How Can Blockchain Be Used to Aid Cybersecurity?

With the rapid advancement of internet-based technologies, cybersecurity is a constant cloud looming on the horizon. As the technology evolves, so too, do the cybercriminals. Their constant efforts to steal valuable data and disrupt business through DDoS attacks are increasingly sophisticated.

Holding companies hostage and monetizing data through ransomware techniques is sadly par for the course. In fact, it’s estimated that cybersecurity alone costs the global economy some $450 billion a year. With IT professionals scrambling to stay one step ahead of the hackers, how can blockchain be used to aid cybersecurity?

No Single Point of Failure

The decentralized nature of the blockchain means that there is no single point of failure, nor one central database waiting to be hacked. Information is stored over several databases, and each block is linked to the next in the chain, making no “hackable” entrance. This provides infinitely greater security than our current, centralized structures.

Removing Human Error

The weakest link in our current system is simple logins that are vulnerable to being cracked. Blockchain can remove human error in cybersecurity, as businesses can authenticate devices without the need for a password system. Each device is provided with a specific SSL certificate, rather than a password. Human intervention becoming a potential hacker vector is consequently avoided.

Bitcoin advocate, adjunct professor at NYU Law School and practicing attorney, Andrew Hinkes, explains, “Using a public blockchain with proof of work consensus can remove the foibles of human mistake or manipulation.”

Detecting Tampering in Real Time

The blockchain can uncover and reject suspicious behavior in the system in real time. Say, for example, that a hacker tried to interfere with the information in a block. The entire system would be alerted and examine all data blocks to locate the one that stood out from the rest. It would then be recognized as false and excluded from the system.

Improving IoT Security

With the rise in IoT devices, come inherent security risks. We’ve already seen problems occur when trying to disable compromised devices that become part of botnets. According to Kevin Curran, IEEE senior member and professor of cybersecurity at Ulster University, the blockchain can put an end to that:

“The blockchain, with its solid cryptographic foundation offering a decentralized solution can aid against data tampering, thus offering greater assurances for the legitimacy of the data.” This would mean that potentially billions of IoT devices could connect and communicate in a secure ecosystem.


All transactions on the blockchain are highly traceable, using a timestamp and digital signature. Companies can easily go back to the root of each and every transaction to a given date and locate the corresponding party. Since all transactions are cryptographically associated to a user, the perpetrator can be easily found.

Says Hinkes, “Blockchains create an audit trail of all activity by its participants, which simplifies access control and monitoring.” This offers companies a level of security and transparency on every iteration.

The Takeaway

Currently, the impending threat of DDoS attacks comes from our existing Domain Name System. Blockchain technology would disrupt this completely by decentralizing the DNS and distributing the content to a greater number of nodes. This would make it virtually impossible for cybercriminals to hack and create a secure environment to host the world’s data.


  • 0

DDoS Costs Skyrocket for SMBs and Enterprises Alike

The financial impact of a distributed denial-of-service (DDoS) attack is continuing to rise globally – with significant cost spikes for both small to medium-sized businesses (SMBs) and enterprises per attack.

Kaspersky Lab’s IT Security Risks Survey 2017, which polled 5,200 business representatives from 29 countries, shows that whether as the result of a single incident or as part of a multi-faceted cyberattack, the financial implications of reacting to a DDoS attack in 2017 is $123,000 for SMBs per incident, compared to $106,000 in 2016.

For enterprises, the cost has soared more than half a million dollars – from $1.6 million in 2016 to $2.3 million in 2017 on average per attack. The rising financial costs of DDoS attacks, coupled with unquantifiable impacts such as reputational damage, are crippling for many organizations.

When asked about the specific consequences experienced as a result of a DDoS attack, most organizations (33%) claim that the cost incurred in fighting the attack and restoring services is the main burden, while a quarter (25%) cited money spent investing in an offline or back-up system while online services are unavailable. Additionally, 23% said that a loss of revenue and business opportunities occurred as a direct result of DDoS attacks, whereas 22% listed the loss of reputation among clients and partners as another direct consequence of a DDoS attack.

Previous Kaspersky Lab research also found that the attack rate is accelerating, with more than a third (33%) of organizations facing a DDoS attack in 2017, compared to just 17% in 2016. Even so, organizations are undereducated about taking steps to protect themselves. For instance, they often expect third parties to protect their businesses.

According to the research, 34% of organizations expect their ISP will protect them from DDoS attacks, and another 26% expect their data center or infrastructure partners will do so. Additionally, nearly a third (28%) claim that it is unlikely that they will be targeted by a DDoS attack in general.

“DDoS attacks, both standalone or as part of an attack arsenal, can cost an organization thousands, if not millions – that’s without counting reputational damage and lost clients and partners as a result,” said Kirill Ilganaev, head of Kaspersky DDoS protection, Kaspersky Lab. “It is therefore wise to be aware of these threats and invest in their own protective measures in advance. It is also important to choose reliable specialized security solutions that are based on cybersecurity expertise and tailored to fight the most sophisticated DDoS attacks organizations face today.”


  • 0

DoubleDoor Botnet Chains Exploits to Bypass Firewalls

Crooks are building a botnet that for the first time is bundling two exploits together in an attempt to bypass enterprise firewalls and infect devices.

Discovered by researchers from NewSky Security, the botnet has been cleverly named DoubleDoor. According to Ankit Anubhav, NewSky Security Principal Researcher, the DoubleDoor malware attempts to execute exploits that take advantage of two backdoors:

CVE-2015–7755 – backdoor in Juniper Networks’ ScreenOS software. Attackers can use the hardcoded password <<< %s(un=’%s’) = %u password with any username to access a device via Telnet and SSH.
CVE-2016–10401 – backdoor in ZyXEL PK5001Z routers. Attackers can use admin:CenturyL1nk (or other) and then gain super-user access with the password zyad5001 to gain control over the device.

Anubhav says DoubleDoor attackers are using the first exploit to bypass Juniper Netscreen firewalls and then scan internal networks for ZyXEL routers to exploit with the second exploit.

First time an IoT botnet chains two exploits

In a conversation with Bleeping Computer, Anubhav says this is the first time that a botnet has chained two exploits together in an attempt to infect devices.

“For the first time, we saw an IoT botnet doing two layers of attacks, and was even ready to get past a firewall,” the expert told Bleeping Computer. “Such multiple layers of attack/evasion are usually a Windows thing.”

“Satori/Reaper have used exploits, but those are exploits for one level of attack for various devices,” Anubhav said. “If the attacker finds a Dlink device, then it uses this exploit; if it finds a Huawei device, then that exploit,” Anubhav added showing the simple exploitation logic that most IoT malware employed in the past.

DoubleDoor botnet is not a major threat, yet

Scans and exploitation attempts for this botnet were spotted between January 18 and January 27, all originating from South Korean IP addresses.

But the botnet is not a major danger just yet. Anubhav says DoubleDoor looks like a work in progress and still under heavy development.

“The attacks are less in number when compared to Mirai, Satori, Asuna, or Daddyl33t,” he said.

The NewSky Security expert says the smaller attack numbers are likely because the botnet only targets a small subset of devices, either Internet-exposed ZyXEL PK5001Z routers, or ZyXEL PK5001Z routers protected by an enterprise-grade Juniper Netscreen firewall.

“Such setups are usually found in corporations,” Anubhav said, raising a sign of alarm of what targets the DoubleDoor author may be trying to infect.

DoubleDoor doesn’t do anything, for the moment

The good news is that DoubleDoor doesn’t do anything special after compromising ZyXEL devices. It just merely adds them to a botnet structure.

“Probably it’s a test run or they are just silently recruiting devices for something bigger down the road,” Anubhav said.

But as Anubhav points out, because DoubleDoor appears to still be under development, we may soon see its author expand it with even more exploits that target other types of devices, such as those from Dlink, Huawei, Netgear, and others.

Further, the botnet may try to carry out DDoS attacks, spread malware to internal Windows networks, or something more intrusive.

But even if DoubleDoor dies down and is never seen again, its double-exploit firewall bypass technique has already attracted the attention of other IoT botnet operators, and we may see it pretty soon with other malware strains as well. The cat’s out of the bag, as they say.


  • 0

Europe in the firing line of evolving DDoS attacks

The Europe, Middle East and Africa region accounts for more than half the world’s distributed denial of service attacks, a report from F5 Labs reveals.

The past year has seen a 64% rise in distributed denial of service (DDoS) attacks and greater tactical diversity from cyber criminals, according to customer data from F5’s Poland-based Security Operations Center (SOC).

However, more than 51% of attacks globally were targeted at organisations in Europe, the Middle East and Africa (Emea), and 66% involved multiple attack vectors, requiring sophisticated mitigation tools and knowledge, the report said.

The F5 report comes less than two weeks after several waves of powerful DDoS attacks hit banks and other organisations in the Netherlands.

Reflecting the spike in activity, F5 reported 100% growth for Emea customers deploying web application firewall (WAF) technology in the past year, while the adoption of anti-DDoS technology increased by 58%.

A key discovery was the relative drop in power for single attacks. In 2016, the F5 SOC logged multiple attacks of over 100Gbps, with some surpassing 400Gbps.

In 2017, the top attack stood at 62Gbps. This suggests a move towards more sophisticated Layer 7 (application layer) DDoS attacks that are potentially more effective and have lower bandwidth requirements.

“DDoS threats are on the rise in Emea and we’re seeing notable changes in their scope and sophistication compared with 2016,” said Kamil Wozniak, F5 SOC manager.

“Businesses need to be aware of the shift and ensure, as a matter of priority, that the right solutions are in place to halt DDoS attacks before they reach applications and adversely impact on business operations. Emea is clearly a hotspot for attacks on a global scale, so there is minimal scope for the region’s decision-makers to take their eyes off the ball,” he said.

Disruptive attacks

Last year started with a bang, the report said, with F5 customers facing the widest range of disruptive attacks recorded to date in the first quarter of 2017.

User Diagram Protocol (UDP) floods stood out, representing 25% of all attacks. Attackers typically send large UDP packets to a single destination or random ports, disguising themselves as trustworthy entities before stealing sensitive data. The next most common attacks were DNS reflection (18%) and SYN flood attacks (16%).

The first quarter of 2017 was also the peak for Internet Control Message Protocol (ICMP) attacks, whereby cyber criminals overwhelm businesses with rapid “echo request” (ping) packets without waiting for replies. In stark contrast, the first-quarter attacks in 2016 were evenly split between UDP and Simple Service Discovery Protocol (SSDP) floods.

The second quarter of 2017 proved equally challenging, the report said, with SYN floods moving to the front of the attack pack (25%), followed by network time protocol and UDP floods (both 20%).

The attackers’ momentum continued into the third quarter, the report said, with UDP floods leading the way (26%). NTP floods were also prevalent (rising from 8% during the same period in 2016 to 22%), followed by DNS reflection (17%).

The year wound down with more UDP flood dominance (25% of all attacks). It was also the busiest period for DNS reflection, which accounted for 20% of all attacks (compared to 8% in 2016 during the same period).

“Attack vectors and tactics will only continue to evolve in the Emea region. It is vital that businesses have the right systems and services in place to safeguard apps wherever they reside”

Kamil Wozniak, F5 SOC

Another key discovery during the fourth quarter of 2017, and one that underlines cyber criminals’ capacity for agile reinvention, was how the Ramnit trojan dramatically extended its reach. Initially built to hit banks, F5 Labs found that 64% of Ramnit’s targets during the holiday season were US-based e-commerce sites.

Other new targets included sites related to travel, entertainment, food, dating and pornography. Other observed banking trojans extending their reach included Trickbot, which infects its victims with social engineering attacks, such as phishing or malvertising, to trick unassuming users into clicking malware links or downloading malware files.

“Attack vectors and tactics will only continue to evolve in the Emea region,” said Wozniak. “It is vital that businesses have the right systems and services in place to safeguard apps wherever they reside. 2017 showed that more internet traffic is SSL/TLS encrypted, so it is imperative that DDoS mitigation systems can examine the nature of these increasingly sophisticated attacks.

“Full visibility and greater control at every layer are essential for businesses to stay relevant and credible to customers. This will be particularly important in 2018 as the EU General Data Protection Regulation comes into play,” he said.


  • 0


The police arrested an 18-year-old man from Oosterhout in connection with multiple DDoS attacks on the Tax Authority, tech site Tweakers and internet provider Tweak last week, as well as on online bank Bunq in September last year. The man was arrested on Thursday, February 1st, the police said in a statement on Monday.

In a DDoS attack large amounts of data is sent to the targeted site, overloading the site’s server and thereby crashing the site.

The police worked closely with Tweakers and security company Redsocks in this investigation. “With this arrest we show that people who commit DDoS attacks do not go unpunished. Investigation must show whether he acted alone or not”, Gert Ras, head of the police’s High Tech Crime team, said. The police are also investigating whether this man is linked to other DDoS attacks on Dutch banks last week. ABN Amro, ING and Rabobank were all hit by multiple attacks.

Redsocks has indication that the man was also behind the attacks on ING and ABN Amro, investigator Ricky Gevers said to NOS. “We shared information about this with the police.”

Tweakers reports that the the tech site tracked down the Oosterhout man after he claimed responsibility for several DDoS attacks online. “The suspect claims that he bought 40 euros of capacity from a ‘stresser’, an online service that can be used by companies to test their DDoS resistance, but can just as easily be used for an actual DDoS.” Tweakers writes. The suspect hid his identity with a so-called VPN connection, but based on IP addresses Tweakers found out that he had a Tweakers account. The tech site handed over his account details to the police on Thursday, and the police arrested him later that day.

The police also searched the suspect’s home and confiscated his computer and other data carriers for further investigation. The suspect will be arraigned on Tuesday.


  • 0

A Head For Hacker-nomics

Unraveling the economics of cyberattacks is just as important as grasping the technologies that hackers use to launch them, says SMU Assistant Professor Wang Qiuhong.

AsianScientist (Feb. 5, 2018) – By Sim Shuzhen – Just as a thief planning a bank heist must figure out how to open locks, bypass security cameras and make a quick getaway, a hacker must also devise ways of cracking passwords, circumventing intrusion detection systems and concealing his electronic traces. The difference is that while the thief’s reach is limited in physical space, the hacker can inflict damage across international boundaries from a computer in a remote location.

Virtual in nature and global in reach, cybercrime is a very different beast from crime in the physical world, and fighting it has proved to be an uphill battle. Still, the good news is that cybercriminals are not a completely unknown quantity—just like their counterparts in the real world, their actions are often rational and motivated by economic incentives. Therefore, looking at cybersecurity through the lens of economics could help researchers come up with better countermeasures against online threats.

Taking this very approach is Assistant Professor Wang Qiuhong of the Singapore Management University (SMU) School of Information Systems, who uses tools from economics to study a range of public policy and business issues related to cybersecurity.

“I think cybersecurity is not just a technical issue, but also a business and economics issue. We need researchers who can cross disciplines, and who deeply understand the technology as well as the economics and social science,” she says. “They can then bring these disciplines together and gain insights that will facilitate decision making.”

A punishment that fits the crime

To deter conventional criminals, governments pass laws and impose penalties on those who flout them. But due to the unique, transboundary nature of cybercrime, it is unclear whether or not legislation actually deters hackers from launching attacks, says Professor Wang.

Together with her collaborators, Professor Wang has used economic modelling to assess how effective the Convention on Cybercrime (COC) has been at deterring distributed denial of service (DDOS) attacks. Introduced in 2001 and now signed by more than 50 countries, the COC is the world’s first piece of international legislation against cybercrime.

Using data from real attacks in 106 countries, the researchers showed that enforcement of the COC was associated with a nearly 12 percent decrease in DDOS attacks; this effect, however, disappeared when the enforcing countries were unwilling to fully engage in international cooperation. Professor Wang and her collaborators published their results in a 2017 paper in MIS Quarterly, titled ‘Cybercrime deterrence and international legislation: Evidence from distributed denial of service attacks’.

“Whether legislation can deter cyberattacks may seem like a very intuitive question, but it can have a very important impact on the government’s decision making,” says Professor Wang.

Her study not only provides evidence that legislation, international collaboration and enforcement can indeed deter cyberattacks; more importantly, it also shows that the effectiveness of the same piece of legislation can vary from country to country depending on the details of how it is implemented, she explains.

But the picture can get even more complicated. Despite its impact on overall cybercrime rates, legislation seems to be less effective at deterring hackers who are intent on acquiring the capability to launch cyberattacks on a large scale, says Professor Wang.

“In this scenario, hackers are compromising a computer not for the purpose of destroying a system, but to leverage its computing power, storage capacity and connectivity to launch more serious attacks targeting other networks and computers,” she explains.

Thus, cybercrime countermeasures should not be limited to reducing the frequency of attacks or to protecting the targets of these attacks, says Professor Wang.

“It is equally important to reduce the severity of attacks and to weaken the attackers’ acquisition of capabilities to launch attacks,” she explains.

Location, location, location

In the real world, a country has geographical neighbours; in cyberspace, it has what Professor Wang calls topological neighbours—countries through which its data packets are routed as they make their way around the World Wide Web.

This brings a fundamental economic principle into play: that of externalities. When a country and its topological neighbours have made comparable efforts to implement cybersecurity legislation, they are likely to experience positive externalities that reinforce the effectiveness of that legislation, leading to a reduced risk of cyberattacks for all parties. On the other hand, if one country implements effective legislation while its topological neighbors let hackers run riot, this mismatch in cybersecurity capabilities may result in negative externalities, leading to an increased risk of cyberattacks, explains Professor Wang.

“When addressing issues of deterrence, we have to be aware of how our [topological] location will affect our cybersecurity countermeasures, and also how our countermeasures will affect other countries,” says Professor Wang.

These relationships, she adds, could be very different from conventional geographical, political or economic ties. One of her current projects is therefore to understand the connections between cyberattacks and the structure of the internet; this, she hopes, will help countries and businesses devise strategies to position themselves in more secure topological locations.

The fight against cybercrime looks set to be a long-term struggle, says Professor Wang.

“Digitisation and the internet have made everything easier. But when we open these doors to legitimate businesses and day-to-day activities, it also opens doors for hackers and criminals,” she muses. “The need for cybersecurity is a by-product of our technological advancement.”

Thus, rather than simply reacting to the latest malware attack, authorities would do better to seek an in-depth understanding of the fundamental nature of cybercrime from a longitudinal perspective, says Professor Wang.

“It is always important to ask where we are, where we are going, whom we will impact and who will impact us, and to constantly review cybersecurity policy in light of that information.”

Asian Scientist Magazine is a media partner of the Singapore Management University Office of Research & Tech Transfer.


  • 0

Crypto-Mining Attacks Emerge as the New Big Threat to Enterprises

Attackers looking to hijack systems for illegally mining digital currencies have begun eyeing business systems, security vendors say.

 In an ominous trend for businesses, hijacking computers for cryptocurrency mining appears to have become the go-to strategy for cybercriminals looking for a safe and reliable way to generate illegal revenues.

Several vendors in recent days have reported a huge surge in illegal crypto-mining activity involving millions of hijacked computers worldwide. Professional cybercriminals are moving away in droves from less profitable exploits to making money via the surging global interest in digital currencies, said Digital Shadows in the latest warning on this trend.

The activity has begun to pose as much of a threat to businesses as it does to consumers. Security vendor CrowdStrike recently reported that it had seen multiple instances of businesses being impacted by illegal crypto-mining activity. In some cases, mining tools installed illegally on business systems have caused applications and hardware to crash, causing operational disruptions lasting days and sometimes even weeks, says Bryan York, director of services at CrowdStrike.

“We’ve seen an uptick in unauthorized crypto-mining, or cryptojacking, targeting businesses,” he says. “While cryptocurrency mining has typically been viewed as a nuisance, we’ve recently seen several cases where mining has impacted business operations,” York warns.

Mining 101

Crypto mining is a fairly complex process where a computer’s processing resources are used for blockchain transaction verification. Mining is a very CPU-intensive, resource-hogging activity and some digital currencies like Bitcoin require special-purpose hardware to do it. Several other digital currencies like Monero, Zcash, and Ethereum, however, can also be mined by pooling the resources of multiple computers.

In return for installing a mining tool and allowing their computer resources to be pooled for mining, the miners or owners of the computers, receive digital coins in return. Mining itself is a legal activity, and many people around the world allow their systems to be used for the purpose in hopes of making some money on the side.

In recent months, however, cybercriminals have begun surreptitiously installing crypto-mining tools on victim computers and using resources of those compromised systems for the same purpose. Instead of taking over computers to steal data or install ransomware, cybercriminals have simply begun stealing system resources and using this to illegally profit from digital currency mining.

“These attacks are much stealthier than their predecessors,” Cisco’s Talos threat group said in a report this week. “Attackers are not stealing anything more than computing power from their victims and the mining software isn’t technically malware.”

When installing mining software, some criminals have even begun putting limits on things like CPU usage and amount of cores being used to ensure users don’t notice any obvious performance hit as result of mining software running on their system. In theory, victims could remain part of the adversary botnet indefinitely, Talos said in its report.

E-Currency Theft

Illegal crypto-mining is just one form of cryptocurrency fraud. Cybercriminals have also begun stealing tens of millions of dollars directly from electronic wallets used to store digital currency, as well as targeting cryptocurrency exchanges and trading platforms. Michael Marriott, research analyst at Digital Shadows, points to one recent incident where criminals targeted the Initial Coin Offering for blockchain application company Experty and used phishing emails to trick potential coin buyers to send funds to an attacker-owned wallet.

In another incident just this week, thieves emptied a staggering $500 million from Japan’s Coincheck cryptocurrency exchange.

However, illegal mining – especially for Monero – has quickly emerged as one of the most reliable and safe ways for cybercriminals to profit from the cryptocurrency craze. Using the Monero cybercurrency as an example, Talos has estimated that a threat actor using 2,000 hijacked computers can generate $500 per day, or $182,500 per year. There are some botnets with millions of infected systems that criminals can leverage to generate more than $100 million from cryptocurrency mining, according to Talos.

Driving the trend is the easy availability of do-it-yourself kits that almost anyone can use for illegal mining. Criminals can rent mining botnets for as little as $30 to $130 per month, and software for distributing miners for as little as $29, according to Digital Shadows.

“We’ve seen plenty of actors changing their focus to profit from this,” says Marriott from Digital Shadows. “For example, the ransomware variant known as VenusLocker switched its business model to mine bitcoin rather than encrypt files on victims’ computers. Similarly, the RIG exploit kit has incorporated Monero mining into its features,” he says.

Satori, a botnet associated with DDoS attacks, has also recently begun targeting cryptocurrency mining, as has Smominru, a botnet that has infected over 500,000 systems and already generated some $3 million in Monero, Marriott says.

Attackers have also begun searching on sites such as GitHub for keys to cloud services such as AWS in order to use cloud-based machines to mine cryptocurrencies, he notes. “If attackers have access to an organization’s cloud services, then as well as performing mining activity, they could realistically do other malicious acts, such as stealing data or installing malware payloads,” Marriott says.


CrowdStrike has observed crypto-mining attacks within the education, entertainment, financial, healthcare, insurance, and technology sectors, says York. Some of the tools used in the attacks pose a particular threat to enterprises. One example, he says, is WannaMine, a crypto-mining worm that uses sophisticated propagation and persistence methods to spread and remain on systems, he says.

“WannaMine propagates more effectively within a corporate network than it would on consumer network,” he notes. 

It uses the Mimikatz credential-harvester to acquire credentials and move laterally within organizations using the legitimate credentials. “If unsuccessful, WannaMine attempts to exploit the remote system with the EternalBlue exploit used by WannaCry in early 2017. This approach is generally more effective in corporate networks,” he says.

Nick Biasini, a threat researcher at Cisco Talos, says organizations that aren’t already looking for miners on their infrastructure definitely should be. “This is a huge new wave of threats that is being delivered to systems in virtually every way possible,” he says.

Some examples include phishing websites and rogue browser extensions.

Performance degradation is one sign of the activity, he says. A compromised system also periodically reaches out to the broader infected pool with which it belongs, so monitoring network activity is critical. “[But] it is important to note that attackers can throttle resource usage or only mine during off-hours to make it much more difficult to detect,” Biasini adds.


  • 0


The DDoS attacks that hit ABN Amro, ING and Rabobank over the weekend and on Monday, came from servers in Russia, according to security company ESET. The company adds that this does not automatically mean that the perpetrators are also in Russia, the Telegraaf reports.

The perpetrators used a so-called botnet – an army of hijacked computers and smart devices – to commit the DDoS attacks. Using the program Zbot, they remotely ordered these devices to visit a certain site en masse, thereby overloading the site’s server and crashing the site. The command and control servers are mainly in Russia, ESET determined.

The motive for these attacks is still unknown. The security company points out that the perpetrators can be anyone ranging from bored teenagers to state hackers – DDoS attacks are easy to buy online.

The Tax Authority’s site was also hit by a DDoS attack on Monday morning, leaving the site unavailable for a short period. ESET can’t yet say whether this attack is linked to the attacks on the banks.

The Ministry of Justice and Security called the attacks on the Dutch institutions very advanced, according to BNR. “But for example Dutch banks are known in Europe for having their cyber security in order. You often see that this provokes more advanced attacks. We are now fighting at a very high level”, the Ministry said. The Ministry can’t yet say who is behind these attacks.


  • 0

DOSarrest releases new Simulated DDoS Attack platform

VANCOUVER, British Columbia, Jan. 23, 2018 (GLOBE NEWSWIRE) — DOSarrest Internet Security announced today that they have released a new Service offering called Cyber Attack Preparation Platform (CAPP). This new service allows customers to login to the CAPP portal and launch DDoS attacks on their own internet assets to see how they’re existing defenses stand up to real world attacks.

This new service enables anyone to choose from a wide variety of stock TCP and HTTP attacks some developed in house and some taken from the wild by DOSarrest over it’s 11 year history in protecting against DDoS attacks. There are over 40 different attacks to choose from, some TCP attacks can generate up to 80 Gb/sec of malicious TCP spoofed traffic, others offer more complex HTTP attacks.

Other major capabilities include;

  • Choose from any or all 5 attack source regions
  • Control the intensity of every bot in the botnet
  • Control the size of the botnet from every attack source region
  • View real time traffic to and from the source and target
  • Other variables include specific target URL’s, packet size, TCP or HTTP port
  • Instant kill button, stops any attack in progress in seconds

CEO of DOSarrest, Mark Teolis states, “We have been using a simulated DDoS attack system for a few years now but our present customers and non-customers alike want to operate the system on their own and see the results. Now they can.”

DOSarrest CTO, Jag Bains comments, “It’s interesting to see how different systems react to attacks, CAPP not only shows you the traffic to the victim but also shows you the traffic response from the victim. A small attack to a target can actually produce a response back that’s 500 times larger.” Bains adds, “This is the best tool I’ve seen to fine tune your cyber security defenses, if you fail you can make changes and launch the exact same attack again, to see if you can stop the attack.”

About DOSarrest Internet Security:
DOSarrest founded in 2007 in Vancouver, B.C., Canada specializes in fully managed cloud based Internet security services including DDoS protection services,  Web Application Firewall (WAF), Vulnerability Testing and Optimization (VTO), DataCenter Defender – GRE as well as cloud based global load balancing.


  • 0

Stay vigilant — cyber threats not over yet

Local companies should remain alert and continue to constantly update their cyber security measures as more “innovative” hacking activities are expected this year.

LGMS Services Sdn Bhd CEO Fong Choong Fook said the public and local corporations should be vigilant, as new variants of ransomware could penetrate Malaysia, resulting in various attacks as ransomware services are becoming easier to be accessed.

“Users should always stay updated with system and anti-virus developments, as well as avoid downloading or installing pirated softwares,” he said.

As hacking of Internet of Things devices are also expected to increase, the cyber security analyst urged industry players to perform regular risk assessments to evaluate their risks of cyber threats.

“They should also perform penetration testing in a proactive way and fix any loopholes before hackers take advantage of it,” he said.

Preemptive measures are vital, Fong said, as hackers are more innovative and creative in upgrading their skills and knowledge each day.

In retrospect, Fong said 2017 was the year where Malaysians were “awakened” by the threats of cyber attacks, beginning with a ransomware pandemic of WannaCry in May.

Malaysia has also faced the highly coordinated Distributed Denial of Service (DDoS) attack, followed by what was described as the biggest data leak incident in October.

CyberSecurity Malaysia CEO Datuk Dr Amirudin Abdul Wahab (picture) was reported as saying that, as Malaysians are still unaware of the existence of ransomware, they are advised to equip themselves with cyber security knowledge, as well as to use technology prudently and ethically.

In the incident, over 200,000 systems from 150 countries all over the world were hit by hackers charging US$300 (RM1,221) for their files to be decrypted.

On DDoS attack, it was reported that three linked stock brokerages and one bank were involved in the incident.

In order to ensure the success of DDoS attacks, hackers just need to leverage on computer connections and flood any targeted system with high traffic, or sending information that triggers a crash to the victim’s system.

The attack is capable to shut down a machine or network, causing the user to be blocked from accessing it.

“Company should subscribe cloud traffic scrubbing services such as ‘Cloudflare’, as well as having alternative Internet line on standby (as back up, should the attack happen),” Fong said.

He said the incident should be treated as a learning curve to the public and industry.

“We will learn to be wiser and become more proactive to prepare ourselves for volumetric DDoS attacks,” he said.

On the case of data leaks, Fong said the silver lining of it would be that the consumers have begun to realise the importance of data protection.

“The public are now starting to question the data custodians’ accountability on data privacy, which can be considered as a positive note of the entire data leak chaos,” he noted.


  • 0