What is Pulse Wave? Hackers devise new DDoS attack technique aimed at boosting scale of assaults

The new attack method allows hackers to shut down targets’ networks for longer periods while simultaneously conducting attacks on multiple targets.

Hackers have begun launching a new kind of DDoS attack designed to boost the scale of attacks by targeting soft spots in traditional DDoS mitigation tactics. Dubbed “Pulse Wave”, the new attack technique allows hackers to shut down targeted organisations’ networks for prolonged periods while simultaneously conducting attacks on multiple targets.

The new attacks may render traditional DDoS mitigation tactics useless, experts say. Some of the pulse wave DDoS attacks detected lasted for days and “scaled as high as 350 Gbps”, according to security researchers at Imperva, who first spotted the new threat.

“Comprised of a series of short-lived pulses occurring in clockwork-like succession, pulse wave assaults accounted for some of the most ferocious DDoS attacks we mitigated in the second quarter of 2017,” Imperva researchers said in a report.

The researchers said they believe that the pulse wave technique was “purposefully designed” by “skilled bad actors” to boost hackers’ attack scale and output by taking advantage of “soft spots in hybrid ‘appliance first, cloud second’ mitigation solutions.”

Traditional DDoS attacks involve a continuous barrage of assaults against a targeted network, while pulse wave involves short bursts of attacks that have a “highly repetitive pattern, consisting of one or more pulses every 10 minutes”. The new attacks last for at least an hour and can extend to even days. A single pulse is large and powerful enough to completely congest a network.

“The most distinguishable aspect of pulse wave assaults is the absence of a ramp-up period — all attack resources are committed at once, resulting in an event that, within the first few seconds, reaches a peak capacity that is maintained over its duration,” the Imperva researchers said.

ulse wave takes advantage of appliance-first hybrid mitigation solutions by preying on the “Achilles’ heel of appliance-first mitigation solutions”, – the devices’ incapability of dealing with sudden powerful attack traffic surges.

The Imperva researchers said the emergence of pulse wave DDoS attacks indicates a significant shift in the attack landscape. “While pulse wave attacks constitute a new attack method and have a distinct purpose, they haven’t emerged in a vacuum. Instead, they’re a product of the times and should be viewed in the context of a broader shift toward shorter-duration DDoS attacks,” researchers said.

The Imperva researchers predicted that such attacks will continue, becoming more persistent and growing, boosted via botnets.

Source: http://www.ibtimes.co.uk/what-pulse-wave-hackers-devise-new-ddos-attack-technique-aimed-boosting-scale-assaults-1635423

 

  • 0

5 Ways To Profit From The $24 Trillion Cyber War

Business is under attack to the point of all out cyber war, and there is nowhere more lucrative right now than cyberspace, where a $200-billion-plus market is ripe for investors looking to turn profits that make the pre-bubble dot.com era look like chump change.

There are plenty of catalysts, thanks to hackers who most recently managed to hijack the systems of one of the biggest shipping companies in the world, one of the biggest pharmaceutical companies in the world and thousands of others—forcing them to pay ransom in bitcoins to get their data back.

There will be no slowdown in cyber-attacks. On the contrary, by 2019, IDC research estimates that 70 percent of major multinational corporations will “face significant cybersecurity attacks aimed at disrupting the distribution of commodities.”

Cybersecurity stocks were soaring already—especially since hackers in May managed to take control of tens of thousands of computers. But the late June perfection of cyber kidnapping for ransom has caused stocks to spike by 4 percent or more.

According to giant Cisco, there was a 172 percent jump in DDoS (distributed denial-of-service) attacks in 2016, and we’ll be looking at a near tripling of that by 2021. Just in the first quarter of this year there was a reported 380 percent increase in DDoS attacks, according to Nexusguard.

Data breaches cost businesses $5.85 million EACH in 2014. This year, that bill will be in the neighborhood of $7.35 million. In total, last year, cybercrime cost the global economy over $450 billion. The cyber-attack on global business in May this year alone could end up costing $4 billion.

So, giant multinational corporations are willing to pay a lot for better cybersecurity—and cyber insurance.

Global spending on cybersecurity will hit $1 trillion over the next five years, and cybercrime damages will exceed $24 trillion over the same period, according to the Steven Morgan Cybersecurity Industry Outlook: 2017 to 2021.

And this is where the big profits are available for the taking. For the foreseeable future, nothing is more lucrative than data security.

Here are our top 5 picks as cybersecurity becomes THE most critical industry of our time:

#1 FireEye, Inc. (NASDAQ:FEYE)

This is one of the most impressive cybersecurity barnstormers out there. It only went public in September 2013, and by December that same year it was spending $1 billion on a major acquisition, Mandiant, which was one of the top data breach and response companies in the space.

This is now a massive and fast-growing company of highly sought-after cyber experts and products, all rolled into a cloud-based platform that is a favorite among key Fortune 500 companies, not to mention Global 2000 companies.

There was a very aggressive acquisition spree here—and last year the company moved into the black. FireEye peaked in mid-2015 at $55 a share, and then slid to under $11 in mid-March this year. But since then, it’s gained 42 percent and the trajectory looks fantastic, especially in the current cyber warfare climate.

#2 Identillect Technologies Corp. (TSXV:ID; IDTLF:US)

This is a little-known company sitting in pole position in a $64-billion market that is up for grabs. It’s come up with a two-minute email security solution that could revolutionize encryption, and could corner the lion’s share of the profits in this segment.

Half of all email is unencrypted—and it’s at the mercy of pretty much anyone with decent hacking skills. Existing encryption programs are expensive and can take a month to install, but this company is breaking onto the scene with a simple, 2-minute email install solution.

It works with Outlook, Office 365, Hotmail, Gmail…PLUS a phone “app” that works on iPhone, Android, Windows and more.

There are only 250 professional cryptographers in the U.S… and two of them work at Identillect – a major selling point for this company coming right out of the gates.

Customers are lining up because it’s the first solution to a long-time problem that’s now reaching a climax, with companies being fined for NOT encrypting email. They’re already paying an average of $7 million for every data breach.

This company is on its way to Silicon Valley, and its patent on the first easy solution to a massive problem is likely to get it a lot of attention in the form of M&A rumblings that dot this cybersecurity landscape. Even more so right now.

Since it went commercial in the first quarter of 2015, subscribers have grown over 663 percent, and 19 out of 20 of them stay. They’re compounding monthly, and the breakeven point is almost there. That’s why we’re looking at a 70 percent profit margin in this one.

With 5 million Yahoo accounts breached in just one of many huge-scale incidents, encryption is the Holy Grail of our day, and this company has figured out how to make it cheap and easy.

#3 Palo Alto Networks (NYSE:PANW)

For expansion, this $12.7-billion market-cap company is a top pick with its sales of next-generation firewall solutions. It covers 150 countries and it protects data infrastructure of at least 85 Fortune 100 companies and—even better—more than half of the Global 2000. That’s some major market share at a time when there is nothing short of corporate panic over data infrastructure protection.

It even beat its own outlook. We’re looking at mind-blowing record earnings ($431.8 million in fiscal Q3). This is the clear advantage in the cybersecurity space right now—and it’s all about continual, relentless expansion.

#4 Intel Corporation (NASDAQ:INTC)

Nothing dominates the semiconductor industry like INTC. We’re looking at over seven divisions here, but the Client Computing Group (CCG) and the Data Center Group (DCG) are the big ones in terms of financial performance, accounting for 87 percent of the company’s total sales last year. INTC dominates the PC market and the server microprocessor market, and its PC chip market share can be as high as an unbelievable 99 percent.

Still, some might say this pick is the counter-intuitive one, but…not really. INTC stock has taken a major beating, but with this sector on fire like no other, this is your way in with the giants in this field. INTC had an official correction this year and April earnings caused Wall Street to beat it down. But INTC is still 10 percent higher than last year, regardless. It’s cheaper than its competitors right now, so this may be a buying opportunity.

What investors are afraid of, though, is one competitor in particular…our next pick…

#5 Advanced Micro Devices, Inc. (NASDAQ:AMD)

This stock has seen some unbelievable performance over the past year, and that’s why INTC investors are shying away. But while AMD has been impressing beyond belief, we list it as #5 because it’s largely thanks to enthusiasm and future expectations—so there may be a pullback soon. This is the time to keep a close eye on AMD, but also to be very careful about watching whether the company is now going to actually achieve its goals—because the expectations are quite high and now much more is at stake. It’s the right industry to be doing this in, certainly…

While AMD had a truly dynamic growth spurt that began in March last year, since February this year, it hasn’t reached any new highs, and the launch of its Ryzen line of products wasn’t embraced by the market with as much excitement as expected. Now things are getting a bit more volatile, which is why INTC might be a better pick right now.

Honorable Mentions in the Cybersecurity Space

BlackBerry Ltd. (TSE:BB): Forget about the BlackBerry as something you hold—an electronic gadget. This company is back better than ever with software for industrial customers, including security software and services to stop hackers. Quarterly earnings at the end of March were impressive, and April news of a $1-billion cash win from arbitration with Qualcomm can fund more growth. This is the NEW BlackBerry.

Absolute Software Corporation (ABT.TO): Absolute Software Corp provides endpoint security and data risk management solutions for commercial, healthcare, education and government customers, tablets and smartphones. Absolute has seen a strong 21% stock growth year to date and is expected to see strong growth as the cyber security market grows at a rampant pace.

Avigilon (TSX.AVO): Avigilon develops, manufactures, markets and sells HD and megapixel network-based video surveillance systems, video analytics and access to control equipment. We expect strong continuous growth in the video analytics business and a company such as Avigilon is well positioned to capture market share in the Canadian markets.

Sandvine Corporation (TSE:SVC): Ontario is seeing some a vibrant cybersecurity as well, Sandvine corp. is engaged in the development and marketing of network policy control situations for high-speed fixed and mobile Internet service providers. Products include Business Intelligence, Revenue Generation, Traffic Optimization and Network Security. The company has grown 52% year-to-date and we expect strong growth throughout 2017.

Pivot Technology Solutions Inc. (TSX:PTG): Pivot focuses on the strategy to acquire and integrate technology solution providers, primarily in North America. It sells and supports integrated computer hardware, software and networking products for business database, network and network security systems. Pivot has seen explosive growth so far this year and we expect the current cyber threats to add to the already strong sentiment in cyber security stocks.

Source: http://www.baystreet.ca/articles/stockstowatch.aspx?articleid=31275

  • 0

Examining the FCC claim that DDoS attacks hit net neutrality comment system

Attacks came from either an unusual type of DDoS or poorly written spam bots.

On May 8, when the Federal Communications Commission website failed and many people were prevented from submitting comments about net neutrality, the cause seemed obvious. Comedian John Oliver had just aired a segment blasting FCC Chairman Ajit Pai’s plan to gut net neutrality rules, and it appeared that the site just couldn’t handle the sudden influx of comments.

But when the FCC released a statement explaining the website’s downtime, the commission didn’t mention the Oliver show or people submitting comments opposing Pai’s plan. Instead, the FCC attributed the downtime solely to “multiple distributed denial-of-service attacks (DDoS).” These were “deliberate attempts by external actors to bombard the FCC’s comment system with a high amount of traffic to our commercial cloud host,” performed by “actors” who “were not attempting to file comments themselves; rather, they made it difficult for legitimate commenters to access and file with the FCC.”

The FCC has faced skepticism from net neutrality activists who doubt the website was hit with multiple DDoS attacks at the same time that many new commenters were trying to protest the plan to eliminate the current net neutrality rules. Besides the large influx of legitimate comments, what appeared to be spam bots flooded the FCC with identical comments attributed to people whose names were drawn from data breaches, which is another possible cause of downtime. There are now more than 2.5 million comments on Pai’s plan. The FCC is taking comments until August 16 and will make a final decision some time after that.

The FCC initially declined to provide more detail on the DDoS attacks to Ars and other news organizations, but it is finally offering some more information. A spokesperson from the commission’s public relations department told Ars that the FCC stands by its earlier statement that there were multiple DDoS attacks. An FCC official who is familiar with the attacks suggested they might have come either from a DDoS or spam bots but has reason to doubt that they were just spam bots. In either case, the FCC says the attacks worked differently from traditional DDoSes launched from armies of infected computers.

A petition by activist group Fight for the Future suggests that the FCC “invent[ed] a fake DDoS attack to cover up the fact that they lost comments from net neutrality supporters.”

But while FCC commissioners are partisan creatures who are appointed and confirmed by politicians, the commission’s IT team is nonpartisan, with leadership that has served under both Presidents Obama and Trump. There’s no consensus among security experts on whether May 8 was or wasn’t the result of a DDoS attack against the FCC comments site. One security expert we spoke to said it sounds like the FCC was hit by an unusual type of DDoS attack, while another expert suggested that it might have been something that looked like a DDoS attack but actually wasn’t.

Breaking the silence

FCC CIO David Bray offered more details on how the attack worked in an interview with ZDNet published Friday. Here’s what the article said:

According to Bray, FCC staff noticed high comment volumes around 3:00 AM the morning of Monday, May 8. As the FCC analyzed the log files, it became clear that non-human bots created these comments automatically by making calls to the FCC’s API.

Interestingly, the attack did not come from a botnet of infected computers but was fully cloud-based.

By using commercial cloud services to make massive API requests, the bots consumed available machine resources, which crowded out human commenters. In effect, the bot swarm created a distributed denial-of-service attack on FCC systems using the public API as a vehicle. It’s similar to the distributed denial of service attack on Pokemon Go in July 2016.

This description “sounds like a ‘Layer 7′ or Application Layer attack,” Cloudflare Information Security Chief Marc Rogers told Ars. This is a type of DDoS, although it’s different from the ones websites are normally hit with.

“In this type of [DDoS] attack, instead of trying to saturate the site’s network by flooding it with junk traffic, the attacker instead tries to bring a site down by attacking an application running on it,” Rogers said.

“I am a little surprised that people are challenging the FCC’s decision to call this a DDoS,” Rogers also said. Cloudflare operates a global network that improves performance of websites and protects them from DDoS attacks and other security threats.

When asked if the FCC still believes it was hit with DDoS attacks, an FCC spokesperson told Ars that “there have been DDoS attacks during this process,” including the morning of May 8. But the FCC official we talked to offered a bit less certainty on that point.

“The challenge is someone trying to deny service would do the same thing as someone who just doesn’t know how to write a bot well,” the FCC official said.

FCC officials said they spoke with law enforcement about the incident.

Spam bots and DDoS could have same effect

DDoS attacks, according to CDN provider Akamai, “are malicious attempts to render a website or Web application unavailable to users by overwhelming the site with an enormous amount of traffic, causing the site to crash or operate very slowly.” DDoS attacks are “distributed” because the attacks generally “use large armies of automated ‘bots’—computers that have been infected with malware and can be remotely controlled by hackers.” (Akamai declined to comment on the FCC downtime when contacted by Ars.)

In this case, the FCC’s media spokesperson told Ars the traffic did not come from infected computers. Instead, the traffic came from “cloud-based bots which made it harder to implement usual DDoS defenses.”

The FCC official involved in the DDoS response told us that the comment system “experienced a large number of non-human digital queries,” but that “the number of automated comments being submitted was much less than other API calls, raising questions as to their purpose.”

If these were simply spammers who wanted to flood the FCC with as many comments as possible, like those who try to artificially inflate the number of either pro- or anti-net neutrality comments, they could have used the system’s bulk filing mechanism instead of the API. But the suspicious traffic came through the API, and the API queries were “malformed.” This means that “they aren’t formatted well—they either don’t fit the normal API spec or they are designed in such a way that they excessively tax the system when a simpler call could be done,” the FCC official said.

Whether May 8 was the work of spam bots or DDoS attackers, “the effect would have been the same—denial of service to human users” who were trying to submit comments, the FCC official said. But these bots were submitting many fewer comments than other entities making API calls, suggesting that, if they were spam bots, they were “very poorly written.”

The official said a similar event happened in 2014 during the previous debate over net neutrality rules, when bots tied up the system by filing comments and then immediately searching for them. “One has to ask why a bot would file, search, file, search, over and over,” the official said.

If it was just a spam bot, “one has to wonder why, if the outside entity really wanted to upload lots of comments in bulk, they didn’t use the alternative bulk file upload mechanism” and “why the bots were submitting a much lower number of comments relative to other API calls,” the official said.

The FCC says it stopped the attacks by 8:45am ET on May 8, but the days that followed were still plagued by intermittent downtime. “There were other waves after 8:45am that slowed the system for some and, as noted, there were ‘bots’ plural, not just one,” the FCC official said. On May 10, “we saw other attempts where massive malformed search queries also have hit the system, though it is unclear if the requestors meant for them to be poorly formed or not. The IT team has implemented solutions to handle them even if the API requests were malformed.”

Was it a DDoS, or did it just look like one?

There is some history of attackers launching DDoS attacks from public cloud services like Amazon’s. But the kind of traffic coming into the FCC after the John Oliver show might have looked like DDoS traffic even if it wasn’t, security company Arbor Networks says. Arbor Networks, which sells DDoS protection products, offered some analysis for its customers and shared the analysis with Ars yesterday. Arbor says:

When a client has an active connection to a website which is under heavy load, there is a risk that the server will be unable to respond in a timely fashion. The client will then start to automatically resend its data, causing increased load. After a while, the user will also get impatient and will start to refresh the screen and repeatedly press the “Submit” button, increasing the load even further. Finally, the user will, in most cases, close the browser session and will attempt to reconnect to the website. This will then generate TCP SYN packets which, if processed correctly, will move to the establishment of the SSL session which involves key generation, key exchange, and other compute intensive processes. This will most likely also timeout, leaving sessions hanging and resulting in resource starvation on the server.

A spam bot would behave in the same manner, “attempting to re-establish its sessions, increasing the load even further,” Arbor says. “Also, if the bot author wasn’t careful with his error handling code, the bot might also have become very aggressive and start to flood the server with additional requests.”

What the FCC saw in this type of situation might have looked like a DDoS attack regardless of whether it was one, Arbor said:

When viewed from the network level, there will be a flood of TCP SYN packets from legitimate clients attempting to connect; there will be a number of half-open SSL session which are attempting to finalize the setup phase and a large flood of application packets from clients attempting to send data to the Web server. Taken together, this will, in many ways, look similar to a multi-faceted DDoS attack using a mix of TCP-SYN flooding, SSL key exchange starvation, and HTTP/S payload attacks.

This traffic can easily be mistaken for a DDoS attack when, in fact, it is the result of a flash crowd and spam bot all attempting to post responses to a website in the same time period.

DDoS attacks generally try to “saturate all of the bandwidth that the target has available,” Fastly CTO Tyler McMullen told Ars. (Fastly provides cloud security and other Web performance tools.) In the FCC’s case, the attack sounds like it came from a small number of machines on a public cloud, he said.

“Another form of denial-of-service attack is to make requests of a service that are computationally expensive,” he said. “By doing this, you don’t need a ton of infected devices to bring down a site—if the service is not protected against this kind of attack, it often doesn’t take much to take it offline. The amount of traffic referenced here does not make it obvious that it was a DDoS [against the FCC].”

Server logs remain secret

The FCC declined to publicly release server logs because they might contain private information such as IP addresses, according to ZDNet. The logs reportedly contain about 1GB of data per hour from the time period in question, which lasted nearly eight hours.

The privacy concerns are legitimate, security experts told Ars.

“Releasing the raw logs from their platform would almost certainly harm user privacy,” Rogers of Cloudflare told Ars. “Finally, redacting the logs would not be a simple task. The very nature of application layer attacks is to look exactly like legitimate user traffic.”

McMullen agreed. “Releasing the logs publicly would definitely allow [the details of the attack] to be confirmed, but the risk of revealing personal information here is real,” he said. “IP addresses can sometimes be tied to an individual user. Worse, an IP address combined with the time at which the request occurred can make the individual user’s identity even more obvious.” But there are ways to partially redact IP addresses so that they cannot be tied to an individual, he said.

“One could translate the IP addresses into their AS numbers, which is roughly the equivalent of replacing a specific street address with the name of the state the address is in,” he said. “That said, this would still make it clear whether the traffic was coming from a network used by humans (e.g. Comcast, Verizon, AT&T, etc) or one that primarily hosts servers.”

Open by design

The FCC’s public comments system is supposed to allow anyone to submit a comment, which raises some challenges in trying to prevent large swarms of traffic that can take down the site.

The FCC has substantially upgraded its website and the back-end systems that support it since the 2014 net neutrality debate. Instead of ancient in-house servers, the comment system is now hosted on the Amazon cloud, which IT departments can use to scale computing resources up and down as needed.

But this month’s events show that more work needs to be done. The FCC had already implemented a rate limit on its API, but the limit “is tied to a key, and, if bots requested multiple keys, they could bypass the limit,” the FCC official told us.

The FCC has avoided using CAPTCHA systems to distinguish bots from humans because of “challenges to individuals who have different visual or other needs,” the official said. Even “NoCAPTCHA” systems that only require users to click a box instead of entering a hard-to-read string of characters can be problematic.

“Some stakeholders who are both visually impaired and hearing impaired have reported browser issues with NoCAPTCHA,” the FCC official said. “Also a NoCAPTCHA would mean you would have to turn off the API,” but there are groups who want to use the API to submit comments on behalf of others in an automated fashion. Comments are often submitted in bulk both by pro- and anti-net neutrality groups.

The FCC said it worked with its cloud partners to stop the most recent attacks, but it declined to share more details on what changes were made. “If folks knew everything we did, they could possibly work around what we did,” the FCC official said. Senate Democrats asked the FCC to provide details on how it will prevent future attacks.

While the net neutrality record now contains many comments of questionable origin and quality, the FCC apparently won’t be throwing any of them out. But that doesn’t mean they’ll hold any weight on the decision-making process.

“What matters most are the quality of the comments, not the quantity,” Pai said at a press conference this month. “Obviously, fake comments such as the ones submitted last week by the Flash, Batman, Wonder Woman, Aquaman, and Superman are not going to dramatically impact our deliberations on this issue.”

There is “a tension between having open process where it’s easy to comment and preventing questionable comments from being filed,” Pai said. “Generally speaking, this agency has erred on the side of openness. We want to encourage people to participate in as easy and accessible a way as possible.”

Source: https://arstechnica.com/information-technology/2017/05/examining-the-fcc-claim-that-ddos-attacks-hit-net-neutrality-comment-system/

  • 0

Long Before ‘WannaCry’ Ransomware, Decades Of Cyber ‘Wake-Up Calls’

By latest counts, more than 200,000 computers in some 150 countries have been hit by a cyberattack using ransomware called WannaCry or WannaCrypt, which locked the data and demanded payment in bitcoin. The malware was stopped by a young U.K. researcher’s lucky discovery of a kill switch, but not before it caused hospitals to divert patients and factories to shut operations.

The origins of the malicious software — which feeds on a Microsoft vulnerability — trace back to the National Security Agency: cybertools stolen from the government and posted publicly in April. Microsoft had issued a patch in March. (And here are good tips to generally secure yourself.)

“The governments of the world should treat this attack as a wake-up call. … We need governments to consider the damage to civilians that comes from hoarding these vulnerabilities and the use of these exploits,” Microsoft President Brad Smith wrote in a follow-up blog post. “We need the tech sector, customers, and governments to work together to protect against cybersecurity attacks. … In this sense, the WannaCrypt attack is a wake-up call for all of us.”

This one, it’s a wake-up call. Haven’t we heard that somewhere before? In fact, archival searches show the use of the cliché stretching back decades — as far back as the early viruses and worms of the 1980s.

“I think people use ‘wake-up call’ in different ways, but it’s generally used to mean to treat cybersecurity like a bona fide national security problem, which we still for the most part don’t do,” says Philip Reitinger, head of the nonprofit Global Cyber Alliance. “In general, it’s ‘Gosh, now people will understand, governments and private sector will understand how serious it is — and do something. When the history has shown, no, they won’t.”

Reitinger and numerous others veterans in the field have been making many of the same calls through the years: Commit proper funding, like to any other national security threat; write new laws that would tangibly incentivize and enforce good behavior by companies large and small; put proper priority on creating a system that can defend itself.

“I’m tired of people writing reports and recommendations,” Reitinger says. “We’re not treating this like the moonshot; we just get the words.”

Well, in the spirit of the focus on words, let’s follow it through history. Below is a select taste of some of the major hacks and attacks that were declared to be a “wake-up call” by government officials and security experts.

1998: The Pentagon

The AP reported on Feb. 26: “The Pentagon’s unclassified computer networks were hit this month by the ‘most organized and systematic’ attack yet.” It was later attributed to two California teenagers, guided by an Israeli teen.

The AP cited Deputy Defense Secretary John Hamre saying that the government and the private sector had not done enough to protect sensitive networks from attacks. In a story on NPR’s All Things Considered, Hamre said: “It was certainly a wake-up call. It certainly is indicative of a future we could be facing that’s much more serious. And we need to learn the lessons from this experience and take advantage of it.”

2000: Popular websites

In a highly publicized denial-of-service attack, a 15-year-old known online as Mafiaboy, brought down Amazon, CNN, Dell, E*Trade, eBay and Yahoo!, which was then the largest search engine. On Feb. 15, then-White House Chief of Staff John Podesta appeared on CNN, saying:

“I think these latest attacks have been a wake-up call for Americans that more needs to be done, that we need to get together and do what we did to deal with the Y2K crisis, which is to come together to share ideas, to do more research and development on security measures that can be taken to enhance the network security, and to build a really strong foundation of security and privacy for the information infrastructure as we create this great promise of the digital economy.”

In March, the tech panel of the Senate Judiciary Committee held a hearing on cyberterrorism, where subcommittee chairman Sen. Jon Kyl said the attacks “raised public awareness and hopefully will serve as a wake-up call about the need to protect our critical computer networks.”

2003: Computers worldwide

SQL Slammer became known as “the worm that crashed the Internet in 15 minutes.” In prepared testimony at the House of Representatives, Vincent Gullotto of Anti-Virus Emergency Response Team at Network Associates said:

“During the Slammer virus outbreak, major U.S. banks experienced widespread ATM outages, a major airline canceled or delayed flights, and a large U.S. metropolitan area lost its 911 emergency services. … Attacks such as those that occurred over the last several weeks provide an important wake-up call to governments, industries, and consumers. We must not be complacent; we must act.”

2010: Google

Google disclosed “a highly sophisticated and targeted attack on our corporate infrastructure originating from China that resulted in the theft of intellectual property.” It was later dubbed “Operation Aurora,” said to have targeted dozens of companies.

After Director of National Intelligence Dennis Blair appeared before the Senate intelligence committee, NPR’s Mary Louise Kelly reported on All Things Considered on Feb. 2:

Blair “used much stronger language than I’ve heard him use before, talked about malicious cyberactivity, and I’ll quote him, ‘is occurring on an unprecedented scale with extraordinary sophistication.’ He talked about things like the recent hacking attack on Google, said that should be a wake-up call, said that the U.S. information infrastructure overall [is] severely threatened.”

2010: Iran’s nuclear program

Stuxnet is a massive computer worm that attacked Iran’s industrial equipment, including at a uranium-enrichment facility. On Nov. 17, Symantec executive Dean Turner testified before the Senate Homeland Security Committee:

“Stuxnet demonstrates the vulnerability of critical national infrastructure industrial control systems to attack through widely used computer programs and technology. Stuxnet is a wake-up call to critical infrastructure systems around the world. This is the first publicly known threat to target industrial control systems and grants hackers vital control of critical infrastructures such as power plants, dams and chemical facilities.”

2012: Saudi Aramco

In August, a virus called Shamoon wiped out files from 30,000 corporate computers of the world’s largest oil exporter.

In a Dec. 7 speech, then-Defense Secretary Chuck Hagel called the attacks on Saudi Aramco and a subsequent attack targeting the Qatari natural gas company RasGas, “a serious wake-up call to everyone.” Hagel added: “The United States will continue to help build the capacity of partners and allies to defend their critical infrastructure from cyberattack, especially major energy, infrastructure, and telecommunications facilities.”

2015: Office of Personnel Management

In the massive OPM data breach, hackers stole personal information of more than 20 million current and former federal employees, contractors, family members and others who had undergone federal background checks.

In a Timeop-ed titled “U.S. Cybersecurity Is Too Weak,” Sens. Chris Coons and Cory Gardner of the Senate Foreign Relations Committee wrote:

“The OPM hack remains the largest data breach ever suffered by the federal government and should have served as a wake-up call to Congress. … The United States must develop a robust prevention and recovery policy response that can adapt to current and future technological advancements.”

In his own op-ed for Federal News Radio, House Oversight Chairman Jason Chaffetz wrote: “This should serve as a wake-up call to all in government on how to best secure federal IT and data. A shift toward zero trust is one way to improve federal IT security.”

2016: Dyn

Hackers attacked a major Internet infrastructure company called Dyn, disrupting websites and services such as Twitter, Amazon, Spotify and Airbnb. The disruptions lasted most of the day, a result of a massive distributed denial-of-service attack delivered through millions of hijacked Internet-connected things such as baby monitors, DVRs and CCTV cameras, infected with Mirai malware.

Source: http://www.npr.org/sections/alltechconsidered/2017/05/16/528447819/long-before-wannacry-ransomware-decades-of-cyber-wake-up-calls

“It’s important for [Internet of Things] vendors who haven’t prioritized security to take this escalating series of attacks as a wake-up call,” The Washington Post quoted Casey Ellis of cybersecurity firm Bugcrowd as saying. “We’re entering a period where this is very real, calculable, and painful impact to having insecure products.”

A House Energy and Commerce panel convened to discuss the security of Internet-connected devices. Rep. Bob Latta, R-Ohio, weighed in: “The recent DDoS attack should serve as a wake-up call that our systems are susceptible to attempts to use IoT devices to wreak havoc.”

  • 0

News in brief: laptop ban could be extended; DDoS hits news sites; Taiwan might block Google DNS

Laptop ban could be extended

Planning on flying from European countries to the US? Prepare to check in your laptop, tablet and any other devices larger than a cellphone, as US authorities are reported to be close to announcing an extension of the restriction on devices in the cabin from some Middle Eastern and Gulf countries to some countries in Europe, too.

After the initial ban was announced, observers pointed out that the lithium batteries that power laptops and other devices have been banned from the holds of aircraft, adding that they’d prefer a battery fire in the cabin, where it can quickly be dealt with by crew, than in the hold. Lithium batteries have been implicated in many incidents – the US authorities were reported on Thursday to be in discussions about the risks of carrying a large number of batteries in the hold.

If you’re affected by the ban, which also applies from some airports and to some carriers flying into the UK, we’ve got some tips on how to minimise the risk to your devices and the data on them in this piece.
News sites hit by DDoS attack

Just days after France shrugged off a dump of emails stolen from the campaign of the new president, Emmanuel Macron, leading French news websites including those of Le Monde and Le Figaro were knocked offline following a cyberattack on Cedexis, a cloud infrastructure provider.

Cedexis had been hit by a “significant DDoS attack”, said Julien Coulon, the company’s co-founder. Cedexis was founded in France in 2009 and has its US headquarters in Portland, Oregon.

Meanwhile, the victorious Macron shrugged off the cyberattack that was thought to be aimed at generating support for his far-right opponent, Marine Le Pen, as it emerged that his campaign had turned the table on the hackers, deliberately signing into phishing sites with a view to planting fake information.

Mounir Mahjoubi, the digital lead for the campaign, told the Daily Beast: “You can flood these [phishing] addresses with multiple passwords and log-ins, true ones, false ones, so the people behind them use up a lot of time trying to figure them out.”
Taiwan could block Google DNS

Taiwan is planning to block access to Google’s public DNS service, claiming the move will improve cybersecurity, the Register reported on Thursday.

It’s not clear if the block to Google’s DNS, which many people use to bypass government filters on banned websites, would apply to the whole population or just to government officials. The presentation seen by The Register seems to suggest the aim is to reduce the risk of DNS spoofing.

Taiwan doesn’t usually crop up on the list of countries where there’s concern about censorship of the internet, but he Register notes that customers of one Taiwanese ISP, HiNet broadband, had earlier this year reported issues with connecting to sites and platforms that users in mainland China are blocked from, including Facebook, YouTube, Google and Gmail.

Source: https://nakedsecurity.sophos.com/2017/05/11/news-in-brief-laptop-ban-could-be-extended-ddos-hits-news-sites-taiwan-might-block-google-dns/

  • 0

FCC says DDOS attacks, not net neutrality comments, tied up comments system

The federal agency did not provide any evidence of the alleged attacks, which occurred as HBO comedian John Oliver urged viewers to flood the FCC with comments.

The Federal Communications Commission (FCC) on Monday said that consumers trying to use its Electronic Comment Filing System ran into delays Sunday night because of multiple distributed denial-of-service (DDoS) attacks — not due to a deluge of comments from net neutrality proponents, as early reports suggested.

“Beginning on Sunday night at midnight, our analysis reveals that the FCC was subject to multiple distributed denial-of-service attacks (DDos),” FCC chief information officer David Bray said in a statement. “These were deliberate attempts by external actors to bombard the FCC’s comment system with a high amount of traffic to our commercial cloud host. These actors were not attempting to file comments themselves; rather they made it difficult for legitimate commenters to access and file with the FCC.”

The statement followed news reportssuggesting the FCC site was once again overwhelmed by commenters trying to voice their support for net neutrality at the behest of comedian John Oliver. On his HBO show Sunday night, Oliver urged viewers to leave comments at goFCCyourself.com, a URL that redirects visitors to the FCC’s proposal to reverse net neutrality rules. In 2014, net neutrality supporters managed to bring down the FCC comments system after Oliver made a similar plea for commenters to flood the site.

The FCC didn’t offer any evidence of the DDoS attacks, nor did the agency immediately answer questions about how the incident was handled. ZDNet will update this article if the FCC responds.

At least one pro-net neutrality group, Fight for the Future, expressed skepticism about the agency’s claim that the problems were caused by DDoS attacks.

“The FCC’s statement today raises a lot of questions, and the agency should act immediately to ensure that voices of the public are not being silenced as it considers a move that would affect every single person that uses the Internet,” Fight for the Future Campaign Director Evan Greer said in a statement.

By Monday afternoon, the FCC’s comments system appeared to be functioning, and there were more than 179,000 comments on the site.

FCC Chairman Ajit Pai acknowledged to CNET’s Maggie Reardon on Monday that he favors “a free and open internet” — meaning he favors rolling back the Obama-era net neutrality rules. However, he said the committee has an “open mind” and will consider the public comments that are collected.

“It’s not a decree,” he said of the proposal. “The entire purpose of this process is to get public input. Then, after the record is closed, we apply what the DC Circuit calls a ‘substantial evidence test.’ We look through the record, figure out what the right course is based on facts in the record. Then we make the appropriate judgment. I don’t have any predetermined views as to where we’re going to go.”

Source: http://www.zdnet.com/article/fcc-says-ddos-attacks-not-net-neutrality-comments-tied-up-comments-system/

  • 0

FCC: Commission Hit By DDoS Attacks

Amidst reports that John Oliver’s segment on Title II on Sunday night’s Last Week Tonight on HBO had created a flood of comments that brought down the FCC’s comment site, the FCC released a statement saying it had been hit by a denial-of-service attack.

The statement came from chief information officer Dr. David Bray about delays experienced by “consumers” trying to file comments. He did not specify the net neutrality docket.

“Beginning on Sunday night at midnight [Last Week Tonight aired at 11 p.m.], our analysis reveals that the FCC was subject to multiple distributed denial-of-service attacks (DDoS). These were deliberate attempts by external actors to bombard the FCC’s comment system with a high amount of traffic to our commercial cloud host.”

He said the attacks were not attempts to file comments themselves but “rather they made it difficult for legitimate commenters to access and file with the FCC. While the comment system remained up and running the entire time, these DDoS events tied up the servers and prevented them from responding to people attempting to submit comments. We have worked with our commercial partners to address this situation and will continue to monitor developments going forward.”

Source: http://www.broadcastingcable.com/news/washington/fcc-commission-hit-ddos-attacks/165609

  • 0

Netflix Incident A Sign Of Increase In Cyber Extortion Campaigns

Attackers using threats of data exposure and DDoS disruptions to try and extort ransoms from organizations

The recent leak of 10 unaired episodes from Season 5 of Netflix’ hit series “Orange Is The New Black” shows that ransomware is not the only form of online extortion for which organizations need to be prepared.

Increasingly, cyber criminals have begun attempting to extort money from organizations by threatening to leak corporate and customer data, trade secrets, and intellectual property.  Instead of encrypting data and seeking a ransom for decrypting it, criminals have begun using doxing as a leverage to try and quietly extort bigger sums from enterprises.

“Targeted attacks are the new cybersecurity threat and are on the rise,” says Nir Gaist, CEO and co-founder of security vendor Nyotron. “Organizations, regardless of industry or size, can be targeted with cyber extortion or espionage as the hackers’ goal.”

The reason why there isn’t more noise over such incidents is that victims often like to keep quiet about them, he says. “Unless the company is regulated to report the attack, they will keep it quiet to keep brand and reputation intact,” Gaist says.

Even in the case of the Netflix leak, for instance, it was the hackers themselves who announced the attack. “There was no monetary loss due to the early release of the ‘Orange is the New Black’ episodes, but there was reputation loss and brand damage,” he says.

A malicious hacker or hacking group calling itself TheDarkOverload earlier this week claimed responsibility for publicly posting several episodes of the Netflix series after apparently stealing them from Larson Studio, a small post-production company, back in December.

The hackers first tried to extort money from Larson Studio before going after Netflix directly. When Netflix refused to acquiesce to the extortion demand, the hackers released the unaired episodes. The hackers claimed to have stolen several more unaired episodes of TV programs from Netflix, Fox, and National Geographic and have threatened to release them as well. It is not clear if the hackers have made any extortion demands from the various studios.

The Netflix incident is an example of the growing threat to organizations from extortion scams, says Moty Cristal the CEO of NEST Negotiation Strategies, a firm that specializes in helping organizations negotiate with online extortionists.

Cyber extortion can include the threat of DDoS attacks and data exposure. The goal of attackers is to find a way to threaten targets with the most damage, either financial or from a brand reputation standpoint, Cristal explains.

Any decision on whether to pay or not to pay should be based on an assessment of the potential damage, both real and perceived, that the attacker could wreak, and the company’s ability to withstand such damage, Cristal says.

In the Netflix incident, the fact that the attackers demanded just around 50 bitcoin for the stolen episodes suggests they were likely motivated more by the need to be recognized and professionally acknowledged than by financial gain, Cristal adds.

Surprisingly, targeted extortion attacks do not always have to be sophisticated to be successful, although sometimes they can very sophisticated Gaist says. “In a targeted attack, the hacker will attempt to find a simple vulnerability to get in,” he says. “Unfortunately for most companies, basic security hygiene is simply not attended to properly – leaving them completely vulnerable to a targeted attack.”

While attacks that result in potential exposure of customer and corporate data can be scary, there are a couple of good reasons not to pay, security analysts say. One of course is that paying off a ransom or extortion is only likely to inspire more attempts. An organization that shows its willingness to pay to get data back or to prevent something bad from happening will almost certainly be attacked again.

The other reason is that not all extortion scams are real. In fact, a lot of times attackers will attempt to scare money out of an organization with false threats.

Last year for instance, a malicious hacking group calling itself the Armada Collective sent extortion letters to some 100 companies threatening them with massive distributed denial of service attacks if they did not pay a specific ransom amount. Security vendor CloudFlare, which analyzed the Armada Collective’s activities, estimated that the group netted hundreds of thousands of dollars in ransom payments from victims, without carrying out a single attack.

Meg Grady-Troia, web security product marketing manager at Akamai, says paying a ransom doesn’t necessarily guarantee a chosen outcome. “So doing separate analysis of the request for payment and the real threat is critical for any organization.”

Akamai’s customers have seen a lot of extortion letters, threatening a DDoS attack if a specified amount of bitcoin is not deposited to an identified wallet by a certain time, she says. These letters have come from a number of groups, including DD4BC, Armada Collective, Lizard Squad, XMR Squad, and others. Often though, there is very little follow-through.

“Some of these DDoS extortion letters are merely profit-making schemes, while some are serious operations with the resources to damage a business,” says Grady-Troia.

Paying a ransom is no guarantee that your data still won’t be leaked, she says. “Once data has been exfiltrated from your system, the blackmail may or may not continue after the requested payment, or it may still be leaked.”

What organizations need to be focusing on is DDoS attack resilience and the operational agility of their systems, particularly access controls, backup procedures, and digital supply chain.

“The importance of online extortion depends immensely on the nature of the threat and the enterprise’s risk tolerance,” Grady-Troia says. “Businesses should have a security event or incident response process that can be invoked in the case of any attack, and that process should include subject matter experts for systems and tools, procedures for all kinds of hazards.”

Source: http://www.darkreading.com/attacks-breaches/netflix-incident-a-sign-of-increase-in-cyber-extortion-campaigns/d/d-id/1328794

  • 0

How can you prepare for a cyber attack?

Keeping your data secure is more important than ever, but it seems like there’s a new wide-scale data breach every other week. In this article, David Mytton discusses what developers can do to prepare for what’s fast becoming inevitable.

Cyber security isn’t something that can be ignored anymore or treated as a luxury concern: recent cyber attacks in the UK have shown that no one is immune. The stats are worrying – in 2016, two thirds of large businesses had a cyber attack or breach, according to Government research. Accenture paints a bleaker picture suggesting that two thirds of companies globally face these attacks weekly, or even daily.

According to the Government’s 2016 cyber security breaches survey, only a third of firms have cyber security policies in place and only 10% have an emergency plan. Given management isn’t handling the threat proactively, developers and operations specialists are increasingly having to take the initiative on matters of cybersecurity. This article covers some essential priorities developers should be aware of if they want their company to be prepared for attack.

Know your plan

There’s no predicting when a cyber attack might come, whether it be in the form of a DDoS, a virus, malware or phishing. It’s therefore important to be constantly vigilant, and prepared for incidents when they do occur.

Senior leadership in your company should be proactive when laying out a plan in the event of an attack or other breach, however this might not always be the case. No matter what your position is within your company, there are preemptive actions you can take on a regular basis to ensure that you’re adequately prepared.

If you’re in an Ops team, make sure you’re encouraging your team to test your backups regularly. There’s little use having backups if you’re unable to actually restore from them, as GitLab learned to their detriment earlier in the year.

Use simulations and practice runs to ensure that everyone on your team knows what they’re doing, and have a checklist in place for yourself and your colleagues to make sure that nothing gets missed. For example, a DDoS attack may begin with a monitoring alert to let you know your application is slow. Your checklist would start with the initial diagnostics to pinpoint the cause, but as soon as you discover it is a DDoS attack then the security response plan should take over.

If you happen to be on-call, make sure you’ve got all the tools you need to act promptly to handle the issue. This might involve letting your more senior colleagues know about the issue, as well as requesting appropriate assistance from your security vendors.

Communication is always one of the deciding factors in whether a crisis can be contained effectively. As a developer or operations specialist, it’s important to be vocal with your managers about any lack of clarity in your plan, and ensure that there are clear lines of communication and responsibility so that, when the worst does occur, you and your colleagues feel clear to jump into action quickly.

Remember your limits

It might sound obvious, but it’s worth remembering: in a cyber attack or catastrophic incident, there is only so much you yourself can do. Too many developers and operations staff fall prey to a culture of being ‘superheroes’, encouraged (often through beer and pizza) to stay as late as they can and work as long as possible on fixes to particular issues.

The truth is, humans make mistakes. Amazon’s recent AWS S3 outage is a good example: swathes of the internet were taken offline due to one typo. If you’re on-call while a cyber attack occurs there’s no denying you’re likely to work long hours at odd times of the day, and this can put a real strain on you, both mentally and physically. This strain can make it much harder for you to actually concentrate on what you’re doing, and no amount of careful contingency planning can compensate for that.

At Server Density we’re keenly aware that employee health and well being is critical to maintaining business infrastructure, especially in the event of a crisis. That’s why we support movements like HumanOps, which promote a wider awareness of the importance of employee health, from the importance of taking regular breaks to ergonomic keyboards. All too often people working in IT forget that the most business-critical hardware they look after isn’t servers or routers, it’s the health and well being of the people on the front lines looking after these systems.

Cyber attacks are stressful on everyone working in an organisation, and the IT teams take the brunt of the strain. However, with careful planning, clear lines of delegation and an appreciation of the importance of looking after each other’s health, developers and operations specialists should be able to weather the storm effectively and recover business assets effectively.

Source: https://jaxenter.com/can-prepare-cyber-attack-133447.html

  • 0

Recognizing the New Face of Cyber-Security

Threats, risks and dangers related to cyber-security are changing. CIOs must respond with a well-defined strategy and the right mix of processes and tools.

Over the past few years, digital technologies have rippled through the business world and unleashed unprecedented innovation and disruption. Yet today’s technology framework also has put businesses in the crosshairs and created new levels of risk.

No longer are cyber-threats thwarted by clearly defined perimeters such as firewalls. No longer are malware and cyber-attacks blocked by traditional security tools designed to identify specific viruses and code. “It’s an entirely different landscape,” observes Oswin Deally, vice president of cyber-security at consulting firm Capgemini.

To be sure, mobility, clouds, the internet of things (IoT) and the increasingly interconnected nature of business and IT systems have radically changed the stakes. There’s a growing need for security transformation.

Yet, at the same time, attacks are becoming more insidious and sophisticated. Phishing, spear-phishing, whaling, ransomware, hacking, hacktivism and corporate espionage are now mainstream problems. Data breaches and DDoS attacks are a daily concern.

“Cyber-security has moved from a compliance and regulatory topic to front-page headline news,” says Dan Logan, director of enterprise and security architecture for Tata Consultancy Services (TCS).

No Space Is Safe

The scope of today’s cyber-security challenge is mind-boggling. Gartner predicts that more than 8.4 billion IoT devices will be used in 2017, and the number will swell to more than 20 billion by 2020. Meanwhile, 74 percent of organizations now store some, if not all, sensitive data in the public cloud, according to a February 2017 Intel Security study.

Not surprisingly, the stakes are growing, and achieving digital transformation while ensuring security is not a simple task. An October 2016 Ponemon Institute study found that the average cost of cyber-crime to a large organization in the United States rose to more than $17 million in 2016.

An interconnected world with intertwined data means that threats can come from anywhere at any time. Business disruption, information loss, a diminished brand image and revenue, and damage to equipment are constant risks. Nevertheless, organizations are struggling to keep up.

Ponemon points out that only 39 percent of companies deploy advanced backup and recovery operations, though it reduces the average cost of cyber-crime by nearly $2 million. Similarly, only 28 percent of companies have a formal information governance program, though this typically reduces the cost of cyber-crime by nearly $1 million.

Capgemini’s Deally says that a starting point for dealing with today’s threat landscape is to recognize that there are two primary areas to focus on: business-driven events and threat-driven events. The former revolves around things like digital commerce, innovation, intellectual property, products and supply chains that present targets and create risks for the enterprise. The latter encompasses attack methods and vectors, including email, mobile devices, the IoT, and other systems and software.

“It is becoming more and more of a borderless world where the devices that drive productivity also represent risk,” he points out.

CIOs and other enterprise leaders must understand business and technology intersection points and how they introduce risks at various levels—from application security to APIs and network design to clouds. It’s also important to clearly understand business and data assets and identify priorities in terms of value, sensitivity and risk.

Not all data is created equal and not all systems require equal protection. This approach, when layered over specific industry risks, begins to deliver some clarity about how and where to focus a cyber-security strategy and select the right protections and processes.

o be sure, cyber-security must take a multilayered approach, and it must focus on defense-in-depth. One of today’s challenges is that intruders may gain entry to a network through a vulnerability or breach and worm their way through systems and files over a period of weeks, months or years.

These advanced persistent threats (APTs) use multiple tools, technologies and methods to take intrusions to a deeper and more dangerous level. In some cases, the intruders may never make their presence known. They simply pull information—everything from employee or customer data to intellectual property—to perpetuate attacks that monetize their efforts.

Secure Horizons

CIOs and other enterprise leaders must ultimately focus on strategies that rely on multiple tools, technologies and methods to address the problem on several fronts. This may include everything from reviewing privileges and reexamining authentication methods to analyzing coding practices and reviewing the way encryption is used for data at rest and in transit. It could also address everything from vendor relationships to coding practices.

For example, as organizations migrate to DevOps, it’s possible to use automated code scanning to detect vulnerabilities before software goes live. In addition, emerging cyber-security tools use artificial intelligence (AI), machine learning or deep learning, along with analytics, to detect unusual behavior and patterns. If an employee logs in at an unusual time from an unknown device or IP address, the system may require re-authentication.

However, TCS’ Logan also stresses the urgency of employee education and training. Many of today’s breaches are caused by inattentive employees, sometimes even those in the C-suite, who click a link and infect a system with malware, including ransomware. In other cases, employees circumvent policies because they interfere with their work, or they turn to shadow IT and rogue applications to complete work easier or faster.

“Ongoing employee education about phishing—and the use of anti-phishing campaigns that send test emails to users and then respond to clicks with just-in-time education—is an effective addition to employee security awareness efforts,” Logan says. Likewise, intelligence sharing services can help organizations identify new risks quickly.

In the end, Logan says that a simple mnemonic is useful for security transformation: ARM. This translates to assess, remediate and monitor. Best-practice organizations embed cyber-security into the foundation of day-to-day IT operations. They have robust backup and recovery systems in place to guard against ransomware and other problems. They handle basic blocking and tackling but also examine how more advanced tools, technologies and practices can boost protection.

To be sure, the road to security transformation is long and winding. “A world-class organization must excel at the basics of identity management, vulnerability management, configuration management, incident management, incident response, backup and recovery,” Logan explains.

Capgemini’s Deally adds: “From a CIO’s perspective, it’s essential to look at what are you doing from a business perspective and build security protections from there. The most important question—and the one to work backward from in every case—is, ‘How can I best mitigate risk?’

Source: http://www.cioinsight.com/security/recognizing-the-new-face-of-cyber-security.html

  • 0