Tag Archives: technology

Digital rights org claims cyberattacks against Filipino media outlets come from government and army

IP address inside Department of Science and Technology ran a vulnerability scan on target Qurium Media Foundation has reported a campaign of DDoS attacks on Filipino media outlets and human rights organisations that appear to be coming from the country’s Department of Science and Technology (DOST) and Army.…

More:
Digital rights org claims cyberattacks against Filipino media outlets come from government and army

74 Percent of Companies that Suffer a Data Breach Don’t Know How It Happened

And just two thirds of IT pros say their current IT security budget is sufficient, a recent survey found. According to the results of a recent survey [PDF] of 250 IT professionals, 34 percent of companies in the U.S. were breached in the past year, and 74 percent of the victims don’t know how it happened. The survey, conducted by iSense Solutions for Bitdefender, also found that two thirds of companies would pay an average of $124,000 to avoid public shaming after a breach, while 14 percent would pay more than $500,000. One third of CIOs say their job has become more important in their company’s hierarchy, and another third say their job has been completely transformed in the past few years. And while nine in 10 IT decision makers see IT security as a top priority for their companies, only two thirds say their IT security budget is suifficient — the remainder say they would need an increase of 34 percent on average to deliver efficient security policies. Cloud security spending increased in the past year at 48 percent of companies, while the budget for other security activities remained the same. On average, respondents say only 64 percent of cyber attacks can be stopped, detected or prevented with their current resources. Separately, a survey of 403 IT security professionals in the U.S., U.K., Canada and Europe found that only three percent of organizations have the technology in place and only 10 percent have the skills in place to address today’s leading attack types. The survey, conducted by Dimensional Research and sponsored by Tripwire, also found that just 44 percent of organizations have the skills, and 43 percent have the technology, to address ransomware attacks effectively. “Most organizations can reasonably handle one or two key threats, but the reality is they need to be able to defend against them all,” Tripwire senior director of IT security and risk strategy Tim Erlin said in a statement. “As part of the study, we asked respondents which attack types have the potential to do the greatest amount of damage to their organization. While ransomware was cited as the top threat, all organizations were extremely concerned about phishing, insider threats, vulnerability exploitation and DDoS attacks.” Respondents felt most confident in their skills to handle phishing (68 percent) and DDoS attacks (60 percent), but less confident in their abilities to deal with insider threats (48 percent) and vulnerability exploitations (45 percent). Similarly, respondents felt more confident in the technology they have in place to address phishing (56 percent) and DDoS attacks (63 percent), but less confident in the technology to address insider threats (41 percent) and vulnerabilities (40 percent). A separate survey of 5,000 U.S. consumers by Kaspersky Lab and HackerOne found that 22 percent of respondents are more likely to make a purchase if they know a company hired hackers to help boost security. Knowing what they do about their own company’s cyber security practices, just 36 percent of respondents said they would choose to be a customer of their own employer. Almost two in five U.S. adults don’t expect companies to pay a ransom if hit by ransomware. When asked what types of data they would expect a company to pay a ransom for, 43 percent expect companies to do so for employee Social Security numbers, followed by customer banking details (40 percent) and employee banking details (39 percent). Source: http://www.esecurityplanet.com/network-security/74-percent-of-companies-that-suffer-a-data-breach-dont-know-how-it-happened.html

Read this article:
74 Percent of Companies that Suffer a Data Breach Don’t Know How It Happened

Defeating DDoS attacks in the Cloud: Why hosting providers need to take action

DDoS attacks have become such a significant threat that hosting providers need to actively protect against them or risk their own reputations. In the first few days of the New Year, hosting provider 123-reg was once again hit by a distributed denial of service (DDoS) attack, leaving customers unable to access their websites and email accounts. Even though the magnitude and strength of the attack weren’t as immense as the 30Gbps attack on the website in August last year, it still raises availability and security concerns and emphasises the importance of using effective DDoS mitigation systems. 123-reg reacted with remediation procedures and was able to get services back up and running within a couple of hours, but not after customers experienced service outages and latency issues. Successful DDoS attacks hit more than just network infrastructure, brand reputation and bottom line suffer greatly. For many providers, just a handful of customers make up a significant portion of their revenue stream. Losing one or more of these key accounts would be detrimental to the business. With no shortage of DDoS attacks hitting the news headlines, many businesses that operate in the cloud or plan to move their business applications to the cloud, are beginning to review their DDoS protection options, and the capabilities of their providers. Hosting Providers and DDoS Threats The sheer size and scale of hosting provider network infrastructures and their massive customer base presents an incredibly attractive attack surface due to the multiple entry points and significant aggregate bandwidth that acts as a conduit for a damaging and disruptive DDoS attack. As enterprises increasingly rely on hosted critical infrastructure or services, they are placing themselves at even greater risk from these devastating cyber threats – even as an indirect target. The Domino Effect The multi-tenant nature of cloud-based data centres can be less than forgiving for unsuspecting tenants. For example, a DDoS attack that targets one organisation within the data centre can have disastrous repercussions for other tenants, causing a domino effect of latency issues, service degradation and potentially damaging and long-lasting service outages. The collateral damage associated with successful DDoS attacks can be exponential. When providers lack proper protection mechanisms to defeat attacks in real-time, the costs associated with the outages are wide ranging and the impact to downstream or co-located customers can be devastating. Therefore, if hosting providers are not protected and do not provide effective DDoS mitigation as a part of their service offering, they may inadvertently send useless and potentially harmful traffic across their customers’ networks. Traditional Defences Do Not Work Traditional techniques of defence such as black-hole routing are a crude response to DDoS attacks. Using this method, a hosting provider blocks all packets of website traffic destined for a domain by advertising a null route for the IP address under attack. The most notable issue with this approach, is when multiple tenants share a public IP address. In this situation, all customers associated with the address under attack will lose all service, regardless of whether they were a specific target of the attack. In effect, by using this method, the data centre operator is carrying out the wishes of the attacker, by taking their customers offline. Black-hole routing is not an approach that most operators prefer – since it completely took their customers offline. A more sophisticated approach was then introduced; instead of injecting a null route when an operator observed a large spike, they would inject a new route instead. That action redirected all good and bad traffic through an appliance or bank of appliances that inspected traffic and attempted to remove the attack traffic from the good traffic flows. This approach spawned the existence of DDoS scrubbing-centers with DDoS scrubbing-lanes commonly deployed today. However this approach still required a considerable amount of human intervention. A DDoS attack would have to be detected (again by analyzing NetFlow records) then an operator would have to determine the victim’s destination IP address(s). Once the victim was identified, a BGP route update would have to take place to inject a new route to “turn” the victim’s incoming traffic to where a scrubbing lane was deployed. The appliances in the scrubbing lane would attempt to remove the DDoS traffic from the good traffic and forward it to the downstream customer. Effective DDoS Defence The weaknesses of old methods – being slow to react, expensive to maintain and unable to keep up with shifting and progressive threats – tell us that solutions appropriate for today need to be always-on and remove the attack traffic in real-time, without damaging other customers, or dropping good user traffic. It’s clear they also need to be adaptable and scalable so that defences can be quickly and affordably updated to respond to the future face of DDoS threats – whatever those may be. The increasingly popular method of fulfilling these aims is through real-time DDoS mitigation tools installed directly at the peering point, meaning customer traffic can be protected as it travels across an organisation’s entire network. Such innovations mean providers are better positioned than ever before to offer effective protection to their customers, so that websites and applications can stay up and running, uninterrupted and unobstructed. Hosting providers are starting to deploy this technology as part of their service package to protect their customers. This maximises efficiency due to the fact that defences can be constantly on, with no need for human intervention. Providers can tune these systems so that customers only get good traffic, helping their sites run far more efficiently. It’s a win-win for both sides, as providers’ services become more streamlined and reliable, protecting their reputation, and attracting more customers in the process. Hosting providers have a golden opportunity to modernise their services in this way, and generate new channels for revenue – or else, they risk a slow shrinking of their customer base. Source: http://www.itproportal.com/features/defeating-ddos-attacks-in-the-cloud-why-hosting-providers-need-to-take-action/

More:
Defeating DDoS attacks in the Cloud: Why hosting providers need to take action

DDoS attacks have gone from a minor nuisance to a possible new form of global warfare

“In principle, most of the denial-of-service attacks we see have no solution,” a security expert, Peter Neumann of SRI International, told the New York Times at the time. “The generic problem is basically unsolvable.” It still is. Twenty years on, DDoS attacks have increased exponentially in size, and vast swathes of the internet remain vulnerable. Experts say the proliferation of new but vulnerable connected devices, such as thermostats and security cameras, as well as the architecture of the internet itself, mean DDoS attacks will be with us for the foreseeable future. And rather than a mere annoyance that takes your favorite websites offline, they are starting to become a serious threat. According to Arbor Networks, an internet monitoring company that also sells DDoS protection, the volume of global DDoS attacks has grown by more than 30 times between 2011 and 2014. The attacks are also getting more intense. A string of them in September and October, which set records in terms of the volume of traffic (in gigabits per second, or Gbps) in each attack, proved that DDoS can overwhelm the internet’s best defenses. Among those they took down or threatened were a hosting service, a domain-name services provider (whose clients, including Twitter and Spotify, thus became inaccessible across entire regions of the US), a major content-delivery network, and the internet’s best-known blogger on security matters, Brian Krebs.  These are the most powerful DDoS attacks each year, by Arbor Networks’ count.   The September and October attacks are thought to have been carried out using Mirai, a piece of malware that allows hackers to hijack internet-connected devices such as security cameras. These are often sold with weak default passwords that their users don’t bother (or know how) to change. Mirai tracks them down, takes them over, and incorporates them into a “botnet” that launches DDoS attacks as well as finding and infecting other devices. Botnets aren’t new, but Mirai takes them to a new level, argues a recent paper (pdf) from the Institute of Critical Infrastructure Technology (ICIT), a research group. It’s a “development platform” for hackers to customize, the researchers say; the code was made public on a hacker forum, and people are free to innovate and build on it. In the past couple of months it’s thought to have been used to cripple the heating systems of two residential buildings in Finland and the online services of several Russian banks. The researchers speculate that hackers could tailor Mirai to do far bigger damage, such as bringing down a power grid. In September, security expert Bruce Schneier pointed to evidence that a large state actor—China or Russia, most likely—has been testing for weak points in companies that run critical parts of American internet infrastructure. It’s not outlandish to imagine that in the future, DDoS attacks powered by something like Mirai, harnessing the vast quantity of weakly secured internet-connected gadgets, could become part of a new kind of warfare. At the moment, the main defense against a DDoS attack is sheer brute force. This is what hosting companies offer. If a client suffers a DDoS attack, the hosting provider simply assigns more servers to soak up the flood of traffic. But as the latest attacks have shown, the power of botnets is simply growing too fast for even the biggest providers to defend against. There is a fix that would prevent a common type of DDoS attack—a “reflection” attack. This is where a hacker sends messages out to a botnet that seem to come from the target’s IP address (like sending an email with a fake reply-to address), causing the botnet to attack that target. The proposed fix, a security standard known as BCP38, which would make such fake return addressing impossible, has been available for 16 years. If all the ISPs on the internet implemented BCP38 on their routers, the most powerful DDoS attacks would be far more difficult to launch.  But the sheer number of networks and ISPs on the internet makes this idea wishful thinking, says Steve Uhlig, of London’s Queen Mary University, who specializes in the internet’s routing protocols.”Remember that the internet is made of more than 50,000 networks,” he says. If the most important and influential networks implement the fix, but the countless smaller operators don’t, DDoS attacks can continue to exploit spoofing. “Larger networks in the [internet core] can and do filter,” he says, “But they reduce the attacks by only a limited amount.” The internet’s decentralized design is what gives it its strength. But it’s also the source of what is rapidly becoming its biggest weakness. Source: http://qz.com/860630/ddos-attacks-have-gone-from-a-minor-nuisance-to-a-possible-new-form-of-global-warfare/

See more here:
DDoS attacks have gone from a minor nuisance to a possible new form of global warfare