Tag Archives: var-username

FCC says its cybersecurity measures to prevent DDoS attacks must remain secret

The FCC has provided a few — very few — details of the steps it has taken to prevent attacks like the one that briefly took down its comment system in May. The agency has faced criticism over its secrecy regarding the event, and shows no sign of opening up; citing “the ongoing nature of the threats,” to reveal its countermeasures would “undermine our system’s security.” These cryptic comments are the first items of substance in a letter (PDF) sent to the House Energy and Commerce and Government Reform committees. Members thereof had sent letters to the FCC in late June asking what solutions it was implementing to mitigate or prevent future attacks. A cover letter from FCC Chairman Ajit Pai emphasizes the fact that millions of comments have been filed since, including 2 million in the 4 days following the attack. He writes that the Commission’s IT staff “has taken additional steps… to ensure the ongoing integrity and resiliency of the system.” What those steps are, however, he did not feel at liberty to say, except that they involve “commercial cloud providers” and “internet-based solutions.” Since the comment filing system is commercially cloud-hosted, and the system is fundamentally internet-based, neither of these descriptions is particularly revelatory. It’s not the security, it’s the communication The issue, however, isn’t that we are deeply afraid that another hacker will take down the system. After all, basic rate limiting and some analytics seem to have done the job and allowed record numbers of comments immediately after the attack stopped. The FCC was still writing reports and calling experts at the time the system had returned to full operation. The issue is the FCC’s confusing and misleading handling of the entire thing. The nature and extent of the attack is unclear — it’s described in a previous letter to concerned senators as a “non-traditional DDoS attack.” Supposedly the API was being hammered by cloud-based providers. What providers? Don’t they have records? Who was requesting the keys necessary to do this? Very little has been disclosed, and even requests of information circumstantial to the attacks have been denied. What is so sensitive about an analysis of the network activity from that period? Petitioners seeking to see communications pertaining to the attack were told much of the analysis was not written down. Even the most naive internet user would find it hard to believe that in a major agency of a modern bureaucracy, a serious attack on its internet infrastructure, concerning a major internet policy, would fail to be discussed online.  The FCC also says it consulted with the FBI and agreed that the attack was not a “significant cyber incident” as such things are defined currently in government. For the curious: A cyber incident that is (or group of related cyber incidents that together are) likely to result in demonstrable harm to the national security interests, foreign relations, or economy of the United States or to the public confidence, civil liberties, or public health and safety of the American people. Okay, that seems reasonable. So why is it being kept under wraps? Why are the countermeasures, which are probably industry standard, unable to be disclosed? How would disclosing the details of those security countermeasures undermine those systems? If it’s the “ongoing threat,” what is the threat exactly if not the pervasive threat of hacking faced by any public website, service or API? Have there been follow-up attacks we haven’t been informed of? The investigation is also ongoing, but in that case how could it fail to produce written records for FOIA requests like those already submitted? The more the FCC drags its feet and stammers out non-answers to simple questions regarding what it itself has categorized a non-major attack that happened months ago and did not significantly affect its systems, the less we trust what it does say. Concerned senators, representatives and others are not going to stop asking, however. Let’s hope whatever the FCC seems unwilling to share comes out before it ceases to be relevant. It would be a shame, for instance, to receive a full report on hackers bent on supporting one side of the net neutrality argument… the day after the FCC votes on the issue. Source: https://techcrunch.com/2017/07/31/fcc-says-its-cybersecurity-measures-to-prevent-ddos-attacks-must-remain-secret/

See more here:
FCC says its cybersecurity measures to prevent DDoS attacks must remain secret

DDoS Extortionist Who Posed as Anonymous Hacker Arrested in the US

On Friday, US authorities arrested a man on charges of launching DDoS attacks and making death and bomb threats against several targets including Leagle.com, the Sydney Morning Herald, the Canadian Broadcasting Corporation (CBC), Metro News Canada, the official website of the Canadian government, and others. The man’s name is Kamyar Jahanrakhshan, a man born in Iran, who later obtained US citizenship in 1991, and then a permanent residency in Canada in 1995. Following two criminal cases of theft in 2005 and fraud in 2011, Jahanrakhshan was deported from Canada to the US in 2014. Suspect wanted his criminal past erased from the Internet According to court documents obtained by Bleeping Computer, after his deportation, Jahanrakhshan started sending emails to online websites that had written articles or had copies of his past criminal record. The first organization that Jahanrakhshan targeted was Leagle.com, a website that offers copies of court opinions and decisions. In the beginning, Jahanrakhshan contacted the site’s team from his personal email address, asking them nicely to remove copies of past court decisions mentioning his name on the premise that it was tarnishing his reputation and violating his privacy. When the Leagle team refused, the suspect even offered to pay a $100 fee to have the documents removed. When Leagle refused again, Jahanrakhshan — who also used the name “Andrew Rakhshan” — sent them a threatening email saying he made friends with dangerous hackers and they should heed his final warning. Suspect poses as group of Anonymous hackers After Leagle had ignored him again, US authorities say Jahanrakhshan launched a DDoS attack on the site’s servers and sent an email from a Yahoo account posing as a member of the Anonymous hacker collective. Copy of the message the suspect sent Leagle US authorities say they found evidence linking Jahanrakhshan to this email account, but also to others emails linked to other DDoS extortions. Because they couldn’t handle the DDoS attack, Leagle eventually removed a decision that Jahanrakhshan had asked. The DDoS attacks stopped after. Initial success leads to more DDoS extortions The FBI says that after having forced Leagle to remove a damaging report on his past criminal record, Jahanrakhshan moved on to other targets. During 2015 and 2016, Jahanrakhshan would allegedly engage in a similar behavior and take aim at other online publications that had written articles on his past crimes, such as the Sydney Morning Herald, Canadian Broadcasting Corporation (CBC), Metro News Canada, and the official website of the Canadian government. To put extra pressure on his targets to remove damaging articles, authorities say he also launched DDoS attacks on the websites of customers advertising on CBC and Canada.com — Postmedia and the Inspiration Foundation. Seeing that all this failed and none of his targets removed the incriminating articles, Jahanrakhshan also moved on to sending bomb threats at the offices of targeted organizations and death threats on family members of employees working for the targeted organizations. He was arrested this week and arraigned in court on Friday. The suspect, if found guilty, could face up to five years in prison and a fine of up to $250,000. The damaging articles Jahanrakhshan was trying to take down described how he used fake credit cards to buy a fleet of luxury cars and a boat Source: https://www.bleepingcomputer.com/news/security/ddos-extortionist-who-posed-as-anonymous-hacker-arrested-in-the-us/

Taken from:
DDoS Extortionist Who Posed as Anonymous Hacker Arrested in the US

Don’t ban the bots

I do a lot of DDoS related research online, which results in a lot of DDoS protection related spam/offers. A trend I have seen gaining popularity lately is “ ban the bots” . These emails contain a lot of emotionally charged language trying to persuade the reader that bots are destroying the internet, wasting your bandwidth and pillaging your website (and how for a modest monthly fee they can keep the digital invaders at bay). I couldn’t disagree more. For the most part I like bots. Bots save me a ton of work and allow me to the focus on tasks that are meaningful to me. The only reason that search engines, hotel booking sites, and social media sites operate so successfully (or at all) is because of bots. These advertisements do acknowledge there are some good bots out there, while stressing the need to block the bad bots. I thought I’d pull some numbers from traffic running through our system. I was pleasantly surprised, as a DDoS protection service I was expecting to see more malicious bots than legitimate but what I found was 85% of the bot traffic is classified as good : SES (which stands for Search Engine Spiders, but is a general list of the known good bots) which we don’t want to block, and XSE which contains alternate Spiders and bots that while legitimate can cause impact on some websites. The other 15% of traffic is from hosting companies, ISPs, and commercial traffic from unknown bots. This traffic is not automatically bad , but hidden somewhere in there are the malicious bots and scrapers which we do want to block. This is where the philosophy “ban the bots” makes things more complicated than it needs to be, because while it is a trivial matter to find and locate bots, it focuses you on the actor not the action. Don’t ban the bots, ban the malicious actions . If you design your web security to defend against malicious actions it shouldn’t matter whether they are from bots or not. At DOSarrest this is what we do, we create special features to focus on the malicious bot traffic and apply them to customer configurations and leave the good bots alone. In fact, I’ll go one step further: don’t ban the bots, help the bots. Because while I disagree with the conclusion the facts are not wrong, bots do consume more than a trivial amount of resources. By helping the bots find the content they are looking for you can reduce the impact on your site and possible improve your overall ranking. Your first goal is getting the bots to your content in as few requests as possible, and at the same time stopping the bots from crawling pages you don’t need (or want) to show up in search results. Most modern sites have dynamic, pop-up, hidden menus that require multiple javascript and CSS resources to properly render. They might look fantastic, but a bot isn’t interested in the aesthetics of your site, they are looking for content. A sitemap is a great tool for linking all the content you want to emphasize without a bot having to navigate through a bunch of complicated dynamic resources. Then there are the rest of the pages in your site, things that are useful to your users but not things that need to appear in the search rankings, login pages, feedback forms, etc. Use robots.txt file or ‘noindex’ meta tags to direct the bots not to bother with these pages. Your sitemap and robots.txt will help bots find the resources you want them to find, and avoid the ones you don’t. This will help lighten the load on your webserver, but won’t necessarily help your site ranking. The number one thing they are looking for is quality content. But searchbots also look for good performing sites. Too many errors or slow responses will negatively impact your ranking in a big way. The answer here is caching. Many bots, googlebot included, do full page downloads when indexing your site. They are looking for javascript and CSS files, images and PDFs, or whatever resources you’ve linked. Most of these resources are static and can be served up out of a CDN. Not only will this alleviate the load on your server, but the performance improvement will make all your quality content that much more appealing to the bots. Sean Power Security Solutions Architect DOSarrest Internet Security Source: https://www.dosarrest.com/ddos-blog/don-t-ban-the-bots/

Read More:
Don’t ban the bots

DDoS Attacks Could Disrupt Brexit Negotiations

IT security professionals are bracing for DDoS attacks of unprecedented frequency in the year ahead, and are already preparing for attacks that could disrupt the UK’s Brexit negotiations and cause outages worldwide. That’s according to a survey from Corero Network Security, which found that more than half (57%) of respondents believe that the Brexit negotiations will be affected by DDoS attacks, with hackers using DDoS to disrupt the negotiations themselves, or using the attacks merely as camouflage while they seek to steal confidential documents or data. The latter “hidden attack” scenario is on the radar of many, and it generally involves the use of smaller, low-volume DDoS attacks of less than 30 minutes in duration. As Corero found in its research, these Trojan-horse campaigns typically go un-mitigated by most legacy solutions, and are frequently used by hackers as a distraction mechanism for additional efforts, like data exfiltration. About 63% of respondents are worried about these hidden effects of these attacks on their networks— particularly with the GDPR deadline fast-approaching, where organizations could be fined up to 4% of global turnover in the event of a data breach. At the same time, worryingly, less than a third (30%) of IT security teams have enough visibility into their networks to mitigate attacks of less than 30 minutes. Meanwhile, many in the industry expect to see a significant escalation of DDoS attacks during the year ahead, with some (38%) predicting that there could even be worldwide Internet outages during 2017. As for who’s behind the growing wave of attacks, the perpetrators are generally financially motivated, IT pros said—despite continued discussions about nation-state attackers or political activism. Security teams believe that criminal extortionists are the most likely group to inflict a DDoS attack against their organizations, with 38% expecting attacks to be financially motivated. By contrast, just 11% believe that hostile nations would be behind a DDoS attack against their organization. This financial motivation explains why almost half of those surveyed (46%) expect to be targeted by a DDoS-related ransom demand over the next 12 months. Worryingly, 62% believe it is likely or possible that their leadership team would pay. “Despite continued advice that victims should not pay a ransom, a worrying number of security professionals seem to believe that their leadership teams would still consider making a payment in the event of an attack,” said Ashley Stephenson, CEO of Corero. “Corporations need to be proactive and invest in their cybersecurity defenses against DDoS and ransomware to protect themselves against such extortion.” The good news is that the vast majority of security teams (70%) are already taking steps to stay ahead of the threats, such as putting business continuity measures in place to allow their organizations to continue operating in the event of worldwide attacks. However, they also agree that some responsibility for DDoS protection lies with the ISPs; and about a quarter of those surveyed (25%) believe their ISP is primarily to blame for not mitigating DDoS attacks. At the end of 2016, the head of Britain’s new National Cyber Security Centre suggested that the UK’s ISPs could restrict the volume of DDoS attacks across their networks by rewriting internet standards around spoofing. Continued discussions on this topic have led nearly three-quarters of respondents (73%) to expect regulatory pressure to be applied against ISPs who are perceived to be not protecting their customers against DDoS threats. “While most in the IT security industry wouldn’t expect their ISP to automatically protect them against DDoS attacks, there is a growing trend to blame upstream providers for not being more proactive when it comes to DDoS defense,” said Stephenson. “To help their cause, ISPs could do more to position themselves as leading the charge against DDoS attacks, both in terms of protecting their own networks, and by offering more comprehensive solutions to their customers as a paid-for, managed service.” Source: https://www.infosecurity-magazine.com/news/ddos-attacks-could-disrupt-brexit/

Read the original:
DDoS Attacks Could Disrupt Brexit Negotiations

Smart Drawing Pads Used for DDoS Attacks, IoT Fish Tank Used in Casino Hack

Some clever hackers found new ways to use the smart devices surrounding us, according to a report published last week by UK-based cyber-defense company Darktrace. The report, entitled the Darktrace Global Threat Report 2017, contains nine case studies from hacks investigated by Darktrace, among which two detail cyber-incidents caused by IoT devices. Smart drawing pads used for DDoS attacks In one of these case studies, Darktrace experts reveal how an unknown hacker had hijacked the smart drawing pads used at an architectural firm to carry out DDoS attacks as part of an IoT botnet. The hacker had used the default login credentials that came with the design pad software to take over the devices, which the architectural firm had connected to its internal WiFi network, and was exposing to external connections. “An attacker scanning the internet identified the vulnerable smart drawing pads and exploited them to send vast volumes of data to many websites around the world owned by entertainment companies, design companies, and government bodies,” the report reads. “Involvement in the attack could have legal implications for the firm had their infrastructure been responsible for damaging another network.” Smart fish tank used to hack North American casino Another case where attackers leveraged a smart device was at a North American casino. Darktrace says that an unknown hacker had managed to take over a smart fish tank the casino had installed at its premises for the enjoyment of its guests. In spite of the fact that the fish tank was installed on its own VPN, isolated from the rest of the casino’s network, the hacker managed to break through to the mainframe and steal data from the organization. “The data was being transferred to a device in Finland,” says Darktrace. “No other company device had communicated with this external location.” “No other company device was sending a comparable amount of outbound data,” experts added. “Communications took place on a protocol normally associated with audio and video.” In total, the hacker managed to steal over 10GB of data by siphoning it off via the IoT fish tank. Other hacking scenarios detailed in the Darktrace report include the case of a US insurance company who had its servers hijacked by a cryptocurrency miner, and several cases of insider threats, companies hacked by former or current employees. Source: https://www.bleepingcomputer.com/news/security/smart-drawing-pads-used-for-ddos-attacks-iot-fish-tank-used-in-casino-hack/

More here:
Smart Drawing Pads Used for DDoS Attacks, IoT Fish Tank Used in Casino Hack

Attacking Democracy: Should DDoS Be Considered a Legitimate Form of Protest?

It used to be that news about DDoS attacks was largely limited to tech websites and other specialized information sources, where the focus was on attack vectors, attack sizes, how exactly the perpetrators pulled it off and how websites could protect themselves going forward. These still have their place, especially with the ever-increasing size, complexity and frequency of attacks, but over the last few years DDoS has gone mainstream and gotten political. With DDoS attacks appearing in headlines regarding the U.S. election, Brexit and the push for democracy in Hong Kong, the question has to be asked: should these attacks be considered a legitimate form of protest? Denying services DDoS stands for distributed denial of service, a form of cyberattack that takes aim at websites or online services with the intent of taking them offline or slowing them downso much that they can’t be used. This is accomplished through the use of a botnet – a network of devices that have been infected with malware, allowing attackers to control them remotely and direct the botnet’s considerable traffic at the target, overwhelming the server or network infrastructure. DDoS attacks have been in the mainstream news for the last couple of years. This is because of how pervasive they’ve become, with nearly every website on the Internet now a potential target thanks to DDoS for hire services and DDoS ransom notes, and also because of the high-profile sites that have fallen victim to attacks, including Netflix, PayPal, Twitter and Reddit. Now DDoS attacks stand accused of involvement in some of the biggest political events in recent history. Recent political incidents Distributed denial of service attacks hit the political headlines in 2014 when the people of Hong Kong were in the midst of a major push for democracy, asking for genuine universal suffrage instead of the newly-reformed system that allows citizens to vote for candidates selected by an exclusive nominating committee – a system that seemed overly restrictive as well as too similar to the previous system in which the Chinese Communist Party selected the candidates. When the democratic movement’s official website launched, it logged 680,000 votes in an unofficial poll on candidates in the site’s first weekend despite the fact that it was being battered by DDoS attacks weighing in at over 300 Gbps. Though a perpetrator was not definitively named, it was widely speculated the Chinese government was behind the attacks. In a recent report, the Chinese government has come up alongside the Russian government in rumors surrounding the Brexit vote. In the hours before the deadline to register to vote in the Brexit referendum, the registration site crashed, reportedly due to a DDoS attack. The outage left tens of thousands of voters unable to register to vote, and the referendum ended with 51.9 percent voting to leave the European Union. Though the Russian government has been suspected of meddling via hacking in both the U.S. and French elections, reportedly in favor of Donald Trump and Marine Le Pen, it’s unknown if the Kremlin was involved in DDoS attack attempts on either Hillary Clinton or Donald Trump’s website; it seems more likely these Mirai botnet-powered attempts were instead the work of hackers from underground forums. The argument for recognizing DDoS as legitimate (and legal) protest The history of distributed denial of service attacks go all the way back to 1995 when an Italian collective brought down the French government’s website in protest of France’s nuclear policy. Soon after, a group by the name of the Electronic Disturbance Theater built a tool that enabled anyone to join their virtual sit-ins that targeted the White House website as well as the websites of politicians. Current hacktivist group Anonymous has taken the idea of the virtual sit-in and turned it into a voluntary botnet that allows anyone to donate the use of their device for attacks against targets like the Brazilian government in protest of the FIFA World Cup. These actions would seem to fit the criteria of legal protest, allowing citizens to peacefully albeit virtually demonstrate and rendering a website unavailable in much the same way a sit-in would render an office or institution unavailable. However, in the United States this kind of online activism can be considered a felony. The argument against Not only are DDoS attacks illegal, regardless of whether or not the attack is intended as a form of protest, but legitimizing or legalizing these attacks may cause more problems than it solves. For instance, while an opt-in botnet does seem to be a form of voluntary political activism, almost all botnets are populated by devices that have decidedly not opted in, which means politically-motivated DDoS attacks would be largely perpetrated using the property of people who have not consented. Like signing someone else’s name to a petition, this cannot be permitted. Furthermore, any legislation attempting to legalize DDoS protests would have to find a way to differentiate between attacks coming from voluntary botnets and attacks coming from nation states. A murky area, at best. With so many other forms of protest available to motivated citizens, it’s hard to imagine legalizing or legitimizing any form of DDoS attack. It’s just too easy for these attacks to be used for altogether nefarious and malicious purposes by groups that decidedly do not represent the will or wishes of the people. Source: http://www.techzone360.com/topics/techzone/articles/2017/07/19/433542-attacking-democracy-should-ddos-be-considered-legitimate-form.htm

More here:
Attacking Democracy: Should DDoS Be Considered a Legitimate Form of Protest?

Organizations Must Adapt to Evolving DDoS Attacks

Distributed Denial-of-Service (DDoS) attacks are becoming larger, more frequent, and more complex than ever before. According to Arbor Networks’ 12 th Annual Worldwide Infrastructure Security Report (WISR), attack size has grown 7,900% since its initial report – a compound annual growth rate (CAGR) of 44%. The most recent attacks are significantly larger than anything previously seen, and can now disrupt even the largest internet service providers. This data shows that DDoS attacks have become more than just a nuisance: they are rapidly increasing in size and now threaten to disrupt core Internet infrastructure. Within the broader spectrum of risks for corporate security and IT decision makers, DDoS attacks present a nettlesome and growing challenge for several reasons. First, while the underlying technology behind DDoS attacks hasn’t changed much, the number of internet-connected devices in the world that can be compromised has dramatically increased. In addition, the level to which DDoS attacks have become automated and commoditized has also increased. The Mirai-enabled attacks showed off the former; they used an army of internet-connected IoT devices to generate unprecedented levels of traffic. In the past, a connection to the internet required significant hardware and expense. These days, even light bulbs can be connected to a network, which provides a lot more sources for traffic. Second, the amount of skill required to successfully run a DDoS attack has been lowered over the last twenty years. While large attacks such as Mirai take some amount of coordination and planning, in many cases a connection to the right forum and a small amount of money ($50-100) can buy you a short attack that can take down unprotected web services. Why DDoS attacks are hard to prevent The best way to think about the DDoS problem is to imagine a river system, like the Mississippi or Columbia. At the end of those systems, where they meet the ocean, it’s very obvious that there’s a lot of water moving through those rivers: but at the source of all that water — at the little tiny creeks and streams and rivulets where the water first gathers — those sources don’t necessarily look like that much. Volumetric-style DDoS attacks, whereby attackers simply flood a target with more data than their connection can handle, use a similar effect: each network only cares about sending IP packets to the “next hop”, without a holistic view or awareness of what the total, internet-wide traffic picture looks like. So, at the source of a DDoS attack, it can be difficult to differentiate between someone uploading a file and someone perpetrating an attack. What actually matters is whether that one traffic flow joins together with a bunch of other traffic to form a giant river, or if the traffic flow is bounced off a server in such a way that it magnifies the size of the traffic many-fold. In either case, by the time you notice that you’ve got a really huge river of traffic coming at you, it may already be too late. Emerging approaches to combat DDoS attacks A promising approach to DDoS can be found with the DDoS Defense for a Community of Peers (3DCoP) project, which uses peer-to-peer collaboration so that like-minded organizations (such as a group of universities, government agencies, banks, or ISPs) act together to rapidly and effectively detect and mitigate DDoS attacks. With a peer-to-peer collaborative approach, the target of a DDoS attack can send out distress calls to the origin of any traffic it sees. The receivers of these distress calls can then take a look at the traffic they’re seeing, and either pass that message on appropriately or take local action. Universities, for example, might learn that what looks like normal traffic coming out from one of their student labs looks like a big attack to a target, and use this information to shut off or rate-limit that lab. Other approaches involve technologies like BGP FlowSpec, an improvement over conventional IP blacklisting. FlowSpec allows a victim of a DDoS to ask its upstream service providers and intermediate networks to block specific kinds of traffic, with a good level of granularity. Organizations can also relocate services into the cloud, as some cloud operators deploy sensors that can detect and mitigate attacks earlier. Unfortunately, today’s largest attacks are too large for cloud operators to handle, and the attacks may impact geographic regions or critical internet infrastructure. In the end, there are a variety of methods to filter and redirect traffic, especially for those systems housed in the cloud. However, for the biggest attacks, and for institutions that cannot create replicated versions of their systems in the cloud, techniques such as 3DCoP are key in mitigating DDoS risk. Specifically, we believe that it is only through rapid, real-time collaboration that DDoS attacks can be correctly identified, sourced, and addressed; without such collaboration, institutions must rely on phone calls and manual router updates, while a river crashes down around them. Source: https://www.infosecurity-magazine.com/opinions/organizations-adapt-evolving-ddos/

Continue Reading:
Organizations Must Adapt to Evolving DDoS Attacks

Two Iranians Charged With Hacking US Defense Contractor

The US Department of Justice (DOJ) unsealed an indictment on Monday against two Iranian nationals accused of hacking a US company and stealing software used in ammunition design. The two suspects are Mohammed Reza Rezakhah, 39 and Mohammed Saeed Ajily, 35, both Iranian businessmen. According to the indictment, Ajily ran a company named Andisheh VesaJ Middle East Company, which he used as a front to obtain and sell software in contravention of Western sanctions against Iran. Ajily’s customers included Iranian private companies, but also Iranian military and government entities. Rezakhah ran his own company called Dongle Labs, which provided DRM and license cracking services. Rezakhah was one of the many hackers Ajily hired to steal software from Western companies. The two orchestrated the 2012 hack of Arrow Tech DOJ officials claim that in 2012, Ajily hired Rezakhah to hack and steal software from a US company called Arrow Tech. The indictment says that Rezakhah, together with another accomplice named Nima Golestaneh, rented a server that they used on October 22, 2016, to hack into the Arrow Tech website and adjacent network. Officials say the two hackers stole a software application named Projectile Rocket Ordnance Design and Analysis System (PRODAS), created by Arrow Tech to aid in the design of bullets, missiles, and other military projectiles. Rezakhah cracked the program, which he later supplied to Ajily to market in the Iranian market, but also elsewhere outside the US. Group worked together for at least six years While officials brought charges only for hacking Arrow Tech, the indictment also claims that Ajily and Rezakhah worked together for years, between 2007 and 2013, hacking several targets and stealing software. The FBI also claims that Ajily had many other partners and hackers that he used to obtain his software, along with a network of companies that he used to sell the stolen goods. US officials charged the two suspects with criminal conspiracy relating to computer fraud and abuse, unauthorized access to, and theft of information from, computers, wire fraud, exporting a defense article without a license, and violating sanctions against Iran. A US judge has issued a warrant in their names. Their partner, Nima Golestaneh pleaded guilty to hacking Arrow Tech back in December 2015. In March 2016, the US also charged seven Iranian nationals on accusations of launching repeated DDoS attacks and orchestrating hacks of industrial SCADA equipment on the behest of the Iranian government. Source: https://www.bleepingcomputer.com/news/security/two-iranians-charged-with-hacking-us-defense-contractor/

Read the original:
Two Iranians Charged With Hacking US Defense Contractor

Can Cloud Storage save you from Ransomware Attacks?

Step by step, our personal and work lives are being transferred online and instantaneous connections, real-time cooperation, and free flowing information come at a price. Yes, cybercrime is hardly something new but the recent rise in global ransomware attacks are putting the question of online security into the spotlight and under scrutiny. The hackers are getting more and more inventive, and it’s becoming harder for the individual as well as companies to protect themselves. What can be done? Can cloud storage save us from ransomware? Cloud Storage vs. Ransomware Cloud created a revolution in data storage. It’s cost-effective, easy to access and typically very well guarded. The convenience is reflected in its widespread use. A report by RightScale found that 82% of companies were already using multi-cloud storage strategies. According to a report by Intuit, 78% of small businesses will fully rely on cloud services by 2020. This mass migration of business of all sizes to cloud space rendered it an extremely attractive target. Sadly, the NotPetya ransomware made it clear that ransomware has gone beyond local and physical storage, and can hit everywhere. Although being publicized as on one of the safest storage options, the cloud is not an exception to the threat. Let’s Be Realistic The best way to stay protected is to be realistic and keep informed about the capacity and power of the services on which you are relying. As such, cloud storage is not a magical bulletproof solution that will graciously save you from the ransomware. To be able to withstand ransomware and other types of attacks, cloud and collaboration services need to start implementing or strengthening solutions that allow for real-time visibility, greater control, data loss prevention, and so forth. If hackers are getting more creative, the levels of security need to follow and surpass them. How to Leverage Cloud Storage Despite the cold splash of reality, not all is lost. Cloud storage can be a valuable partner in crime or – better said – your partner in preventing crime. Scalability – Regardless of shortcomings, cloud services are still best equipped to act as a failsafe and protect you from ransomware today and in the future. Being flexible and scalable in essence, cloud services enable us to keep up with the changes and developments in the malware landscape. In other words, while the nature of the attack is unlikely to change, the delivery method will and cloud services have the agility to adjust aptly. Security Layers – In most cases, the layers of security over cloud are considerably better than of any other private server. Typically, clouds are a sophisticated combination of elaborate access controls and encrypted technology with the capacity to expand. Plus, many of them provide protection against DDoS attacks which makes them all the more useful. Backups – Due to reliability and resiliency, backing up your data with a cloud storage is far more efficient. When stored on local storage, frequent backups consume a lot of storage resources and negatively affect computer performance. With the cloud, backups of your information, data and documents can be frequent, and the streamlined failover process provides you with the comfortable safety of backup recovery. A recommended approach is to rely on several clouds simultaneously which provides a much more expansive protections without excessively high costs or unbearable complexity. How do you know cloud is worth your time? According to MarketsAndMarkets, the cloud security market will be valued at impressive $8.71 billion by 2019, so companies are ready to invest more and more to improve and strengthen the safety of the cloud environments from malicious attacks. Cloud storage, although not the ultimate weapon against ransomware attacks, is by far one of the most efficient ways to protect your information without excessive spending or applying overly complicated scenarios. It’s also most likely to scale and thus continue withstanding cybercrime in the future. Nonetheless, it is crucial you select your cloud service carefully as not all are equal. Source: http://www.dos-protection.co.uk/wp-admin/post-new.php

View the original here:
Can Cloud Storage save you from Ransomware Attacks?

So your company is on social media, are you practicing safe tweeting?

Social media has evolved from a mere millennial fad into a preferred marketing tool used by businesses across Asia Pacific. With Asia Pacific accounting for 54% of global social media users, and Asia Pacific social media users spending an average of two to four hours on social media daily, it makes sense for businesses to use social media to reach their audiences in this digital age. Companies are posting product reviews, photos, client testimonials and videos on their social media pages, in hopes of driving engagement through likes and positive comments and eventually whipping up a viral storm. Brands are even creating social media contests to engage consumers playfully while growing their brand identity, or engaging key influencers to get more people talking. Aside from driving engagement, social media serves as an avenue for companies to solicit customer feedback: Customers’ comments can provide insights on common customer complaints and companies’ points for improvement. But while integrating social media into the marketing mix can bring many benefits, it also has a dark side.  Opening the company to more cyber risks. After all, social media is fast becoming an attractive channel for cybercrime perpetrators. Today, cybercriminals target viral posts to reach a diverse range of people. Through basic spamming techniques such as creating short posts with links to freebies and job posts, cybercriminals lure unsuspecting social media users into clicking malicious links, which transmit malware after they are clicked on. Based on CyberInt’s research, 1.92% of all posts, comments and tweets found on a company’s social media feed are malicious or attempted attacks. Last year, 13% of large organizations experienced a security or data breach associated with social media networking sites. There is no denying that social media sites are now a hotbed for cybercrimes: In 2015, cybercriminals leveraged LinkedIn in health insurance provider Anthem’s hack, exposing sensitive data such as names, Social Security numbers, birth dates, addresses, email addresses, employment information and the salary of as many as 80 million current and former customers. Social phishing, which attempts to obtain an individual’s personal information through a corrupted link or other form of electronic communication, has become a common social media security threat. In the past, phishing attacks typically came in the form of emails; now, they are also perpetrated through social media private messages and wall posts. Links to malware can be disguised as ‘click-bait’ articles or videos posted on a company’s Facebook wall, Twitter or Instagram handles. Malicious links can cause devices to be infected with malware, which grants easy access to personal information and allows hackers to use the infected device as a platform to jump into other networks such as the home or office. Today, cybercriminals are using a wide range of social engineering techniques to spread malware and obtain sensitive data through social messaging channels such as Facebook chat. Cybercriminals are also leveraging social media Distributed Denial of Service (DDoS) attacks, which render social media sites inaccessible for long periods of time, to draw attention away from nefarious schemes usually involving stealthy data siphons. Some social media DDoS attacks also involve comment flooding, which causes a company’s Facebook page or Twitter to be flooded with millions of automated comments in a minute, paralyzing the company’s page feed. Automated programs or social bots are now being increasingly used for such schemes. Cybercriminals today even use illegitimate social media profiles or hijack existing social media profiles to disseminate malicious links and malware to a company’s employees, usually with the goal of extracting an organization’s sensitive data. Some resort to “false flag” scams, which involve impersonating social media platforms to trick users into revealing personal data that will allow them to access a company’s systems. Others go as far as putting up scam e-shops and coming up with fake advertisements on social media to impersonate brands. Aside from weakening a company’s immunity to future cyberattacks, these scams also translate to the loss of consumer trust in compromised brands. Social Media Teams Need to be in the Know Companies utilizing social media have the duty to protect their consumers and employees from cybersecurity risks. They need to take a closer look at what they are posting to prevent socially engineered attacks on employees while simultaneously ensuring that social media comments from the public do not contain links to malicious links that other community members might click on. As social media threats occur outside their network perimeter, organizations cannot easily detect these risks from the onset. They need to focus on prevention and the elimination of potential threats instead through the constant vigilance of cyber-activities. Organizations also need to identify the crown jewels and dedicate more resources to protect them and be aware how cyber criminals might leverage social media to gain access to their crown jewels. One way is to invest in targeted threat intelligence, which allows companies to gain insight on potential or current attacks that can harm their employees, brand reputation and customers. Cyber security organizations, like CyberInt, have cyber tools available that scan social media accounts and purge malicious comments in real time, to provide companies with better peace of mind. Leveraging social media as a marketing tool entails dealing with a sheer number of cybersecurity threats. Awareness is still the best safeguard to these threats: Social media teams should be aware of the risks associated with what they are posting and how cybercriminals are manipulating information in social media sites to advance their own selfish interests.  But awareness should be coupled with concrete action: Companies using social media in their marketing mix should also implement solid security policies to mitigate risks and vulnerabilities. One security measure companies can adopt is ensuring a close coordination between the social media team and the IT team— this arrangement will allow the social media team to stay updated on the latest cybersecurity threats and better monitor risks on their social media feeds.  Employees should also undergo training to improve their cyber hygiene and cyber posture so they can be fully aware of the threats and have a better appreciation of the security policies in place. Good security policies, however, would amount to nothing without the proper security tools. After all, it takes the right combination of people, processes and technology guardrails to address security challenges in today’s rapidly evolving digital workplace. Source: https://www.networksasia.net/article/so-your-company-social-media-are-you-practicing-safe-tweeting.1500001860

Read the original post:
So your company is on social media, are you practicing safe tweeting?