How Big is Your DDoS Mitigation Gap?

The DDoS mitigation industry is scaling up capacity following a consistent increase in the number of DDoS attacks and recent indications that IoT-based DDoS attacks are expected to grow significantly.

The DDoS attack vector continues to wreak havoc in 2017, with a reported 380% spike in the number of DDoS attacks identified in Q1, compared to the same period last year. A recent study shows a year on year increase of 220% in the number of different types of malware designed to hijack IoT devices.

DDoS Mitigation providers are taking heed, with Arbor dedicated to quadrupling their capacity to 8Tbps by the end of 2017, and both Neustar and OVH committing to capacities of over 10Tbps.

A DDoS mitigation Gap occurs whenever DDoS traffic bypasses a company’s DDoS mitigation defenses, and penetrates the target network.

The reasons for such gaps vary from some types of DDoS attacks that are completely unnoticed by DDoS mitigation, to a range of configuration issues that let through traffic that should be mitigated.

However the problem is that visibility of DDoS mitigation gaps is currently nonexistent to those cybersecurity practitioners who are responsible for production uptime.

Companies do not know how well their mitigation is performing, or where their configuration problems are, leaving them and their vendors to troubleshoot issues at the very worst possible time, that is, when systems are down at the height of a DDoS attack.

Results from over 500 DDoS tests run by MazeBolt on companies from a wide range of industries, shows that on their first test, companies failed 41% (on average) of DDoS tests – simulations of real DDoS attacks conducted in a highly controlled manner to help companies understand their mitigation gap so they can strengthen their mitigation proactively.

This means that after a company has deployed their DDoS mitigation strategy, on average it will stop only six out of ten attacks.

To solve this, with insight about where their DDoS mitigation posture was leaking, companies could go back to vendors to reconfigure settings and harden their DDoS mitigation posture.

As depicted in the bar chart below, by repeating the testing cycle only three times, companies were able to reduce their mitigation gap from an average of 41% in the first test to an average of 25% in the second and only 15% in the third – reflecting a 65% strengthening of their DDoS mitigation.

Paraphrasing Heraclitus one might say you can never test the same DDoS mitigation twice, but our data clearly shows that testing it three times will strengthen it considerably.

Source: https://www.infosecurity-magazine.com/opinions/big-ddos-mitigation-gap/

  • 0

DDoS protection, mitigation and defense: 7 essential tips

Protecting your network from DDoS attacks starts with planning your response. Here, security experts offer their best advice for fighting back.

DDoS attacks are bigger and more ferocious than ever and can strike anyone at any time. With that in mind we’ve assembled some essential advice for protecting against DDoS attacks.

1. Have your ddos mitigation plan ready

Organizations must try to anticipate the applications and network services adversaries will target and draft an emergency response plan to mitigate those attacks.

IBM’s Price agrees. “Organizations are getting better at response. They’re integrating their internal applications and networking teams, and they know when the attack response needs to be escalated so that they aren’t caught off guard. So as attackers are becoming much more sophisticated, so are the financial institutions,” she says.

“A disaster recovery plan and tested procedures should also be in place in the event a business-impacting DDoS attack does occur, including good public messaging. Diversity of infrastructure both in type and geography can also help mitigate against DDoS as well as appropriate hybridization with public and private cloud,” says Day.

“Any large enterprise should start with network level protection with multiple WAN entry points and agreements with the large traffic scrubbing providers (such as Akamai or F5) to mitigate and re-route attacks before they get to your edge.  No physical DDoS devices can keep up with WAN speed attacks, so they must be first scrubbed in the cloud.  Make sure that your operations staff has procedures in place to easily re-route traffic for scrubbing and also fail over network devices that get saturated,” says Scott Carlson, technical fellow at BeyondTrust.

2. Make real-time adjustments

While it’s always been true that enterprises need to be able to adjust in real-time to DDoS attacks, it became increasingly so when a wave of attacks struck many in the financial services and banking industry in 2012 and 2013, including the likes of Bank of America, Capital One, Chase, Citibank, PNC Bank and Wells Fargo. These attacks were both relentless and sophisticated. “Not only were these attacks multi-vector, but the tactics changed in real time,” says Gary Sockrider, solutions architect for the Americas at Arbor Networks. The attackers would watch how sites responded, and when the site came back online, the hackers would adjust with new attack methods.

“They are resolute and they will hit you on some different port, protocol, or from a new source. Always changing tactics,” he says. “Enterprises have to be ready to be as quick and flexible as their adversaries.”

3. Enlist DDoS protection and mitigation services

John Nye, VP of cybersecurity strategy at CynergisTek explains that there are many things enterprises can do on their own to be ready to adjust for when these attacks hit, but enlisting a third-party DDoS protection service may be the most affordable route. “Monitoring can be done within the enterprise, typically in the SOC or NOC, to watch for excessive traffic and if it is sufficiently distinguishable from legitimate traffic, then it can be blocked at the web application firewalls (WAF) or with other technical solutions. While it is possible to build a more robust infrastructure that can deal with larger traffic loads, this solution is substantially costlier than using a third-party service,” Nye says.

Chris Day, chief cybersecurity officer at data center services provider Cyxtera, agrees with Nye that enterprises should consider getting specialty help. “Enterprises should work with a DDoS mitigation company and/or their network service provider to have a mitigation capability in place or at least ready to rapidly deploy in the event of an attack.”

“The number one most useful thing that an enterprise can do — if their web presence is that critical to their business — is to enlist a third-party DDoS protection service,” adds Nye. “I will not recommend any particular vendor in this case, as the best choice is circumstantial and if an enterprise is considering using such a service they should thoroughly investigate the options.”

4. Don’t rely only on perimeter defenses

Everyone we interviewed when reporting on the DDoS attacks that struck financial services firms a few years ago found that their traditional on-premises security devices — firewalls, intrusion-prevention systems, load balancers —were unable to block the attacks.

“We watched those devices failing. The lesson there is really simple: You have to have the ability to mitigate the DDoS attacks before it gets to those devices. They’re vulnerable. They’re just as vulnerable as the servers you are trying to protect,” says Sockrider, when speaking of the attacks on banks and financial services a few years ago. Part of the mitigation effort is going to have to rely on upstream network providers or managed security service providers that can interrupt attacks away from the network perimeter.

It’s especially important to mitigate attacks further upstream when you’re facing high-volume attacks.

“If your internet connection is 10GB and you receive a 100GB attack, trying to fight that at the 10GB mark is hopeless. You’ve already been slaughtered upstream,” says Sockrider.

5. Fight application-layer attacks in-line

Attacks on specific applications are generally stealthy, much lower volume and more targeted.

“They’re designed to fly under the radar so you need the protection on-premises or in the data center so that you can perform deep-packet inspection and see everything at the application layer. This is the best way to mitigate these kinds of attacks,” says Sockrider.

“Organizations will need a web protection tool that can handle application layer DoS attacks,” adds Tyler Shields, VP of Strategy, Marketing & Partnerships at Signal Sciences. “Specifically, those that allow you to configure it to meet your business logic. Network based mitigations are no longer going to suffice,” he says.

Amir Jerbi, co-founder and CTO is Aqua Security, a container security company, explains how one of the steps you can take to protect against DDoS attacks is to add redundancy to an application by deploying it on multiple public cloud providers. “This will ensure that if your application or infrastructure provider is being attacked then you can easily scale out to the next cloud deployment,” he says.

6. Collaborate

The banking industry is collaborating a little when it comes to these attacks. Everything they reveal is carefully protected and shared strictly amongst themselves, but in a limited way, banks are doing a better job at collaborating than most industries.

“They’re working among each other and with their telecommunication providers. And they’re working directly with their service providers. They have to. They can’t just work and succeed in isolation,” says Lynn Price, IBM security strategist for the financial sector.

For example, when the financial services industry was targeted, they turned to the Financial Services Information Sharing and Analysis Center for support and to share information about threats. “In some of these information-sharing meetings, the [big] banks are very open when it comes to talking about the types of attacks underway and the solutions they put into place that proved effective. In that way, the large banks have at least been talking with each other,” says Rich Bolstridge, chief strategist of financial services at Akamai Technologies.

The financial sector’s strategy is one that could and should be adopted elsewhere, regardless of industry.

7. Watch out for secondary attacks

As costly as DDoS attacks can be, they may sometimes be little more than a distraction to provide cover for an even more nefarious attack.

“DDoS can be a diversion tactic for more serious attacks coming in from another direction. Banks need to be aware that they have to not only be monitoring for and defending the DDoS attack, but they also have to have an eye on the notion that the DDoS may only be one aspect of a multifaceted attack, perhaps to steal account or other sensitive information,” Price says.

8. Stay vigilant

Although many times DDoS attacks appear to only target high profile industries and companies, research shows that’s just not accurate. With today’s interconnected digital supply-chains (every enterprise is dependent on dozens if not hundreds of suppliers online), increased online activism expressed through attacks, state sponsored attacks on industries in other nations, and the ease of which DDoS attacks can be initiated, every organization must consider themselves a target.

So be ready, and use the advice in this article as a launching point to build your organization’s own anti-DDoS strategy.

Source: https://www.computerworld.com.au/article/627389/ddos-protection-mitigation-defense-7-essential-tips/

  • 0

Apache Struts Vulnerabilities and The Equifax Hack, What Happened?

In the wake of the Equifax breach, a lot of people are wondering how the theft of personal information occurred and how it could have been prevented.

Equifax initially reported that a vulnerability in Apache Struts was used to infiltrate their public-facing web server. Apache Struts has faced its fair share of vulnerabilities with 21 having been discovered since the start of 2016.

Which Apache Struts vulnerability was used in the Equifax hack?

At DOSarrest we researched current and past Apache Strut vulnerabilities and determined that they likely were not hacked using the new CVE-2017-9805 but likely CVE-2017-5638.

Equifax released additional details on Sept 13th 2017 confirming that the vulnerability involved was CVE-2017-5638. The CVE-2017-5638 vulnerability dates back to March 2017, which is why people in the security industry are now questioning how they could be so far behind in patching this well-known exploit.

The two vulnerabilities, CVE-2017-5638 and the recently revealed CVE-2017-9805 are very similar in nature and are both considered Remote Code Execution (RCE) vulnerabilities .

How does a RCE vulnerability work and how can they be prevented?

A RCE vulnerability is exploited when an attacker crafts a packet or request containing arbitrary code or commands. The attacker uses a method to bypass security that causes a vulnerable server to execute the code with either user or elevated privileges.

Such vulnerabilities can be prevented with a two-fold approach to web application security:

1) New vulnerabilities will continually be discovered in any web application framework, and it is the duty of IT teams to keep the software patched. This requires regular audits and patches to vulnerable software. Even the most proactive IT teams will not be able to prevent a so-called zero-day attack by patching alone so more must be done to protect the web server from zero-day vulnerabilities.

2) Since there is always a delay between the time a vulnerability is discovered and when a patch is developed by the maintainer of that product, a means to protect your website from undiscovered zero-day vulnerabilities is needed. Web Application Firewall’s (WAF) that typically rely on signatures are unfortunately at a disadvantage because signatures for existing vulnerabilities in most cases do not match newer zero-day vulnerabilities.

If I cannot rely on signature-based WAF options, what can I rely on to protect my business?

At DOSarrest our WAF is different. The problem with relying on signatures is that it requires constant updates as new vulnerabilities become known. Instead our WAF looks for sets of characters (such as /}/,/“/, and /;/) or phrases (like “/bin/bash” or “cmd.exe”) that are known to be problematic for some web applications.

What makes DOSarrest’s WAF even more appealing is that it is fast. Much faster than signature-based solutions that require high CPU use to match signatures–such matching could result in a measurable impact on latency. With DOSarrest’s WAF there is no increase in latency, and vulnerabilities not yet discovered will still be mitigated.

Examples of how the Apache Strut vulnerabilities are performed:

For the benefit of more technical users, some sample requests will be analyzed below. The first example represents a normal non-malicious request sent by millions of people everyday and the following two exploit RCE vulnerabilities in Apache Struts:

We can note the following characteristics in the exploit of CVE-2017-5638:

1. The Content-Type Header starts with %{(, an incorrect format.

2. The payload contains a java function call, java.lang.ProcessBuilder, that is normally regarded as dangerous.

3. The payload contains both windows and Linux command line interpreters: “cmd.exe” (Windows Command Prompt) and “/bin/bash” (Linux Bash shell/terminal).

The RCE vulnerability used to infiltrate Equifax, CVE-2017-5638 exploits a bug in the way Apache Struts processes the “Content-Type” HTTP header. This allows attackers to run an XML script with elevated user access, containing the java.lang.ProcessBuilder is required to execute the commands the attacker has placed within the XML request.

CVE 2017-9805, announced September 2017, is very similar to the previous RCE vulnerability.

With CVE-2017-9805, we can note the following characteristics:

1. The Content-Type is application/xml with the actual content in the request body matching that of the Content-Type.

2) The payload also contains the java function call java.lang.ProcessBuilder.

3) The payload in this case is Linux specific and calls “/bin/bash -c touch ./CVE-2017-9805.txt” to confirm that the exploit works by creating a file, “CVE-2017-9805.txt”.

Are the payloads shown the exact ones used by attackers to obtain data from Equifax?

Although some of the commands may have been used together as part of the information gathering process, the actual commands used to obtain the data from Equifax may only be known by the attackers and possibly Equifax or an auditing security team directly involved in the case. The examples show how the vulnerability could be exploited in the wild and what methods might be used, e.g., setting Content-Type and sending an XML file with a payload. These examples do not represent the actual payload used to obtain the data from Equifax.

Since the payload itself can be completely arbitrary, an attacker can run any commands desired on the victim’s server. Any action the web server software is capable of could be performed by an attacker, which could allow for theft of information or intellectual property if it is accessible from the hacked server.

In the case of Equifax, there was likely an initial vulnerability scan that the attackers used to expose Equifax’s vulnerability to this particular attack. This would have been followed by an effort to determine what files were available or what actions could be performed from the Equifax public-facing web server.At some point the attackers came across a method for accessing personal credit details on millions of Americans and citizens from other countries who had credit checks performed on their identities within the United States.

If Equifax had been using the DOSarrest WAF, they could have avoided a costly mistake. Don’t let your business suffer a damaging security breach that could result in you being out of business for good. Talk to us about our services.

For more information on our services including our Web Application Firewall, see DOSarrest for more information on Security solutions.

Source: https://www.dosarrest.com/ddos-blog/apache-struts-vulnerabilities-and-the-equifax-hack-what-happened/

  • 0

Critical infrastructure not ready for DDoS attacks: FOI data report

The UK’s critical infrastructure is vulnerable to DDoS attacks due to failure to carry out basic security defence work –  39 percent of respondents to a recent survey had not completed the government’s ’10 Steps to Cyber Security’ programme, which was first issued in 2012.

New data was obtained by Corero Network Security under the Freedom of Information Act surveying 338 critical infrastructure organisations in the UK, including fire and rescue services, police forces, ambulance trusts, NHS trusts, energy suppliers and transport organisations; it also showed  that 42 percent of NHS Trusts had not completed the programme.

More than half  (51 percent) of these critical infrastructure organisations were described by Corero as ignoring the risk of short, stealth DDoS attacks on their networks – which typically account for around 90 percent of DDoS attacks and are used by attackers to plant malware or ransomware, or engage in data theft.  Corero reports that these stealth attacks are typically  less than 30 minutes in duration, and 98 percent of those stopped by the company were less than 10Gbps in volume, hence they often go unnoticed by security staff, but are frequently used by attackers in their efforts to target, map and infiltrate a network.

In a statement issued today, Sean Newman, director of product panagement at  Corero, comments: “Cyber-attacks against national infrastructure have the potential to inflict significant, real-life disruption and prevent access to critical services that are vital to the functioning of our economy and society. These findings suggest that many such organisations are not as cyber resilient as they should be, in the face of growing and sophisticated cyber threats.”

Newman adds, “ By not detecting and investigating these short, surgical, DDoS attacks on their networks, infrastructure organisations could also be leaving their doors wide-open for malware or ransomware attacks, data theft or more serious cyber attacks.”

It was also pointed out that in the event of a breach, these organisations could be liable for fines of up to £17 million, or four percent of global turnover, under the UK government’s proposals to implement the EU’s Network and Information Systems (NIS) directive, from May 2018.

In an email to SC, David Emm, principal security researcher, Kaspersky Lab observed, “The world isn’t ready for cyber -threats against critical infrastructure – but criminals are clearly ready and able to launch attacks on these facilities. We’ve seen attempts on power grids, oil refineries, steel plants, financial infrastructure, seaports and hospitals – and these are cases where organisations have spotted attacks and acknowledged them. However, many more companies do neither, and the lack of reporting these incidents hampers risk assessment and response to the threat.”

Edgard Capdevielle, CEO of Nozomi Networks, also emailed SC to comment: “This report emphasises the impact of DDoS attacks and how they are often used as a cover to distract security teams while infecting systems with malware or stealing data. Such initiatives are often the first step in “low and slow” attacks that provide the perpetrators with the information and access they need to carry out system disruptions. Examples of this are the Ukraine power outages of 2015 and 2016, both of which involved cyber-attacks which persisted for many months before culminating in shutdowns.

“In light of this information, CNI organisations should give a high priority to re-assessing their cyber-security programmes, evaluate where they are in relation to government recommendations, and inform themselves about current technologies available for protection….The right approach is to both shore up defenses and be able to quickly respond when attacks do occur.”

Previously, when talking about the new UK legislation targetting CNI, Eldon Sprickerhoff, founder and chief security strategist at eSentire commented in an email to SC, “Although cyber-security regulations will require significant effort for the companies that are affected, this new legislation by the UK government demonstrates that they understand the severity of cyber-threats in today’s digital world and the destruction they can cause, if undeterred.  Even if you’re not a CNI, cyber-threats should concern you. With cyber-criminals constantly adjusting their tactics, it is imperative that companies never stop defending themselves by constantly improving and expanding their cyber-security practices. Managed detection and response and incident response planning are common ways companies can stay ahead of their attackers.”

Sprickerhoff recommended the same measures be taken by CNI organisations to improve cyber-security as for other enterprises, namely:

  • Encryption – store sensitive data that is only readable with a digital key
  • Integrity checks – regularly check for any changes to system files
  • Network monitoring – use tools to help you detect for suspicious behaviour
  • Penetration testing – conduct controlled cyber-attacks on systems to test their defences and identify vulnerabilities
  • Education – train your employees in cyber-security awareness and tightly manage access to any confidential information

 

  • 0

What is Pulse Wave? Hackers devise new DDoS attack technique aimed at boosting scale of assaults

The new attack method allows hackers to shut down targets’ networks for longer periods while simultaneously conducting attacks on multiple targets.

Hackers have begun launching a new kind of DDoS attack designed to boost the scale of attacks by targeting soft spots in traditional DDoS mitigation tactics. Dubbed “Pulse Wave”, the new attack technique allows hackers to shut down targeted organisations’ networks for prolonged periods while simultaneously conducting attacks on multiple targets.

The new attacks may render traditional DDoS mitigation tactics useless, experts say. Some of the pulse wave DDoS attacks detected lasted for days and “scaled as high as 350 Gbps”, according to security researchers at Imperva, who first spotted the new threat.

“Comprised of a series of short-lived pulses occurring in clockwork-like succession, pulse wave assaults accounted for some of the most ferocious DDoS attacks we mitigated in the second quarter of 2017,” Imperva researchers said in a report.

The researchers said they believe that the pulse wave technique was “purposefully designed” by “skilled bad actors” to boost hackers’ attack scale and output by taking advantage of “soft spots in hybrid ‘appliance first, cloud second’ mitigation solutions.”

Traditional DDoS attacks involve a continuous barrage of assaults against a targeted network, while pulse wave involves short bursts of attacks that have a “highly repetitive pattern, consisting of one or more pulses every 10 minutes”. The new attacks last for at least an hour and can extend to even days. A single pulse is large and powerful enough to completely congest a network.

“The most distinguishable aspect of pulse wave assaults is the absence of a ramp-up period — all attack resources are committed at once, resulting in an event that, within the first few seconds, reaches a peak capacity that is maintained over its duration,” the Imperva researchers said.

ulse wave takes advantage of appliance-first hybrid mitigation solutions by preying on the “Achilles’ heel of appliance-first mitigation solutions”, – the devices’ incapability of dealing with sudden powerful attack traffic surges.

The Imperva researchers said the emergence of pulse wave DDoS attacks indicates a significant shift in the attack landscape. “While pulse wave attacks constitute a new attack method and have a distinct purpose, they haven’t emerged in a vacuum. Instead, they’re a product of the times and should be viewed in the context of a broader shift toward shorter-duration DDoS attacks,” researchers said.

The Imperva researchers predicted that such attacks will continue, becoming more persistent and growing, boosted via botnets.

Source: http://www.ibtimes.co.uk/what-pulse-wave-hackers-devise-new-ddos-attack-technique-aimed-boosting-scale-assaults-1635423

 

  • 0

5 Ways To Profit From The $24 Trillion Cyber War

Business is under attack to the point of all out cyber war, and there is nowhere more lucrative right now than cyberspace, where a $200-billion-plus market is ripe for investors looking to turn profits that make the pre-bubble dot.com era look like chump change.

There are plenty of catalysts, thanks to hackers who most recently managed to hijack the systems of one of the biggest shipping companies in the world, one of the biggest pharmaceutical companies in the world and thousands of others—forcing them to pay ransom in bitcoins to get their data back.

There will be no slowdown in cyber-attacks. On the contrary, by 2019, IDC research estimates that 70 percent of major multinational corporations will “face significant cybersecurity attacks aimed at disrupting the distribution of commodities.”

Cybersecurity stocks were soaring already—especially since hackers in May managed to take control of tens of thousands of computers. But the late June perfection of cyber kidnapping for ransom has caused stocks to spike by 4 percent or more.

According to giant Cisco, there was a 172 percent jump in DDoS (distributed denial-of-service) attacks in 2016, and we’ll be looking at a near tripling of that by 2021. Just in the first quarter of this year there was a reported 380 percent increase in DDoS attacks, according to Nexusguard.

Data breaches cost businesses $5.85 million EACH in 2014. This year, that bill will be in the neighborhood of $7.35 million. In total, last year, cybercrime cost the global economy over $450 billion. The cyber-attack on global business in May this year alone could end up costing $4 billion.

So, giant multinational corporations are willing to pay a lot for better cybersecurity—and cyber insurance.

Global spending on cybersecurity will hit $1 trillion over the next five years, and cybercrime damages will exceed $24 trillion over the same period, according to the Steven Morgan Cybersecurity Industry Outlook: 2017 to 2021.

And this is where the big profits are available for the taking. For the foreseeable future, nothing is more lucrative than data security.

Here are our top 5 picks as cybersecurity becomes THE most critical industry of our time:

#1 FireEye, Inc. (NASDAQ:FEYE)

This is one of the most impressive cybersecurity barnstormers out there. It only went public in September 2013, and by December that same year it was spending $1 billion on a major acquisition, Mandiant, which was one of the top data breach and response companies in the space.

This is now a massive and fast-growing company of highly sought-after cyber experts and products, all rolled into a cloud-based platform that is a favorite among key Fortune 500 companies, not to mention Global 2000 companies.

There was a very aggressive acquisition spree here—and last year the company moved into the black. FireEye peaked in mid-2015 at $55 a share, and then slid to under $11 in mid-March this year. But since then, it’s gained 42 percent and the trajectory looks fantastic, especially in the current cyber warfare climate.

#2 Identillect Technologies Corp. (TSXV:ID; IDTLF:US)

This is a little-known company sitting in pole position in a $64-billion market that is up for grabs. It’s come up with a two-minute email security solution that could revolutionize encryption, and could corner the lion’s share of the profits in this segment.

Half of all email is unencrypted—and it’s at the mercy of pretty much anyone with decent hacking skills. Existing encryption programs are expensive and can take a month to install, but this company is breaking onto the scene with a simple, 2-minute email install solution.

It works with Outlook, Office 365, Hotmail, Gmail…PLUS a phone “app” that works on iPhone, Android, Windows and more.

There are only 250 professional cryptographers in the U.S… and two of them work at Identillect – a major selling point for this company coming right out of the gates.

Customers are lining up because it’s the first solution to a long-time problem that’s now reaching a climax, with companies being fined for NOT encrypting email. They’re already paying an average of $7 million for every data breach.

This company is on its way to Silicon Valley, and its patent on the first easy solution to a massive problem is likely to get it a lot of attention in the form of M&A rumblings that dot this cybersecurity landscape. Even more so right now.

Since it went commercial in the first quarter of 2015, subscribers have grown over 663 percent, and 19 out of 20 of them stay. They’re compounding monthly, and the breakeven point is almost there. That’s why we’re looking at a 70 percent profit margin in this one.

With 5 million Yahoo accounts breached in just one of many huge-scale incidents, encryption is the Holy Grail of our day, and this company has figured out how to make it cheap and easy.

#3 Palo Alto Networks (NYSE:PANW)

For expansion, this $12.7-billion market-cap company is a top pick with its sales of next-generation firewall solutions. It covers 150 countries and it protects data infrastructure of at least 85 Fortune 100 companies and—even better—more than half of the Global 2000. That’s some major market share at a time when there is nothing short of corporate panic over data infrastructure protection.

It even beat its own outlook. We’re looking at mind-blowing record earnings ($431.8 million in fiscal Q3). This is the clear advantage in the cybersecurity space right now—and it’s all about continual, relentless expansion.

#4 Intel Corporation (NASDAQ:INTC)

Nothing dominates the semiconductor industry like INTC. We’re looking at over seven divisions here, but the Client Computing Group (CCG) and the Data Center Group (DCG) are the big ones in terms of financial performance, accounting for 87 percent of the company’s total sales last year. INTC dominates the PC market and the server microprocessor market, and its PC chip market share can be as high as an unbelievable 99 percent.

Still, some might say this pick is the counter-intuitive one, but…not really. INTC stock has taken a major beating, but with this sector on fire like no other, this is your way in with the giants in this field. INTC had an official correction this year and April earnings caused Wall Street to beat it down. But INTC is still 10 percent higher than last year, regardless. It’s cheaper than its competitors right now, so this may be a buying opportunity.

What investors are afraid of, though, is one competitor in particular…our next pick…

#5 Advanced Micro Devices, Inc. (NASDAQ:AMD)

This stock has seen some unbelievable performance over the past year, and that’s why INTC investors are shying away. But while AMD has been impressing beyond belief, we list it as #5 because it’s largely thanks to enthusiasm and future expectations—so there may be a pullback soon. This is the time to keep a close eye on AMD, but also to be very careful about watching whether the company is now going to actually achieve its goals—because the expectations are quite high and now much more is at stake. It’s the right industry to be doing this in, certainly…

While AMD had a truly dynamic growth spurt that began in March last year, since February this year, it hasn’t reached any new highs, and the launch of its Ryzen line of products wasn’t embraced by the market with as much excitement as expected. Now things are getting a bit more volatile, which is why INTC might be a better pick right now.

Honorable Mentions in the Cybersecurity Space

BlackBerry Ltd. (TSE:BB): Forget about the BlackBerry as something you hold—an electronic gadget. This company is back better than ever with software for industrial customers, including security software and services to stop hackers. Quarterly earnings at the end of March were impressive, and April news of a $1-billion cash win from arbitration with Qualcomm can fund more growth. This is the NEW BlackBerry.

Absolute Software Corporation (ABT.TO): Absolute Software Corp provides endpoint security and data risk management solutions for commercial, healthcare, education and government customers, tablets and smartphones. Absolute has seen a strong 21% stock growth year to date and is expected to see strong growth as the cyber security market grows at a rampant pace.

Avigilon (TSX.AVO): Avigilon develops, manufactures, markets and sells HD and megapixel network-based video surveillance systems, video analytics and access to control equipment. We expect strong continuous growth in the video analytics business and a company such as Avigilon is well positioned to capture market share in the Canadian markets.

Sandvine Corporation (TSE:SVC): Ontario is seeing some a vibrant cybersecurity as well, Sandvine corp. is engaged in the development and marketing of network policy control situations for high-speed fixed and mobile Internet service providers. Products include Business Intelligence, Revenue Generation, Traffic Optimization and Network Security. The company has grown 52% year-to-date and we expect strong growth throughout 2017.

Pivot Technology Solutions Inc. (TSX:PTG): Pivot focuses on the strategy to acquire and integrate technology solution providers, primarily in North America. It sells and supports integrated computer hardware, software and networking products for business database, network and network security systems. Pivot has seen explosive growth so far this year and we expect the current cyber threats to add to the already strong sentiment in cyber security stocks.

Source: http://www.baystreet.ca/articles/stockstowatch.aspx?articleid=31275

  • 0

Examining the FCC claim that DDoS attacks hit net neutrality comment system

Attacks came from either an unusual type of DDoS or poorly written spam bots.

On May 8, when the Federal Communications Commission website failed and many people were prevented from submitting comments about net neutrality, the cause seemed obvious. Comedian John Oliver had just aired a segment blasting FCC Chairman Ajit Pai’s plan to gut net neutrality rules, and it appeared that the site just couldn’t handle the sudden influx of comments.

But when the FCC released a statement explaining the website’s downtime, the commission didn’t mention the Oliver show or people submitting comments opposing Pai’s plan. Instead, the FCC attributed the downtime solely to “multiple distributed denial-of-service attacks (DDoS).” These were “deliberate attempts by external actors to bombard the FCC’s comment system with a high amount of traffic to our commercial cloud host,” performed by “actors” who “were not attempting to file comments themselves; rather, they made it difficult for legitimate commenters to access and file with the FCC.”

The FCC has faced skepticism from net neutrality activists who doubt the website was hit with multiple DDoS attacks at the same time that many new commenters were trying to protest the plan to eliminate the current net neutrality rules. Besides the large influx of legitimate comments, what appeared to be spam bots flooded the FCC with identical comments attributed to people whose names were drawn from data breaches, which is another possible cause of downtime. There are now more than 2.5 million comments on Pai’s plan. The FCC is taking comments until August 16 and will make a final decision some time after that.

The FCC initially declined to provide more detail on the DDoS attacks to Ars and other news organizations, but it is finally offering some more information. A spokesperson from the commission’s public relations department told Ars that the FCC stands by its earlier statement that there were multiple DDoS attacks. An FCC official who is familiar with the attacks suggested they might have come either from a DDoS or spam bots but has reason to doubt that they were just spam bots. In either case, the FCC says the attacks worked differently from traditional DDoSes launched from armies of infected computers.

A petition by activist group Fight for the Future suggests that the FCC “invent[ed] a fake DDoS attack to cover up the fact that they lost comments from net neutrality supporters.”

But while FCC commissioners are partisan creatures who are appointed and confirmed by politicians, the commission’s IT team is nonpartisan, with leadership that has served under both Presidents Obama and Trump. There’s no consensus among security experts on whether May 8 was or wasn’t the result of a DDoS attack against the FCC comments site. One security expert we spoke to said it sounds like the FCC was hit by an unusual type of DDoS attack, while another expert suggested that it might have been something that looked like a DDoS attack but actually wasn’t.

Breaking the silence

FCC CIO David Bray offered more details on how the attack worked in an interview with ZDNet published Friday. Here’s what the article said:

According to Bray, FCC staff noticed high comment volumes around 3:00 AM the morning of Monday, May 8. As the FCC analyzed the log files, it became clear that non-human bots created these comments automatically by making calls to the FCC’s API.

Interestingly, the attack did not come from a botnet of infected computers but was fully cloud-based.

By using commercial cloud services to make massive API requests, the bots consumed available machine resources, which crowded out human commenters. In effect, the bot swarm created a distributed denial-of-service attack on FCC systems using the public API as a vehicle. It’s similar to the distributed denial of service attack on Pokemon Go in July 2016.

This description “sounds like a ‘Layer 7′ or Application Layer attack,” Cloudflare Information Security Chief Marc Rogers told Ars. This is a type of DDoS, although it’s different from the ones websites are normally hit with.

“In this type of [DDoS] attack, instead of trying to saturate the site’s network by flooding it with junk traffic, the attacker instead tries to bring a site down by attacking an application running on it,” Rogers said.

“I am a little surprised that people are challenging the FCC’s decision to call this a DDoS,” Rogers also said. Cloudflare operates a global network that improves performance of websites and protects them from DDoS attacks and other security threats.

When asked if the FCC still believes it was hit with DDoS attacks, an FCC spokesperson told Ars that “there have been DDoS attacks during this process,” including the morning of May 8. But the FCC official we talked to offered a bit less certainty on that point.

“The challenge is someone trying to deny service would do the same thing as someone who just doesn’t know how to write a bot well,” the FCC official said.

FCC officials said they spoke with law enforcement about the incident.

Spam bots and DDoS could have same effect

DDoS attacks, according to CDN provider Akamai, “are malicious attempts to render a website or Web application unavailable to users by overwhelming the site with an enormous amount of traffic, causing the site to crash or operate very slowly.” DDoS attacks are “distributed” because the attacks generally “use large armies of automated ‘bots’—computers that have been infected with malware and can be remotely controlled by hackers.” (Akamai declined to comment on the FCC downtime when contacted by Ars.)

In this case, the FCC’s media spokesperson told Ars the traffic did not come from infected computers. Instead, the traffic came from “cloud-based bots which made it harder to implement usual DDoS defenses.”

The FCC official involved in the DDoS response told us that the comment system “experienced a large number of non-human digital queries,” but that “the number of automated comments being submitted was much less than other API calls, raising questions as to their purpose.”

If these were simply spammers who wanted to flood the FCC with as many comments as possible, like those who try to artificially inflate the number of either pro- or anti-net neutrality comments, they could have used the system’s bulk filing mechanism instead of the API. But the suspicious traffic came through the API, and the API queries were “malformed.” This means that “they aren’t formatted well—they either don’t fit the normal API spec or they are designed in such a way that they excessively tax the system when a simpler call could be done,” the FCC official said.

Whether May 8 was the work of spam bots or DDoS attackers, “the effect would have been the same—denial of service to human users” who were trying to submit comments, the FCC official said. But these bots were submitting many fewer comments than other entities making API calls, suggesting that, if they were spam bots, they were “very poorly written.”

The official said a similar event happened in 2014 during the previous debate over net neutrality rules, when bots tied up the system by filing comments and then immediately searching for them. “One has to ask why a bot would file, search, file, search, over and over,” the official said.

If it was just a spam bot, “one has to wonder why, if the outside entity really wanted to upload lots of comments in bulk, they didn’t use the alternative bulk file upload mechanism” and “why the bots were submitting a much lower number of comments relative to other API calls,” the official said.

The FCC says it stopped the attacks by 8:45am ET on May 8, but the days that followed were still plagued by intermittent downtime. “There were other waves after 8:45am that slowed the system for some and, as noted, there were ‘bots’ plural, not just one,” the FCC official said. On May 10, “we saw other attempts where massive malformed search queries also have hit the system, though it is unclear if the requestors meant for them to be poorly formed or not. The IT team has implemented solutions to handle them even if the API requests were malformed.”

Was it a DDoS, or did it just look like one?

There is some history of attackers launching DDoS attacks from public cloud services like Amazon’s. But the kind of traffic coming into the FCC after the John Oliver show might have looked like DDoS traffic even if it wasn’t, security company Arbor Networks says. Arbor Networks, which sells DDoS protection products, offered some analysis for its customers and shared the analysis with Ars yesterday. Arbor says:

When a client has an active connection to a website which is under heavy load, there is a risk that the server will be unable to respond in a timely fashion. The client will then start to automatically resend its data, causing increased load. After a while, the user will also get impatient and will start to refresh the screen and repeatedly press the “Submit” button, increasing the load even further. Finally, the user will, in most cases, close the browser session and will attempt to reconnect to the website. This will then generate TCP SYN packets which, if processed correctly, will move to the establishment of the SSL session which involves key generation, key exchange, and other compute intensive processes. This will most likely also timeout, leaving sessions hanging and resulting in resource starvation on the server.

A spam bot would behave in the same manner, “attempting to re-establish its sessions, increasing the load even further,” Arbor says. “Also, if the bot author wasn’t careful with his error handling code, the bot might also have become very aggressive and start to flood the server with additional requests.”

What the FCC saw in this type of situation might have looked like a DDoS attack regardless of whether it was one, Arbor said:

When viewed from the network level, there will be a flood of TCP SYN packets from legitimate clients attempting to connect; there will be a number of half-open SSL session which are attempting to finalize the setup phase and a large flood of application packets from clients attempting to send data to the Web server. Taken together, this will, in many ways, look similar to a multi-faceted DDoS attack using a mix of TCP-SYN flooding, SSL key exchange starvation, and HTTP/S payload attacks.

This traffic can easily be mistaken for a DDoS attack when, in fact, it is the result of a flash crowd and spam bot all attempting to post responses to a website in the same time period.

DDoS attacks generally try to “saturate all of the bandwidth that the target has available,” Fastly CTO Tyler McMullen told Ars. (Fastly provides cloud security and other Web performance tools.) In the FCC’s case, the attack sounds like it came from a small number of machines on a public cloud, he said.

“Another form of denial-of-service attack is to make requests of a service that are computationally expensive,” he said. “By doing this, you don’t need a ton of infected devices to bring down a site—if the service is not protected against this kind of attack, it often doesn’t take much to take it offline. The amount of traffic referenced here does not make it obvious that it was a DDoS [against the FCC].”

Server logs remain secret

The FCC declined to publicly release server logs because they might contain private information such as IP addresses, according to ZDNet. The logs reportedly contain about 1GB of data per hour from the time period in question, which lasted nearly eight hours.

The privacy concerns are legitimate, security experts told Ars.

“Releasing the raw logs from their platform would almost certainly harm user privacy,” Rogers of Cloudflare told Ars. “Finally, redacting the logs would not be a simple task. The very nature of application layer attacks is to look exactly like legitimate user traffic.”

McMullen agreed. “Releasing the logs publicly would definitely allow [the details of the attack] to be confirmed, but the risk of revealing personal information here is real,” he said. “IP addresses can sometimes be tied to an individual user. Worse, an IP address combined with the time at which the request occurred can make the individual user’s identity even more obvious.” But there are ways to partially redact IP addresses so that they cannot be tied to an individual, he said.

“One could translate the IP addresses into their AS numbers, which is roughly the equivalent of replacing a specific street address with the name of the state the address is in,” he said. “That said, this would still make it clear whether the traffic was coming from a network used by humans (e.g. Comcast, Verizon, AT&T, etc) or one that primarily hosts servers.”

Open by design

The FCC’s public comments system is supposed to allow anyone to submit a comment, which raises some challenges in trying to prevent large swarms of traffic that can take down the site.

The FCC has substantially upgraded its website and the back-end systems that support it since the 2014 net neutrality debate. Instead of ancient in-house servers, the comment system is now hosted on the Amazon cloud, which IT departments can use to scale computing resources up and down as needed.

But this month’s events show that more work needs to be done. The FCC had already implemented a rate limit on its API, but the limit “is tied to a key, and, if bots requested multiple keys, they could bypass the limit,” the FCC official told us.

The FCC has avoided using CAPTCHA systems to distinguish bots from humans because of “challenges to individuals who have different visual or other needs,” the official said. Even “NoCAPTCHA” systems that only require users to click a box instead of entering a hard-to-read string of characters can be problematic.

“Some stakeholders who are both visually impaired and hearing impaired have reported browser issues with NoCAPTCHA,” the FCC official said. “Also a NoCAPTCHA would mean you would have to turn off the API,” but there are groups who want to use the API to submit comments on behalf of others in an automated fashion. Comments are often submitted in bulk both by pro- and anti-net neutrality groups.

The FCC said it worked with its cloud partners to stop the most recent attacks, but it declined to share more details on what changes were made. “If folks knew everything we did, they could possibly work around what we did,” the FCC official said. Senate Democrats asked the FCC to provide details on how it will prevent future attacks.

While the net neutrality record now contains many comments of questionable origin and quality, the FCC apparently won’t be throwing any of them out. But that doesn’t mean they’ll hold any weight on the decision-making process.

“What matters most are the quality of the comments, not the quantity,” Pai said at a press conference this month. “Obviously, fake comments such as the ones submitted last week by the Flash, Batman, Wonder Woman, Aquaman, and Superman are not going to dramatically impact our deliberations on this issue.”

There is “a tension between having open process where it’s easy to comment and preventing questionable comments from being filed,” Pai said. “Generally speaking, this agency has erred on the side of openness. We want to encourage people to participate in as easy and accessible a way as possible.”

Source: https://arstechnica.com/information-technology/2017/05/examining-the-fcc-claim-that-ddos-attacks-hit-net-neutrality-comment-system/

  • 0

Long Before ‘WannaCry’ Ransomware, Decades Of Cyber ‘Wake-Up Calls’

By latest counts, more than 200,000 computers in some 150 countries have been hit by a cyberattack using ransomware called WannaCry or WannaCrypt, which locked the data and demanded payment in bitcoin. The malware was stopped by a young U.K. researcher’s lucky discovery of a kill switch, but not before it caused hospitals to divert patients and factories to shut operations.

The origins of the malicious software — which feeds on a Microsoft vulnerability — trace back to the National Security Agency: cybertools stolen from the government and posted publicly in April. Microsoft had issued a patch in March. (And here are good tips to generally secure yourself.)

“The governments of the world should treat this attack as a wake-up call. … We need governments to consider the damage to civilians that comes from hoarding these vulnerabilities and the use of these exploits,” Microsoft President Brad Smith wrote in a follow-up blog post. “We need the tech sector, customers, and governments to work together to protect against cybersecurity attacks. … In this sense, the WannaCrypt attack is a wake-up call for all of us.”

This one, it’s a wake-up call. Haven’t we heard that somewhere before? In fact, archival searches show the use of the cliché stretching back decades — as far back as the early viruses and worms of the 1980s.

“I think people use ‘wake-up call’ in different ways, but it’s generally used to mean to treat cybersecurity like a bona fide national security problem, which we still for the most part don’t do,” says Philip Reitinger, head of the nonprofit Global Cyber Alliance. “In general, it’s ‘Gosh, now people will understand, governments and private sector will understand how serious it is — and do something. When the history has shown, no, they won’t.”

Reitinger and numerous others veterans in the field have been making many of the same calls through the years: Commit proper funding, like to any other national security threat; write new laws that would tangibly incentivize and enforce good behavior by companies large and small; put proper priority on creating a system that can defend itself.

“I’m tired of people writing reports and recommendations,” Reitinger says. “We’re not treating this like the moonshot; we just get the words.”

Well, in the spirit of the focus on words, let’s follow it through history. Below is a select taste of some of the major hacks and attacks that were declared to be a “wake-up call” by government officials and security experts.

1998: The Pentagon

The AP reported on Feb. 26: “The Pentagon’s unclassified computer networks were hit this month by the ‘most organized and systematic’ attack yet.” It was later attributed to two California teenagers, guided by an Israeli teen.

The AP cited Deputy Defense Secretary John Hamre saying that the government and the private sector had not done enough to protect sensitive networks from attacks. In a story on NPR’s All Things Considered, Hamre said: “It was certainly a wake-up call. It certainly is indicative of a future we could be facing that’s much more serious. And we need to learn the lessons from this experience and take advantage of it.”

2000: Popular websites

In a highly publicized denial-of-service attack, a 15-year-old known online as Mafiaboy, brought down Amazon, CNN, Dell, E*Trade, eBay and Yahoo!, which was then the largest search engine. On Feb. 15, then-White House Chief of Staff John Podesta appeared on CNN, saying:

“I think these latest attacks have been a wake-up call for Americans that more needs to be done, that we need to get together and do what we did to deal with the Y2K crisis, which is to come together to share ideas, to do more research and development on security measures that can be taken to enhance the network security, and to build a really strong foundation of security and privacy for the information infrastructure as we create this great promise of the digital economy.”

In March, the tech panel of the Senate Judiciary Committee held a hearing on cyberterrorism, where subcommittee chairman Sen. Jon Kyl said the attacks “raised public awareness and hopefully will serve as a wake-up call about the need to protect our critical computer networks.”

2003: Computers worldwide

SQL Slammer became known as “the worm that crashed the Internet in 15 minutes.” In prepared testimony at the House of Representatives, Vincent Gullotto of Anti-Virus Emergency Response Team at Network Associates said:

“During the Slammer virus outbreak, major U.S. banks experienced widespread ATM outages, a major airline canceled or delayed flights, and a large U.S. metropolitan area lost its 911 emergency services. … Attacks such as those that occurred over the last several weeks provide an important wake-up call to governments, industries, and consumers. We must not be complacent; we must act.”

2010: Google

Google disclosed “a highly sophisticated and targeted attack on our corporate infrastructure originating from China that resulted in the theft of intellectual property.” It was later dubbed “Operation Aurora,” said to have targeted dozens of companies.

After Director of National Intelligence Dennis Blair appeared before the Senate intelligence committee, NPR’s Mary Louise Kelly reported on All Things Considered on Feb. 2:

Blair “used much stronger language than I’ve heard him use before, talked about malicious cyberactivity, and I’ll quote him, ‘is occurring on an unprecedented scale with extraordinary sophistication.’ He talked about things like the recent hacking attack on Google, said that should be a wake-up call, said that the U.S. information infrastructure overall [is] severely threatened.”

2010: Iran’s nuclear program

Stuxnet is a massive computer worm that attacked Iran’s industrial equipment, including at a uranium-enrichment facility. On Nov. 17, Symantec executive Dean Turner testified before the Senate Homeland Security Committee:

“Stuxnet demonstrates the vulnerability of critical national infrastructure industrial control systems to attack through widely used computer programs and technology. Stuxnet is a wake-up call to critical infrastructure systems around the world. This is the first publicly known threat to target industrial control systems and grants hackers vital control of critical infrastructures such as power plants, dams and chemical facilities.”

2012: Saudi Aramco

In August, a virus called Shamoon wiped out files from 30,000 corporate computers of the world’s largest oil exporter.

In a Dec. 7 speech, then-Defense Secretary Chuck Hagel called the attacks on Saudi Aramco and a subsequent attack targeting the Qatari natural gas company RasGas, “a serious wake-up call to everyone.” Hagel added: “The United States will continue to help build the capacity of partners and allies to defend their critical infrastructure from cyberattack, especially major energy, infrastructure, and telecommunications facilities.”

2015: Office of Personnel Management

In the massive OPM data breach, hackers stole personal information of more than 20 million current and former federal employees, contractors, family members and others who had undergone federal background checks.

In a Timeop-ed titled “U.S. Cybersecurity Is Too Weak,” Sens. Chris Coons and Cory Gardner of the Senate Foreign Relations Committee wrote:

“The OPM hack remains the largest data breach ever suffered by the federal government and should have served as a wake-up call to Congress. … The United States must develop a robust prevention and recovery policy response that can adapt to current and future technological advancements.”

In his own op-ed for Federal News Radio, House Oversight Chairman Jason Chaffetz wrote: “This should serve as a wake-up call to all in government on how to best secure federal IT and data. A shift toward zero trust is one way to improve federal IT security.”

2016: Dyn

Hackers attacked a major Internet infrastructure company called Dyn, disrupting websites and services such as Twitter, Amazon, Spotify and Airbnb. The disruptions lasted most of the day, a result of a massive distributed denial-of-service attack delivered through millions of hijacked Internet-connected things such as baby monitors, DVRs and CCTV cameras, infected with Mirai malware.

Source: http://www.npr.org/sections/alltechconsidered/2017/05/16/528447819/long-before-wannacry-ransomware-decades-of-cyber-wake-up-calls

“It’s important for [Internet of Things] vendors who haven’t prioritized security to take this escalating series of attacks as a wake-up call,” The Washington Post quoted Casey Ellis of cybersecurity firm Bugcrowd as saying. “We’re entering a period where this is very real, calculable, and painful impact to having insecure products.”

A House Energy and Commerce panel convened to discuss the security of Internet-connected devices. Rep. Bob Latta, R-Ohio, weighed in: “The recent DDoS attack should serve as a wake-up call that our systems are susceptible to attempts to use IoT devices to wreak havoc.”

  • 0

News in brief: laptop ban could be extended; DDoS hits news sites; Taiwan might block Google DNS

Laptop ban could be extended

Planning on flying from European countries to the US? Prepare to check in your laptop, tablet and any other devices larger than a cellphone, as US authorities are reported to be close to announcing an extension of the restriction on devices in the cabin from some Middle Eastern and Gulf countries to some countries in Europe, too.

After the initial ban was announced, observers pointed out that the lithium batteries that power laptops and other devices have been banned from the holds of aircraft, adding that they’d prefer a battery fire in the cabin, where it can quickly be dealt with by crew, than in the hold. Lithium batteries have been implicated in many incidents – the US authorities were reported on Thursday to be in discussions about the risks of carrying a large number of batteries in the hold.

If you’re affected by the ban, which also applies from some airports and to some carriers flying into the UK, we’ve got some tips on how to minimise the risk to your devices and the data on them in this piece.
News sites hit by DDoS attack

Just days after France shrugged off a dump of emails stolen from the campaign of the new president, Emmanuel Macron, leading French news websites including those of Le Monde and Le Figaro were knocked offline following a cyberattack on Cedexis, a cloud infrastructure provider.

Cedexis had been hit by a “significant DDoS attack”, said Julien Coulon, the company’s co-founder. Cedexis was founded in France in 2009 and has its US headquarters in Portland, Oregon.

Meanwhile, the victorious Macron shrugged off the cyberattack that was thought to be aimed at generating support for his far-right opponent, Marine Le Pen, as it emerged that his campaign had turned the table on the hackers, deliberately signing into phishing sites with a view to planting fake information.

Mounir Mahjoubi, the digital lead for the campaign, told the Daily Beast: “You can flood these [phishing] addresses with multiple passwords and log-ins, true ones, false ones, so the people behind them use up a lot of time trying to figure them out.”
Taiwan could block Google DNS

Taiwan is planning to block access to Google’s public DNS service, claiming the move will improve cybersecurity, the Register reported on Thursday.

It’s not clear if the block to Google’s DNS, which many people use to bypass government filters on banned websites, would apply to the whole population or just to government officials. The presentation seen by The Register seems to suggest the aim is to reduce the risk of DNS spoofing.

Taiwan doesn’t usually crop up on the list of countries where there’s concern about censorship of the internet, but he Register notes that customers of one Taiwanese ISP, HiNet broadband, had earlier this year reported issues with connecting to sites and platforms that users in mainland China are blocked from, including Facebook, YouTube, Google and Gmail.

Source: https://nakedsecurity.sophos.com/2017/05/11/news-in-brief-laptop-ban-could-be-extended-ddos-hits-news-sites-taiwan-might-block-google-dns/

  • 0

FCC says DDOS attacks, not net neutrality comments, tied up comments system

The federal agency did not provide any evidence of the alleged attacks, which occurred as HBO comedian John Oliver urged viewers to flood the FCC with comments.

The Federal Communications Commission (FCC) on Monday said that consumers trying to use its Electronic Comment Filing System ran into delays Sunday night because of multiple distributed denial-of-service (DDoS) attacks — not due to a deluge of comments from net neutrality proponents, as early reports suggested.

“Beginning on Sunday night at midnight, our analysis reveals that the FCC was subject to multiple distributed denial-of-service attacks (DDos),” FCC chief information officer David Bray said in a statement. “These were deliberate attempts by external actors to bombard the FCC’s comment system with a high amount of traffic to our commercial cloud host. These actors were not attempting to file comments themselves; rather they made it difficult for legitimate commenters to access and file with the FCC.”

The statement followed news reportssuggesting the FCC site was once again overwhelmed by commenters trying to voice their support for net neutrality at the behest of comedian John Oliver. On his HBO show Sunday night, Oliver urged viewers to leave comments at goFCCyourself.com, a URL that redirects visitors to the FCC’s proposal to reverse net neutrality rules. In 2014, net neutrality supporters managed to bring down the FCC comments system after Oliver made a similar plea for commenters to flood the site.

The FCC didn’t offer any evidence of the DDoS attacks, nor did the agency immediately answer questions about how the incident was handled. ZDNet will update this article if the FCC responds.

At least one pro-net neutrality group, Fight for the Future, expressed skepticism about the agency’s claim that the problems were caused by DDoS attacks.

“The FCC’s statement today raises a lot of questions, and the agency should act immediately to ensure that voices of the public are not being silenced as it considers a move that would affect every single person that uses the Internet,” Fight for the Future Campaign Director Evan Greer said in a statement.

By Monday afternoon, the FCC’s comments system appeared to be functioning, and there were more than 179,000 comments on the site.

FCC Chairman Ajit Pai acknowledged to CNET’s Maggie Reardon on Monday that he favors “a free and open internet” — meaning he favors rolling back the Obama-era net neutrality rules. However, he said the committee has an “open mind” and will consider the public comments that are collected.

“It’s not a decree,” he said of the proposal. “The entire purpose of this process is to get public input. Then, after the record is closed, we apply what the DC Circuit calls a ‘substantial evidence test.’ We look through the record, figure out what the right course is based on facts in the record. Then we make the appropriate judgment. I don’t have any predetermined views as to where we’re going to go.”

Source: http://www.zdnet.com/article/fcc-says-ddos-attacks-not-net-neutrality-comments-tied-up-comments-system/

  • 0