Tag Archives: var-username

Identifying the three steps of DDoS mitigation

It’s not a matter of if you’re going to be DDoS attacked, it’s a matter of when – many APAC organisations fail to understand the threat and quantify the risk – right-sizing and verifying the solution is a must. When an attack occurs, the mature organisation is prepared to effectively mitigate the attack – protecting themselves (and in turn their clients and partners) from unacceptable financial and reputational impact. Let us look at these three steps, understand, quantify and mitigate, in detail. 1.Understand the threat The threat imposed by DDoS attacks in APAC is more significant than global counterparts. A recent Neustar survey showed that 77 percent of organisations within APAC have been attacked at least once, compared to 73 percent globally. Organisations within the region are also getting attacked more frequently, with 83 percent of those attacked being attacked more than once, and 45 percent having been attacked more than six times. In addition, attack sizes are steadily growing. In 2015, the average attack size identified by Neustar was about 5GB per second. By September 2016, average attack sizes had reached up to 7GB per second – and this was prior to the Mirai driven – IoT fuelled attacks – like those on Krebs, OVH and Dyn. Given this, we should expect a considerable rise in the mean size of volumetric attacks during 2017. We’ve also seen a steady increase in the number of multi-vector attacks – which now equates to about 50 percent of all DDoS attacks. In a multi-vector attack – the criminals are potentially aiming to distract an organisation with the DDoS attack while they go after their main target. They use the DDoS attack to draw away the organisations defensive capacity while they plant ransomware, breach the network or steal valuable data. Within APAC, compared to the global average of 25 percent, network breaches associated with a multi-vector attack is sitting at 33 percent, according to Neustar’s own data. This begs the question, are APAC organisations deficient when it comes to perimeter protection? When dealing with an attack, speed is critical. But surprisingly, within APAC, on average almost half of all organisations take over three hours to detect an attack and an additional three hours to respond. This is significantly higher than the global average of 29 percent and 28 percent respectively. Worryingly, slow detection and response can lead to huge damages financially. Around half of all organisations stand to lose an average of $100,000 per hour of peak downtime during an attack. To exacerbate this, half the attacked organisations were notified of the attack by a third party, inflicting additional potential reputational damage. 2.Quantify the risk If a person goes to insure their car, they’re not going to over or underinsure it. That is, they’re not going to pay a premium associated with a higher value car – if the car gets written-off, they’re only going to get the value of the car, not the extra value associated with the premium. Alternatively, if they are underinsured, they’re not going to get back the full value of the car – they will need to pay an additional amount to replace the car. When looking at a DDoS environment, it is a similar scenario. An organisation will want to make sure it understands the level of risk and apply the right mitigation and the right cost to protect that risk. Paying the cost for a DDoS mitigation that exceeds their requirements is like over insuring the car – you are paying a premium for a service that does not match your level of risk/potential loss. Similarly, implementing a DDoS mitigation that does not cover the risk will likely lead to additional costs, resulting from greater organisational impact and additional emergency response activities. Risk management is critical – rightsizing is a must – organisations need to prepare and implement a sound mitigation plan. To understand the severity of the risk DDoS imposes, organisations must quantify both probability and impact – tangible and intangible – and know the risk appetite and technical environment of the organisation. Once this information is gathered and the severity of the risk is understood, there are three key critical elements of producing a good mitigation plan that must be enacted: detection, response and rehearsal. 3.Mitigate the attack Detection; Timely detection is critical – slow detection greatly increases potential financial and reputational loss, and allows the attackers valuable time to initiate other attack vectors. Fortunately, there are several technologies out there that can be used to monitor both the physical and cloud-based environment. For example, organisations can use Netflow monitoring on border routers to detect a volumetric attack, or provide this data to a third-party for analysis and detection. Organisations can also look at using appliances to conduct automatic detection and response, again managed internally or by a third-party. In a cloud environment, there are plenty of cloud monitoring tools out there that allow companies to identify degradation and performance, CPU utilisation and latency, giving them an indication of when an attack occurs. Response; There are many DDoS mitigation solutions available, allowing organisations to match the solution to their requirements. In selecting a mitigation solution, it is important to review a complete range of options, and align the selected solution to the organisation’s risk exposure and technology infrastructure. For example an organisation operating in the cloud with a moderate risk exposure, might opt for a cloud based solution, pay-on-occurrence model. While a financial services company, operating its own infrastructure and exposed to substantial financial and reputational risk, would look for a hybrid solution, providing the best time to mitigate, low latency and near immediate failover to cloud mitigation for large volumetric attacks. Rehearsing; Once a DDoS mitigation service is selected and implemented, the detection and mitigation plan must be document and verified through testing. The frequency of testing a mitigation plan should be dependent on the level of risk. If in a high-risk environment, a business might want to rehearse monthly or quarterly. In a lower-risk environment, the organisation might stretch it out to yearly or biannually. By understanding the threat, quantifying the risk to the organisation and implementing a right-sized mitigation solution organisations can effectively and efficiently mitigate the risk of DDoS attacks. A well implemented and tested plan will protect an organisation from both financial and reputational damage, discouraging attackers, leading the wolf from your door, leaving them hunting for a softer target. Source: http://www.cso.com.au/article/617417/identifying-three-steps-ddos-mitigation/

Read the original post:
Identifying the three steps of DDoS mitigation

#OpIsrael: Anonymous hackers poised to execute ‘electronic holocaust’ cyberattacks against Israel

Hacktivists pledge to take government, military and business websites offline in annual attacks. Since 2013, hackers and internet activists affiliated with the notorious Anonymous collective have targeted digital services as part of #OpIsrael, a campaign designed to take down the websites of government, military and financial services in the country. Taking place annually on 7 April, it first started in 2013 to coincide with a Holocaust memorial service. Anonymous-linked hackers take to Twitter and YouTube to tout their cybercrime plans – which includes defacements and distributed denial of service (DDoS) attacks as a retaliation against Israel’s treatment of the Palestinians. On PasteBin, a list of targets for the 2017 series of attacks has been posted, naming potential victims as the government and parliament websites. In one YouTube video, links to alleged DDoS tools had been posted. These have the ability to send surges of malicious traffic at a website domain to take it offline. “We are coming back to punish you again for your crimes in the Palestinian territories as we do every year,” a statement being circulated by Anonymous-linked accounts online pledged. The statement said the hackers’ plan is to take down servers and the websites of the government, military, banks and unspecified public institutions. “We’ll erase you from cyberspace as we have every year,” it added, continuing: “[It] will be an electronic holocaust. “Elite cyber-squadrons from around the world will decide to unite in solidarity with the Palestinian people, against Israel, as one entity to disrupt and erase Israel from cyberspace. “To the government, as we always say, expect us.” Far from being shocked at the news of the attacks, both cybersecurity experts and government officials have brushed off the aggressive rhetoric from the hacking group. It is not believed that past attacks have caused any physical damage other than website outages. Dudu Mimran, a chief technology officer at Ben-Gurion University, told The Jerusalem Post on 5 April that the attacks may actually be used as “training” for the Israelis. “From a training perspective there is always a learning lessons from this kind of event,” he said. Mimran claimed the biggest threat that may come from #OpIsrael is that it keeps government and business officials distracted from other – potentially more serious attacks. “When it makes everyone busy it gives slack to more serious attackers,” he said. Nevertheless, he added that “Israel and many other Western countries – but Israel in particular – are always under attack and ultimately concluded: “It does not elevate any serious threat on Israel.” On the morning of 7 April, Anonymous tweets mounted. “#OpIsrael has begun,” one claimed. Anonymous has been linked to numerous cyberattacks in recent years, launching campaigns on targets including US president Donald Trump, the government of Thailand and Arms supplier Armscor. The group has no known leadership and remains a loose collective of hackers. Source: http://www.ibtimes.co.uk/opisrael-anonymous-hackers-poised-execute-electronic-holocaust-cyberattacks-against-israel-1615926

View post:
#OpIsrael: Anonymous hackers poised to execute ‘electronic holocaust’ cyberattacks against Israel

Why hardware configurations could be the downfall of IoT

According to Trend Micro, The Internet of Things is opening up new opportunities for businesses as well as introducing a new era of convenience for consumers. However, in a blogpost, they warn of issues that can lead to the downfall of IoT and called for countries stiving to be a smart nation to be wary. More than 24 billion IoT devices will connect to each other and the internet by 2020, according to Business Insider, and that’s a conservative estimate. The Motley Fool noted that other tech giants are predicting anywhere from 50 billion to 200 billion IoT devices within the next three years. One thing is clear: The IoT is going to be big, and require a lot of management. After all, handling devices the wrong way could leave security gaps in your network. Hardware configurations could be the downfall of IoT, and it’s important for you to enable your systems appropriately. Systems at risk Most devices, including routers and printers, come with preset, easy passwords and inactivated security capabilities. A number of organizations may simply install this hardware without changing the standard authorizations, leaving significant holes that attackers can exploit. This type of situation is only magnified by the number of active IoT devices. After all, who wants to configure every sensor or create a firewall for their coffee maker? However, you must do exactly that to enable IoT without compromising security. IoT technology is still developing, and you must ask critical questions to understand how these devices handle your sensitive information. The Global Privacy Enforcement Network Privacy Sweep found that it wasn’t clear how IoT devices collected, used and disclosed information. Many companies also neglect to explain how user data would be secured or how to delete personal information. With so many entry points to your network, your system could be at risk if you don’t have definitive answers concerning their requirements and capabilities. “If you think your IoT devices aren’t at risk, you’re wrong.” Sitting targets for malicious attacks Unsecured IoT devices are gateways for hackers to stroll into your critical business systems and execute attacks on a larger scale. In fact, major internet services including Twitter, Spotify and Netflix were disrupted when an attacker leveraged IoT devices to deliver a series of massive DDoS attacks to Dyn. According to Fast Company, the hacker leveraged the digital traffic from internet-enabled hardware and sent the noise to the domain name service provider, disrupting its ability to translate addresses into IP networks. Hundreds of thousands of cameras, routers, DVRs and other household appliances were used to carry out this attack. Security experts had warned that such a situation could occur, serving as a reminder why hardware configurations are critical for business and user security. If you think your IoT devices aren’t at risk, you’re wrong. Attackers can use tools like Shodan to easily search for exposed cyber assets. Trend Micro noted this system can show a hacker any connected device’s IP address, application and firmware versions as well as other critical information to make it easier to compromise. This research also found web servers, webcams, wireless access points and routers were the most unsecured cyber assets in the top 10 most populous U.S. cities. Protecting your IoT devices Security capabilities across IoT devices will only continue to improve, but in the meantime, organizations must take steps to protect this hardware. The first step is to configure your equipment correctly to your business and set passwords that will be difficult for a hacker to guess. You should also leverage data breach systems to detect unusual behavior within your network as it occurs. This solution will help catch malicious access to your IoT devices, enabling you to act quickly to reinstate and improve security. Source: http://www.networksasia.net/article/why-hardware-configurations-could-be-downfall-iot.1491403560

Read this article:
Why hardware configurations could be the downfall of IoT

Recognizing the New Face of Cyber-Security

Threats, risks and dangers related to cyber-security are changing. CIOs must respond with a well-defined strategy and the right mix of processes and tools. Over the past few years, digital technologies have rippled through the business world and unleashed unprecedented innovation and disruption. Yet today’s technology framework also has put businesses in the crosshairs and created new levels of risk. No longer are cyber-threats thwarted by clearly defined perimeters such as firewalls. No longer are malware and cyber-attacks blocked by traditional security tools designed to identify specific viruses and code. “It’s an entirely different landscape,” observes Oswin Deally, vice president of cyber-security at consulting firm Capgemini. To be sure, mobility, clouds, the internet of things (IoT) and the increasingly interconnected nature of business and IT systems have radically changed the stakes. There’s a growing need for security transformation. Yet, at the same time, attacks are becoming more insidious and sophisticated. Phishing, spear-phishing, whaling, ransomware, hacking, hacktivism and corporate espionage are now mainstream problems. Data breaches and DDoS attacks are a daily concern. “Cyber-security has moved from a compliance and regulatory topic to front-page headline news,” says Dan Logan, director of enterprise and security architecture for Tata Consultancy Services (TCS). No Space Is Safe The scope of today’s cyber-security challenge is mind-boggling. Gartner predicts that more than 8.4 billion IoT devices will be used in 2017, and the number will swell to more than 20 billion by 2020. Meanwhile, 74 percent of organizations now store some, if not all, sensitive data in the public cloud, according to a February 2017 Intel Security study. Not surprisingly, the stakes are growing, and achieving digital transformation while ensuring security is not a simple task. An October 2016 Ponemon Institute study found that the average cost of cyber-crime to a large organization in the United States rose to more than $17 million in 2016. An interconnected world with intertwined data means that threats can come from anywhere at any time. Business disruption, information loss, a diminished brand image and revenue, and damage to equipment are constant risks. Nevertheless, organizations are struggling to keep up. Ponemon points out that only 39 percent of companies deploy advanced backup and recovery operations, though it reduces the average cost of cyber-crime by nearly $2 million. Similarly, only 28 percent of companies have a formal information governance program, though this typically reduces the cost of cyber-crime by nearly $1 million. Capgemini’s Deally says that a starting point for dealing with today’s threat landscape is to recognize that there are two primary areas to focus on: business-driven events and threat-driven events. The former revolves around things like digital commerce, innovation, intellectual property, products and supply chains that present targets and create risks for the enterprise. The latter encompasses attack methods and vectors, including email, mobile devices, the IoT, and other systems and software. “It is becoming more and more of a borderless world where the devices that drive productivity also represent risk,” he points out. CIOs and other enterprise leaders must understand business and technology intersection points and how they introduce risks at various levels—from application security to APIs and network design to clouds. It’s also important to clearly understand business and data assets and identify priorities in terms of value, sensitivity and risk. Not all data is created equal and not all systems require equal protection. This approach, when layered over specific industry risks, begins to deliver some clarity about how and where to focus a cyber-security strategy and select the right protections and processes. o be sure, cyber-security must take a multilayered approach, and it must focus on defense-in-depth. One of today’s challenges is that intruders may gain entry to a network through a vulnerability or breach and worm their way through systems and files over a period of weeks, months or years. These advanced persistent threats (APTs) use multiple tools, technologies and methods to take intrusions to a deeper and more dangerous level. In some cases, the intruders may never make their presence known. They simply pull information—everything from employee or customer data to intellectual property—to perpetuate attacks that monetize their efforts. Secure Horizons CIOs and other enterprise leaders must ultimately focus on strategies that rely on multiple tools, technologies and methods to address the problem on several fronts. This may include everything from reviewing privileges and reexamining authentication methods to analyzing coding practices and reviewing the way encryption is used for data at rest and in transit. It could also address everything from vendor relationships to coding practices. For example, as organizations migrate to DevOps, it’s possible to use automated code scanning to detect vulnerabilities before software goes live. In addition, emerging cyber-security tools use artificial intelligence (AI), machine learning or deep learning, along with analytics, to detect unusual behavior and patterns. If an employee logs in at an unusual time from an unknown device or IP address, the system may require re-authentication. However, TCS’ Logan also stresses the urgency of employee education and training. Many of today’s breaches are caused by inattentive employees, sometimes even those in the C-suite, who click a link and infect a system with malware, including ransomware. In other cases, employees circumvent policies because they interfere with their work, or they turn to shadow IT and rogue applications to complete work easier or faster. “Ongoing employee education about phishing—and the use of anti-phishing campaigns that send test emails to users and then respond to clicks with just-in-time education—is an effective addition to employee security awareness efforts,” Logan says. Likewise, intelligence sharing services can help organizations identify new risks quickly. In the end, Logan says that a simple mnemonic is useful for security transformation: ARM. This translates to assess, remediate and monitor. Best-practice organizations embed cyber-security into the foundation of day-to-day IT operations. They have robust backup and recovery systems in place to guard against ransomware and other problems. They handle basic blocking and tackling but also examine how more advanced tools, technologies and practices can boost protection. To be sure, the road to security transformation is long and winding. “A world-class organization must excel at the basics of identity management, vulnerability management, configuration management, incident management, incident response, backup and recovery,” Logan explains. Capgemini’s Deally adds: “From a CIO’s perspective, it’s essential to look at what are you doing from a business perspective and build security protections from there. The most important question—and the one to work backward from in every case—is, ‘How can I best mitigate risk?’ Source: http://www.cioinsight.com/security/recognizing-the-new-face-of-cyber-security.html

Read More:
Recognizing the New Face of Cyber-Security

UK nuclear stations on terror alert for cyber attacks

The cyber security industry has been urged to co-operate with government to protect UK critical national infrastructure from cyber attacks. UK security services have reportedly told nuclear power stations to bolster their cyber defences in the face of increased threats. Government officials have warned that terrorists, foreign spies and “hacktivists” are looking to exploit “vulnerabilities” in the nuclear industry’s internet defences, according to the Telegraph. UK energy minister Jesse Norman is quoted as saying that nuclear plants must make sure that they “remain resilient to evolving cyber threats”. However, he said the government is fully committed to defending the UK against cyber threats, and that the Civil Nuclear Cyber Securty Strategypublished in February 2017 sets out ways to ensure that the civil nuclear sector can defend against, recover from and remain resilient to evolving cyber threats. According to the strategy, the volume and complexity of cyber attacks against the UK are growing and the range of actors is widening. “The threat is becoming increasingly global and asymmetric. Both states and non-state actors can use easily-available cyber tools for destructive purposes,” the strategy states. The strategy sets out a voluntary roadmap to enable organisations in the civil nuclear sector to meet the increasing threat from cyber, and will support the development of cyber security capability of the sector, ensuring organisations will be able to comply with current and new regulation as well as being able to recover from compromises. However, for this to be achieved, the strategy said civil nuclear sector needs to work as a partnership between the government, regulator and industry, with clear roles and responsibilities which are understood and agreed. The strategy warns that the nuclear industry has to do more to protect itself, saying current mechanisms for sharing information in relation to vulnerabilities and how compromises have been addressed will need to be strengthened and enhanced to ensure good practice is shared, and continuous improvement can be made. In November 2016, veteran US investigative reporter Ted Koppel said a cyber attack on the US power grid is likely, but preparations for such an event are not up to scratch. “We are our own worst enemies,” he told Intel Security’s annual Focus conference in Las Vegas, saying that despite the risk of a cyber attack blackout, the US is unprepared for the consequences. Peter Carlisle, vice-president for Europe, Middle East and Africa at Thales e-Security believes cyber attacks against critical national infrastructure are set to increase dramatically as criminals develop “increasingly heinous methods” to jeopardise the UK’s national security. “From power stations to the transport network, the risk to the public remains severe, especially if hackers are able to gain access to electronic systems. “To tackle this, the security industry must stand shoulder to shoulder with the government to protect data and critical infrastructure from attack, and ensure hostile forces never have the opportunity to do us harm,” he said. Malcolm Murphy, technology director at network management firm Infoblox said attacks against IT networks are becoming increasingly common, and, if carried out against critical national infrastructure, can represent a significant threat to national security. “In addition to the damage caused to the networks themselves, a DDoS [distributed denial of service] attack on an organisation’s domain name system [DNS] can be used to prevent communication of and around the attacks, causing confusion and panic as seen in the attack on the Ukraine power grid in 2015,” he said. “The DNS is a mission-critical piece of network infrastructure used by all organisations without which networks cannot function. Often inadequately protected by traditional security solutions, it remains a vulnerable network component frequently used as an attack vector by cyber-criminals. “With botnets available for hire for relatively small sums of money online, DNS-based DDoS attacks are becoming increasingly easy for cyber criminals to carry out, and in their efforts to defend the country against the growing cyber threat, organisations responsible for the security of critical infrastructure should be making DNS protection a top priority,” he said. Most UK businesses have little visibility or control over their DNS servers and services, even though they are a key component of businesses’ infrastructure and security profile, a report published in March 2017 revealed. Only 8% of companies polled claim to have full visibility across all areas of DNS, including frequency of dropped requests, cache poisoning, latency and overall load on DNS infrastructure, rendering it impossible to ensure a consistent service to internal and external internet users. Source: http://www.computerweekly.com/news/450416097/UK-nuclear-stations-on-terror-alert-for-cyber-attacks

See the article here:
UK nuclear stations on terror alert for cyber attacks

Cyber-Attacks Cost Almost Twice What You May Think

What do cyber-attacks have in common with hurricanes, tornados and earthquakes? All are realities in our world. No matter how common or uncommon they may be, failing to prepare for any of them will lead to costs that could be unbearable—or worse. These were the thoughts of Nikhil Taneja, MD Radware as he shared the company’s annual Global Application & Network Security Report 2016-17 that identifies major attack trends of 2016, outlines industry preparedness, and offers predictions for in 2017. The report finds that 98% of Organizations Experienced Attacks in 2016, indicating that cyber-attacks became a way of life for nearly every organization in 2016. This trend will continue in 2017, predicts Radware. While understanding some crucial aspects such as The threat landscape—who the attackers are, their motives and tools, what will be the potential impact on businesses, including associated costs of different cyber-attacks, how a company’s preparedness level compares to other organizations etc, the report comes up with some of the key findings: – IoT Botnets Open the 1TBps Floodgates- This exemplifies why preparing for “common” attacks is no longer enough. This event introduced sophisticated vectors, such as GRE floods and DNS water torture. – Cyber-Ransom Proves Easiest, Most Lucrative Tool for Cybercriminals- Almost all ransom events have a different attack vector, technique or angle. There are hundreds of encrypting malware types, many of which were developed and discovered this year as part of the hype. Also, DDoS for ransom groups are professionals who leverage a set of network and application attacks to demonstrate their intentions and power. – Cyber-Attacks Cost Almost Twice What You May Think- Most companies have not come up with a precise calculation of the losses associated with a cyber-attack. Those who have quantified the losses estimate the damage at nearly double the amount compared to those who estimate. – Stateful Devices: #1 Point of Failure- Common IT devices, including firewalls, application delivery controllers and intrusion protection systems, now represent the greatest risk for an outage. Consequently, they require a dedicated attack mitigation solution to protect them. Threat Landscape Trends The report identifies top five trends that dominated 2016 threat landscape and will continue to haunt CISOs in the coming years. These include: – Data Leakage + SLA Impact Are Top Concerns – Data leakage and service level impact often come together, with a DDoS attack serving as a smokescreen that distracts IT teams so data can be infiltrated. – Mirai Rewrites the Rules- As the first IoT open-source botnet, Mirai is changing the rules of real-time mitigation and makes security automation a must. It isn’t just that IoT botnets can facilitate sophisticated L7 attack launches in high volumes. The fact that Mirai is open-source code means hackers can potentially mutate and customize it—resulting in an untold variety of new attack tools that can be detected only through intelligent automation. – Non-Volumetric DoS: Alive and Kicking – Despite astonishing volumes, neither the number of victims nor the frequency of attacks has grown. Most non-volumetric DDoS attacks are in relatively lower volumes, with 70% below 100Mbps. Rate-based security solutions continue to fall short, requiring companies to rethink their security strategy and embrace more sophisticated solutions. Without those upgrades, there is a good chance an organization will experience, yet lack visibility into service degradation. – Increased Attacks against Governmental Institutions- 2016 brought a new level of politically affiliated cyber protests. While the U.S. presidential election was in the spotlight, the media reported on a different breach almost weekly. These incidents happened across the globe, with regimes suffering from cyber-attacks due to alleged corruption or perceived injustices. – SSL-Based Attacks Continue to Grow- Although 39% report suffering an SSL-based attack, only 25% confidently state they can mitigate it. – DDoS Attacks Are Becoming Shorter- Burst attacks are increasing thanks to their effectiveness against most mitigation solutions. Security Strategy Evolves Rather Slowly These trends and findings indicate that while hackers continue to develop new attack tools and techniques, 40% of organizations do not have an incident response plan in place. Seventy percent do not have cyber-insurance. And despite the prevalence of ransomware, only 7% keep Bitcoin on hand. Another interesting finding of the study was three-fourths of companies do not employ hackers in their security teams, and 43% say they could not cope with an attack campaign lasting more than 24 hours. “Combining statistical research and frontline experience, the Radware report identifies trends that can help educate the security community. It draws information from sources such as the information security industry survey, where this year, 598 individual respondents representing a wide variety of organizations around the world participated,” Taneja commented. On average, responding organizations have annual revenue of USD $1.9 billion and about 3,000 employees. Ten percent are large organizations with at least USD 5 billion in annual revenue. Respondents represent more than 12 industries, with the largest number coming from the following: professional services and consulting (15%), high tech products and services (15%), banking and financial services (12%) and education (9%), the study notes. Source: http://www.cxotoday.com/story/cyber-attacks-cost-almost-twice-what-you-may-think/

Continue reading here:
Cyber-Attacks Cost Almost Twice What You May Think

New Mirai IoT variant launched 54-hour DDoS attack against a U.S. college

Researchers have spotted a new Mirai variant in the wild that is better at launching application layer attacks; other researchers spotted a new Cerber ransomware variant that can evade machine learning. A new variant of the Mirai IoT malware was spotted in the wild when it launched a 54-hour DDoS attack against an unnamed U.S. college. While the attack occurred on February 28, Imperva Incapsula is informing the world about it today. The researchers believe it is a new variant of Mirai, one that is “more adept at launching application layer assaults.” The average traffic flow was 30,000 requests per second (RPS) and peaked at about 37,000 RPS, which the DDoS mitigation firm said was the most it has seen out of any Mirai botnet so far. “In total, the attack generated over 2.8 billion requests.” During the 54-hour DDoS attack on the college, researchers observed a pool of attacking devices normally associated with Mirai such as CCTV cameras, DVRs and routers. Attack traffic originated from 9,793 IPs worldwide, but 70% of the botnet traffic came from 10 countries. The U.S. topped the list by having 18.4 percent of the botnet IPs. Israel was next with 11.3 percent, followed by Taiwan with 10.8 percent. The remaining seven countries of the top 10 were India with 8.7 percent, Turkey with 6 percent, Russia with 3.8 percent, Italy and Mexico both with 3.2 percent, Colombia with 3 percent and Bulgaria with 2.2 percent of the botnet traffic. Other signature factors such as header order and header values also helped the researchers identify the attack as a Mirai-powered botnet, yet the DDoS bots hid behind different user-agents than the five hardcoded in the default Mirai version; it used 30 user-agent variants. Incapsula said, “This–and the size of the attack itself–led us to believe that we might be dealing with a new variant, which was modified to launch more elaborate application layer attacks.” Less than a day after the 54-hour hour attack on the college ended, another was launched which lasted for an hour and half; during the second attack, the average traffic flow was 15,000 RPS. 90% of application layer attacks last less than six hours, Incapsula said, so “an attack of this duration stands in a league of its own.” The researchers said they “expect to see several more bursts before the offender(s) finally give up on their efforts.” Cerber ransomware variant evades machine learning Elsewhere, Trend Micro also has bad news in the form of a new Cerber ransomware variant. Cerber has “adopted a new technique to make itself harder to detect: it is now using a new loader that appears to be designed to evade detection by machine learning solutions.” The newest Cerber variant is still being delivered via phishing emails, but those emails now include a link to Dropbox which downloads and self-extracts the payload. If the loader detects it is running in a virtual machine, in a sandbox, or if certain analysis tools or anti-virus are running, then the malware stops running. Cerber stops, Trend Micro said, if it detects any of the following are running: msconfig, sandboxes, regedit, Task Manager, virtual machines, Wireshark, or if security products from the vendors 360, AVG, Bitdefender, Dr. Web, Kaspersky, Norton or Trend Micro are running. Trend Micro explained: Self-extracting files and simple, straightforward files could pose a problem for static machine learning file detection. All self-extracting files may look similar by structure, regardless of the content. Unpacked binaries with limited features may not look malicious either. In other words, the way Cerber is packaged could be said to be designed to evade machine learning file detection. For every new malware detection technique, an equivalent evasion technique is created out of necessity. Source: http://www.computerworld.com/article/3186175/security/new-mirai-iot-variant-launched-54-hour-ddos-attack-against-a-us-college.html

Read the article:
New Mirai IoT variant launched 54-hour DDoS attack against a U.S. college

CyberSecurity Malaysia in Asia Pacific drill to combat DDOS attacks

National digital security specialist CyberSecurity Malaysia has taken part in an Asia Pacific drill to test preparedness for DDOS attacks. Themed ‘Emergence of a New Distributed Denial of Service (DDoS) Threat,’ this year’s Asia Pacific Computer Emergency Response Team’s (APCERT) drill tested different response capabilities of leading Computer Security Incident Response Teams (CSIRT) from the Asia Pacific economies. Throughout the exercise, which was completed on 22 March 2017, the participating teams activated and tested their incident handling arrangements. Commenting on the operation, Dato’ Dr. Haji Amirudin Abdul Wahab, chief executive officer of CyberSecurity Malaysia, said: “Our participation in the APCERT drill is very important indeed as we believe nations in the Asia Pacific region should band together and collaborate more closely to enhance our skills, expertise and process in incident response handling to increase our vigilance against the current trends of DDoS threats.” Dr Amirudin said that CyberSecurity Malaysia and its counterparts in the region are deepening collaboration to target and mitigate DDoS threats. DDOS increase in Malaysia He added that in Malaysia, incidents involving DDoS attacks have been on the rise for the past three years. Such attacks reported to CyberSecurity Malaysia increased to 66 in 2016, almost double from 38 incidents in 2015. In 2014, the incidents recorded stood at 38. As of February 2017, CyberSecurity Malaysia has recorded 11 incidents involving DDoS attacks. The APCERT drill included interaction with local and international CSIRTs/CERTs, and victim organisations, for the coordinated suspension of malicious infrastructure, analysis of malicious code, as well as notification and assistance to affected entities. In addition to Malaysia, 23 APCERT teams from 17 other economies (Australia, Brunei, People’s Republic of China, Chinese Taipei, Hong Kong, India, Indonesia, Japan, Korea, Lao People’s Democratic Republic, Macao, Mongolia, Myanmar, Singapore, Sri Lanka, Thailand and Vietnam) along with 4 CSIRTs from 4 member countries (Egypt, Morocco, Nigeria and Pakistan) of the OIC-CERT participated in the drill. Held for the sixth time, this year’s drill also involved the participation of members from the Organisation of the Islamic Cooperation – Computer Emergency Response Team (OIC-CERT). CyberSecurity Malaysia, which is the permanent secretariat for the OIC-CERT, leads the cyber security efforts among the OIC member countries. APCERT was established by leading and national Computer Security Incident Response Teams (CSIRTs) from the economies of the Asia Pacific region to improve cooperation, response and information sharing among CSIRTs in the region. APCERT Operational Members consist of 28 CSIRTs from 20 economies. OIC-CERT was established in January 2009, to provide a platform for member countries to explore and to develop collaborative initiatives and possible partnerships in matters pertaining to cyber security that shall strengthen their self-reliant in the cyberspace. OIC-CERT consists of 33 CERTs, cyber security related agencies and professional from 20 economies. Source: https://www.mis-asia.com/tech/security/cybersecurity-malaysia-in-asia-pacific-drill-to-combat-ddos-attacks/

More here:
CyberSecurity Malaysia in Asia Pacific drill to combat DDOS attacks

Korean foreign ministry gets several DDoS attacks from China

The website of South Korea’s Ministry of Foreign Affairs has come under several cyberattacks originating from China but little damage has been reported so far, the ministry said Tuesday. “Several on-and-off DDoS attack attempts originating from China have taken place on websites including that of the Ministry of Foreign Affairs,” ministry spokesman Cho June-hyuck said in a press briefing. Defensive measures were immediately taken against the cyberattacks and no damage has been sustained, he said. The latest hacking attempts came as bilateral tensions remain high over the deployment of a US missile defense system in South Korea. Since the attempts, the foreign ministry has launched a special response team and distributed a response manual among the South Korean diplomatic missions in China, the spokesman noted. The spokesman did not elaborate on exactly who is behind the DDoS, or distributed denial of service, attacks, but they are the latest in a recent series of Chinese retaliations on South Korean industries and entities. A month earlier, the Chinese-language website of South Korean retail giant Lotte as well as its duty-free branch’s Chinese and Japanese-language websites sustained similar DDoS assaults, incurring heavy revenue losses. The attacks came as China stepped up its retaliatory actions over Seoul’s on-going deployment of the US missile interception system, Terminal High Altitude Area Defense. China vehemently protests the deployment which it said would compromise its security interests. “Our government pays attention to the Chinese government’s (past) expression of its consistent stance that it opposes any kind of cyberattack,” the ministry spokesman noted. “The government is expecting that (China) will continuously take responsible steps in accordance with the stance.” South Korea has also recently lodged a protest with the Chinese government after South Korean national flags were found destroyed in China, Cho said. “A national flag is a symbol of a nation’s dignity and the government takes very seriously the cases of destroyed Taegeukgi that took place in certain Chinese areas,” he said. “The government has officially lodged complaints with China on many occasions and demanded China take steps to address them immediately.” “In any case, the people-to-people exchange which is the foundation of the bilateral relationship should come under a man-made obstacle,” the spokesman said, adding that the South Korean government is trying to proactively react to China’s unjust measures in order to minimize any impact on South Korean companies. Referring to a media report alleging North Korean involvement in hacking attempts at a Poland bank and other international financial institutions, Cho also said that North Korea is likely to be using illegal cyber activities for a source of foreign currency earnings. “Given the international community’s concerns over the possibility that illegal income could be used for the development of weapons of mass destruction, North Korean cyber threats are emerging as new international threats along with its nuclear, missile and WMD threats.” (Yonhap) Source: http://www.koreaherald.com/view.php?ud=20170328000862

Follow this link:
Korean foreign ministry gets several DDoS attacks from China

A DDoS attack is cheaper than a pack of doughnuts

Cybercriminals organising DDoS attacks are making a profit of around $18 per hour, says Kaspersky. Do you know how much it costs to hire hackers for a DDoS attack? I’m asking for a friend. Anyway, Kaspersky Lab seems to know the answer as its researchers have spent some time looking into DDoS-as-a-service websites, and have come up with some numbers. As it turns out, it’s can be pretty cheap to have a website DDoSed, even though that could mean losses for the victim, in millions. It seems as hackers are undervaluing their services, yet again. In a press release, Kaspersky Lab said a DDoS attack can cost “anything from $5 for a 300-second attack, to $400 for 24 hours”. The average price for an attack is approximately $25 an hour. Using a cloud-based botnet of 1,000 desktops will set you back roughly $7 per hour. “That means the cybercriminals organising DDoS attacks are making a profit of around $18 per hour.” http://www.itproportal.com/news/a-ddos-attack-is-cheaper-than-a-pack-of-doughnuts/The definitive price is determined by a couple of factors. First, what type of devices are being used. An IoT-botnet is cheaper than a server-botnet. The type of site that needs to be attacked can also be a factor. Government sites, or those with dedicated DDoS protection, will be more expensive. “We expect the profitability of DDoS attacks to continue to grow. As a result, will see them increasingly used to extort, disrupt and mask other more intrusive attacks on businesses,” commented says Russ Madley, Head of B2B at Kaspersky Lab UK. “Worryingly, small and medium sized businesses are not confident in their knowledge of how to combat these threats effectively. The longest DDoS attack in 2016 lasted 292 hours according to Kaspersky Lab’s research, or about 12 days. Most online businesses can ill-afford to have their ‘doors closed’ for even an hour, let alone for 292 hours, as criminals take advantage of their poor defences. Companies that host these online sites are also under attack on a daily basis. The channel has a significant opportunity with our help to identify risks, provide strategic advice and deliver the right solutions to customers to prevent damaging DDoS attacks.” Source: http://www.itproportal.com/news/a-ddos-attack-is-cheaper-than-a-pack-of-doughnuts/

Original post:
A DDoS attack is cheaper than a pack of doughnuts