Businesses are becoming main target for cybercriminals, report finds

Cybercrime activity continues to expand in scope and complexity, according to the latest report by cybersecurity firm Malwarebytes, as businesses become the preferred target for crooks throughout Q3.

Malware detection on businesses shot up 55% between Q2 and Q3, with the biggest attack vector coming from information-stealing trojans such as the self-propagating Emotet and infamous LokiBot.

Criminals have likely ramped up attacks on organizations in an attempt to maximize returns, while consumers have seen significantly less action in Q3, with a mere 5% detection increase over the period.

This incline toward a more streamlined campaign, as opposed to the wide nets cast in previous quarters, is due to numerous reasons including businesses failing to patch vulnerabilities, weaponized exploits, and possibly even the implementation of privacy-protective legislation such as GDPR.

“There was a very long period where ransomware was the dominant malware against everybody,” said Adam Kujawa, director of Malwarebytes Labs, speaking to The Daily Swig about the quarterly report, Cybercrime tactics and techniques: Q3 2018.

“We’ve seen the complete evolution of ransomware to what is really just a few families, and whether we’ll see the same distribution and exposure [of ransomware] that we’ve seen in the past few years is unlikely in my opinion.”

GandCrab ransomware, however, which first appeared at the beginning of this year, has matured.

New versions were discovered during Q3 as the ransomware variant is expected to remain a viable threat to both consumers and to businesses, which are at higher risk due to GandCrab’s advanced ability to encrypt network drives.

But despite a recent report by Europol that highlighted ransomware as the biggest threat in 2018, Kujawa isn’t convinced that these campaigns will stick around in the quarters to come.

“There are so many solutions out there that can protect users from ransomware, and there are more people that know what to do if you get hit with it,” he said.

“When you compare that to is it a good return investment [for cybercriminals], we don’t think it is anymore. Most of what we’ve seen [in Q3] is information-stealers.”

Kujawa points to the banking trojan Emotet, that can spread easily and with a primary intent to steal financial data and carry out disturbed denial of service (DDoS) attacks on infected machines.

Businesses, particularly small and medium-sized enterprises with less money invested in cyber defenses, have become valuable targets due to the ease in which trojans like Emotet can spread throughout their networks.

Changes in global information systems may also be a contributing factor in the revival of data-theft.

“That may very well in part play to things like GDPR where you’ve got this data that is no longer legally allowed to be on a server somewhere protected in Europe,” said Kujawa.

“Cybercriminals may be more interested in stealing data like they used to because this stuff is no longer as easy to obtain as it was.”

While information-stealers hogged the spotlight, the threat landscape remains diverse – targets are predominately concentrated within Western countries, while the use of exploit kits were found mostly in Asian countries including South Korea.

Kujawa also noted that social engineering, such as phishing attacks, remains a successful technique for malicious hackers.

He said: “Almost all attacks are distributed through social engineering, that’s still the number one way to get past things like security software, firewalls, and things like that.”

“The biggest problem in our industry right now is people not taking it [cybersecurity] seriously enough,” Kujawa added.

“At the end of the day we’re never going to win the war on cybercrime with just technology because that’s exactly what the bad guys are using against us.”

Source: https://portswigger.net/daily-swig/businesses-are-becoming-main-target-for-cybercriminals-report-finds

  • 0

Central planning bureau finds Dutch cybersecurity at high level

Dutch businesses and the public sector are well protected against cybersecurity threats compared to other countries, according to a report from the Central Planning Bureau on the risks for cybersecurity. Dutch websites employ encryption techniques relatively often, and the ISPs take measures to limit the impact of DDoS attacks, the report said.

Small and medium-sized businesses are less active than large companies in protecting their activities, employing techniques such as data encryption less often, the CPB found. This creates risks for small business and consumers that could be avoided.

The report also found that the Dutch are more often victims of cybercrime than other forms of crime. This implies a high cost for society to ensure cybersecurity. In 2016, already 11 percent of businesses incurred costs due to a hacking attempt.

The threat of DDoS attacks will only increase in the coming years due to the growing number of IoT devices. This was already evident in the attacks against Dutch bank websites earlier this year. A further risk is that over half the most important banks in the world use the same DDoS protection service.

According to the paper Financieele Dagblad, this supplier is Akamai. The company provides DDoS protection for 16 of the 30 largest banks worldwide. The Dutch banks ABN Amro, ING and Rabobank said they were not dependent on a single provider.

The CPB report also found that the often reported shortage of qualified ICT staff is less of a threat than thought. The number of ICT students has risen 50 percent in four years and around 100,000 ICT jobs have been added in the country since 2008. Already 5 percent of all jobs are in ICT. This puts the Netherlands at the top of the pack in Europe, alongside the Nordic countries.

Source: https://www.telecompaper.com/news/central-planning-bureau-finds-dutch-cybersecurity-at-high-level–1264818

  • 0

Edinburgh Uni Hit by Major Cyber-Attack

The website of Edinburgh University was still down at the time of writing after the institution suffered a major cyber-attack during its Freshers’ Week.

A university spokesman told the Edinburgh Evening News that it has “rigid measures in place” to protect IT systems and data.

“Our defenses reacted quickly and no data has been compromised,” he added. “We will continue to work with our internet service provider, [national cybercrime investigators] and with other universities to prevent these network attacks in future.”

The main ed.ac.uk site was still down on Thursday morning, nearly 24 hours after the first reports of an attack went online. That would indicate a serious DDoS attack.

Jisc, the UK non-profit which runs the super-fast Janet network for research and educational institutions, released a statement claiming that a “number of universities” have been targeted this week and adding that the number of DDoS attacks on them “typically increases at this time of year, when students are enrolling at, or returning to university.”

“While Jisc is responsible for protecting connections to the Janet Network for its members (colleges, universities and research centres), members are responsible for protecting their own cyberspace,” it added. “However, Jisc also provides DDoS threat intelligence to its community and provides advice to members affected by cyber-attacks on how to deal with the problem and minimize the impact.”

Ironically, Edinburgh University was praised by the government this year for carrying out cutting-edge cybersecurity research. It is one of 14 Academic Centres of Excellence in Cyber Security Research, backed by the £1.9bn National Cyber Security Strategy.

DDoS attacks grew by 40% year-on-year in the first six months of 2018, according to new figures from Corero Networks.

The security firm claimed that attacks are becoming shorter — with 82% lasting less than 10 minutes — and smaller, with 94% under 5Gbps. However, one in five victims are hit with another attack within 24 hours, the report revealed.

Source: https://www.infosecurity-magazine.com/news/edinburgh-uni-hit-by-major-cyber/

  • 0

DDoS attacks are getting even larger

Average DDoS attack is five times stronger this year, compared to the year before.
The average DDoS attack is five times stronger this year, compared to the year before, and the biggest DDoS attack is four times stronger than last year’s strongest, according to new reports.

Nexusguard’s Q2 2018 Threat Report analysed thousands of DDoS attacks worldwide and came to the conclusion that the average DDoS attack is now bigger than 26 Gbps, and the maximum attack size is now 359 Gbps.

IoT botnets are still largely in use, mostly because of the increasing number of IoT-related malware exploits, as well as the huge growth in large-scale DDoS attacks.

The report says that CSPs and susceptible operations should ‘enhance their preparedness to maintain their bandwidth, especially if their infrastructure don’t have full redundancy and failover plans in place’.

“The biggest zero-day risks can stem from various types of home routers, which attackers can exploit to create expansive DDoS attacks against networks and mission-critical services, resulting in jumbo-sized attacks intended to cripple targets during peak revenue-generating hours,” said Juniman Kasman, chief technology officer for Nexusguard. “Telcos and other communications service providers will need to take extra precautions to guard bandwidth against these supersized attacks to ensure customer service and operations continue uninterrupted.”

Universal datagram protocol, or UDP, is the hacker’s favourite attack tool, with more than 31 per cent of all attacks using this approach. This is a connectionless protocol which helps launch mass-generated botnets.

Top two sources of these attacks are the US and China.

Source: https://www.itproportal.com/news/ddos-attacks-are-getting-even-larger/

  • 0

DDoS Protection is the Foundation for Application, Site and Data Availability

When we think of DDoS protection, we often think about how to keep our website up and running. While searching for a security solution, you’ll find several options that are similar on the surface. The main difference is whether your organization requires a cloud, on-premise or hybrid solution that combines the best of both worlds. Finding a DDoS mitigation/protection solution seems simple, but there are several things to consider.

It’s important to remember that DDoS attacks don’t just cause a website to go down. While the majority do cause a service disruption, 90 percent of the time it does not mean a website is completely unavailable, but rather there is a performance degradation. As a result, organizations need to search for a DDoS solution that can optimize application performance and protect from DDoS attacks. The two functions are natural bedfellows.

The other thing we often forget is that most traditional DDoS solutions, whether they are on-premise or in the cloud, cannot protect us from an upstream event or a downstream event.

  1. If your carrier is hit with a DDoS attack upstream, your link may be fine but your ability to do anything would be limited. You would not receive any traffic from that pipe.
  2. If your infrastructure provider goes down due to a DDoS attack on its key infrastructure, your organization’s website will go down regardless of how well your DDoS solution is working.

Many DDoS providers will tell you these are not part of a DDoS strategy. I beg to differ.

Finding the Right DDoS Solution

DDoS protection was born out of the need to improve availability and guarantee performance.  Today, this is critical. We have become an application-driven world where digital interactions dominate. A bad experience using an app is worse for customer satisfaction and loyalty than an outage.  Most companies are moving into shared infrastructure environments—otherwise known as the “cloud”— where the performance of the underlying infrastructure is no longer controlled by the end user.

  1. Data center or host infrastructure rerouting capabilities gives organizations the ability to reroute traffic to secondary data centers or application servers if there is a performance problem caused by something that the traditional DDoS prevention solution cannot negate. This may or may not be caused by a traditional DDoS attack, but either way, it’s important to understand how to mitigate the risk from a denial of service caused by infrastructure failure.
  2. Simple-to-use link or host availability solutions offer a unified interface for conducting WAN failover in the event that the upstream provider is compromised. Companies can use BGP, but BGP is complex and rigid. The future needs to be simple and flexible.
  3. Infrastructure and application performance optimization is critical. If we can limit the amount of compute-per-application transactions, we can reduce the likelihood that a capacity problem with the underlying architecture can cause an outage. Instead of thinking about just avoiding performance degradation, what if we actually improve the performance SLA while also limiting risk? It’s similar to making the decision to invest your money as opposed to burying it in the ground.

Today you can look at buying separate products to accomplish these needs but you are then left with an age old problem: a disparate collection of poorly integrated best-of-breed solutions that don’t work well together.

These products should work together as part of a holistic solution where each solution can compensate and enhance the performance of the other and ultimately help improve and ensure application availability, performance and reliability. The goal should be to create a resilient architecture to prevent or limit the impact of DoS and DDoS attacks of any kind.

Source: https://securityboulevard.com/2018/09/ddos-protection-is-the-foundation-for-application-site-and-data-availability/

  • 0

A Scoville Heat Scale For Measuring Cybersecurity

The Scoville Scale is a measurement chart used to rate the heat of peppers or other spicy foods. It can also can have a useful application for measuring cybersecurity threats. Cyber-threats are also red hot as the human attack surface is projected to reach over 6 billion people by 2022. In addition, cyber-crime damage costs are estimated to reach $6 trillion annually by 2021. The cybersecurity firm RiskIQ states that every minute approximately 1,861 people fall victim to cyber-attacks, while some $1.14 million is stolen. In recognition of these alarming stats, perhaps it would be useful to categorize cyber-threats in a similar scale to the hot peppers we consume.

I have provided my own Scoville Scale-like heat characterizations of the cyber threats we are facing below.

Data Breaches: According to Juniper Research, over The Next 5 Years, 146 Billion Records Will Be Breached. The 2017 Annual Data Breach Year-end Review (Identity Theft Resource Center) found that 1,946,181,599 of records containing personal and other sensitive data that have been in compromised between Jan. 1, 2017, and March 20, 2018. The true tally of victims is likely much greater as many breaches go unreported. According to the Pew Research Center, a majority of Americans (65%) have already personally experienced a major data breach.  On the Scoville scale, data breaches, by the nature of their growing exponential threat can be easily categorized at a “Ghost Pepper” level.

Malware: According to Forrester Research’s 2017 global security survey, there are 430 million types of malware online—up 40 percent from just three years ago. The Malware Tech Blog cited that 100,000 groups in at least 150 countries and more than 400,000 machines were infected by the Wannacry virus in 2017, at a total cost of around $4 billion. Malware is ubiquitous and we deal with it. It is a steady “Jalepeno Pepper” on the scale.

Ransomware:  Cybersecurity Ventures predicts that ransomware damage costs will rise to $11.5 billion in 2019 with an attack occurring every 14 seconds. According to McAfee Lab’s Threat Report covering Q4 2017, eight new malware samples were recorded every second during the final three months of 2017. Cisco finds that Ransomware attacks are growing more than 350 percent annually. Experts estimate that there are more than 125 separate families of ransomware and hackers have become very adept at hiding malicious code. Ransomware is scary and there is reason to panic, seems like a ”Fatali Pepper.”

Distributed Denial of Service (DDoS):   In 2016, DDoS attacks were launched against a Domain Name System (DNS) called Dyn. The attack directed thousands of IoT connected devices to overload and take out internet platforms and services.  The attack used a simple exploit of a default password to target home surveillance cameras, and routers. DDoS is like a “Trinidad Pepper” as it can do quick massive damage and stop commerce cold. DDoS is particularly a frightening scenario for the retail, financial. and healthcare communities.

Phishing:  Phishing is a tool to infect malware, ransomware, and DDoS. The 2017 Ponemon State of Endpoint Security Risk Report found that 56% of organizations in a survey of 1,300 IT decision makers identified targeted phishing attacks as their biggest current cybersecurity threat. According to an analysis by Health Information Privacy/Security Alert, 46,000 new phishing sites are created every day. According to Webroot, An average of 1.385 million new, unique phishing sites are created each month. The bottom line it is easy anyone to be fooled by a targeted phish. No one is invulnerable to a crafty spear-phish, especially the C-Suite. On the Scoville Scale, Phishing is prolific, persistent, and often causes harm. I rate it at the “Habanero Pepper” level.

Protecting The Internet of Things:  The task of securing IoT is increasingly more difficult as mobility, connectivity and the cyber surface attack space grows. Most analysts conclude that there will be more than 20 billion connected Internet devices by 2020. According to a study conducted in April of 2017 by The Altman Vilandrie & Company, neary half of U.S. firms using The Internet of Things experienced cybersecurity breaches.  Last year, Symantec noted that IoT attacks were up 600 percent. Analysts predict 25 percent of cyber-attacks in 2020 will target IoT environments. Protect IoT can be the “Carolina Reaper” as everything connected is vulnerable and the consequences can be devastating.

Lack of Skilled Cybersecurity Workers: Both the public and private sectors are facing major challenges from a dearth of cybersecurity talent. As companies evolve toward digital business, people with cybersecurity skills are becoming more difficult to find and more expensive for companies to hire and keep. A report out from Cybersecurity Ventures estimates there will be 3.5 million unfilled cybersecurity jobs by 2021. A 2017 research project by the industry analyst firm Enterprise Strategy Group (ESG ) and the Information Systems Security Association (ISSA) found that 70 percent of cybersecurity professionals claimed their organization was impacted by the cybersecurity skills shortage. On the Scoville Scale, I rate the skills shortage as a “Scotch Bonett,” dangerous but perhaps automation, machine learning and artificial intelligence can ease the pain.

Insider Threats: Insider threats can impact a company’s operational capabilities, cause significant financial damages, and harm a reputation. The IBM Cyber Security Index found that 60% of all cyber- attacks were carried out by insiders.  And according to  a recent Accenture HfS Research report 69% of enterprise security executives reported experiencing an attempted theft or corruption of data by insiders over one year. Malicious insider intrusions can involve theft of IP, social engineering; spear-phishing attacks, malware, ransomware, and in some cases sabotage. Often overlooked, insider threats correlate to a “Red Savina Habanero.”

Identity Theft: Nearly 60 million Americans have been affected by identity theft, according to a 2018 online survey by The Harris Poll. The reason for the increased rate of identity fraud is clear. As we become more and more connected, the more visible and vulnerable we become to those who want to hack our accounts and steal our identities. We are often enticed via social media or email phishing. Digital fraud and stealing of our identities is all too common and associated closely to data breaches, a “Chocolate Habanero.”

Crypto-mining and TheftCrypto poses relatively new threats to the cybersecurity ecosystem. Hackers need computing power to find and “mine” for coins and can hijack your computer processor while you are online. Hackers place algorithm scripts on popular websites that people innocently visit.  You might not even know you are being hijacked.  Trend Micro disclosed that Crypto-mining malware detections jumped 956% in the first half of 2018 versus the whole of last year. Also, paying ransomware in crypto currencies seems to be a growing trend. The recent WannaCry and the Petya ransomware attackers demanded payment in bitcoin. On The Scoville Scale, it’s still early for crypto and the threats may evolve but right now a “Tabasco Pepper.”

Potential Remedies: Cybersecurity at its core essence is guided by risk management: people, process, policies, and technologies. Nothing is completely invulnerable, but there are some potential remedies that can help us navigate the increasingly malicious cyber threat landscape. Some of these include:

  • Artificial Intelligence and Machine Learning
  • Automation and Adaptive Networks
  • Biometrics and Authentication Technologies
  • Blockchain
  • Cloud Computing
  • Cryptography/Encryption
  • Cyber-hygiene
  • Cyber Insurance
  • Incident Response Plans
  • Information Threat Sharing
  • Managed Security Services
  • Predictive Analytics
  • Quantum-computing and Super-Computing
  • And … Cold Milk

The bottom line is that as we try to keep pace with rising cybersecurity threat levels, we are all going to get burned in one way or another. But we can be prepared and resilient to help mitigate the fire. Keeping track of threats on any sale can be useful toward those goals.

Chuck Brooks is the Principal Market Growth Strategist for General Dynamics Mission Systems for Cybersecurity and Emerging Technologies. He is also Adjunct Faculty in Georgetown University’s Graduate Applied Intelligence program.

Source: https://www.forbes.com/sites/cognitiveworld/2018/09/05/a-scoville-heat-scale-for-measuring-cybersecurity/#15abda233275

  • 0

Brit teen arrested for involvement in DDoS attack on ProtonMail

George Duke-Cohan was recruited by criminal group Apophis Squad

A 19-YEAR-OLD MEMBER of hacking group Apophis Squad has been arrested by British cops.

George Duke-Cohan from Watford, who uses the aliases ‘7R1D3N7′, ‘DoubleParalla’ and ‘optcz1′, was identified after the criminal group launched a series of DDoS attacks on Swiss-based encrypted email and VPN provider ProtonMail in June.

Writing on the ProtonMail blog, CEO Andy Yen said that a team of security researchers had assisted the firm in investigating those responsible for the attacks.

“Our security team began to investigate Apophis Squad almost immediately after the first attacks were launched. In this endeavour, we were assisted by a number of cybersecurity professionals who are also ProtonMail users,” he said.

“It turns out that despite claims by Apophis Squad that federal authorities would never be able to find them, they themselves did not practice very good operational security. In fact, some of their own servers were breached and exposed online.”

Yen did not go into details about how Duke-Cohan was ‘conclusively’ identified, save to say that “intelligence provided by a trusted source” played a part.

The group attacked ProtonMail in June, apparently on a whim, but the attacks intensified after CTO Bart Butler responded to a tweet from the group, saying “we’re back you clowns”. Apophis Squad also attacked Tutanota, another encrypted email provider.

Users of ProtonMail email and VPN services saw them briefly disrupted, but “due to the efforts of Radware, F5 Networks, and our infrastructure team, we were able keep service disruptions to a minimum,” Yen said.

As a member of Apophis Squad, Duke-Cohan was also involved in making hoax bomb threats to schools and colleges and airlines which saw 400 educational facilities in the UK and USA evacuated and a United Airlines flight grounded in San Francisco in March.

He pleaded guilty in Luton Magistrates Court to three counts of making bomb threats and is due to appear before Luton Crown Court on September 21 to face further charges. He also faces possible extradition to the US.

Marc Horsfall, senior investigating officer at the National Crime Agency said: “George Duke-Cohan made a series of bomb threats that caused serious worry and inconvenience to thousands of people, not least an international airline. He carried out these threats hidden behind a computer screen for his own enjoyment, with no consideration for the effect he was having on others.”

Duke-Cohan’s parents have said he was “groomed” by “serious people” online through playing the game Minecraft. Apophis Squad is thought to be based in Russia.

ProtonMail’s Yen said other attackers have also been identified and the authorities notified.

“We will investigate to the fullest extent possible anyone who attacks ProtonMail or uses our platform for crime. We will also cooperate with law enforcement agencies within the framework of Swiss law,” he said.

Source: https://www.theinquirer.net/inquirer/news/3062293/brit-teen-arrested-for-involvement-in-ddos-attack-on-protonmail

  • 0

The evolution of DDoS attacks – and defences

Aatish Pattni, regional director, UK & Ireland, Link11, explores in Information Age how DDoS attacks have grown in size and sophistication over the last two decades.

What is the biggest cyber-threat to your company? In April 2018, the UK’s National Crime Agency answered that question by naming DDoS attacks as the joint leading threat facing businesses, alongside ransomware. The NCA noted the sharp increase in DDoS attacks on a range of organisations during 2017 and into 2018, and advised organisations to take immediate steps to protect themselves against the potential attacks.

It’s no surprise that DDoS is seen as such a significant business risk. Every industry sector is now reliant on web connectivity and online services. No organisation can afford to have its systems offline or inaccessible for more than a few minutes: business partners and consumers expect seamless, 24/7 access to services, and being forced offline costs a company dearly. A Ponemon Institute study found that each DDoS incident costs $981,000 on average, including factors such as lost sales and productivity, the effect on customers and suppliers, the cost of restoring IT systems, and brand damage.

So how have DDoS attacks evolved from their early iterations as stunts used by attention-seeking teens, to one of the biggest threats to business? What techniques are attackers now using, and how can organisations defend themselves?

Early days of DDoS

The first major DDoS attack to gain international attention was early in 2000, launched by a 15-year-old from Canada who called himself Mafiaboy. His campaign effectively broke the internet, restricting access to the web’s most popular sites for a full week, including Yahoo!, Fifa.com, Amazon.com, eBay, CNN, Dell, and more.

DDoS continued to be primarily a tool for pranks and small-scale digital vandalism until 2007, when a range of Estonian banking, news, and national government websites were attacked. The attack sparked nationwide riots and is widely regarded as one of the world’s first nation-state acts of cyberwar.

The technique is also successful as a diversion tactic, to draw the attention of IT and security teams while a second attack is launched: another security incident accompanies up to 75% of DDoS attacks.

Denial of service has also been used as a method of protest by activist groups including Anonymous and others, to conduct targeted take-downs of websites and online services. Anonymous has even made its attacks tools freely available for anyone to use. Recent years have also seen the rise of DDoS-on-demand services such as Webstresser.org. Before being shut down by international police, Webstresser offered attack services for as little as £11, with no user expertise required – yet the attacks were powerful enough to disrupt operations at seven of the UK’s biggest banks.

Amplified and multi-vector attacks

In October 2016, a new method for distributing DoS attacks emerged – using a network of Internet of Things (IoT) devices to amplify attacks. The first of these, the Mirai botnet infected thousands of insecure IoT devices to power the largest DDoS attack witnessed at the time, with volumes over a Terabyte. By attacking Internet infrastructure company Dyn, Mirai brought down Reddit, Etsy, Spotify, CNN and the New York Times.

This was just a signpost showing how big attacks could become. In late February 2018, developer platform Github was hit with a 1.35 Tbps attack, and days later a new record was set with an attack volume exceeding 1.7 Tbps. These massive attacks were powered by artificial intelligence (AI) and self-learning algorithms which amplified their scale, giving them the ability to disrupt the operations of any organisation, of any size.

Attacks are not only getting bigger but are increasingly multi-vector. In Q4 2017, Link11 researchers noted that attackers are increasingly combining multiple DDoS attack techniques. Over 45% of attacks used 2 or more different techniques, and for the first time, researchers saw attacks which feature up to 12 vectors. These sophisticated attacks are difficult to defend against, and even low-volume attacks can cause problems, as happened in early 2018 when online services from several Dutch banks, financial and government services were brought to a standstill.

Staying ahead of next-generation AI-based attacks

As DDoS attacks now have such massive scale and complexity, traditional DDoS defences can no longer withstand them. Firewalls, special hardware appliances and intrusion detection systems are the main pillars of protection against DDoS, but these all have major limitations. Current attack volume levels can easily overload even high-capacity firewalls or appliances, consuming so many resources that that reliable operation is no longer possible.

Extortion by DDoS

The next iteration of attackers set out to use DDoS as an extortion tool, threatening organisations with an overwhelming attack unless they meet the attacker’s demand for cryptocurrency. Notable extortionists included the original Armada Collective, which targeted banks, web hosting providers, data centre operators as well as e-commerce and online marketing agencies in Greece and Central Europe.

Between January and March 2018, Link11’s Security Operation Centre recorded 14,736 DDoS attacks, an average of 160 attacks per day, with multiple attacks exceeding 100 Gbps. Malicious traffic at these high volumes can simply flood a company’s internet bandwidth, rendering on-premise network security solutions useless.

What’s needed is to deploy a cloud-native solution that can use AI to filter, analyse, and block web traffic if necessary before it even reaches a company’s IT systems. This can be done by routing the company’s Internet traffic via an external, cloud-based protection service. With this approach, incoming traffic is subject to granular analysis, with the various traffic types being digitally ‘fingerprinted’.

Each fingerprint consists of hundreds of properties, including browser data, user behaviour, and its origin. The solution builds up an index of both normal and abnormal, or malicious traffic fingerprints. When known attack patterns are detected in a traffic flow, the attack ‘client’ is blocked immediately and automatically in the cloud, before it even reaches customers’ networks – so that only clean; legitimate traffic reaches the organisation. However, regular traffic is still allowed, enabling a business to continue unaffected, without users being aware of the filtering process.

The solution’s self-learning AI algorithms also help to identify and block attacks for which there is no current fingerprint within a matter of seconds, to minimise the impact on the organisation’s website or web services. This means each new attack helps the system improve its detection capabilities, for the benefit of all users. Furthermore, this automated approach to blocking attacks frees up IT and security teams, enabling them to focus on more strategic work without being distracted by DDoS attempts.

In conclusion, DDoS attacks will continue to evolve and grow, simply because with DDoS-for-hire services and increasingly sophisticated methods, they are relatively easy and cheap to do – and they continue to be effective in targeting organisations. But by understanding how attacks are evolving and implementing the protective measures described here, organisations will be better placed to deny DDoS attackers.

Source: https://www.information-age.com/evolution-of-ddos-123473947/

  • 0

How to Protect Businesses Against DDoS Attacks

Security, for any business today, is important; we, at HackerCombat, have already reported on the rising costs of IT security on the global level. More and more business today invest heavily in security; they have started realizing that without security, it’s almost impossible for any business to flourish in today’s circumstances.

We have arrived at a stage when businesses cannot handle security by simply relying on their ISPs. Proactive measures that businesses adopt for ensuring proper and better security really counts.

Businesses today are often targeted by DDoS (Distributed Denial of Service) attacks, planned and executed by cybercriminals all the world over. Hence it becomes important that every business today is armed, in all ways possible, to combat DDoS attacks, in the most effective of manners. Let’s discuss how businesses can secure themselves against such attacks. Let’s begin by discussing how DDoS attacks happen and what they are, in the first place…

DDoS Attacks: An Introduction

The basic principle of a DDoS attack is this- a very large number of requests are sent from several points targeting a network or server, and that too in a very short span of time. This kind of bombardment causes an overload on the server, which consequently leads to the exhaustion of its resources. The obvious result is that the server would fail and sometime would even become inaccessible, thereby causing a total denial of service, hence the name Distributed Denial of Service attack.

The main issue, however, is not that the server or network becomes inaccessible; on the other hand, it pertains to the security of the data stored in the network. A DDoS attack makes a server vulnerable and hackers can penetrate the information system and cause huge losses to the business that’s targeted. The cybercriminals behind a DDoS attack can thus make big money at the expense of the company that’s targeted.

The motives behind DDoS attacks vary; such attacks could be carried out for political or financial gains, while some such attacks would have retaliation as the sole purpose. Those who look for political gains would target those who hold contradicting political, social or religious beliefs. Crippling them through a well-planned and well-executed DDoS attack would be the motive here. Retaliatory attacks happen when a botnet or a large cybercriminal network is dismantled and those who stood by the authorities need to be targeted. DDoS attacks that are carried out for financial gains follow a simple pattern. Those who want a business targeted would hire the services of cybercriminals who would carry out the DDoS attack. The hackers are paid for the work they do.

Well, irrespective of the motive, the end result for the business that’s targeted is always the same. The network and online services become unavailable, sometimes for a short period and sometimes for a really long period of time, and data security also is at risk.

How to protect a business from DDoS attacks

ISPs may offer layer 3 and layer 4 DDoS protection, which would help businesses save themselves from many volumetric attacks. But most such ISPs fail when it comes to detecting small, layer 7 attacks. That’s why it’s said that businesses should not depend on their ISPs alone for protecting themselves against DDoS attacks. They should be set to implement measures that ensure comprehensive protection against DDoS attacks. Here’s a look at the different things that need to be done to combat DDoS attacks in the most effective of manners:

Go for a good solution provider- There are many service providers who provide Layer 3, 4 and 7 protection against DDoS attacks. There are providers of all kinds, ranging from those that offer low-cost solutions for small websites to those that provide multiple coverages for large enterprises. Most of them would offer custom pricing option, based on your requirements. If yours is a large organization, they would offer advanced layer 7 discovery services with sensors to be installed in your data center. Well, always go for a good provider of security solutions, as per your needs.

Always have firewall or IPS installed- Modern firewall software and IPS (Intrusion Prevention Systems) claim to provide a certain level of protection against DDoS attacks. The New Generation Firewalls offers both DDoS protection as well as IPS services and thus would suffice to protect you against most DDoS attacks. There, of course, are some other aspects that need to be kept in mind. Your New Generation Firewall might get overwhelmed by volumetric attacks and might not even suffice for layer 7 detections. Similarly, enabling DDoS protection on your firewall or IPS could even impact the overall performance of your system/network in an adverse manner.

Use dedicated appliances that fight DDoS attacks- Today, there are many hardware devices that protect you from DDoS attacks. Some of these provide protection against layer 3 and 4 attacks while some advanced ones give protection against layer 7 DDoS attacks. Such appliances are deployed at the main point of entry for all web traffic and they monitor all incoming and outgoing network traffic. They can detect and block layer 7 threats. There are two versions of these hardware solutions- one for enterprises and the other for telecom operators. The ones for enterprises are cost-effective ones while the ones for providers are too expensive. Investing in getting such hardware appliances would always be advisable. It’s always good to go for devices that use behavior-based adaptation methods to identify threats. These appliances would help protect from unknown zero-day attacks since there is no need to wait for the signature files to be updated.

Remember, for any organization, big or small, it’s really important today to be prepared to combat DDoS attacks. For any organization that has a web property, the probability of being attacked is higher today than ever before. Hence, it’s always good to stay prepared. Prevention, as they say, is always better than cure!

Source: https://hackercombat.com/how-to-protect-businesses-against-ddos-attacks/

  • 0

DDoS Attack Volume Rose 50% in Q2 2018

Distributed Denial of Service (DDoS) attacks aimed at disruption remain a massive problem for businesses big and small, despite the shutdown of the Webstresser DDoS-for-hire service. Attackers are also increasingly striking outside of normal business hours, researchers have found.

A new report shows attack volumes rose 50% to an average 3.3 Gbps during May, June and July 2018, from 2.2 Gbps in Q1. Despite a 36% decrease in the overall number of attacks – likely as a result of DDoS-as-a-service website Webstresser being shuttered in an international police operation – attack volumes increased.

46% of incidents used two or more vectors in Q2, with a total of 9,325 attacks recorded during the quarter. That’s 102 per day, on average. A 50% increase in hyper-scale attacks (80 Gbps+) was also recorded, while the most complex attacks used 13 vectors in total, researchers found.

Broadly speaking, DDoS attacks can be divided into three main categories, which point to the attack vectors employed by bad actors:

  • Volume Based Attacks – bad actors saturate the bandwidth of the attacked site (measured in bits per second / Bps)
  • Protocol Attacks – attackers consume actual server resources (measured in packets per second / Pps).
  • Application Layer Attacks – hackers seek to crash the web server (measured in requests per second / Rps)

High-volume attacks were assisted by Memcached reflection, SSDP reflection and CLDAP. The highest attack bandwidth was recorded at 156 Gbps (gigabits per second), while the total duration of attacks during the quarter was 1,221 hours.

Attackers used two vectors 17% of the time, and three vectors 16% of the time. The most-frequently observed attacks were UDP floods (59.7%), TCP SYN floods (3.3%) and ICMP floods (0.9%).

773 attacks used the Memcached reflection amplification technique, while the SSDP reflection technique generated the greatest proportion of DDoS packets.

New data from a similar study, by Nexusguard, recently showed that the number of unguarded Memcached servers is dropping, yet many remain vulnerable to attacks.

The same research uncovered that DNS amplification attacks have increased 700% worldwide since 2016 and, in the first quarter of 2018, 55 DNS amplification attacks relied on vulnerable Memcached servers to amplify their DDoS efficiency by a factor of 51,000.

Source: https://securityboulevard.com/2018/08/ddos-attack-volume-rose-50-in-q2-2018/

  • 0