DOSarrest releases new API

VANCOUVER, British Columbia, Oct. 18, 2017 (GLOBE NEWSWIRE) —  Internet Security announced today that they have released a new Application Programming Interface(API) for their latest generation of Internet Security Services Software, enabling NSPs, ISPs and Security as a Service companies to directly access any and all of DOSarrest’s cloud based Security Services. This allows any organization to integrate into their existing customer portals any of DOSarrest’s services which include DDoS protection, CDN, best of breed WAF, global load balancing as well as any future services on their aggressive roadmap.

Some of the features of the API allow subscribers to auto provision, dynamically spin up/down instances and capacity as required and pick and choose whatever components they need from DOSarrest’s numerous DDoS and WAF elements. This is a new “restful” API, making integration as easy as it gets. Subscribers can also leverage DOSarrest’s Big data analytics engine to manipulate and display logging data as they see fit.

Brian Mohammed Director of Sales and Marketing states, “We have had many enquiries from large telcos, especially in Europe, who like and want our service but need an API. We listened and here it is.” Mohammed adds, “This allows virtually anyone to use our services to ensure their customers’ websites are secure from any attack be it large volumetric or a small sophisticated layer 7 attack, all the while it looks like it’s their own service, on-demand.”

Mark Teolis, CEO of DOSarrest explains, “We are also willing to build a custom portal for companies that don’t have an in house programming staff to use the new API; why not use our in house development group to help you make it?”  In addition, Teolis states, “Once you subscribe to the new API you will have access to all future services, and there are some good ones on the way.”

About DOSarrest Internet Security:
DOSarrest founded in 2007 in Vancouver, B.C., Canada is one of only a couple of companies worldwide to specialize in only cloud based DDoS protection services.  Additional Web security services offered are Cloud based Web Application Firewall (WAF), Vulnerability Testing and Optimization (VTO), DataCenter Defender – GRE as well as cloud based global load balancing.


  • 0

What is cyber terrorism?

How is cyber terrorism defined and how likely is an attack?

Everyone is familiar with what “terrorism” means, but when we stick the word “cyber” in front of it, things get a bit more nebulous.

Whereas the effects of real-world terrorism are both obvious and destructive, those of cyber terrorism are often hidden to those who aren’t directly affected. Also, those effects are more likely to be disruptive than destructive, although this isn’t always the case.

Cyber terrorism incidents

One of the earliest examples of cyber terrorism is a 1996 attack on an ISP in Massachusetts. Cited by Edward Maggio of the New York Institute of Technology and the authors of Internet: A Historical Encyclopedia, Volume 2, a hacker allegedly associated with the white supremacist movement in the US broke into his Massachusetts-based ISP after it prevented him from sending out a worldwide racist message under its name. The individual deleted some records and temporarily disabled the ISP’s services, leaving the threat “you have yet to see true electronic terrorism. This is a promise”

While this is a clear example of a cyber-terrorist incident carried out by a malicious, politically motivated individual that caused both disruption and damage, other frequently listed examples fit less clearly into the category of “terrorism”.

For example, while attacks that have taken out emergency services call centres or air-traffic control could be considered cyber terrorism, the motivation of the individuals is often unclear. If a person caused real-life disruption to these systems, but had no particular motivation other than mischief, would they be classed as a terrorist? Perhaps not.

Similarly, cyber protests such as those that occurred in 1999 during the Kosovo against NATO’s bombing campaign in the country or website defacements and DDoS attacks are arguably online versions of traditional protests, rather than terrorism.

Additionally, in the case of civil war, if one side commits a cyber attack against the other then it can be said to be more of an act of war – or cyber war – than one of cyber terror. Again, where there is a cold war between nations, associated cyber attacks could be thought of as sub-conflict level skirmishes.

Indeed, the FBI defines cyber terrorism as “[any] premeditated, politically motivated attack against information, computer systems or computer programs, and data which results in violence against non-combatant targets by sub-national groups or clandestine agents”. Under this definition, very few of the tens-of-thousands of cyber attacks carried out every year would count as cyber terrorism.

The future of cyber terrorism

As the number of connected devices increases, the likelihood of a more destructive cyber terrorist incident – something on a par with an attack in the physical world – becomes increasingly possible.

The security industry is full of stories and proofs of concept about hacking medical devices, with two particularly famous demonstrations being given by New Zealander Barnaby Jack.

This opens up the possibility for targeted assassinations or mass-scale killings carried out remotely and potentially across borders. Similarly, there are concerns self-driving vehicles could be turned into remote-controlled missiles and used in an attack, although the counter argument is that such vehicles will make the roads safer in the face of terrorists driving conventional vehicles into crowds.

Another possible style of cyber terrorism is disruption of infrastructure in a way that could potentially endanger life. For example, in 2016 an unknown actor caused a disruption that saw two apartment buildings in Finland lost hot water and heating for a week in the dead of winter. In locations as cold as Finland, actions like this could cause illness and death if widespread and sustained.

Nevertheless, the likelihood is most serious cyber attacks will be acts of cyber warfare, rather than cyber terrorism, as nation states have larger and more sophisticated resources at hand.


  • 0

Cybersecurity: into the data breach

Cybersecurity has become a significant issue as attacks are increasing. In the new payments ecosystem, where third-party developers can directly interact with banks’ customers, data privacy and security become paramount, according to the World Payments Report 2017 by Capgemini and BNP Paribas.

A significant issue to address as the new payments ecosystem evolves is that of cybersecurity. During the past few years, cyberattacks and crimes have increased across the globe, with corporate and financial institution entities, large and small, targeted.

The price of increasing collaboration among industry stakeholders in the new payments ecosystem could be an increase in cyber security vulnerabilities. To alleviate this risk, corporates are increasingly turning to their banks for advice on how to strengthen their infrastructures against cyber attacks. To ensure the highest levels of cybersecurity and the security of infrastructures in the new payments ecosystem, each stakeholder must assess security across all the data sources and points of collaboration.

The need for robust cyber security solutions to cater to all forms of cyberthreats has never been greater for corporate treasurers as new technologies proliferate and collaboration increases. Of prime importance for corporates in developing defence mechanisms is awareness of potential cyber security risks, regular updating of security profiles and continuous training of employees. This is because attacks perpetrated by cybercriminals are unpredictable in both timing and nature.

The vulnerabilities stakeholders face include cyber security, data privacy, data breaches, and payments fraud. The utmost vigilance is required to protect organisations against cyber attacks and all stakeholders, including regulators, must be more proactive regarding cybersecurity, with ownership of the issue taken to prevent attacks.

In the new payments ecosystem, third-party developers can directly interact with a partner banks’ customers, raising questions about data privacy and security. In an increasingly networked ecosystem, identifying the source of attack will be a challenge.

Verizon’s 2017 Data Breach Investigations Report found that security incidents and data breaches affect both large and small financial organisations almost equally. However, the security of larger banks is difficult to compromise as they invest more in cyber security solutions. Smaller banks, which do not have the same access to resources, are more prone to cyberattacks.

A fraud survey by the Association for Financial Professionals and JP Morgan found that the highest levels of fraud in 2016 were perpetrated via cheques. However, there was a surge in wire transfer fraud, from 27 per cent in 2014 to 46 per cent in 2016.

An increasing number of cyber security breaches are causing significant losses for banks and corporates across the world. Among recent incidents, in February 2016, a cyberheist at Bangladesh Central Bank resulted in a loss of $81 million and prevented another $850 million worth of transactions from being processed on the Swift network. Similarly, in May 2016 cybercriminals hacked the Swift system and stole $9 million from Ecuadorian bank Banco del Austro.

In May 2017, the WannaCry ransomware attack affected more than 150 countries and 200,000 computers, as attackers demanded each of those affected to pay up to $300 worth of bitcoins to unlock their systems.

In a survey for World Payments Report , bank executives ranked distributed denial of service (DDoS) attacks and customer payments fraud as the main security challenges they face. Also of concern were the high levels of card fraud, which place a significant cost burden on banks. The increasing adoption of digital offerings in transaction banking is also giving rise to higher levels of payments fraud, making cyber security a top priority for banks and corporates.

Customer payments fraud is the top ranked concern for financial technology companies and other survey respondents. This group is much less likely to view DDoS attacks as a threat; data breaches due to hacking attacks was of more concern, as was internal fraud.

While banks are investing significantly in cybersecurity solutions, there are still many risks at the corporate level that they cannot manage. Corporates must, therefore, step up their own efforts to manage cybersecurity risk and not leave it all to the banks. They should upgrade their internal systems, train their staff, and review their partners’ systems.

The idea of a cyberattacker as a lone figure hacking into systems is now obsolete. Cyberattacks are perpetrated by entities that are set up like companies, with project managers, key performance indicators and operations.

Attacks to compromise corporates and banks are designed to be multi-staged, with two main objectives: commercial gain and industry espionage. In general, the funds received via attacks go into the coffers of the organisation, while the intelligence gained during an attack will be used by perpetrators to gain a business advantage. Attacks can happen at any time, and over time, therefore all corporates should be vigilant and on constant guard against attacks.

So serious are the growing cyberattack and data breach problems that regulators across the globe should move from their present reactive approach to a more proactive one. Stringent regulations and fines to strengthen cybersecurity laws are required from regulators. Many regulations related to this are, however, still in the inception stage. Europe has relatively the most mature cybersecurity and data privacy laws, with recent initiatives including the Electronic Identification and Trusted Service which was launched in 2016.

Effective cybersecurity requires organisations to efficiently and quickly identify, mitigate and manage cyber risks and incidents. All stakeholders are taking measures to strengthen the security of transactions against potential cyber threats. Banks and other stakeholders have three options available to them: collaborating with financial technology companies, making investments in advanced technologies and monitoring tools, and strengthening internal governance to ensure seamless compliance.

  • Collaboration with fintechs

This is occurring in several areas including secure authentication and authorisation, account onboarding, identity verification and anti-money laundering. Examples include India’s Yes Bank and FortyTwoLabs’ development of multi-factor authentication tool PI-Control, which enables users to apply for internet banking access, pay bills, transfer funds, seek loans, make remittances and undertake other card transactions.

Rabobank in the Netherlands is working with Signicat to provide digital identity solutions that can be easily integrated using API technology. As banks increasingly collaborate with fintechs and regtechs, due diligence, adherence to industry standards and participating in the development of new industry standards has become critical.

  • Investment in advanced technologies and monitoring tools

Blockchain technology is still in a nascent stage, with its potential as an enabler of digital identity and payment transaction security still being tested. Banks can leverage the technology to differentiate themselves in the provision of digital identity, authentication and know your customer services.

Banks are investing in projects that combine advanced cryptography that supports private or permitted use of blockchain technology with transaction security elements that provider greater transaction visibility. To ensure the highest levels of cybersecurity and transaction security, all the ecosystem participants must assess security from multiple sources in the network. Common security standards and protocols when developing and investing in new technologies and monitoring tools will be increasingly important as collaboration increases.

With a common network governing the interfaces between banks and third-party providers, various groups are developing network-based security standards to ensure a secure environment is built around the dynamic payments ecosystem. The ability to respond to cyber threats or attacks in real-time is hampered by legacy security systems. Traditional security monitoring typically identified and reacted to cyber threats in isolation. A modern approach identifies specific unusual patterns or behaviour and alerts operational teams to anomalous activity. Advanced machine learning algorithms are the logical next step as response mechanisms in the event of a threat.

Artificial intelligence (AI) systems are being piloted globally, yet legal issues regarding accountability for the actions of such systems persist. Contextualisation of threats (linking the threat to the business and not just to technology) is needed to identify the source and understand the objective behind any attack. Another useful approach is risk-based authentication (RBA) to detect the risk profile of transaction banks and retailers. Using RBA and analytics processes, banks can create a threat matrix of fraud profiles to triangulate the threat instances to their origin and be able to proactively block fraudulent traffic. Behavioural analytics, AI, machine learning and threat matrix can help to continuously monitor the ecosystem network and provide threat intelligence.

Banks can undertake various activities such as continuously checking all systems for possible threats, observing markets, scenario simulation, examination of previous attacks, monitoring activities and applications, and establishing a payments control centre to permanently monitor payments and identify exceptional situations.

  • Robust internal governance

A robust governance model and standards are imperative for seamless functioning of the new payments ecosystem. Banks and treasurers need to interact with central authorities and regulators to share feedback, which in turn will help to improve compliance. Banks and treasurers are increasingly collaborating with regtechs to ensure compliance. Industry stakeholders must establish common data, technical, legal, functional, and security standards for robust governance.

Firms will be well served if they can ensure that security systems have multiple layers to withstand ‘flood’ attacks. To ensure a foolproof system, firms should identify the data needs of all stakeholders before finalising the controls to put in place.

With the onset of General Data Protection Regulation (GDPR) and revised Payment Services Directive (PSD2) in the EU, the focus on compliance with data privacy and security has increased. Firms must install a dedicated team to continuously review and update security policies. Additionally, stakeholders should work with the local regulatory authorities to understand the complexity of different regional legal requirements and expectations for each country.

Firms must ensure mandatory data privacy and security training is conducted at regular intervals. Educating employees on potential threats and ensuring they keep their systems updated would have prevented, or greatly reduced the impact of, events such as the WannaCry ransomware attack.


  • 0

DDoS Attacks Cause Train Delays Across Sweden

DDoS attacks on two separate days have brought down several IT systems employed by Sweden’s transport agencies, causing train delays in some cases.

The incidents took place early in the mornings of Wednesday and Thursday, October 11 and 12, this week.

The first attack hit the Sweden Transport Administration (Trafikverket) on Wednesday. According to local press, the attack brought down the IT system that manages train orders. The agency had to stop or delay trains for the time of the attack.

Trafikverket’s email system and website also went down, exacerbating the issue and preventing travelers from making reservations or getting updates on the delays. The agency used Facebook to manage the crisis and keep travelers informed.

Road traffic maps were also affected, an issue that lingers even today, at the time of publishing, according to the agency’s website.

Three Swedish transportation agencies targeted

Speaking to local media, Trafikverket officials said the attack was cleverly aimed at TDC and DGC, the agency’s two service providers, but they were both aimed in such a way to affect the agency’s services.

Trafikverket was able to restore service in a few hours, but the delays affected the entire day’s train operations.

While initially, some might have thought this was a random incident, the next day, a similar DDoS attack hit the website of another government agency, the Sweden Transport Agency (Transportstyrelsen), and public transport operator Västtrafik, who provides train, bus, ferry, and tram transport for parts of Western Sweden.

Cyber-warfare implications

In perspective, both incidents give the impression of someone probing various parts of Sweden’s transportation system to see how the country would react in the face of a cyber-attack and downtime.

The DDoS attacks come a week after a report that Russia was testing cyber-weapons in the Baltic Sea region.

In April 2016, Swedish officials blamed Russia for carrying out cyber-attacks on the country’s air traffic control infrastructure that grounded flights for a day in November 2015.


  • 0

33% of businesses hit by DDoS attack in 2017, double that of 2016

Distributed Denial of Service attacks are on the rise this year, and used to gain access to corporate data and harm a victim’s services, according to a Kaspersky Lab report.

Cybercriminals are increasingly turning to Distributed Denial of Service (DDoS) this year, as 33% of organizations faced such an attack in 2017—up from just 17% in 2016, according to a new report from Kaspersky Lab.

These cyber attacks are hitting businesses of all sizes: Of those affected, 20% were very small businesses, 33% were SMBs, and 41% were enterprises.

Half of all businesses reported that the frequency and complexity of DDoS attacks targeting organizations like theirs is growing every year, highlighting the need for more awareness and protection against them, according to Kaspersky Lab.

Of the companies that were hit in 2016, 82% said that they faced more than one DDoS attack. At this point in 2017, 76% of those hit said they had faced at least one attack.

Cybercriminals use DDoS attacks to gain access to valuable corporate data, as well as to cripple a victim’s services, Kaspersky Lab noted. These attacks often result in serious disruption of business: Of the organizations hit by DDoS attacks this year, 26% reported a significant decrease in performance of services, and 14% reported a failure of transactions and processes in affected services.

Additionally, some 53% of companies reported that DDoS attacks against them were used as a smokescreen to cover up other types of cybercrime. Half (50%) of these respondents said that the attack hid a malware infection, 49% said that it masked a data leak or theft, 42% said that it was used to cover up a network intrusion or hacking, and 26% said that it was hiding financial theft, Kaspersky Lab found.

These results are part of Kaspersky Lab’s annual IT Security Risks survey, which included responses from more than 5,200 representatives of small, medium, and large businesses from 29 countries.

“The threat of being hit by a DDoS attack – either standalone or as part of a greater attack arsenal – is showing no signs of diminishing,” said Kirill Ilganaev, head of Kaspersky DDoS protection at Kaspersky Lab, in a press release. “It’s not a case of if an organization will be hit, but when. With the problem growing and affecting every type and size of company, it is important for organizations to protect their IT infrastructure from being infiltrated and keep their data safe from attack.”

Want to use this data in your next business presentation? Feel free to copy and paste these top takeaways into your next slideshow.

  • 33% of organizations experienced a DDoS attack in 2017, compared to 17% in 2016. -Kaspersky Lab, 2017
  • Of organizations hit by DDoS attacks, 20% were very small businesses, 33% were SMBs, and 41% were enterprises. -Kaspersky Lab, 2017
  • 53% of companies reported that DDoS attacks against them were used as a smokescreen to cover up other types of cybercrime, including malware, data leaks, and financial theft. -Kaspersky Lab, 2017


  • 0

Euro commissioner calls for more collaboration on cyber security

European commissioner for security union has called for greater awareness of cyber security risks and increased collaboration in defending against them.

Cyber threats are one of the top security concerns for nine out of 10 European Union citizens, according to Julian King, European commissioner for security union.

“In an internet-connected age that is becoming ever more dependent on internet-connected technologies, we have become more vulnerable to those who are ready to exploit those technologies to try and do us harm for financial or political motives,” he told the CyberSec European Cybersecurity Forum in Krakow, Poland.

King, who has previously served as the UK ambassador to France, said that while the digital age brings “huge opportunities”, it also brings risk.

But he said these risks are becoming increasingly widely understood, particularly because of events such as the WannaCry and NotPetya attacks in May and June 2017, which affected hundreds of thousands of individuals and organisations in more than 150 countries and naturally serve as a “wake-up call”.

According to the latest Europol report on internet organised crime, King said the barriers to committing cyber attacks are “woefully low”, with little chance of getting caught, mainly because of the availability of a “vast range” of cyber criminal tools and services on the dark net, with some attacks costing as little as $5.

“For criminals, non-state and state actors, life has never been so easy,” he said, “with an arsenal that includes ransomware, phishing tools, Trojans, distributed denial of service [DDoS] attacks, botnets and identity theft services.”

In 2016, said King, European citizens were the subject of two billion data breaches, and every month, one in five industrial computers was attacked. Since 2016, more than 4,000 ransomware attacks have taken place every day across the EU – a 300% increase on 2015, he said.

Aviation systems face an average of 1,000 cyber attacks a month, and card-not-present fraud is currently worth about €1bn a year in the Eurozone alone.

‘Tackle this scourge’

“If we were talking about a public health issue, then we would be using the word ‘pandemic’ to describe the scale of the challenge,” said King, “so I think it is time to shift our efforts to tackle this scourge, which is precisely what the European Commission, with the other institutions and the member states, wants to do.

“We want to strengthen resilience, build effective deterrents and create durable cyber defence.”

King pointed out that this work has been going on for some time, and that the European Union has had a cyber security strategy since 2013.

“The Network and Information System [NIS] directive, agreed in 2016, built on that and will require [operators of] essential systems to assess risk, prepare a strategy, put in place protections, develop capabilities and competence, educate staff and the public, and share information about threats and incidents,” he said.

The challenge is that the threat itself does not stand still, said King. “It continues to change and evolve, both in its nature and in terms of the expanding attack surface that we are seeking to protect and manage, with homes, hospitals, governments, electricity grids and cars becoming increasingly connected.”

‘Offline’ lives affected

Another important fact to acknowledge, said King, is that cyber attacks are increasingly affecting people’s “offline” lives, such as the power outages in Ukraine caused by cyber attacks. He noted that, according to Symantec, the Dragonfly hacking group potentially still has the capacity to control or sabotage European energy systems.

“The internet of things [IoT] means that tens of billions more devices will go online, and in 2016, the Mirai malware attack highlighted IoT vulnerability, with hundreds of thousands of normal devices infected and turned into the world’s biggest botnet,” he said.

The internet was designed and built on trust, said King. “Our challenge today is to retro-engineer security and security awareness into the system,” he said, noting that “too often” in the rush to get new devices to market, manufacturers “forget” security or do not give it enough importance.

“That means devices never lose their easy-to-guess default passwords; it means the update policy is unclear; it means encryption not being used; and it means unnecessary ports, hardware, services and code that make the attack surface larger than it needs to be,” he said.

According to King, all these things are “relatively straightforward” to sort out, but when they are attacked cumulatively, it has “deeply troubling implications for our collective digital security and, as a result, cyber threats are becoming more strategic, especially with the ability to endanger critical infrastructure, and they are becoming more ‘endemic’ – spreading from IT networks to the business-critical operations of other economic sectors”.

Collective response

A few days after the recent State of the Union speech by European Commission president Jean Claude Junker underlining the importance of tackling cyber threats, King said the EC had presented a package of proposals intended to reinforce a collective response based on resilience, deterrence and defence.

“In all of these areas, we need to strengthen co-operation and we need to focus on international governance and international co-operation,” said King. “We urgently need to become more resilient. We need to make ourselves harder to attack, and we need to be quicker to respond.”

To that end, he said, the EC is proposing an EU cyber security agency based on the existing Enisa network and information security agency to help drive up cyber security standards and ensure a rapid and co-ordinated response to attacks across the whole of the EU.

Member states also need to fully implement the NIS directive, said King, to extend beyond critical sectors to other sectors at risk, starting with public administration, and to resource their computer incident response teams properly.

“To further reinforce these efforts, the new cyber security agency will also implement an EU standards certification framework to drive up the level of cyber security by ensuring that products on the market are sufficiently cyber resilient,” he said.

“We need to move to a world in which there are no default passwords on internet-connected devices, where all companies providing internet services and devices adhere to a vulnerability disclosure policy, and where connected devices and software are updatable for their entire lifespan.”

Standards certification framework

King said the new standards certification framework should promote new EU-wide schemes and procedures and create a comprehensive set of rules, requirements and standards to evaluate how secure digital products and services actually are.

“But, given that 95% of attacks involve some human interaction with technology, building resilience also means changing behaviours to improve cyber hygiene…and having the right skills to drive technological innovation to stay ahead of attackers,” he said, pointing out that Europe is projected to have 350,000 unfilled cyber security jobs by 2022.

“We need to mainstream cyber security education and training programmes and we need to invest in innovation,” said King.

As well as improving resilience, he said, there is a need to create real and credible disincentives for attackers. “We need to make attacks easier to detect, trace, investigate and punish,” he said. But attribution is often difficult, said King, and for this reason, the EC is seeking to promote the uptake of Internet Protocol Version 6 (IPv6).

“Under IPv6, you will only be able to allocate a single user per IP address,” he said, adding that the EC is also seeking to increase cooperation and sharing of cyber expertise and reinforcing forensic capabilities across the EU and within Europol “so that law enforcement can keep pace with criminals”.

Strengthen cyber defence

When it comes to defence, said King, the EC plans to explore whether the new EU Defence Fund could help to develop and strengthen cyber defence capabilities.

“We want to team up with our partners, and the EU will deepen co-operation with Nato on cyber security, hybrid threats and cyber defence,” he said. “It is in our common interest.”

Finally, King said that while the internet offers “enormous opportunities” for citizens, governments and international organisations, it also offers “unprecedented opportunities” for criminals, terrorists and other hostile actors.

“We need to be alive to this risk, and we need to take steps together to counter these threats because by working together, we can boost resilience, drive technological innovation, increase deterrents, and harness international co-operation to promote our collective security,” he concluded.


  • 0

DDoS attacks double as corporate data becomes new target

While more organisations are being hit by a DDoS attacks in 2017 compared to last year, less are being hit by more than one.

DDoS attacks have increased in frequency in 2017, with 33 per cent of organisations having faced one this year compared to just 17 per cent in 2016.

While DDoS attacks have been previously used to disable the operations of a target, the driving motivation to use it now is the theft of corporate data.

Over a third of organisations having been hit by a DDoS attack this year, 20 per cent have been small businesses, 33 per cent medium, and 41 per cent have been in the enterprise category. Security provider Kaspersky is behind this data, with findings from its Global IT Security Risks Survey 2017.

The damage inflicted by a DDoS attack may prove more long lasting than some might expect, with 26 per cent of businesses hit reporting a lasting impact on the performance of services.

Russ Madley, Head of VSMB & channel at Kaspersky Lab UK, said: “While DDoS attacks have been a threat for many years, it’s still important that businesses take DDoS attacks seriously as they are one of the most popular weapons in a cybercriminal’s arsenal. They can be just as damaging to a business as any other cybercrime, especially if used as part of a bigger targeted attack.”

It important to remember that DDoS attack can leave an organisation lame as it returns to regular activity, but an attack can also have a direct and immediate impact on reputation and the financial standing of a business.

“The ramifications caused by these types of attacks can be far-reaching as they’re able to reach deep into a company’s internal systems. Organisations must understand that protection of the IT infrastructure requires a comprehensive approach and continuous monitoring, regardless of the company’s size or sphere of activity,” said Madley.

While more organisations are facing DDoS attacks, the percentage of businesses hit by more than one has dropped this year to 76 per cent, a reduction from the 82 per cent that experienced more than one last year.


  • 0

US SEC Corporate Filing System Said to Be Vulnerable to DDoS Attacks

The US Securities and Exchange Commission (SEC), Wall Street’s top regulator, has discovered a vulnerability in its corporate filing database that could cause the system to collapse, according to an internal document seen by Reuters.

The SEC’s September 22 memo reveals that its EDGAR database, containing financial reports from US public companies and mutual funds, could be at risk of “denial of service” attacks, a type of cyber intrusion that floods a network, overwhelming it and forcing it to close.

The discovery came when the SEC was testing EDGAR’s ability to absorb monthly and annual financial filings that will be required under new rules adopted last year for the $18 trillion mutual fund industry.

The memo shows that even an unintentional error by a company, and not just hackers with malicious intentions, could bring the system down. Even the submission of a large “invalid” form could overwhelm the system’s memory.

The defect comes after the SEC’s admission last month that hackers breached the EDGAR database in 2016.

The discovery will likely add to concerns about the vulnerability of the SEC’s network and whether the agency has been adequately addressing cyber threats.

The mutual fund industry has long had concerns that market-sensitive data required in the new rules could be exploited if it got into the wrong hands.

The industry has since redoubled its calls for SEC Chairman Jay Clayton to delay the data-reporting rules, set to go into effect in June next year, until it is reassured the information will be secure.

“Clearly, the SEC should postpone implementation of its data reporting rule until the security of those systems is thoroughly tested and assessed by independent third parties,” said Mike McNamee, chief public communications officer of The Investment Company Institute (ICI), whose members manage $20 trillion worth of assets in the United States.

“We are confident Chairman Clayton will live up to his pledge that the SEC will take whatever steps are necessary to ensure the security of its systems and the data it collects.”

An SEC spokesman declined to comment.

The rules adopted last year requiring asset managers to file monthly and annual reports about their portfolio holdings were designed to protect them in the event of a market crisis by showing the SEC and investors that they have enough liquidity to cover a rush of redemptions.

During a Congressional hearing on Wednesday, Clayton testified that the agency was considering whether to delay the rules in light of the cyber concerns. He did not, however, mention anything about the denial of service attack vulnerability.

Virtual vomit
EDGAR is the repository for corporate America, housing millions of filings ranging from quarterly earnings to statements on acquisitions.

It is a virtual treasure trove for cyber criminals who could trade on any information gleaned before it is publicly released.

In the hack disclosed last month involving EDGAR, the SEC has said it now believes the criminals may have stolen non-public data for illicit trading.

The vulnerability revealed in the September memo shows that even an invalid form could jam up EDGAR.

The system did not immediately reject the form, the memo says. Rather, “it was being validated for hours before failing due to an invalid form type.”

That conclusion could spell trouble for the SEC’s EDGAR database because it means that if hackers wanted to, they could “basically take down the whole EDGAR system” by submitting a malicious data file, said one cyber security expert with experience securing networks of financial regulators who reviewed the letter for Reuters.

“The system would consume the data and essentially throw up on itself,” the person added.


  • 0

Pulse-Wave DDoS Attacks Mark a New Tactic in Q2

A new tactic for DDoS is gaining steam: the pulse wave attack. It’s called such due to the traffic pattern it generates—a rapid succession of attack bursts that split a botnet’s attack output.

According to Imperva’s latest Global DDoS Threat Landscape Report, a statistical analysis of more than 15,000 network and application layer DDoS attacks mitigated by Imperva Incapsula’s services during Q2 2017, the largest network layer assault it mitigated peaked at 350Gbps. The tactic enables an offender to pin down multiple targets with alternating high-volume bursts. As such, it serves as the DDoS equivalent of hitting two birds with one stone, the company said.

“A DDoS attack typically takes on a wave form, with a gradual ramp-up leading to a peak, followed by either an abrupt drop or a slow descent,” the company explained. “When repeated, the pattern resembles a triangle, or sawtooth waveform. The incline of such DDoS waves marks the time it takes the offenders to mobilize their botnets. For pulse wave attacks, a lack of a gradual incline was the first thing that caught our attention. It wasn’t the first time we’ve seen attacks ramp up quickly. However, never before have we seen attacks of this magnitude peak with such immediacy, then be repeated with such precision.”

Whoever was on the other end of these assaults, they were able to mobilize a 300Gbps botnet within a matter of seconds, Imperva noted. This, coupled with the accurate persistence in which the pulses reoccurred, painted a picture of very skilled bad actors exhibiting a high measure of control over their attack resources.

“We realized it makes no sense to assume that the botnet shuts down during those brief ‘quiet times’,” the firm said. “Instead, the gaps are simply a sign of offenders switching targets on-the-fly, leveraging a high degree of control over their resources. This also explained how the attack could instantly reach its peak. It was a result of the botnet switching targets on-the-fly, while working at full capacity. Clearly, the people operating these botnets have figured out the rule of thumb for DDoS attacks: moments to go down, hours to recover. Knowing that—and having access to an instantly responsive botnet—they did the smart thing by hitting two birds with one stone.”

Pulse-wave attacks were carried out encountered on multiple occasions throughout the quarter, according to Imperva’s data.

In the plus column, this quarter, there was a small dip in application layer attacks, which fell to 973 per week from an all-time high of 1,099 in Q1. However, don’t rejoice just quite yet.

“There is no reason to assume that the minor decline in the number of application layer assaults is the beginning of a new trend,” said Igal Zeifman, Incapsula security evangelist at Imperva—noting the change was minor at best.

Conversely, the quarter for the fifth time in a row saw a decrease in the number of network layer assaults, which dropped to 196 per week from 296 in the prior quarter.

“The persistent year-long downtrend in the amount of network layer attacks is a strong sign of a shift in the DDoS threat landscape,” Zeifman said. “There are several possible reasons for this shift, one of which is the ever-increasing number of network layer mitigation solutions on the market. The commoditization of such services makes them more commonplace, likely driving attackers to explore alternative attack methods.”

For instance one of the most prevalent trends Incapsula observed in the quarter was the increase in the amount of persistent application layer assaults, which have been scaling up for five quarters in a row.

In the second quarter of the year, 75.9% of targets were subjected to multiple attacks—the highest percentage Imperva has ever seen. Notably, US-hosted websites bore the brunt of these repeat assaults—38% were hit six or more times, out of which 23% were targeted more than 10 times. Conversely, 33.6% of sites hosted outside of the US saw six or more attacks, while “only” 19.5% saw more than 10 assaults in the span of the quarter.

“This increase in the number of repeat assaults is another clear trend and a testament to the ease with which application layer assaults are carried out,” Zeifman said. “What these numbers show is that, even after multiple failed attempts, the minimal resource requirement motivates the offenders to keep going after their target.

Another point of interest was the unexpected spike in botnet activity out of Turkey, Ukraine and India.

In Turkey, Imperva recorded more than 3,000 attacking devices that generated over 800 million attack requests, more than double the rate of last quarter.

In Ukraine and India, it recorded 4,300 attacking devices, representing a roughly 75% increase from Q1 2017. The combined attack output of Ukraine and India was 1.45 billion DDoS requests for the quarter.

Meanwhile, as the origin of 63% of DDoS requests in Q2 2017 and home to over 306,000 attacking devices, China retained its first spot on the list of attacking countries.


  • 0

As US launches DDoS attacks, N. Korea gets more bandwidth—from Russia

Fast pipe from Vladivostok gives N. Korea more Internet in face of US cyber operations.

As the US reportedly conducts a denial-of-service attack against North Korea’s access to the Internet, the regime of Kim Jong Un has gained another connection to help a select few North Koreans stay connected to the wider world—thanks to a Russian telecommunications provider. Despite UN sanctions and US unilateral moves to punish companies that do business with the Democratic People’s Republic of Korea, 38 North’s Martyn Williams reports that Russian telecommunications provider TransTelekom (ТрансТелеКо́m) began routing North Korean Internet traffic at 5:30pm Pyongyang time on Sunday.

The connection, Williams reported, offers a second route for traffic from North Korea’s Byol (“Star”) Internet service provider, which also runs North Korea’s cellular phone network. Byol offers foreigners in North Korea 1Mbps Internet access for €600 (US$660) a month (with no data caps).

Up until now, all Byol’s traffic passed through a single link provided by China Unicom. But the new connection uses a telecommunications cable link that passes over the Friendship Bridge railway bridge—the only connection between North Korea and Russia. According to Dyn Research data, the new connection is now providing more than half of the route requests to North Korea’s networks. TransTelekom (sometimes spelled TransTeleComm) is owned by Russia’s railroad operator, Russian Railways.

A Dyn Research chart showing the new routing data for North Korea's ISP.

A Dyn Research chart showing the new routing data for North Korea’s ISP.

According to a Washington Post report, The Department of Defense’s US Cyber Command had specifically targeted North Korea’s Reconnaissance General Bureau—the country’s primary intelligence agency—with a denial-of-service attack against the organization’s network infrastructure. That attack was supposed to end on Saturday, according to a White House official who spoke with the Post.

While the unnamed official said the attack specifically targeted North Korea’s own hacking operations, North Korea has previously run those operations from outside its borders—from China. So it’s not clear whether the attack would have had any impact on ongoing North Korean cyberespionage operations.


  • 0