Discord was down due to Cloudflare outage affecting parts of the web

Popular chat service Discord experienced issues today due to network problems at Cloudflare and a wider internet issue. The app was inaccessible for its millions of users, and even Discord’s website and status pages were struggling. Discord’s problems could be traced to an outage at Cloudflare, a content delivery network. Cloudflare started experiencing issues at 7:43AM ET, and this caused Discord, Feedly, Crunchyroll, and many other sites that rely on its services to have partial outages.

Cloudflare says it’s working on a “possible route leak” affecting some of its network, but services like Discord have been inaccessible for nearly 45 minutes now. “Discord is affected by the general internet outage,” says a Discord statement on the company’s status site. “Hang tight. Pet your cats.”

“This leak is impacting many internet services including Cloudflare,” says a Cloudflare spokesperson. “We are continuing to work with the network provider that created this route leak to remove it.” Cloudflare doesn’t name the network involved, but Verizon is also experiencing widespread issues across the East Coast of the US this morning. Cloudflare notes that “the network responsible for the route leak has now fixed the issue,” so services should start to return to normal shortly.

Cloudfare explained the outage in an additional statement, commenting that “Earlier today, a widespread BGP routing leak affected a number of Internet services and a portion of traffic to Cloudflare. All of Cloudflare’s systems continued to run normally, but traffic wasn’t getting to us for a portion of our domains. At this point, the network outage has been fixed and traffic levels are returning to normal.”

Source: https://www.theverge.com/2019/6/24/18715308/discord-down-outage-cloudflare-problems-crunchyroll-feedly

  • 0

DDoSer Who Terrorized German and UK Firms Gets Off Without Jail Time

A German hacker who launched DDoS attacks and tried to extort ransom payments from German and UK firms was sentenced last month to one year and ten months of probation.

The hacker, identified by authorities only as 24-year-old Maik D., but known online as ZZb00t, was fingered for attacking companies such as eBay.de, DHL.de, billiger.de, hood.de, rakuten.de, DPD.de, EIS.de, ESL.eu, but also some UK firms.

Hacker would launch DDoS attacks and then extort victims

ZZb00t would act following the same pattern. He’d first warn companies via Twitter, and then launch DDoS attacks, taking down services from hours to up to a day.

Maik, who in real life was an IT security consultant, would often criticize companies for their poor security practices.

“Sadly but true @[REDACTED] your servers just sucks,” he wrote in one tweet. “Never thought that [REDACTED] was so extremely poorly protected. It’s more than embarrassing,” he wrote in another.

He’d often claim his actions were only for the purpose of exposing security weakness, claiming he was a vulnerability hunter.

But Maik wouldn’t launch DDoS attacks just out of the kindness of the kindness of his heart so that companies would improve security. The hacker would often send emails promising to stop attacks for a payment in Bitcoin.

Hacker arrested after one company pressed charges

His DDoS and extortion campaigns have been tracked all last year by German blog Wordfilter.de [1, 2, 3, 4]. A recently released Link11 report details the hacker’s tactics.

The hacker was active at the same time as another DDoS extortion team named XMR Squad, and Link11 claims in its report that there was a working relationship and coordination of attacks between ZZb00t and XMR Squad members.

Link11 says it documented over 300 of ZZb00t’s tweets related to attacks he carried out before German authorities arrested the suspect on May 23, last year, putting an end to his attacks.

Source: https://www.bleepingcomputer.com/news/security/ddoser-who-terrorized-german-and-uk-firms-gets-off-without-jail-time/

  • 0

Hospitals Exposed by Connected Devices

At any one time the world’s connected hospitals could be running as many as 80,000 exposed devices, putting hospital operations, data privacy and patient health at risk, according to Trend Micro.

The security giant’s latest report, Securing Connected Hospitals, claimed medical devices, databases, digital imaging systems, admin consoles, protocols, industrial controllers and systems software have significantly increased the average provider’s attack surface.

This puts them at risk of DDoS, ransomware attack and data theft. The report used the DREAD threat assessment model to find that DDoS is actually the biggest risk, followed by ransomware.

The latter has impacted hospitals worldwide, particularly NHS Trusts, which were severely affected by the WannaCry attack of 2017.

Senior threat researchers and report authors Numaan Huq and Mayra Rosario Fuentes claimed that hospital cybersecurity may be lacking because of several reasons.

These include: a lack of dedicated IT security staff, limited budget, diagnostic equipment which is outdated, and can’t be taken offline to patch and large numbers of mobile workers who need seamless access to systems.

The report also claimed that hospital supply chains are increasingly opening them up to cyber-risk, with 30% of breaches publicly reported to the US Department of Health and Human Services (HHS) in 2016 due to breaches of business associates and third-party vendors.

“Supply chain threats are potential risks associated with suppliers of goods and services to healthcare organizations where a perpetrator can exfiltrate confidential or sensitive information, introduce an unwanted function or design, disrupt daily operations, manipulate data, install malicious software, introduce counterfeit devices, and affect business continuity,” explained Huq and Fuentes.

“Third-party vendors have credentials that include log-ins, passwords, and badge access which can be compromised. These vendors can also store physical records, medical devices, and office equipment. Hospitals need to be supplied by a robust supply chain to ensure uninterrupted service to patients, and thus protecting the hospital supply chain against cyber-attacks becomes a critical necessity.”

Source: https://www.infosecurity-magazine.com/news/hospitals-exposed-by-connected/

  • 0

How Can Blockchain Be Used to Aid Cybersecurity?

With the rapid advancement of internet-based technologies, cybersecurity is a constant cloud looming on the horizon. As the technology evolves, so too, do the cybercriminals. Their constant efforts to steal valuable data and disrupt business through DDoS attacks are increasingly sophisticated.

Holding companies hostage and monetizing data through ransomware techniques is sadly par for the course. In fact, it’s estimated that cybersecurity alone costs the global economy some $450 billion a year. With IT professionals scrambling to stay one step ahead of the hackers, how can blockchain be used to aid cybersecurity?

No Single Point of Failure

The decentralized nature of the blockchain means that there is no single point of failure, nor one central database waiting to be hacked. Information is stored over several databases, and each block is linked to the next in the chain, making no “hackable” entrance. This provides infinitely greater security than our current, centralized structures.

Removing Human Error

The weakest link in our current system is simple logins that are vulnerable to being cracked. Blockchain can remove human error in cybersecurity, as businesses can authenticate devices without the need for a password system. Each device is provided with a specific SSL certificate, rather than a password. Human intervention becoming a potential hacker vector is consequently avoided.

Bitcoin advocate, adjunct professor at NYU Law School and practicing attorney, Andrew Hinkes, explains, “Using a public blockchain with proof of work consensus can remove the foibles of human mistake or manipulation.”

Detecting Tampering in Real Time

The blockchain can uncover and reject suspicious behavior in the system in real time. Say, for example, that a hacker tried to interfere with the information in a block. The entire system would be alerted and examine all data blocks to locate the one that stood out from the rest. It would then be recognized as false and excluded from the system.

Improving IoT Security

With the rise in IoT devices, come inherent security risks. We’ve already seen problems occur when trying to disable compromised devices that become part of botnets. According to Kevin Curran, IEEE senior member and professor of cybersecurity at Ulster University, the blockchain can put an end to that:

“The blockchain, with its solid cryptographic foundation offering a decentralized solution can aid against data tampering, thus offering greater assurances for the legitimacy of the data.” This would mean that potentially billions of IoT devices could connect and communicate in a secure ecosystem.

Traceability

All transactions on the blockchain are highly traceable, using a timestamp and digital signature. Companies can easily go back to the root of each and every transaction to a given date and locate the corresponding party. Since all transactions are cryptographically associated to a user, the perpetrator can be easily found.

Says Hinkes, “Blockchains create an audit trail of all activity by its participants, which simplifies access control and monitoring.” This offers companies a level of security and transparency on every iteration.

The Takeaway

Currently, the impending threat of DDoS attacks comes from our existing Domain Name System. Blockchain technology would disrupt this completely by decentralizing the DNS and distributing the content to a greater number of nodes. This would make it virtually impossible for cybercriminals to hack and create a secure environment to host the world’s data.

Source: https://blocksleuth.com/category/ddos-attacks/

  • 0

DDoS Costs Skyrocket for SMBs and Enterprises Alike

The financial impact of a distributed denial-of-service (DDoS) attack is continuing to rise globally – with significant cost spikes for both small to medium-sized businesses (SMBs) and enterprises per attack.

Kaspersky Lab’s IT Security Risks Survey 2017, which polled 5,200 business representatives from 29 countries, shows that whether as the result of a single incident or as part of a multi-faceted cyberattack, the financial implications of reacting to a DDoS attack in 2017 is $123,000 for SMBs per incident, compared to $106,000 in 2016.

For enterprises, the cost has soared more than half a million dollars – from $1.6 million in 2016 to $2.3 million in 2017 on average per attack. The rising financial costs of DDoS attacks, coupled with unquantifiable impacts such as reputational damage, are crippling for many organizations.

When asked about the specific consequences experienced as a result of a DDoS attack, most organizations (33%) claim that the cost incurred in fighting the attack and restoring services is the main burden, while a quarter (25%) cited money spent investing in an offline or back-up system while online services are unavailable. Additionally, 23% said that a loss of revenue and business opportunities occurred as a direct result of DDoS attacks, whereas 22% listed the loss of reputation among clients and partners as another direct consequence of a DDoS attack.

Previous Kaspersky Lab research also found that the attack rate is accelerating, with more than a third (33%) of organizations facing a DDoS attack in 2017, compared to just 17% in 2016. Even so, organizations are undereducated about taking steps to protect themselves. For instance, they often expect third parties to protect their businesses.

According to the research, 34% of organizations expect their ISP will protect them from DDoS attacks, and another 26% expect their data center or infrastructure partners will do so. Additionally, nearly a third (28%) claim that it is unlikely that they will be targeted by a DDoS attack in general.

“DDoS attacks, both standalone or as part of an attack arsenal, can cost an organization thousands, if not millions – that’s without counting reputational damage and lost clients and partners as a result,” said Kirill Ilganaev, head of Kaspersky DDoS protection, Kaspersky Lab. “It is therefore wise to be aware of these threats and invest in their own protective measures in advance. It is also important to choose reliable specialized security solutions that are based on cybersecurity expertise and tailored to fight the most sophisticated DDoS attacks organizations face today.”

Source: https://www.infosecurity-magazine.com/news/ddos-costs-skyrocket-for-smbs/

  • 0

Europe in the firing line of evolving DDoS attacks

The Europe, Middle East and Africa region accounts for more than half the world’s distributed denial of service attacks, a report from F5 Labs reveals.

The past year has seen a 64% rise in distributed denial of service (DDoS) attacks and greater tactical diversity from cyber criminals, according to customer data from F5’s Poland-based Security Operations Center (SOC).

However, more than 51% of attacks globally were targeted at organisations in Europe, the Middle East and Africa (Emea), and 66% involved multiple attack vectors, requiring sophisticated mitigation tools and knowledge, the report said.

The F5 report comes less than two weeks after several waves of powerful DDoS attacks hit banks and other organisations in the Netherlands.

Reflecting the spike in activity, F5 reported 100% growth for Emea customers deploying web application firewall (WAF) technology in the past year, while the adoption of anti-DDoS technology increased by 58%.

A key discovery was the relative drop in power for single attacks. In 2016, the F5 SOC logged multiple attacks of over 100Gbps, with some surpassing 400Gbps.

In 2017, the top attack stood at 62Gbps. This suggests a move towards more sophisticated Layer 7 (application layer) DDoS attacks that are potentially more effective and have lower bandwidth requirements.

“DDoS threats are on the rise in Emea and we’re seeing notable changes in their scope and sophistication compared with 2016,” said Kamil Wozniak, F5 SOC manager.

“Businesses need to be aware of the shift and ensure, as a matter of priority, that the right solutions are in place to halt DDoS attacks before they reach applications and adversely impact on business operations. Emea is clearly a hotspot for attacks on a global scale, so there is minimal scope for the region’s decision-makers to take their eyes off the ball,” he said.

Disruptive attacks

Last year started with a bang, the report said, with F5 customers facing the widest range of disruptive attacks recorded to date in the first quarter of 2017.

User Diagram Protocol (UDP) floods stood out, representing 25% of all attacks. Attackers typically send large UDP packets to a single destination or random ports, disguising themselves as trustworthy entities before stealing sensitive data. The next most common attacks were DNS reflection (18%) and SYN flood attacks (16%).

The first quarter of 2017 was also the peak for Internet Control Message Protocol (ICMP) attacks, whereby cyber criminals overwhelm businesses with rapid “echo request” (ping) packets without waiting for replies. In stark contrast, the first-quarter attacks in 2016 were evenly split between UDP and Simple Service Discovery Protocol (SSDP) floods.

The second quarter of 2017 proved equally challenging, the report said, with SYN floods moving to the front of the attack pack (25%), followed by network time protocol and UDP floods (both 20%).

The attackers’ momentum continued into the third quarter, the report said, with UDP floods leading the way (26%). NTP floods were also prevalent (rising from 8% during the same period in 2016 to 22%), followed by DNS reflection (17%).

The year wound down with more UDP flood dominance (25% of all attacks). It was also the busiest period for DNS reflection, which accounted for 20% of all attacks (compared to 8% in 2016 during the same period).

“Attack vectors and tactics will only continue to evolve in the Emea region. It is vital that businesses have the right systems and services in place to safeguard apps wherever they reside”

Kamil Wozniak, F5 SOC

Another key discovery during the fourth quarter of 2017, and one that underlines cyber criminals’ capacity for agile reinvention, was how the Ramnit trojan dramatically extended its reach. Initially built to hit banks, F5 Labs found that 64% of Ramnit’s targets during the holiday season were US-based e-commerce sites.

Other new targets included sites related to travel, entertainment, food, dating and pornography. Other observed banking trojans extending their reach included Trickbot, which infects its victims with social engineering attacks, such as phishing or malvertising, to trick unassuming users into clicking malware links or downloading malware files.

“Attack vectors and tactics will only continue to evolve in the Emea region,” said Wozniak. “It is vital that businesses have the right systems and services in place to safeguard apps wherever they reside. 2017 showed that more internet traffic is SSL/TLS encrypted, so it is imperative that DDoS mitigation systems can examine the nature of these increasingly sophisticated attacks.

“Full visibility and greater control at every layer are essential for businesses to stay relevant and credible to customers. This will be particularly important in 2018 as the EU General Data Protection Regulation comes into play,” he said.

Source: http://www.computerweekly.com/news/252434746/Europe-in-the-firing-line-of-evolving-DDoS-attacks

  • 0

A Head For Hacker-nomics

Unraveling the economics of cyberattacks is just as important as grasping the technologies that hackers use to launch them, says SMU Assistant Professor Wang Qiuhong.

AsianScientist (Feb. 5, 2018) – By Sim Shuzhen – Just as a thief planning a bank heist must figure out how to open locks, bypass security cameras and make a quick getaway, a hacker must also devise ways of cracking passwords, circumventing intrusion detection systems and concealing his electronic traces. The difference is that while the thief’s reach is limited in physical space, the hacker can inflict damage across international boundaries from a computer in a remote location.

Virtual in nature and global in reach, cybercrime is a very different beast from crime in the physical world, and fighting it has proved to be an uphill battle. Still, the good news is that cybercriminals are not a completely unknown quantity—just like their counterparts in the real world, their actions are often rational and motivated by economic incentives. Therefore, looking at cybersecurity through the lens of economics could help researchers come up with better countermeasures against online threats.

Taking this very approach is Assistant Professor Wang Qiuhong of the Singapore Management University (SMU) School of Information Systems, who uses tools from economics to study a range of public policy and business issues related to cybersecurity.

“I think cybersecurity is not just a technical issue, but also a business and economics issue. We need researchers who can cross disciplines, and who deeply understand the technology as well as the economics and social science,” she says. “They can then bring these disciplines together and gain insights that will facilitate decision making.”

A punishment that fits the crime

To deter conventional criminals, governments pass laws and impose penalties on those who flout them. But due to the unique, transboundary nature of cybercrime, it is unclear whether or not legislation actually deters hackers from launching attacks, says Professor Wang.

Together with her collaborators, Professor Wang has used economic modelling to assess how effective the Convention on Cybercrime (COC) has been at deterring distributed denial of service (DDOS) attacks. Introduced in 2001 and now signed by more than 50 countries, the COC is the world’s first piece of international legislation against cybercrime.

Using data from real attacks in 106 countries, the researchers showed that enforcement of the COC was associated with a nearly 12 percent decrease in DDOS attacks; this effect, however, disappeared when the enforcing countries were unwilling to fully engage in international cooperation. Professor Wang and her collaborators published their results in a 2017 paper in MIS Quarterly, titled ‘Cybercrime deterrence and international legislation: Evidence from distributed denial of service attacks’.

“Whether legislation can deter cyberattacks may seem like a very intuitive question, but it can have a very important impact on the government’s decision making,” says Professor Wang.

Her study not only provides evidence that legislation, international collaboration and enforcement can indeed deter cyberattacks; more importantly, it also shows that the effectiveness of the same piece of legislation can vary from country to country depending on the details of how it is implemented, she explains.

But the picture can get even more complicated. Despite its impact on overall cybercrime rates, legislation seems to be less effective at deterring hackers who are intent on acquiring the capability to launch cyberattacks on a large scale, says Professor Wang.

“In this scenario, hackers are compromising a computer not for the purpose of destroying a system, but to leverage its computing power, storage capacity and connectivity to launch more serious attacks targeting other networks and computers,” she explains.

Thus, cybercrime countermeasures should not be limited to reducing the frequency of attacks or to protecting the targets of these attacks, says Professor Wang.

“It is equally important to reduce the severity of attacks and to weaken the attackers’ acquisition of capabilities to launch attacks,” she explains.

Location, location, location

In the real world, a country has geographical neighbours; in cyberspace, it has what Professor Wang calls topological neighbours—countries through which its data packets are routed as they make their way around the World Wide Web.

This brings a fundamental economic principle into play: that of externalities. When a country and its topological neighbours have made comparable efforts to implement cybersecurity legislation, they are likely to experience positive externalities that reinforce the effectiveness of that legislation, leading to a reduced risk of cyberattacks for all parties. On the other hand, if one country implements effective legislation while its topological neighbors let hackers run riot, this mismatch in cybersecurity capabilities may result in negative externalities, leading to an increased risk of cyberattacks, explains Professor Wang.

“When addressing issues of deterrence, we have to be aware of how our [topological] location will affect our cybersecurity countermeasures, and also how our countermeasures will affect other countries,” says Professor Wang.

These relationships, she adds, could be very different from conventional geographical, political or economic ties. One of her current projects is therefore to understand the connections between cyberattacks and the structure of the internet; this, she hopes, will help countries and businesses devise strategies to position themselves in more secure topological locations.

The fight against cybercrime looks set to be a long-term struggle, says Professor Wang.

“Digitisation and the internet have made everything easier. But when we open these doors to legitimate businesses and day-to-day activities, it also opens doors for hackers and criminals,” she muses. “The need for cybersecurity is a by-product of our technological advancement.”

Thus, rather than simply reacting to the latest malware attack, authorities would do better to seek an in-depth understanding of the fundamental nature of cybercrime from a longitudinal perspective, says Professor Wang.

“It is always important to ask where we are, where we are going, whom we will impact and who will impact us, and to constantly review cybersecurity policy in light of that information.”

Asian Scientist Magazine is a media partner of the Singapore Management University Office of Research & Tech Transfer.

Source: http://www.asianscientist.com/2018/02/features/cybersecurity-smu-wang-qiuhong/

  • 0

DOSarrest releases new Simulated DDoS Attack platform

VANCOUVER, British Columbia, Jan. 23, 2018 (GLOBE NEWSWIRE) — DOSarrest Internet Security announced today that they have released a new Service offering called Cyber Attack Preparation Platform (CAPP). This new service allows customers to login to the CAPP portal and launch DDoS attacks on their own internet assets to see how they’re existing defenses stand up to real world attacks.

This new service enables anyone to choose from a wide variety of stock TCP and HTTP attacks some developed in house and some taken from the wild by DOSarrest over it’s 11 year history in protecting against DDoS attacks. There are over 40 different attacks to choose from, some TCP attacks can generate up to 80 Gb/sec of malicious TCP spoofed traffic, others offer more complex HTTP attacks.

Other major capabilities include;

  • Choose from any or all 5 attack source regions
  • Control the intensity of every bot in the botnet
  • Control the size of the botnet from every attack source region
  • View real time traffic to and from the source and target
  • Other variables include specific target URL’s, packet size, TCP or HTTP port
  • Instant kill button, stops any attack in progress in seconds

CEO of DOSarrest, Mark Teolis states, “We have been using a simulated DDoS attack system for a few years now but our present customers and non-customers alike want to operate the system on their own and see the results. Now they can.”

DOSarrest CTO, Jag Bains comments, “It’s interesting to see how different systems react to attacks, CAPP not only shows you the traffic to the victim but also shows you the traffic response from the victim. A small attack to a target can actually produce a response back that’s 500 times larger.” Bains adds, “This is the best tool I’ve seen to fine tune your cyber security defenses, if you fail you can make changes and launch the exact same attack again, to see if you can stop the attack.”

About DOSarrest Internet Security:
DOSarrest founded in 2007 in Vancouver, B.C., Canada specializes in fully managed cloud based Internet security services including DDoS protection services,  Web Application Firewall (WAF), Vulnerability Testing and Optimization (VTO), DataCenter Defender – GRE as well as cloud based global load balancing.

Source: https://globenewswire.com/news-release/2018/01/22/1298839/0/en/DOSarrest-releases-new-Simulated-DDoS-Attack-platform.html

  • 0

Stay vigilant — cyber threats not over yet

Local companies should remain alert and continue to constantly update their cyber security measures as more “innovative” hacking activities are expected this year.

LGMS Services Sdn Bhd CEO Fong Choong Fook said the public and local corporations should be vigilant, as new variants of ransomware could penetrate Malaysia, resulting in various attacks as ransomware services are becoming easier to be accessed.

“Users should always stay updated with system and anti-virus developments, as well as avoid downloading or installing pirated softwares,” he said.

As hacking of Internet of Things devices are also expected to increase, the cyber security analyst urged industry players to perform regular risk assessments to evaluate their risks of cyber threats.

“They should also perform penetration testing in a proactive way and fix any loopholes before hackers take advantage of it,” he said.

Preemptive measures are vital, Fong said, as hackers are more innovative and creative in upgrading their skills and knowledge each day.

In retrospect, Fong said 2017 was the year where Malaysians were “awakened” by the threats of cyber attacks, beginning with a ransomware pandemic of WannaCry in May.

Malaysia has also faced the highly coordinated Distributed Denial of Service (DDoS) attack, followed by what was described as the biggest data leak incident in October.

CyberSecurity Malaysia CEO Datuk Dr Amirudin Abdul Wahab (picture) was reported as saying that, as Malaysians are still unaware of the existence of ransomware, they are advised to equip themselves with cyber security knowledge, as well as to use technology prudently and ethically.

In the incident, over 200,000 systems from 150 countries all over the world were hit by hackers charging US$300 (RM1,221) for their files to be decrypted.

On DDoS attack, it was reported that three linked stock brokerages and one bank were involved in the incident.

In order to ensure the success of DDoS attacks, hackers just need to leverage on computer connections and flood any targeted system with high traffic, or sending information that triggers a crash to the victim’s system.

The attack is capable to shut down a machine or network, causing the user to be blocked from accessing it.

“Company should subscribe cloud traffic scrubbing services such as ‘Cloudflare’, as well as having alternative Internet line on standby (as back up, should the attack happen),” Fong said.

He said the incident should be treated as a learning curve to the public and industry.

“We will learn to be wiser and become more proactive to prepare ourselves for volumetric DDoS attacks,” he said.

On the case of data leaks, Fong said the silver lining of it would be that the consumers have begun to realise the importance of data protection.

“The public are now starting to question the data custodians’ accountability on data privacy, which can be considered as a positive note of the entire data leak chaos,” he noted.

Source: https://themalaysianreserve.com/2018/01/04/stay-vigilant-cyber-threats-not-yet/

  • 0

Philippine government starts tracking down North Korean cyber-hackers

Manila: The Philippine government is tracking down North Korean hackers who were identified to have attacked a government-run cyber-security agency, a senior official said, prompting observers to assess that computer systems nationwide are vulnerable to attacks.

“The Department of Science and Technology (DOST) and its Advanced Science and Techonology Institute (ASTI) will launch an investigation on Monday following reports that North Korean hackers have launched cyber-attacks against DOST’s website,” said Department of Information and Communications Technology (DICT) Assistant Secretary Allan Cabanlong.

The DOST and ASTI will jointly look if the so-called distributed denial-of-service (DDoS) attacks that shut down websites have entered its cyber-system, said Cabanlong.

“It’s like a teargas or smoke grenade. Once it’s in the website that is under attack — the website shuts off for a specific period, allowing the attacker to send malware to the website in order to control its system,” explained Cabanlong.

The investigation was launched after Quartz, a news site, cited a study that “some North Korean users were conducting research, or possibly even network reconnaissance, on a number of foreign laboratories and research centers” including India’s Space Research Organization and the Philippines’ DOST,” said Cabanlong.

On Saturday, DOST and ASI have not yet detected the North Korean attackers in the cyber system. “If ever there was, it was not yet reported to us,” said Cabanlong, adding that hackers often target websites of research and academic institutions that are focused on content more than on security features

The reported DOST hackers could be part of North Korea’s efforts to attack perceived enemies, said Cabanlong.

They could be sympathisers of North Korea which is being pressured by the international community to stop its nuclear missile tests, other observers said.

Last year, DICT directed all banks, government agencies, hospitals, institutions, schools, and telecommunication companies to hire network security administrators and put in place systems that would regularly monitor possible cyber-attacks and breaches.

Looking forward, Cabanlong said DICT will put up its National Cyber-intelligence Centre to expand its capability to protect all computer systems nationwide.

Right now, “DICT is working on band-aid solutions to cyber-attacks; it is limited to oversight function; and it cannot protect all computer systems in the country,” admitted Cabanlong, adding, “No single agency can do it alone. The private sector and multi-government agencies must work together on this campaign.”

The DICT has yet to compile a record of government agencies and private companies in the Philippines that are vulnerable to breaches, other critics said.

Source: http://gulfnews.com/news/asia/philippines/philippine-government-starts-tracking-down-north-korean-cyber-hackers-1.2118823

  • 0