Financial Impact of Cybercrime Exceeded $45B in 2018

Cybersecurity analysts explore a range of industry research to examine trends around cyber incidents and their financial impact.

Cybersecurity incidents cost an estimated $45 billion in 2018, according to a new report that aggregates data from different types of reported security incidents from around the world.

It’s difficult to get a complete picture of the cyber incident landscape, says Jeff Wilbur, technical director of the Internet Society’s Online Trust Alliance (OTA), which today published its “2018 Cyber Incident & Breach Trends Report.” “Everyone’s viewing it from their own lens,” he says.

When the OTA published its first edition of this report 11 years ago, it only focused on data breaches, Wilbur adds. A rapidly evolving threat landscape forced it to broaden its scope.

“A few years ago we realized this underrepresented the number of cyber incidents,” he explains. “We started looking at adding business email compromise, ransomware, and other DDoS attacks because those are orders of magnitude larger than breaches that get reported.

What’s interesting, he continues, is many of the techniques cybercriminals use to break into systems have largely remained the same: They use employee credentials, for example, or exploit a known vulnerability in an organization that hasn’t updated its software. “The ways to get in have been relatively constant for a while,” says Wilbur, though there are some changes.

Internet of Things (IoT) devices, for example, have introduced new ways of breaking into organizations, as has organizations’ growing reliance on third-party vendors. “The clever way to get into systems is through third parties that may be less secure,” Wilbur adds. More attackers are breaking into target organizations by planting malware on or gaining unauthorized access into vendor systems.

Supply chain- and IoT-based attacks may be growing, but email attacks and vulnerability exploitation remain the most common ways to break into a target system. However, the actions cybercriminals take once they gain access to a network continue to shift over time.

Tracking Trends in Cybercrime
In their exploration of how attack patterns fluctuate over time, researchers noticed ransomware declined overall between 2017 and 2018, though it specifically increased among enterprise users. Cryptojacking became prominent in late 2017 and grew in 2018; however, it later started to rapidly decline as cryptocurrency’s value plummeted and attackers sought new ways to generate illicit income. Researchers found reports of 1.3 million incidents of cryptojacking in 2018 and 500,000 of ransomware.

Distributed denial-of-service (DDoS) attacks were reportedly down in 2018, though some reports indicate they’re still causing chaos in some industries. The challenge with DDoS attacks is determining how many attacks are successful, researchers point out. There is no aggregated reporting, and most businesses hesitate to acknowledge where they are vulnerable.

Business email compromise (BEC) was up significantly in 2018, researchers say. The FBI’s Internet Crime Complaint Center reported more than 20,000 BEC incidents in the US resulted in nearly $1.3 billion in losses in 2018 – up from 16,000 incidents and $677 million lost in 2017.

It’s one of many types of attacks contributing to the overall cost of cyber incidents in 2018. While financial impact is tough to determine, strong estimates put the cost of ransomware at $8 billion and credential stuffing at $5 billion. Some estimates are more general; for example, the Ponemon Institute reported the average cost of a data breach grew to hit $3.86 million.

Even with loose estimates, researchers estimate a total financial impact of at least $45 billion in 2018.

What does this data mean for the rest of 2019? “We’ve seen more supply chain attacks, [and] we’ve seen more ransomware, especially in the US,” he says, pointing to the new trend of cybercriminals targeting US cities including Baltimore, Maryland; Riviera Beach, Florida; and Atlanta, Georgia. While cryptojacking continues to drop off, we can expect to see more of the same threats we saw in late 2018 and early 2019, Wilbur says.

Back to Basics
As Wilbur explains, attack vectors leading to major breaches are typically simple.

These can be seen in many of the high-profile security incidents that made headlines in 2018. The breach of Aadhaar, India’s national ID database, compromised 1.1 billion records and was attributed to an unsecured API. An attack on the Marriott/Starwood system affected 383 million people and was caused by intruders who had been on the Starwood network since 2014 and would have been found by a routine network check prior to its acquisition by Marriott.

Given OTA found 95% of data breaches in 2018 were preventable, it seems organizations are not taking simple steps to protect themselves. “The same rules apply, so it’s actually the trend that organizations aren’t doing the basics really well,” he says.

This puts pressure on organizations to step up their game: you want to be the organization that, when attackers start to intrude, they don’t find a vulnerability and move on to an easier target.

Source: https://www.darkreading.com/risk/financial-impact-of-cybercrime-exceeded-$45b-in-2018/d/d-id/1335199

  • 0

Cloudflare: What was behind the latest global internet outage?

Cloudflare, the backbone of many of the web’s biggest sites, experienced a global outage that left many wondering what could have happened.

The fragility of the internet was exposed yesterday (2 July) when users across the world came across many websites displaying the error message ‘502 Bad Gateway’. Shortly after, social media was flooded with questions as to what caused such an outage across seemingly unconnected sites.

Soon after, Cloudflare, a content delivery and DDoS protection provider, said an error on its part was behind the massive outage. A quick look at the company’s systems status page showed that almost every major city in the world was affected in some way, including Dublin.

23 minutes after Cloudflare confirmed that it was experiencing issues, it announced that it had “implemented a fix”. 35 minutes later, it revealed the cause of the outage.

“We saw a massive spike in CPU that caused primary and secondary systems to fall over,” a statement said. “We shut down the process that was causing the CPU spike. Service restored to normal within ~30 minutes.”

Soon after, it announced that normal operations had resumed. So what could have caused such a major outage so soon after another one that occurred on 24 June?

Testing processes were ‘insufficient in this case’

In a blogpost, Cloudflare CTO John Graham-Cumming was able to reveal that the CPU spike was the result of “bad software deploy that was rolled back”. He stressed that this was not the result of a well-crafted DDoS attack.

“The cause of this outage was deployment of a single misconfigured rule within the Cloudflare Web Application Firewall (WAF) during a routine deployment of new Cloudflare WAF managed rules,” Graham-Cumming said.

“We make software deployments constantly across the network and have automated systems to run test suites, and a procedure for deploying progressively to prevent incidents. Unfortunately, these WAF rules were deployed globally in one go and caused today’s outage.”

He went on to admit that such an outage was “very painful” for customers and that the company’s testing processes were “insufficient in this case”.

This outage was different to the one that occurred on 24 June, which Cloudflare described as the internet having “a small heart attack”. It was revealed that network provider Verizon directed a significant portion of the internet’s traffic to a small company in the US state of Pennsylvania, resulting in a major information pile-up.

Source: https://www.siliconrepublic.com/enterprise/cloudflare-outage-502-bad-gateway-explained

  • 0

Discord was down due to Cloudflare outage affecting parts of the web

Popular chat service Discord experienced issues today due to network problems at Cloudflare and a wider internet issue. The app was inaccessible for its millions of users, and even Discord’s website and status pages were struggling. Discord’s problems could be traced to an outage at Cloudflare, a content delivery network. Cloudflare started experiencing issues at 7:43AM ET, and this caused Discord, Feedly, Crunchyroll, and many other sites that rely on its services to have partial outages.

Cloudflare says it’s working on a “possible route leak” affecting some of its network, but services like Discord have been inaccessible for nearly 45 minutes now. “Discord is affected by the general internet outage,” says a Discord statement on the company’s status site. “Hang tight. Pet your cats.”

“This leak is impacting many internet services including Cloudflare,” says a Cloudflare spokesperson. “We are continuing to work with the network provider that created this route leak to remove it.” Cloudflare doesn’t name the network involved, but Verizon is also experiencing widespread issues across the East Coast of the US this morning. Cloudflare notes that “the network responsible for the route leak has now fixed the issue,” so services should start to return to normal shortly.

Cloudfare explained the outage in an additional statement, commenting that “Earlier today, a widespread BGP routing leak affected a number of Internet services and a portion of traffic to Cloudflare. All of Cloudflare’s systems continued to run normally, but traffic wasn’t getting to us for a portion of our domains. At this point, the network outage has been fixed and traffic levels are returning to normal.”

Source: https://www.theverge.com/2019/6/24/18715308/discord-down-outage-cloudflare-problems-crunchyroll-feedly

  • 0

Ubisoft hit with string of DDoS attacks just as R6’s Operation Phantom Sight goes live

Update June 18, 2019 3:20pm CT: Ubisoft has resolved issues stemming from today’s DDoS attack and all services have been restored.

 Ubisoft says it’s suffering from a series of distributed denial-of-service (DDoS) attacks. They hit right as Rainbow Six Siege’s Operation Phantom Sight is getting underway and are currently affecting server connectivity and latency.

In a DDoS attack, a web service or website is flooded with an overwhelming amount of traffic making it unstable and unusable. While it’s not clear who’s responsible for the attack, Ubisoft says it’s working to remedy the issues, according to its support page. Ubisoft put out a similar statement when it was hit by a large DDoS attack just under a year ago.

Screen Shot 2019-06-19 at 13.05.17

Fans should be aware that Ubisoft services are likely to be impacted until the issue is resolved. Last time a large scale DDoS attack hit Ubisoft it took about 10 hours for the company to be able to remedy the situation.

With the new operators of Operation Phantom Sight just being rolled out for all to play, it’s a bummer that some may not get to try them out until the issue is resolved.

Source: https://dotesports.com/rainbow-6/news/ubisoft-hit-with-string-of-ddos-attacks-just-as-r6s-operation-phantom-sight-goes-live

  • 0

Telegram Hit by Powerful DDoS Attack – Blames China

We live in a world where foreign governments are routinely accused of cyber meddling to subvert democratic elections. Is anyone surprised that an authoritarian government is blamed for a massive DDoS attack that shut down Telegram – a key social media channel used to organize dissent and protest?

What is perhaps surprising in this case, is that the social media channel was Telegram, famous for being the most secure messaging app. Telegram’s security is based on encryption, distributed servers, and an optional message self-destruction feature. So, the content of your messages on Telegram should be pretty safe.

BUT if the service is unavailable, all that security is useless. That’s the sinister beauty of DDoS – Distributed Denial of Service. When a DDoS attack floods your network, overwhelming your infrastructure – with up to Terabits per Second of garbage data – it doesn’t matter how secure your service is.  Nobody can access it.

DDoS isn’t only about denial of service. Sometimes it’s used as an enabler for other cybercrimes. While services (including aspects of network security) are down, other malicious software may be infiltrated into your network devices resulting in massive data breaches, ransomware, theft of IP and more.

DDoS Attacks: Bad and Getting Worse

DDoS is here and it’s not going away! It seems that every month we hear about a new, record-breaking DDoS attack—and it’s not surprising that many types of DDoS attacks are referred to as floods—there is even one called a Tsunami—because their impact is overwhelming. They marshal a bot army of infected network devices to inundate and flood network resources, including elements such as firewalls that are intended to ensure network security.

How will 5G affect DDoS attacks?

5G holds a lot of promise for improved communications but may well worsen the DDoS nightmare. 5G’s anticipated exponential spread of high-speed bandwidth and connected IoT means that in addition to widespread motivation, easily available attack tools, and proliferating IoT attack sources, dramatically bigger attacks will be possible because the “5G highway” will have many more lanes to enable vastly higher rates of traffic—both good and bad. In the words of Brijesh Datta, the CSIO of Reliance Jio, “5G’s bandwidth will easily flood servers…with 5G, every individual would have a 1 Gbps worth of bandwidth, thereby attacks would become more drastic.”

What should service providers do to secure their network against DDoS attacks? 

In a whitepaper focused on service providers, but equally applicable to enterprises, Frost and Sullivan stress the following points:

  1. “…service providers may be better served by high-performance DDoS mitigation appliances with sufficient scalability to eliminate attacks, inline and in real time
  2. “An inline solution that provides DPI-based policy control capabilities ensures that firewalls and other security infrastructure are protected and functional at all times.”

Source: https://securityboulevard.com/2019/06/telegram-hit-by-powerful-ddos-attack-blames-china/

  • 0

Telegram blames China for ‘powerful DDoS attack’ during Hong Kong protests

Telegram founder Pavel Durov has suggested that the Chinese government may have been behind a recent DDoS attack on the encrypted messaging service. Writing on Twitter, the founder called it a “state actor-sized DDoS” which came mainly from IP addresses located in China. Durov noted that the attack coincided with the ongoing protests in Hong Kong, where people are using encrypted messaging apps like Telegram to avoid detection while coordinating their protests.

The attack raises questions about whether the Chinese government is attempting to disrupt the encrypted messaging service and limit its effectiveness as an organizing tool for the hundreds of thousands of demonstrators taking part in the protests. Bloomberg reports that encrypted messaging apps like Telegram and FireChat are currently trending in Apple’s Hong Kong App Store, as demonstrators attempt to conceal their identities from Hong Kong’s Beijing-backed government.

Screen Shot 2019-06-13 at 16.32.38

As well as using encrypted messaging apps, Bloomberg notes that protesters in Hong Kong are also covering their faces to avoid facial recognition systems. They’re also avoiding the use of public transit cards that can link location to identities.

Telegram’s Twitter account said that the service had been hit with “gadzillions of garbage requests,” mostly from IP addresses originating in China, as part of the DDoS attack which had stopped the service from being able to process legitimate requests from users. It said that these garbage requests tend to be generated by botnets, networks of computers infected with malware. “This case was not an exception,” Durov tweeted without elaborating.

 

  • 0

TalkTalk hacker sentenced to four years

One of the perpetrators of the 2015 TalkTalk cyber hack has been sentenced to four years in prison for his role in the attack.

 22-year-old Daniel Kelley, from Llanelli, South Wales, who also suffers from Asperger’s syndrome, originally pleaded guilty to 11 hacking-related offences in 2016.

Judge Mark Dennis sentenced him at the Old Bailey to four years’ detention in a young offenders institution. Judge Dennis said Kelley hacked computers “for his own personal gratification”, regardless of the damage caused. Kelley went on to blackmail company bosses, revealing a “cruel and calculating side to his character”, he said.

TalkTalk experienced three significant cyber attacks in 2015, resulting in a leak of the details of over 150,000 customers. The company hired the cyber arm of defence contractor BAE Systems to investigate the breach.

Kelley’s hacking offences also involved half a dozen other organisations, including a Welsh further education college, Coleg Sir Gar, where he was a student.

His actions caused “stress and anxiety” to his victims, as well as harm to their businesses, with the total cost to TalkTalk from multiple hackers estimated at £77m.

Between September 2013 and November 2015, Kelley engaged in a wide range of hacking activities, using stolen information to blackmail individuals and companies. Despite attempts at anonymity, his crimes were revealed in his online activities.

In September 2012, he boasted on Skype that he was “involved with black hat activities and I can ddos (Distributed Denial of Service)” in reference to malicious hacking. Commenting on what he was doing, he wrote on an online forum: “Oh God, this is so illegal.”

The court heard how Kelley was just 16 when he hacked into Coleg Sir Gar out of “spite or revenge”. The DDoS attack caused widespread disruption to students and teachers and also affected the Welsh Government Public Sector network, which includes schools, councils, hospitals and emergency services.

After he was arrested and bailed, Kelley continued his cyber-crime spree for a more “mercenary purpose”. Prosecutor Peter Ratliff said Kelley had been “utterly ruthless” as he threatened to ruin companies by releasing personal and credit card details of clients.

He hacked into TalkTalk and blackmailed Baroness Harding of Winscombe and five other executives for Bitcoin, the court heard.

However, he only received £4,400 worth of Bitcoins through all his blackmail attempts, having made demands for coins worth over £115,000.

Source: https://eandt.theiet.org/content/articles/2019/06/talktalk-hacker-sentenced-to-four-years/

  • 0

IoT regulation is key to halting increase in DDoS attacks

Global communication service providers (CSPs), who are expected to provide customers with continuous, uninterrupted service, are struggling to deal with an increasing number of distributed denial of service (DDoS) attacks.

DDoS attacks involve flooding a network with more traffic than it can handle, which makes the network inaccessible to legitimate users.

According to A10 Networks’ The State of DDoS Attacks against Communication Service Providers report, which quizzed 325 IT and security professionals working for internet service providers, 85% of CSPs believe that there will be an increase or no reduction in the amount of DDoS attacks launched against them in the near future.

Despite the threat increasing, just 39% were confident that their organisation could detect a DDoS attack. Fewer respondents, 34%, were confident that their organisation could prevent an attack.

Respondents said that a lack of actionable intelligence was the top barrier to preventing DDoS attacks. Insufficient talent and expertise, and inadequate technologies were also viewed as significant barriers.

Stopping the botnet

Preventing attacks can be costly for businesses, according to cybersecurity expert Jake Moore, security specialist at ESET, but regulating the internet of things (IoT) space could help to prevent a large number of DDoS attacks before they are launched.

“DDoS attacks have always featured in cyber-attacks and there’s usually not much companies can do to protect their websites other than to attempt to divert as much traffic as possible, but this can be costly,” Moore explained. “The real solution lies in the early production of the internet of things and smart devices, where they are continually created with simple or no security at all.”

According to GlobalData’s recent smart home report, spending on internet-connected smart home devices climbed to $23bn in 2018. The market is expected to grow to $25bn by 2025 as consumers continue to automate their homes using smart speakers, thermostats, lighting and security products.

However, various studies have highlighted how easy it is to hack many of these devices.

This is being exploited by cybercriminals to build botnets, a number of compromised internet-connected devices that are used to carry out automated cybercriminal activities such as DDoS attacks or spam delivery.

The Mirai botnet discovered in 2016, for example, had amassed 380,000 devices by scanning the internet for IoT devices and testing commonly-used default username and password combinations to break into a device.

“Once such devices are taken over by a threat actor, they are simply diverted on mass to targeted sites to crash them,” Moore explained.

Source: https://www.verdict.co.uk/iot-regulation-ddos-attack-prevention/

  • 0

Global communications service providers struggling to fend off growing number of DDoS attacks

Global communications service providers, whose businesses are predicated on continuous availability and reliable service levels, are struggling to fend off a growing number of DDoS attacks against their networks. A lack of timely and actionable intelligence is seen as a major obstacle to DDoS protection, according to A10 Networks.

The critical need for DDoS protection

The A10 Networks study conducted by the Ponemon Institute highlights the critical need for DDoS protection that provides higher levels of scalability, intelligence integration, and automation. Some 325 IT and security professionals at ISPs, mobile carriers and cloud service providers participated in the survey.

According to the report, entitled “The State of DDoS Attacks Against Communications Service Providers,” these service providers have major concerns with DDoS resilience readiness with only 29 percent of respondents confident in their ability to launch appropriate measures to moderate attacks.

DDoS attacks targeting the network layer are the most common form of attack—and the most dangerous to their business, according to respondents. These attacks flood the network with traffic to starve out legitimate requests and render service unavailable. As a result, service providers say they face a variety of consequences, the most serious being end-user and IT staff productivity losses, revenue losses and customer turnover.

85 percent of survey respondents expect DDoS attacks to either increase (54 percent) or remain at the same high levels (31 percent). Most service providers do not rate themselves highly in either prevention or detection of attacks. Just 34 percent grade themselves as effective or highly effective in prevention; 39 percent grade themselves as effective or highly effective in detection.

DDoS intelligence gap

The DDoS intelligence gap was highlighted by a number of survey findings:

  • Lack of actionable intelligence was cited as the number-one barrier to preventing DDoS attacks, followed by insufficient personnel and expertise, and inadequate technologies.
  • Out-of-date intelligence, which is too stale to be actionable, was cited as the leading intelligence problem, followed by inaccurate information, and a lack of integration between intelligence sources and security measures.
  • Solutions that provide actionable intelligence were seen as the most effective way to defend against attacks.
  • The most important features in DDoS protection solutions were identified as scalability, integration of DDoS protection with cyber intelligence, and the ability to integrate analytics and automation to improve visibility and precision in intelligence gathering.
  • Communications service providers who rated their DDoS defense capabilities highly were more likely to have sound intelligence into global botnets and weapon locations.

“Communications service providers are right, both in their expectations for increased attacks and about their need for better intelligence to prevent them,” said Gunter Reiss, vice president, marketing at A10 Networks. “The continuing proliferation of connected devices and the coming 5G networks will only increase the potential size and ferocity of botnets aimed at service providers. To better prepare, providers will need deeper insights into the identities of these attack networks and where the weapons are located. They also need actionable intelligence that integrates with their security systems and the capacity to automate their response.”

At the same time, many service providers see DDoS protection as a managed service as a significant business opportunity, with a majority (66 percent) of providers saying they were either delivering DDoS scrubbing services or planning to do so. However, the high cost of delivering these services using legacy solutions and making them profitable was seen as a major impediment. Service providers are being forced to find modern approaches that can scale defense in a profitable way.

Other key findings

  • DDoS is seen as the most difficult type of cyber attack to deter, prevent and contain.
  • Cybercriminals who use DDoS attacks to extort money are considered the biggest risk to service providers, followed by those who use DDoS attacks as a smoke screen for some other cyber attack.
  • The network is significantly more likely to be attacked than other layers of a service provider’s infrastructure, such as the application and device layers.
  • A majority of respondents say they do not have actionable intelligence into DDoS-for-hire botnets or DDoS weapon locations around the world to help them protect their networks.

Source: https://www.helpnetsecurity.com/2019/06/07/communications-service-providers-ddos/

  • 0

DDoS Botnets are Back and Poised to Do Damage

DDoS attacks have been among the top cybersecurity threats in recent years, and have the potential to cause wide scale disruption of internet services. The massive attack on DNS provider Dyn in 2016 caused outages to popular websites like Twitter and Netflix and affected millions of users worldwide. Various other enterprises including financial institutions, video game companies, and news websites have fallen victim to DDoS and all had to weather downtime caused by the attacks.

Though other cyber-attack methods like ransomware and data breaches have taken the spotlight these past couple of years, the threat of DDoS still persists and stronger than ever. While better security solutions and anti DDoS techniques are now available to thwart attacks, hackers are still keen on tweaking their tools and techniques to continue causing harm.

DDoS is seeing resurgence as of late and the potential damage caused by these new attacks are also significant. Attacks of at least 100 gigabytes per second (Gbps) increased by 967 percentin Q1 2019 compared to a year ago.

DDoS and Botnets
Massive DDoS attacks have largely been made possible by botnets – swarms of malware-infected devices or “zombies” – that can be controlled by hackers to launch attacks on targets. Botnets essentially pool together the computing resources and bandwidth from zombies to overwhelm even the best equipped networks.

A SYN flood DDoS attack, for example, exploits the mechanics of the standard TCP protocol – the very protocol used for web browsing, email, and file transfers. During an attack, each zombie device on the botnet sends a SYN request to server. The server then acknowledges the request and sends back a SYN-ACK response. Conventionally, the device should respond with an ACK to establish the connection.

However, in a SYN flood, the zombies would not send this ACK response back to the server. Or, the malware could spoof IP address of the SYN request so that the server wouldn’t receive the response at all. This process is repeated across all zombies on the botnet. As requests pile up, the server would eventually run out of resources causing it to crash and prevent all other legitimate connections from being established.

The Mirai botnet, which has infected tens of thousands of wireless devices, network appliances, and IP cameras, is capable of performing various flood attacks aside from SYN floods. Its source code is readily available online which allows hackers to readily use or modify the malware to take over more devices. New variants have been detected making its rounds online and these are capable of compromising a wider variety of internet-connected hardware.

Potential Damage Increases
This year, a DDoS attack thwarted by security provider Imperva reached a peak rate of 652 million packets per second (Mpps). This is considered the most intense attack on record and is five times the intensity of the GitHub attack which is currently the biggest DDoS by data transmission.

Just this April, cryptocurrency wallet Electrum was also affected by a malware attack which turned devices on its network into zombies. Electrum users were prompted to install a fake update which infected their devices with malware. This not only made user devices part of a massive DDoS botnet, but the malware also stole cryptocurrencies stored in users’ wallets. Around 152,000 devices were said to have been infected while over $4.6 million in cryptocurrencies have been stolen by attackers.

Also recently, a threat actor who goes by online alias “Subby” was reported to have taken over 29 IoT botnets. While the combined size of the botnets are only capable of launching around 300 Gbps attacks, it can still be a significant enough threat to affect most networks.

These latest episodes of malware infection and DDoS attacks underscore how botnets remain a major threat to cybersecurity. The continued evolution of DDoS malware may soon result in botnets capable of pooling enough resources to launch attacks that will rewrite the record books once again.

Costs of Falling Victim are Still Significant
This has put enterprises back on edge as they’ve become quite wary of falling victim to DDoS. A single attack can cause downtime, loss of business, and negative perception – all of which can have significant impact on their operations.

Depending on the size of the enterprise, a DDoS attack can cost a business tens of thousands of dollars in downtime alone. In the UK, DDoS is expected to cost its economy more than £1 billion in damages in 2019 as downtime from each attack is estimated to exceed £140,000. Dealing with DDoS may also require other actions such as recovery, security audits, and public relations.

Because of this financial impact, DDoS has become a way to commit industrial sabotage. One can simply acquire DDoS-for-hire services on the dark web to cripple a target company’s online activities and cost them financially in the process. Hacktivists have also been known to launch DDoS attacks on corporate targets as means to protest or advance political agenda.

Implementing Security is a Must
Fortunately, the cybersecurity community has been actively improving means to mitigate DDoS attacks. Internet services are now investing on better infrastructure to have enough bandwidth and network capacity to weather DDoS attacks.

Security solutions like WAFs and DDoS mitigation have also become smarter. They now feature better algorithms to filter out malicious traffic. Crypto-based mechanisms are even being explored to combat DDoS.

But to lessen the threat of botnets, it’s critical for users to be more conscious of their own security. A major contributor to the explosion of botnets is the poor security of many devices. The market has recently seen a surge in cheap internet-capable devices, many of which have poor security features. Other users are also remiss in changing default administrator credentials on their devices which make it easy for malware spread across networks.

Protecting internet-connected devices should greatly help lessen exposure. Even actions like using more secure passwords and applying timely patches and updates could prevent malware from spreading.

The threat of cyberattacks and DDoS will continue to be present. So, everyone stands to benefit should computer users put in more effort to securing their devices and networks.

Source: https://www.infosecurity-magazine.com/next-gen-infosec/ddos-botnets-damage-1-1/
  • 0