squad has sent out a massive spam wave to thousands of companies all over the globe, threating DDoS attacks on September 30, if victims do not pay a ransom demand. The emails spreading the ransom demands were first spotted by security researcher Derrick Farmer and the threats appear to have started on September 19 and continued ever since. Hackers looking for small $700 ransoms The emails contain a simple threat, telling companies to pay 0.2 Bitcoin (~$720) or prepare to have their website taken down on September 30. Sample of a Phantom Squad DDoS ransom email Usually, these email threats are sent to a small number of companies one at a time, in order for extortionists to carry out attacks if customers do not pay. This time, this group appears to have sent the emails in a shotgun approach to multiple recipients at the same time, a-la classic spam campaigns distributing other forms of malware. Because of this, several experts who reviewed the emails and ransom demands reached the conclusion that the group does not possess the firepower to launch DDoS attacks on so many targets on the same day, and is most likely using scare tactics hoping to fool victims into paying. Extortionists are not the sharpest tool in the shed The size of this email spam wave is what surprised many experts. Its impact was felt immediately on social media [1, 2, 3, 4] and on webmaster forums, where sysadmins went looking for help and opinions on how to handle the threat. Bleeping Computer reached out to several security companies to get a general idea of the size of this spam wave. “Not sure how widespread it is in terms of volume, but they are certainly spamming a lot of people,” Justin Paine, Head of Trust & Safety at Cloudflare, told Bleeping . “We’ve had 5 customers so far report these ‘Phantom Squad’ emails,” he added. “These geniuses even sent a ransom threat to the noc@ address for a major DDoS mitigation company.” Extortionists are “recycling” email text Radware engineers received similar reports, so much so that the company issued a security alert of its own. Radware security researcher Daniel Smith pointed out that the extortionists may not be the real Phantom Squad, a group of DDoS attackers that brought down various gaming networks in the winter of 2015 [1, 2]. Smith noticed that the ransom note was almost identical to the one used in June 2017 by another group of extortionists using the name Armada Collective. Those extortion attempts through the threat of DDoS attacks also proved to be empty threats, albeit some were successful. “The part that I find interesting is the low ransom request compared to the ransom request last month,” Smith told Bleeping Computer . “Last month a fake RDoS group going by the name Anonymous ransomed several banks for 100 BTC.” Experts don’t believe the group can launch DDoS attacks This shows an evolution in ransom DDoS (RDoS) attacks, with groups moving from targeting small groups of companies within an industry vertical to mass targeting in the hopes of extracting small payments from multiple victims. “This is what the modern RDoS campaign has come to,” Smith also said. “In the spring of 2016 after a lull in RDoS attacks, a group emerged calling themselves the Armada Collective, but their modus operandi had clearly changed. This group claiming to be Armada Collective was no longer targeting a small number of victims but instead were targeting dozens of victims at once without launching a sample attack.” “As a result, these attackers were able to make thousands of dollars by taking advantage of public fear and a notorious name. Several other copycat groups that emerged in 2016 and 2017 also leveraged the names of groups like, New World Hackers, Lizard Squad, LulzSec, Fancy Bear, and Anonymous.” “To launch a series of denial-of-service attacks, this group will require vast resources. Therefore, when a group sends dozens of extortion letters, they typically will not follow through with a cyber-attack,” Smith said. Smith’s opinion is also shared by Paine, who recently tweeted “ransom demands from this group = spam” and “empty threats, zero attacks from this copycat.” Victims should report extortion attempts to authorities Japan CERT has issued a security alert informing companies how to handle the fake demands by reporting the emails to authorities. Today, security researcher Brad Duncan also published an alert on the ISC SANS forums, letting other sysadmins and security researchers know not to believe the ransom threats. Source: https://www.bleepingcomputer.com/news/security/ddos-extortion-group-sends-ransom-demand-to-thousands-of-companies/

View original post here:
DDoS Extortion Group Sends Ransom Demand to Thousands of Companies

$50m deal to keep government websites going in a cyber attack

Six firms have won a multimillion- dollar bulk tender as Singapore further tightens its defence against sophisticated attacks that aim to disable government websites. The Straits Times understands that the three-year bulk contract which started yesterday is worth about $50 million – around twice the value of the last three-year contract which has lapsed. The deal comes on the heels of StarHub’s broadband outage last year linked to a cyber attack in the United States, and the theft of the personal details of 850 national servicemen and staff at the Ministry of Defence (Mindef), discovered in February. The six contractors awarded the contract by GovTech are local telcos Singtel and StarHub, Britain- based telco BT, and Singapore- based tech firms CHJ Technologies, Evvo Labs and Embrio Enterprises. The six firms are expected to keep government websites fully available to the public even when attacks are taking place. This is done by providing distributed denial of service (DDoS) mitigation services, which will now take into account the threats that took down United States Internet firm Dyn’s services in October last year. Dyn’s service outage, which took down websites such as The New York Times and Spotify, in turn disrupted Web surfing for StarHub’s broadband customers. DDoS attacks work by having thousands of infected computers accessing and overwhelming a targeted site, causing a huge spike in traffic. DDoS mitigation is a set of techniques that differentiates genuine incoming traffic from that sent by hijacked, infected browsers, so that services to genuine users will not be denied. According to tender documents seen by ST, the contractors are also expected to provide new capabilities to combat attacks stemming from software flaws on Internet-facing machines. In early February, Mindef discovered that a vulnerability in its I-net system had been exploited, resulting in the loss of NRIC numbers, telephone numbers and birth dates of 850 personnel. The I-net system provides Mindef staff and national servicemen with Internet access on thousands of dedicated terminals. Cloud security services firm Akamai Technologies’ regional director of product management Amol Mathur said that the new DDoS mitigation capabilities are necessary in an evolving threat landscape where large-scale attacks are being powered by compromised Internet devices such as Web cameras and routers. Dr Chong Yoke Sin, chief of StarHub’s enterprise business group, said it will provide the Singapore Government with its telco- centric security operations as well as the cloud-based mitigation services of its technology partner Nexusguard. Mr Jason Kong, co-founder of Toffs Technologies, the supplier of content delivery back-up services for Embrio Enterprises, said: “Organisations should have a content delivery back-up plan to ensure business is as usual should the main delivery platform suffer an outage.” Last week, the Nanyang Tech- nological University solicited a separate DDoS contract with more stringent requirements to com- bat attacks stemming from software flaws on Internet-facing machines. The university discovered in April this year that it was the victim of an apparent state-sponsored attack aimed at stealing government and research data. The National University of Singapore was similarly attacked at around the same time. Last year, an unnamed government agency also became the victim of a state-sponsored attack, the Cyber Security Agency of Sin- gapore said in a report released last Thursday. Source: http://www.straitstimes.com/tech/50m-deal-to-keep-govt-websites-going-in-a-cyber-attack

Taken from:
$50m deal to keep government websites going in a cyber attack

Apache Struts Vulnerabilities and The Equifax Hack, What Happened?

In the wake of the Equifax breach, a lot of people are wondering how the theft of personal information occurred and how it could have been prevented. Equifax initially reported that a vulnerability in Apache Struts was used to infiltrate their public-facing web server. Apache Struts has faced its fair share of vulnerabilities with 21 having been discovered since the start of 2016. Which Apache Struts vulnerability was used in the Equifax hack? At DOSarrest we researched current and past Apache Strut vulnerabilities and determined that they likely were not hacked using the new CVE-2017-9805 but likely CVE-2017-5638. Equifax released additional details on Sept 13 th 2017 confirming that the vulnerability involved was CVE-2017-5638. The CVE-2017-5638 vulnerability dates back to March 2017, which is why people in the security industry are now questioning how they could be so far behind in patching this well-known exploit. The two vulnerabilities, CVE-2017-5638 and the recently revealed CVE-2017-9805 are very similar in nature and are both considered Remote Code Execution (RCE) vulnerabilities . How does a RCE vulnerability work and how can they be prevented? A RCE vulnerability is exploited when an attacker crafts a packet or request containing arbitrary code or commands. The attacker uses a method to bypass security that causes a vulnerable server to execute the code with either user or elevated privileges. Such vulnerabilities can be prevented with a two-fold approach to web application security: 1) New vulnerabilities will continually be discovered in any web application framework, and it is the duty of IT teams to keep the software patched. This requires regular audits and patches to vulnerable software. Even the most proactive IT teams will not be able to prevent a so-called zero-day attack by patching alone so more must be done to protect the web server from zero-day vulnerabilities. 2) Since there is always a delay between the time a vulnerability is discovered and when a patch is developed by the maintainer of that product, a means to protect your website from undiscovered zero-day vulnerabilities is needed. Web Application Firewall’s (WAF) that typically rely on signatures are unfortunately at a disadvantage because signatures for existing vulnerabilities in most cases do not match newer zero-day vulnerabilities. If I cannot rely on signature-based WAF options, what can I rely on to protect my business? At DOSarrest our WAF is different. The problem with relying on signatures is that it requires constant updates as new vulnerabilities become known. Instead our WAF looks for sets of characters (such as /}/,/“/, and /;/) or phrases (like “/bin/bash” or “cmd.exe”) that are known to be problematic for some web applications. What makes DOSarrest’s WAF even more appealing is that it is fast. Much faster than signature-based solutions that require high CPU use to match signatures–such matching could result in a measurable impact on latency. With DOSarrest’s WAF there is no increase in latency, and vulnerabilities not yet discovered will still be mitigated. Examples of how the Apache Strut vulnerabilities are performed: For the benefit of more technical users, some sample requests will be analyzed below. The first example represents a normal non-malicious request sent by millions of people everyday and the following two exploit RCE vulnerabilities in Apache Struts: We can note the following characteristics in the exploit of CVE-2017-5638: 1. The Content-Type Header starts with %{(, an incorrect format. 2. The payload contains a java function call, java.lang.ProcessBuilder, that is normally regarded as dangerous. 3. The payload contains both windows and Linux command line interpreters: “cmd.exe” (Windows Command Prompt) and “/bin/bash” (Linux Bash shell/terminal). The RCE vulnerability used to infiltrate Equifax, CVE-2017-5638 exploits a bug in the way Apache Struts processes the “Content-Type” HTTP header. This allows attackers to run an XML script with elevated user access, containing the java.lang.ProcessBuilder.Java.lang.ProcessBuilder is required to execute the commands the attacker has placed within the XML request. CVE 2017-9805, announced September 2017, is very similar to the previous RCE vulnerability. With CVE-2017-9805, we can note the following characteristics: 1. The Content-Type is application/xml with the actual content in the request body matching that of the Content-Type. 2) The payload also contains the java function call java.lang.ProcessBuilder. 3) The payload in this case is Linux specific and calls “/bin/bash -c touch ./CVE-2017-9805.txt” to confirm that the exploit works by creating a file, “CVE-2017-9805.txt”. Are the payloads shown the exact ones used by attackers to obtain data from Equifax? Although some of the commands may have been used together as part of the information gathering process, the actual commands used to obtain the data from Equifax may only be known by the attackers and possibly Equifax or an auditing security team directly involved in the case. The examples show how the vulnerability could be exploited in the wild and what methods might be used, e.g., setting Content-Type and sending an XML file with a payload. These examples do not represent the actual payload used to obtain the data from Equifax. Since the payload itself can be completely arbitrary, an attacker can run any commands desired on the victim’s server. Any action the web server software is capable of could be performed by an attacker, which could allow for theft of information or intellectual property if it is accessible from the hacked server. In the case of Equifax, there was likely an initial vulnerability scan that the attackers used to expose Equifax’s vulnerability to this particular attack. This would have been followed by an effort to determine what files were available or what actions could be performed from the Equifax public-facing web server.At some point the attackers came across a method for accessing personal credit details on millions of Americans and citizens from other countries who had credit checks performed on their identities within the United States. If Equifax had been using the DOSarrest WAF, they could have avoided a costly mistake. Don’t let your business suffer a damaging security breach that could result in you being out of business for good. Talk to us about our services. For more information on our services including our Web Application Firewall, see DOSarrest for more information on Security solutions . Source: https://www.dosarrest.com/ddos-blog/apache-struts-vulnerabilities-and-the-equifax-hack-what-happened/

DDoS protection, mitigation and defense: 7 essential tips

Protecting your network from DDoS attacks starts with planning your response. Here, security experts offer their best advice for fighting back. DDoS attacks are bigger and more ferocious than ever and can strike anyone at any time. With that in mind we’ve assembled some essential advice for protecting against DDoS attacks. 1. Have your DDoS mitigation plan ready Organizations must try to anticipate the applications and network services adversaries will target and draft an emergency response plan to mitigate those attacks. [ Find out how DDoS attacks are evolving and bookmark CSO’s daily dashboard for the latest advisories and headlines. | Sign up for CSO newsletters. ] “Enterprises are paying more attention to these attacks and planning how they’ll respond. And they’re getting better at assembling their own internal attack information as well as the information their vendors are providing them to help fight these attacks,” says Tsantes. IBM’s Price agrees. “Organizations are getting better at response. They’re integrating their internal applications and networking teams, and they know when the attack response needs to be escalated so that they aren’t caught off guard. So as attackers are becoming much more sophisticated, so are the financial institutions,” she says. “A disaster recovery plan and tested procedures should also be in place in the event a business-impacting DDoS attack does occur, including good public messaging. Diversity of infrastructure both in type and geography can also help mitigate against DDoS as well as appropriate hybridization with public and private cloud,” says Day. “Any large enterprise should start with network level protection with multiple WAN entry points and agreements with the large traffic scrubbing providers (such as Akamai or F5) to mitigate and re-route attacks before they get to your edge. No physical DDoS devices can keep up with WAN speed attacks, so they must be first scrubbed in the cloud. Make sure that your operations staff has procedures in place to easily re-route traffic for scrubbing and also fail over network devices that get saturated,” says Scott Carlson, technical fellow at BeyondTrust. 2. Make real-time adjustments While it’s always been true that enterprises need to be able to adjust in real-time to DDoS attacks, it became increasingly so when a wave of attacks struck many in the financial services and banking industry in 2012 and 2013, including the likes of Bank of America, Capital One, Chase, Citibank, PNC Bank and Wells Fargo. These attacks were both relentless and sophisticated. “Not only were these attacks multi-vector, but the tactics changed in real time,” says Gary Sockrider, solutions architect for the Americas at Arbor Networks. The attackers would watch how sites responded, and when the site came back online, the hackers would adjust with new attack methods. “They are resolute and they will hit you on some different port, protocol, or from a new source. Always changing tactics,” he says. “ Enterprises have to be ready to be as quick and flexible as their adversaries.” 3. Enlist DDoS protection and mitigation services John Nye, VP of cybersecurity strategy at CynergisTek explains that there are many things enterprises can do on their own to be ready to adjust for when these attacks hit, but enlisting a third-party DDoS protection service may be the most affordable route. “Monitoring can be done within the enterprise, typically in the SOC or NOC, to watch for excessive traffic and if it is sufficiently distinguishable from legitimate traffic, then it can be blocked at the web application firewalls (WAF) or with other technical solutions. While it is possible to build a more robust infrastructure that can deal with larger traffic loads, this solution is substantially costlier than using a third-party service,” Nye says. Chris Day, chief cybersecurity officer at data center services provider Cyxtera, agrees with Nye that enterprises should consider getting specialty help. “Enterprises should work with a DDoS mitigation company and/or their network service provider to have a mitigation capability in place or at least ready to rapidly deploy in the event of an attack.” “The number one most useful thing that an enterprise can do — if their web presence is that critical to their business — is to enlist a third-party DDoS protection service,” adds Nye. “I will not recommend any particular vendor in this case, as the best choice is circumstantial and if an enterprise is considering using such a service they should thoroughly investigate the options.” 4. Don’t rely only on perimeter defenses Everyone we interviewed when reporting on the DDoS attacks that struck financial services firms a few years ago found that their traditional on-premises security devices — firewalls, intrusion-prevention systems, load balancers —were unable to block the attacks. “We watched those devices failing. The lesson there is really simple: You have to have the ability to mitigate the DDoS attacks before it gets to those devices. They’re vulnerable. They’re just as vulnerable as the servers you are trying to protect,” says Sockrider, when speaking of the attacks on banks and financial services a few years ago. Part of the mitigation effort is going to have to rely on upstream network providers or managed security service providers that can interrupt attacks away from the network perimeter. It’s especially important to mitigate attacks further upstream when you’re facing high-volume attacks. “If your internet connection is 10GB and you receive a 100GB attack, trying to fight that at the 10GB mark is hopeless. You’ve already been slaughtered upstream,” says Sockrider. 5. Fight application-layer attacks in-line Attacks on specific applications are generally stealthy, much lower volume and more targeted. “They’re designed to fly under the radar so you need the protection on-premises or in the data center so that you can perform deep-packet inspection and see everything at the application layer. This is the best way to mitigate these kinds of attacks,” says Sockrider. “Organizations will need a web protection tool that can handle application layer DoS attacks,” adds Tyler Shields, VP of Strategy, Marketing & Partnerships at Signal Sciences. “Specifically, those that allow you to configure it to meet your business logic. Network based mitigations are no longer going to suffice,” he says. Amir Jerbi, co-founder and CTO is Aqua Security, a container security company, explains how one of the steps you can take to protect against DDoS attacks is to add redundancy to an application by deploying it on multiple public cloud providers. “This will ensure that if your application or infrastructure provider is being attacked then you can easily scale out to the next cloud deployment,” he says. 6. Collaborate The banking industry is collaborating a little when it comes to these attacks. Everything they reveal is carefully protected and shared strictly amongst themselves, but in a limited way, banks are doing a better job at collaborating than most industries . “They’re working among each other and with their telecommunication providers. And they’re working directly with their service providers. They have to. They can’t just work and succeed in isolation,” says Lynn Price, IBM security strategist for the financial sector. For example, when the financial services industry was targeted, they turned to the Financial Services Information Sharing and Analysis Center for support and to share information about threats. “In some of these information-sharing meetings, the [big] banks are very open when it comes to talking about the types of attacks underway and the solutions they put into place that proved effective. In that way, the large banks have at least been talking with each other,” says Rich Bolstridge, chief strategist of financial services at Akamai Technologies. The financial sector’s strategy is one that could and should be adopted elsewhere, regardless of industry. 7. Watch out for secondary attacks As costly as DDoS attacks can be, they may sometimes be little more than a distraction to provide cover for an even more nefarious attack. “DDoS can be a diversion tactic for more serious attacks coming in from another direction. Banks need to be aware that they have to not only be monitoring for and defending the DDoS attack, but they also have to have an eye on the notion that the DDoS may only be one aspect of a multifaceted attack, perhaps to steal account or other sensitive information,” Price says. 8. Stay vigilant Although many times DDoS attacks appear to only target high profile industries and companies, research shows that’s just not accurate. With today’s interconnected digital supply-chains (every enterprise is dependent on dozens if not hundreds of suppliers online), increased online activism expressed through attacks, state sponsored attacks on industries in other nations, and the ease of which DDoS attacks can be initiated, every organization must consider themselves a target. So be ready, and use the advice in this article as a launching point to build your organization’s own anti-DDoS strategy. Source: https://www.csoonline.com/article/2133613/network-security/malware-cybercrime-ddos-protection-mitigation-and-defense-7-essential-tips.html

More:
DDoS protection, mitigation and defense: 7 essential tips

How Artificial Intelligence Will Make Cyber Criminals More ‘Efficient’

The era of artificial intelligence is upon us, though there’s plenty of debate over how AI should be defined much less whether we should start worrying about an apocalyptic robot uprising. The latter issue recently ignited a highly publicized dispute between Elon Musk and Mark Zuckerberg, who argued that it was irresponsible to “try to drum up these doomsday scenarios”. In the near-term however, it seems more than likely that AI will be weaponized by hackers in criminal organizations and governments to enhance now-familiar forms of cyberattacks like identity theft and DDoS attacks. A recent survey has found that a majority of cybersecurity professionals believe that artificial intelligence will be used to power cyberattacks in the coming year. Cybersecurity firm Cylance conducted the survey at this year’s Black Hat USA conference and found that 62 percent of respondents believe that “there is high possibility that AI could be used by hackers for offensive purposes.” Artificial intelligence can be used to automate elements of cyber attacks, making it even easier for human hackers (who need food and sleep) to conduct a higher rate of attacks with greater efficacy, writes Jeremy Straub, an assistant professor of computer science at North Dakota State University who has studied AI-decision making. For example, Straub notes that AI could be used to gather and organize databases of personal information needed to launch spearphishing attacks, reducing the workload for cybercriminals. Eventually, AI may result in more adaptive and resilient attacks that respond to the efforts of security professionals and seek out new vulnerabilities without human input. Rudimentary forms of AI, like automation, have already been used to perpetrate cyber attacks at a massive scale, like last October’s DDoS attack that shut down large swathes of the internet. “Hackers have been using artificial intelligence as a weapon for quite some time,” said Brian Wallace, Cylance Lead Security Data Scientist, to Gizmodo . “It makes total sense because hackers have a problem of scale, trying to attack as many people as they can, hitting as many targets as possible, and all the while trying to reduce risks to themselves. Artificial intelligence, and machine learning in particular, are perfect tools to be using on their end.” The flip side of these predictions is that, even as AI is used by malicious actors and nation-states to generate a greater number of attacks, AI will likely prove to be the best hope for countering the next generation of cyber attacks. The implication is that security professionals need to keep up in their arms race with hackers, staying apprised of the latest and most advanced attacker tactics and creating smarter solutions in response. For the time being, however, cyber security professionals have observed hackers sticking to tried-and-true methods. “I don’t think AI has quite yet become a standard part of the toolbox of the bad guys,” Staffan Truvé, CEO of the Swedish Institute of Computer Science said to Gizmodo . “I think the reason we haven’t seen more ‘AI’ in attacks already is that the traditional methods still work—if you get what you need from a good old fashioned brute force approach then why take the time and money to switch to something new?” Source: https://www.idropnews.com/news/fast-tech/artificial-intelligence-will-make-cyber-criminals-efficient/49575/

See original article:
How Artificial Intelligence Will Make Cyber Criminals More ‘Efficient’

Destructive cyberattacks are only going to get worse

Overlooked among the stark headlines of the sheer scale of personal information hackers stole from credit monitor Equifax, was a Symantec reportdemonstrating that Dragonfly, a cyber-espionage group, continues to escalate its access to energy facilities’ operational systems in the United States, Turkey, and Switzerland. More than simple exploration and espionage, the report shows a clear step towards pursuing sabotage and destruction, a trend that’s become more common alongside rising geopolitical tensions. This latest cause for alarm should not be viewed as an anomaly but as the current state-of-cyber in 2017 and beyond. Over the last decade, destructive attacks have been targeting an increasing number and variety of organizations and critical infrastructure, but there has been a noticeable spike over the last year. In December, Crash Override, destructive malware largely attributed to Russia, struck the Ukraine power grid with a highly customized attack that could control the grid circuit switches and breakers. A few weeks earlier, Shamoon 2.0 surfaced, targeting Saudi government entities, infecting thousands of machines and spreading to Gulf states. Soon after, Stonedrill, another destructive malware, surfaced, targeting Saudi entities and at least one European organization. These attacks are also evolving and bringing additional effects into play. For example, KillDisk, malware with a wiper component, has recently been updated with a ransomware component. On the other hand, NotPetya masqueraded as ransomware, but was likely a targeted wiper malware attack focused on destabilizing business and state organizations in Ukraine. Dragonfly itself reflects an escalation in objectives from general intelligence gathering towards the system control that necessary for more damaging sabotage. This sort of escalation to destructive attacks usually occurs between interstate rivals with a higher propensity for conflict. In 2009, the North Korea-linked Dark Seoul gang was among the first to deploy wiper malware within a larger campaign, targeting the United States and South Korea with a combination of DDoS attacks and wiper malware. Similarly, following the Iran nuclear agreement, Iran and Saudi Arabia’s relative cyber ceasefire from 2012-15 gave way to a major escalation of tit-for-tat attacks on websites prior to Shamoon 2.0 and Stonedrill. More recently, the back-and-forth between Russia and Ukraine represents the most prominent use of these destructive attacks and the best example of a major power attacking smaller country. In many of these instances, private sector organizations are caught in the crossfires. NotPetya may cost shipping giant Maersk $300 million even though, by most accounts, it was not the intended target. Unfortunately, many of these attack vectors and destructive malware are now in the wild and are likely to be deployed by other groups. Dragonfly is just the latest reminder that attackers are increasingly brazen, and critical infrastructure remains a prime target. Unlike the series of publicized destructive attacks that have been slowly on the rise for the last decade, we see no proof of actual sabotage with Dragonfly, but pre-positioning is probably underway. We should not panic that the grid is about to go down, but we must pay attention to the trend. Furthermore, although the energy sector is a prime target for destructive attacks, enterprises in other industries including media (I’m looking at you, HBO), finance and beyond must also be ready to protect themselves. As long as geopolitical tensions remain high, and with the growing open source proliferation of nation-state malware, this trend is unlikely to abate any time soon. Source: http://www.businessinsider.com/equifax-breach-proves-that-cyber-attacks-are-only-going-to-get-worse-2017-9

View original post here:
Destructive cyberattacks are only going to get worse

DOSarrest Rolls Out all New DDoS Protection Software

VANCOUVER, British Columbia, Sept. 11, 2017 (GLOBE NEWSWIRE) — DOSarrest Internet Security announced today that they have released their new DDoS protection software, along with a number of other advances and upgrades. This is DOSarrest’s 5th major release since starting in the fully managed cloud based DDoS protection service in 2007. This latest release is a complete rewrite of DOSarrest’s front end and backend systems utilizing the latest software development tools and technologies. Some of the new enhancements include. All new customer facing portal with 15 real-time, interactive traffic statistics displays. Complete new back end with new security features that can be deployed live in seconds All new big data analytics engine for faster real-time and historical statistics displays Machine learning module for traffic anomaly and bot detection All new larger routers and increased upstream capacity in all global locations Mark Teolis, CEO at DOSarrest, explains, “We are in our 11th year of providing a fully managed cloud based DDoS protection service, and if there’s one thing we have learned it’s that you’d better be ahead of the bad actors. This new release was developed with extreme flexibility in mind; we can basically analyze and create a feature that will stop any sophisticated attacks not yet even seen in the wild.” Teolis adds, “The biggest misconception in the DDoS protection world is that you only need capacity to fend off DDoS attacks, but in reality your chance of being hit by a small 10Mb/sec attack that will take your site down is millions of times greater.” About DOSarrest Internet Security: DOSarrest founded in 2007 in Vancouver, B.C., Canada is one of only a couple of companies worldwide to specialize in only cloud based DDoS protection services. Additional Web security services offered are Cloud based W eb A pplication F irewall (WAF) , V ulnerability T esting and O ptimization (VTO) , DataCenter Defender-GRE as well as cloud based global load balancing . Source: https://www.dosarrest.com/news-and-events/dosarrest-rolls-out-all-new-ddos-protection-software/

Continued here:
DOSarrest Rolls Out all New DDoS Protection Software

Sharing is caring, but keep your botnets to yourself

Sharing economy apps are prime targets for malicious attacks. The boom of mobile applications has superseded traditional services, revolutionising customer experience as we know it. In Australia, peer-to-peer services are being embraced by millions of consumers. A 2017 report by RateSetter revealed, 65% of Australians used sharing economy services like Uber and Airbnb in the past 6 months, with that set to increase to 75% in the next six months. With users willing to share personal details and financial information for the benefit of convenience or speed, these apps themselves are now a prime target for malicious attacks. These attacks paralyse services potentially for ransom, or worse, to unleash or amplify Distributed Denial of Service (DDoS) attacks to exploit users’ data. The very nature of DDoS attacks are changing to reflect the app boom. Old fashioned ‘network-layer’ DDoS attacks (the big bandwidth volumetric ones we read about) are being overtaken by smarter ‘application-layer’ attacks which interject the good application requests with the bad, harder to identify ones. As sharing economy apps become prime targets for malicious attacks, so do the services they connect to – and digital transformation means that many of those services are now in the cloud, or were born there natively. Big brands that have a huge amount of consumer data like Airbnb or Uber are moving quickly to the cloud. Airbnb migrated almost all of its cloud computing functions to Amazon Web Services (AWS) only after a year of starting and Uber has been in talks with the likes of Google, Microsoft and Amazon. The underlying danger of DDoS According to Neustar’s 2017 ‘Worldwide DDoS Attacks and Cyber Insights Research Report’, 84% of organisations surveyed globally were hit by a DDoS attack in the last 12 months, and 86% of these organisations were hit multiple times. Within the broader spectrum of risks for corporate security and IT decision makers, DDoS attacks present a growing challenge for several reasons. Firstly, the number of vulnerable devices has dramatically increased and so too has the level to which DDoS attacks have become automated and commoditised. Where a connection to the Internet previously required something that was more traditionally like a computer, IoT and cloud convergence have enabled even light bulbs to be connected to a network – providing an increased number of sources generating traffic. Secondly, according to Telstra’s 2017 cybersecurity report, 59% of Australian businesses experienced a DDoS attack on at least a yearly basis, with only 36% reporting a recovery time of within 30 minutes – and that’s a potential 30 minutes of app downtime in an economy where the patience of web and mobile users is measured in seconds. Security must be embedded in company culture Large scale DDoS attacks, like the Mirai botnet, gained significant media coverage after successfully impacting sites and services like Amazon, PayPal, Reddit and Twitter. If DDoS can disrupt giants like Amazon, then sharing economy apps like GoGet and Airtasker can become prime targets too, resulting in loss of revenue or customer loyalty. Organisations should strengthen their stance against all types of attacks and invest in smarter cyber security solutions. An important first step should be to cultivate a culture of cyber security awareness to create on-going conversations across all business units and functions. Anyone who has low awareness of cyber security and does not embrace good digital hygiene can be a weak link. Most importantly, security assessments must be an integral part of the application development framework, not an afterthought. Having securely coded applications will not only protect critical data at source, but will also enhance customer experiences and their confidence in an organisation. Ultimately, these simple yet effective measures integrated into every aspect of the organisation will ensure that customer trust is retained and the organisation’s bottom line is protected. Whilst the sharing economy is a prime target for attacks, with well-designed security infrastructure and best practices in place, we can be confident that it will continue to thrive and users’ personal data will remain secure. Source: https://www.computerworld.com.au/article/627122/sharing-caring-keep-your-botnets-yourself/?

Continue reading here:
Sharing is caring, but keep your botnets to yourself