Crypto-Mining Attacks Emerge as the New Big Threat to Enterprises

Attackers looking to hijack systems for illegally mining digital currencies have begun eyeing business systems, security vendors say.

 In an ominous trend for businesses, hijacking computers for cryptocurrency mining appears to have become the go-to strategy for cybercriminals looking for a safe and reliable way to generate illegal revenues.

Several vendors in recent days have reported a huge surge in illegal crypto-mining activity involving millions of hijacked computers worldwide. Professional cybercriminals are moving away in droves from less profitable exploits to making money via the surging global interest in digital currencies, said Digital Shadows in the latest warning on this trend.

The activity has begun to pose as much of a threat to businesses as it does to consumers. Security vendor CrowdStrike recently reported that it had seen multiple instances of businesses being impacted by illegal crypto-mining activity. In some cases, mining tools installed illegally on business systems have caused applications and hardware to crash, causing operational disruptions lasting days and sometimes even weeks, says Bryan York, director of services at CrowdStrike.

“We’ve seen an uptick in unauthorized crypto-mining, or cryptojacking, targeting businesses,” he says. “While cryptocurrency mining has typically been viewed as a nuisance, we’ve recently seen several cases where mining has impacted business operations,” York warns.

Mining 101

Crypto mining is a fairly complex process where a computer’s processing resources are used for blockchain transaction verification. Mining is a very CPU-intensive, resource-hogging activity and some digital currencies like Bitcoin require special-purpose hardware to do it. Several other digital currencies like Monero, Zcash, and Ethereum, however, can also be mined by pooling the resources of multiple computers.

In return for installing a mining tool and allowing their computer resources to be pooled for mining, the miners or owners of the computers, receive digital coins in return. Mining itself is a legal activity, and many people around the world allow their systems to be used for the purpose in hopes of making some money on the side.

In recent months, however, cybercriminals have begun surreptitiously installing crypto-mining tools on victim computers and using resources of those compromised systems for the same purpose. Instead of taking over computers to steal data or install ransomware, cybercriminals have simply begun stealing system resources and using this to illegally profit from digital currency mining.

“These attacks are much stealthier than their predecessors,” Cisco’s Talos threat group said in a report this week. “Attackers are not stealing anything more than computing power from their victims and the mining software isn’t technically malware.”

When installing mining software, some criminals have even begun putting limits on things like CPU usage and amount of cores being used to ensure users don’t notice any obvious performance hit as result of mining software running on their system. In theory, victims could remain part of the adversary botnet indefinitely, Talos said in its report.

E-Currency Theft

Illegal crypto-mining is just one form of cryptocurrency fraud. Cybercriminals have also begun stealing tens of millions of dollars directly from electronic wallets used to store digital currency, as well as targeting cryptocurrency exchanges and trading platforms. Michael Marriott, research analyst at Digital Shadows, points to one recent incident where criminals targeted the Initial Coin Offering for blockchain application company Experty and used phishing emails to trick potential coin buyers to send funds to an attacker-owned wallet.

In another incident just this week, thieves emptied a staggering $500 million from Japan’s Coincheck cryptocurrency exchange.

However, illegal mining – especially for Monero – has quickly emerged as one of the most reliable and safe ways for cybercriminals to profit from the cryptocurrency craze. Using the Monero cybercurrency as an example, Talos has estimated that a threat actor using 2,000 hijacked computers can generate $500 per day, or $182,500 per year. There are some botnets with millions of infected systems that criminals can leverage to generate more than $100 million from cryptocurrency mining, according to Talos.

Driving the trend is the easy availability of do-it-yourself kits that almost anyone can use for illegal mining. Criminals can rent mining botnets for as little as $30 to $130 per month, and software for distributing miners for as little as $29, according to Digital Shadows.

“We’ve seen plenty of actors changing their focus to profit from this,” says Marriott from Digital Shadows. “For example, the ransomware variant known as VenusLocker switched its business model to mine bitcoin rather than encrypt files on victims’ computers. Similarly, the RIG exploit kit has incorporated Monero mining into its features,” he says.

Satori, a botnet associated with DDoS attacks, has also recently begun targeting cryptocurrency mining, as has Smominru, a botnet that has infected over 500,000 systems and already generated some $3 million in Monero, Marriott says.

Attackers have also begun searching on sites such as GitHub for keys to cloud services such as AWS in order to use cloud-based machines to mine cryptocurrencies, he notes. “If attackers have access to an organization’s cloud services, then as well as performing mining activity, they could realistically do other malicious acts, such as stealing data or installing malware payloads,” Marriott says.


CrowdStrike has observed crypto-mining attacks within the education, entertainment, financial, healthcare, insurance, and technology sectors, says York. Some of the tools used in the attacks pose a particular threat to enterprises. One example, he says, is WannaMine, a crypto-mining worm that uses sophisticated propagation and persistence methods to spread and remain on systems, he says.

“WannaMine propagates more effectively within a corporate network than it would on consumer network,” he notes. 

It uses the Mimikatz credential-harvester to acquire credentials and move laterally within organizations using the legitimate credentials. “If unsuccessful, WannaMine attempts to exploit the remote system with the EternalBlue exploit used by WannaCry in early 2017. This approach is generally more effective in corporate networks,” he says.

Nick Biasini, a threat researcher at Cisco Talos, says organizations that aren’t already looking for miners on their infrastructure definitely should be. “This is a huge new wave of threats that is being delivered to systems in virtually every way possible,” he says.

Some examples include phishing websites and rogue browser extensions.

Performance degradation is one sign of the activity, he says. A compromised system also periodically reaches out to the broader infected pool with which it belongs, so monitoring network activity is critical. “[But] it is important to note that attackers can throttle resource usage or only mine during off-hours to make it much more difficult to detect,” Biasini adds.


  • 0


The DDoS attacks that hit ABN Amro, ING and Rabobank over the weekend and on Monday, came from servers in Russia, according to security company ESET. The company adds that this does not automatically mean that the perpetrators are also in Russia, the Telegraaf reports.

The perpetrators used a so-called botnet – an army of hijacked computers and smart devices – to commit the DDoS attacks. Using the program Zbot, they remotely ordered these devices to visit a certain site en masse, thereby overloading the site’s server and crashing the site. The command and control servers are mainly in Russia, ESET determined.

The motive for these attacks is still unknown. The security company points out that the perpetrators can be anyone ranging from bored teenagers to state hackers – DDoS attacks are easy to buy online.

The Tax Authority’s site was also hit by a DDoS attack on Monday morning, leaving the site unavailable for a short period. ESET can’t yet say whether this attack is linked to the attacks on the banks.

The Ministry of Justice and Security called the attacks on the Dutch institutions very advanced, according to BNR. “But for example Dutch banks are known in Europe for having their cyber security in order. You often see that this provokes more advanced attacks. We are now fighting at a very high level”, the Ministry said. The Ministry can’t yet say who is behind these attacks.


  • 0

DOSarrest releases new Simulated DDoS Attack platform

VANCOUVER, British Columbia, Jan. 23, 2018 (GLOBE NEWSWIRE) — DOSarrest Internet Security announced today that they have released a new Service offering called Cyber Attack Preparation Platform (CAPP). This new service allows customers to login to the CAPP portal and launch DDoS attacks on their own internet assets to see how they’re existing defenses stand up to real world attacks.

This new service enables anyone to choose from a wide variety of stock TCP and HTTP attacks some developed in house and some taken from the wild by DOSarrest over it’s 11 year history in protecting against DDoS attacks. There are over 40 different attacks to choose from, some TCP attacks can generate up to 80 Gb/sec of malicious TCP spoofed traffic, others offer more complex HTTP attacks.

Other major capabilities include;

  • Choose from any or all 5 attack source regions
  • Control the intensity of every bot in the botnet
  • Control the size of the botnet from every attack source region
  • View real time traffic to and from the source and target
  • Other variables include specific target URL’s, packet size, TCP or HTTP port
  • Instant kill button, stops any attack in progress in seconds

CEO of DOSarrest, Mark Teolis states, “We have been using a simulated DDoS attack system for a few years now but our present customers and non-customers alike want to operate the system on their own and see the results. Now they can.”

DOSarrest CTO, Jag Bains comments, “It’s interesting to see how different systems react to attacks, CAPP not only shows you the traffic to the victim but also shows you the traffic response from the victim. A small attack to a target can actually produce a response back that’s 500 times larger.” Bains adds, “This is the best tool I’ve seen to fine tune your cyber security defenses, if you fail you can make changes and launch the exact same attack again, to see if you can stop the attack.”

About DOSarrest Internet Security:
DOSarrest founded in 2007 in Vancouver, B.C., Canada specializes in fully managed cloud based Internet security services including DDoS protection services,  Web Application Firewall (WAF), Vulnerability Testing and Optimization (VTO), DataCenter Defender – GRE as well as cloud based global load balancing.


  • 0

Stay vigilant — cyber threats not over yet

Local companies should remain alert and continue to constantly update their cyber security measures as more “innovative” hacking activities are expected this year.

LGMS Services Sdn Bhd CEO Fong Choong Fook said the public and local corporations should be vigilant, as new variants of ransomware could penetrate Malaysia, resulting in various attacks as ransomware services are becoming easier to be accessed.

“Users should always stay updated with system and anti-virus developments, as well as avoid downloading or installing pirated softwares,” he said.

As hacking of Internet of Things devices are also expected to increase, the cyber security analyst urged industry players to perform regular risk assessments to evaluate their risks of cyber threats.

“They should also perform penetration testing in a proactive way and fix any loopholes before hackers take advantage of it,” he said.

Preemptive measures are vital, Fong said, as hackers are more innovative and creative in upgrading their skills and knowledge each day.

In retrospect, Fong said 2017 was the year where Malaysians were “awakened” by the threats of cyber attacks, beginning with a ransomware pandemic of WannaCry in May.

Malaysia has also faced the highly coordinated Distributed Denial of Service (DDoS) attack, followed by what was described as the biggest data leak incident in October.

CyberSecurity Malaysia CEO Datuk Dr Amirudin Abdul Wahab (picture) was reported as saying that, as Malaysians are still unaware of the existence of ransomware, they are advised to equip themselves with cyber security knowledge, as well as to use technology prudently and ethically.

In the incident, over 200,000 systems from 150 countries all over the world were hit by hackers charging US$300 (RM1,221) for their files to be decrypted.

On DDoS attack, it was reported that three linked stock brokerages and one bank were involved in the incident.

In order to ensure the success of DDoS attacks, hackers just need to leverage on computer connections and flood any targeted system with high traffic, or sending information that triggers a crash to the victim’s system.

The attack is capable to shut down a machine or network, causing the user to be blocked from accessing it.

“Company should subscribe cloud traffic scrubbing services such as ‘Cloudflare’, as well as having alternative Internet line on standby (as back up, should the attack happen),” Fong said.

He said the incident should be treated as a learning curve to the public and industry.

“We will learn to be wiser and become more proactive to prepare ourselves for volumetric DDoS attacks,” he said.

On the case of data leaks, Fong said the silver lining of it would be that the consumers have begun to realise the importance of data protection.

“The public are now starting to question the data custodians’ accountability on data privacy, which can be considered as a positive note of the entire data leak chaos,” he noted.


  • 0

Bitcoin industry enters top 10 DDoS targets

The bitcoin industry has become one of the top 10 industries most targeted by distributed denial of service attacks, a report has revealed

A spike in the number of bitcoin-related sites targeted by distributed denial of service (DDoS) attacks coincided with a spike in the value of the cryptocurrency of $4,672 in the third quarter, according to Imperva’s latest global DDoS report.

The report is based on data from 3,920 network layer and 1,755 application layer DDoS attacks on websites using Imperva Incapsula services between 1 July and 30 September 2017.

The data shows that 73.9% of all bitcoin exchanges and related sites on the Imperva Incapsula service were attacked during the quarter, ahead of the cryptocurrency’s meteoric rise to more than $11,600 in the first week of December.

As a result of the third-quarter spike, the relatively small and young bitcoin industry made it into the top 10 most attacked industries during the three-month period, taking eighth spot above the transport and telecoms sectors.

The most-attacked sector was gambling (34.5%), followed by gaming (14.4%) and internet services (10.8%).

Igal Zeifman, director at Imperva Incapsula, said the large number of attacks on bitcoin exchange sites is a clear example of DDoS attackers following the money.

“As a rule, extortionists and other cyber criminals are commonly drawn to successful online industries, especially emerging ones that are less likely to be well-protected,” he said.

“Specifically for bitcoin, the DDoS attacks we mitigated could also have been attempts to manipulate the price of bitcoin and other cryptocurrency, something we know offenders have tried in the past.”

According to the report, organisations targeted by DDoS campaigns in the third quarter spent an average of 12 hours under attack, half of network layer targets were hit at least twice, and almost 30% were attacked more than 10 times.

Nearly one-third of DDoS targets in the third quarter were attacked 10 or more times, with an interval of at least an hour between assaults.

Hong Kong topped Imperva’s list of the most targeted countries for network layer assaults during the quarter, mainly because of a persistent attack on a local hosting service that was hit hundreds of times in the quarter.

The largest application layer assault targeted a financial services company headquartered in Europe, which was hit multiple times with attacks above 100,000 requests per second.

The quarter also saw high packet rate attacks, in which the packet forwarding rate escalates above 50 million packets per second (Mpps), becomes more common, with 5% of all network layer assaults above 50 Mpps, and the largest attack peaking at 238 Mpps.

This is a cause for concern, the report said, because many mitigation systems are ill-equipped to process packets at such a high rate.

In November 2017, Harshil Parikh, director of security at software-as-a-service platform firm Medallia, told the IsacaCSX Europe 2017 conference in London that any business dependent on the internet should use tried and tested ways of detecting and mitigating DDoS.

He said it is important that such organisations take time and effort to build their DDoS defence capabilities because DDoS attacks are fairly easy and cheap for attackers to carry out.

“With the advent of botnet-based DDoS attack services that will be effective against most companies, anyone can target an organisation for just a few bitcoins,” said Parikh.


  • 0

Philippine government starts tracking down North Korean cyber-hackers

Manila: The Philippine government is tracking down North Korean hackers who were identified to have attacked a government-run cyber-security agency, a senior official said, prompting observers to assess that computer systems nationwide are vulnerable to attacks.

“The Department of Science and Technology (DOST) and its Advanced Science and Techonology Institute (ASTI) will launch an investigation on Monday following reports that North Korean hackers have launched cyber-attacks against DOST’s website,” said Department of Information and Communications Technology (DICT) Assistant Secretary Allan Cabanlong.

The DOST and ASTI will jointly look if the so-called distributed denial-of-service (DDoS) attacks that shut down websites have entered its cyber-system, said Cabanlong.

“It’s like a teargas or smoke grenade. Once it’s in the website that is under attack — the website shuts off for a specific period, allowing the attacker to send malware to the website in order to control its system,” explained Cabanlong.

The investigation was launched after Quartz, a news site, cited a study that “some North Korean users were conducting research, or possibly even network reconnaissance, on a number of foreign laboratories and research centers” including India’s Space Research Organization and the Philippines’ DOST,” said Cabanlong.

On Saturday, DOST and ASI have not yet detected the North Korean attackers in the cyber system. “If ever there was, it was not yet reported to us,” said Cabanlong, adding that hackers often target websites of research and academic institutions that are focused on content more than on security features

The reported DOST hackers could be part of North Korea’s efforts to attack perceived enemies, said Cabanlong.

They could be sympathisers of North Korea which is being pressured by the international community to stop its nuclear missile tests, other observers said.

Last year, DICT directed all banks, government agencies, hospitals, institutions, schools, and telecommunication companies to hire network security administrators and put in place systems that would regularly monitor possible cyber-attacks and breaches.

Looking forward, Cabanlong said DICT will put up its National Cyber-intelligence Centre to expand its capability to protect all computer systems nationwide.

Right now, “DICT is working on band-aid solutions to cyber-attacks; it is limited to oversight function; and it cannot protect all computer systems in the country,” admitted Cabanlong, adding, “No single agency can do it alone. The private sector and multi-government agencies must work together on this campaign.”

The DICT has yet to compile a record of government agencies and private companies in the Philippines that are vulnerable to breaches, other critics said.


  • 0

Cybersecurity: into the data breach

Cybersecurity has become a significant issue as attacks are increasing. In the new payments ecosystem, where third-party developers can directly interact with banks’ customers, data privacy and security become paramount, according to the World Payments Report 2017 by Capgemini and BNP Paribas.

A significant issue to address as the new payments ecosystem evolves is that of cybersecurity. During the past few years, cyberattacks and crimes have increased across the globe, with corporate and financial institution entities, large and small, targeted.

The price of increasing collaboration among industry stakeholders in the new payments ecosystem could be an increase in cyber security vulnerabilities. To alleviate this risk, corporates are increasingly turning to their banks for advice on how to strengthen their infrastructures against cyber attacks. To ensure the highest levels of cybersecurity and the security of infrastructures in the new payments ecosystem, each stakeholder must assess security across all the data sources and points of collaboration.

The need for robust cyber security solutions to cater to all forms of cyberthreats has never been greater for corporate treasurers as new technologies proliferate and collaboration increases. Of prime importance for corporates in developing defence mechanisms is awareness of potential cyber security risks, regular updating of security profiles and continuous training of employees. This is because attacks perpetrated by cybercriminals are unpredictable in both timing and nature.

The vulnerabilities stakeholders face include cyber security, data privacy, data breaches, and payments fraud. The utmost vigilance is required to protect organisations against cyber attacks and all stakeholders, including regulators, must be more proactive regarding cybersecurity, with ownership of the issue taken to prevent attacks.

In the new payments ecosystem, third-party developers can directly interact with a partner banks’ customers, raising questions about data privacy and security. In an increasingly networked ecosystem, identifying the source of attack will be a challenge.

Verizon’s 2017 Data Breach Investigations Report found that security incidents and data breaches affect both large and small financial organisations almost equally. However, the security of larger banks is difficult to compromise as they invest more in cyber security solutions. Smaller banks, which do not have the same access to resources, are more prone to cyberattacks.

A fraud survey by the Association for Financial Professionals and JP Morgan found that the highest levels of fraud in 2016 were perpetrated via cheques. However, there was a surge in wire transfer fraud, from 27 per cent in 2014 to 46 per cent in 2016.

An increasing number of cyber security breaches are causing significant losses for banks and corporates across the world. Among recent incidents, in February 2016, a cyberheist at Bangladesh Central Bank resulted in a loss of $81 million and prevented another $850 million worth of transactions from being processed on the Swift network. Similarly, in May 2016 cybercriminals hacked the Swift system and stole $9 million from Ecuadorian bank Banco del Austro.

In May 2017, the WannaCry ransomware attack affected more than 150 countries and 200,000 computers, as attackers demanded each of those affected to pay up to $300 worth of bitcoins to unlock their systems.

In a survey for World Payments Report , bank executives ranked distributed denial of service (DDoS) attacks and customer payments fraud as the main security challenges they face. Also of concern were the high levels of card fraud, which place a significant cost burden on banks. The increasing adoption of digital offerings in transaction banking is also giving rise to higher levels of payments fraud, making cyber security a top priority for banks and corporates.

Customer payments fraud is the top ranked concern for financial technology companies and other survey respondents. This group is much less likely to view DDoS attacks as a threat; data breaches due to hacking attacks was of more concern, as was internal fraud.

While banks are investing significantly in cybersecurity solutions, there are still many risks at the corporate level that they cannot manage. Corporates must, therefore, step up their own efforts to manage cybersecurity risk and not leave it all to the banks. They should upgrade their internal systems, train their staff, and review their partners’ systems.

The idea of a cyberattacker as a lone figure hacking into systems is now obsolete. Cyberattacks are perpetrated by entities that are set up like companies, with project managers, key performance indicators and operations.

Attacks to compromise corporates and banks are designed to be multi-staged, with two main objectives: commercial gain and industry espionage. In general, the funds received via attacks go into the coffers of the organisation, while the intelligence gained during an attack will be used by perpetrators to gain a business advantage. Attacks can happen at any time, and over time, therefore all corporates should be vigilant and on constant guard against attacks.

So serious are the growing cyberattack and data breach problems that regulators across the globe should move from their present reactive approach to a more proactive one. Stringent regulations and fines to strengthen cybersecurity laws are required from regulators. Many regulations related to this are, however, still in the inception stage. Europe has relatively the most mature cybersecurity and data privacy laws, with recent initiatives including the Electronic Identification and Trusted Service which was launched in 2016.

Effective cybersecurity requires organisations to efficiently and quickly identify, mitigate and manage cyber risks and incidents. All stakeholders are taking measures to strengthen the security of transactions against potential cyber threats. Banks and other stakeholders have three options available to them: collaborating with financial technology companies, making investments in advanced technologies and monitoring tools, and strengthening internal governance to ensure seamless compliance.

  • Collaboration with fintechs

This is occurring in several areas including secure authentication and authorisation, account onboarding, identity verification and anti-money laundering. Examples include India’s Yes Bank and FortyTwoLabs’ development of multi-factor authentication tool PI-Control, which enables users to apply for internet banking access, pay bills, transfer funds, seek loans, make remittances and undertake other card transactions.

Rabobank in the Netherlands is working with Signicat to provide digital identity solutions that can be easily integrated using API technology. As banks increasingly collaborate with fintechs and regtechs, due diligence, adherence to industry standards and participating in the development of new industry standards has become critical.

  • Investment in advanced technologies and monitoring tools

Blockchain technology is still in a nascent stage, with its potential as an enabler of digital identity and payment transaction security still being tested. Banks can leverage the technology to differentiate themselves in the provision of digital identity, authentication and know your customer services.

Banks are investing in projects that combine advanced cryptography that supports private or permitted use of blockchain technology with transaction security elements that provider greater transaction visibility. To ensure the highest levels of cybersecurity and transaction security, all the ecosystem participants must assess security from multiple sources in the network. Common security standards and protocols when developing and investing in new technologies and monitoring tools will be increasingly important as collaboration increases.

With a common network governing the interfaces between banks and third-party providers, various groups are developing network-based security standards to ensure a secure environment is built around the dynamic payments ecosystem. The ability to respond to cyber threats or attacks in real-time is hampered by legacy security systems. Traditional security monitoring typically identified and reacted to cyber threats in isolation. A modern approach identifies specific unusual patterns or behaviour and alerts operational teams to anomalous activity. Advanced machine learning algorithms are the logical next step as response mechanisms in the event of a threat.

Artificial intelligence (AI) systems are being piloted globally, yet legal issues regarding accountability for the actions of such systems persist. Contextualisation of threats (linking the threat to the business and not just to technology) is needed to identify the source and understand the objective behind any attack. Another useful approach is risk-based authentication (RBA) to detect the risk profile of transaction banks and retailers. Using RBA and analytics processes, banks can create a threat matrix of fraud profiles to triangulate the threat instances to their origin and be able to proactively block fraudulent traffic. Behavioural analytics, AI, machine learning and threat matrix can help to continuously monitor the ecosystem network and provide threat intelligence.

Banks can undertake various activities such as continuously checking all systems for possible threats, observing markets, scenario simulation, examination of previous attacks, monitoring activities and applications, and establishing a payments control centre to permanently monitor payments and identify exceptional situations.

  • Robust internal governance

A robust governance model and standards are imperative for seamless functioning of the new payments ecosystem. Banks and treasurers need to interact with central authorities and regulators to share feedback, which in turn will help to improve compliance. Banks and treasurers are increasingly collaborating with regtechs to ensure compliance. Industry stakeholders must establish common data, technical, legal, functional, and security standards for robust governance.

Firms will be well served if they can ensure that security systems have multiple layers to withstand ‘flood’ attacks. To ensure a foolproof system, firms should identify the data needs of all stakeholders before finalising the controls to put in place.

With the onset of General Data Protection Regulation (GDPR) and revised Payment Services Directive (PSD2) in the EU, the focus on compliance with data privacy and security has increased. Firms must install a dedicated team to continuously review and update security policies. Additionally, stakeholders should work with the local regulatory authorities to understand the complexity of different regional legal requirements and expectations for each country.

Firms must ensure mandatory data privacy and security training is conducted at regular intervals. Educating employees on potential threats and ensuring they keep their systems updated would have prevented, or greatly reduced the impact of, events such as the WannaCry ransomware attack.


  • 0

National Lottery hit by DDoS attack – down 90 mins at peak demand time

On Saturday the UK National Lottery’s website was down – just as those players who stake online, rather than in retailers, were trying to pick their numbers and part with their cash – thanks to a DDoS attack.

On Saturday the UK National Lottery’s website was down – just as those players who stake online, rather than in retailers, were trying to pick their numbers and part with their cash – thanks to a DDoS attack.

Hitting a retail business causes it to loose money, but in the case of many time-sensitive events, that money can never be recouped,  which was why newspaper print unions were so strong – yesterday’s news is no good tomorrow, and a bet now on last night’s lottery won’t win you much either. Both the gaming sites and the DDoS attackers know this, making gaming both highly targeted and highly defended.

On the other hand, although there are other lotteries, there are not a lot of direct competitors to the National Lottery, so while it offered an apology to those customers unable to use its smartphone app or access its website, a quick fix is likely to retain their custom, but each hit is a direct revenue loss.

According to downdetector, and later confirmed by the National Lottery, the cause was indeed a DDoS attack, but it is not clear if it was the subject of a ransom, or if it might have been a demonstration of capability ahead of a future threat of attack.

Kirill Kasavchenko, principal security technologist at Arbor Networks emailed SC Media UK to comment:  “This latest DDoS attack shows that cyber-criminals are still up to old tricks, this time deliberately targeting the National Lottery website at a time of peak demand. We can also see that response plans are often not up to scratch, with the incident lasting 90 minutes. Websites who are unable to contain a DDoS attack like this risk losing their audience to competitors if they are unable to minimise the disruption, so it is essential that organisations expect cyber-attacks and know how they will respond.

“All organisations must examine their current DDoS defences, and decide whether their current processes are robust enough to ensure operations will not be halted by a DDoS attack. To guard against such attacks, organisations should implement best current practices for DDoS defence. That includes hardening network infrastructures, ensuring complete visibility of all network traffic, and implementing sufficient DDoS mitigation capacity and capabilities. Those mitigation defences ideally should be a combination of on-premises and cloud-based DDoS mitigation services. It is also crucial that organisations ensure their DDoS defence plan is kept updated and is rehearsed on a regular basis.”


  • 0

Protecting an online presence – DOSarrest’s technology leads the way

With over a decade of experience protecting websites from malicious traffic, DOSarrest has lead the way from the start. It was one of the first to supply its client base with a real-time statistical dashboard and an intuitive configuration management console. Fast forward to today where it has just released its 5th major software upgrade; it’s these types of leading-edge features and services and a forward-looking road map that keeps it in the top tier of cloud-based DDoS mitigation companies.

Some of DOSarrest’s new enhancements, just released, include an all-new front-end which supplies customers with 15 different statistical displays that are fully interactive, allowing customers to view just the statistics they are interested in. It’s clear from the work the company has put into this system that it knows what’s required to stay on ahead of the ‘bad actors’. It has also redeveloped its back-end software using the latest tools, including a new distributed database structure, which has the advantage of allowing it to develop and deploy new features in a matter of minutes, for attacks not yet even known.

DOSarrest has also fine-tuned their cloud-based Web Application Firewall (WAF), which unlike many of their competitors’ is based on a positive security model, not a negative security model. Most people and even some security techs are not aware of the difference. Have a quick read of the blog post regarding the latest Equifax breach to get a real-life explanation of what happened and how DOSarrest’s cloud-based WAF would have prevented such a devastating data breach.

DOSarrest doesn’t seem to follow its competitors or hyped up media trends; this must be due to its experience over its rivals in the DDoS protection arena. It has just installed a big data analytics cluster, which feeds its customer portal with real-time interactive displays. One asks why big data for a customer portal? DOSarrest will tell you that the real reason is to leverage machine learning. Machine learning, which has been tried by many organizations but proved to be not worth the effort and eventually abandoned by most enterprises, is not the case at DOSarrest. It has leveraged its big data cluster in conjunction with machine learning to yield some impressive results.

DOSarrest states that the most difficult attacks to stop are the ones you don’t really notice. By this it articulates that if a website runs 10 Mb/sec of legitimate traffic it’s very possible to throw 75 Kb/sec of sophisticated, well-placed malicious traffic at the website and cause the website to slow considerably and eventually stop responding to legitimate visitors. Its machine learning system finds this small amount of malicious traffic and blocks it. DOSarrest states it’s like being able to find a needle in a haystack.

In order to prove the point regarding small sophisticated attacks being the most difficult to detect and mitigate, DOSarrest has developed a website attack/stress simulator. This is a brand-new service called the Cyber Attack Preparation Platform (CAPP) and the company is running beta tests for a select number of customers. This service allows customers to login into a platform, input their attack target website, then choose from a selection of over 30 different attacks and even combination attacks. Along with the attacks, it enables users to choose from a variety of regions where one wants the attack to originate from, some of the choices being Europe, eastern or western US, Canada or Asia, or all of them. It also allows one to choose the size of the botnet and the intensity of each bot. Given that this privately-controlled botnet is dangerous in the wrong hands, it is strictly controlled and throttled on a per-user basis.

In summary DOSarrest has proven itself to be a leader in fully-managed cloud-based DDoS protection services and is constantly adding capacity, enhancements, new technology and related security services to its portfolio. Should you be thinking of security for your website operations, DOSarrest is a very experienced, capable and customer-oriented solution provider.


  • 0

CHJ Tech. Teams up with DOSarrest to deliver Internet Security Solutions for the Singapore Government

SINGAPORE, Sept. 25, 2017 (GLOBE NEWSWIRE) — CHJ Technologies Singapore announced today that they have been chosen as one of the 6 approved vendors to supply cloud based DDoS protection and Web Application security services for the Singapore government over the next 3 years.  The Singapore Government expects to spend SGD $50m to keep government websites going even under an attack.  CHJ is the exclusive distributor of DOSarrest Internet security services in Singapore and is utilizing their DDoS and WAF solutions to satisfy the Singapore government’s security requirements.

Linus Choo, Managing Director of CHJ Technologies states “CHJ Technologies has a substantial track record providing cyber security services in Singapore. Having first been awarded DDoS mitigation contracts with the Singapore government in 2014, we are both elated and honored to have been awarded for a second time in this latest tender.  We feel that this renewal of our services is a testament to the calibre of services our team provides and our partnership with DOSarrest.

“Understanding the strategic importance of cyber security services, we align and integrate perfectly with the investments our government is making in DDoS protection and other cyber security services, this makes the continuation of our collaboration with the government all the more valued.  This is a very significant accomplishment for both CHJ Technologies and DOSarrest.”

Mark Teolis, CEO of DOSarrest explains “It was a very rigorous process to meet all the requirements of the Singapore government’s security specifications, in the end we beat out many competitors 3 years ago and we did it again this year.” Teolis adds “CHJ Tech is a great match for us, their staff on the ground and customer support paired with our technology is a home run.”

Choo adds “We are actively exploring other opportunities in the Asean region as a partner with DOSarrest.“

About DOSarrest Internet Security:
DOSarrest, founded in 2007 in Vancouver, B.C., Canada, is one of only a couple of companies worldwide to specialize in only cloud based DDoS protection services.  Additional Web security services offered are Cloud based Web Application Firewall (WAF), Vulnerability Testing and Optimization (VTO), DataCenter Defender – GRE as well as cloud based global load balancingand a simulated DDoS attack Platform.

For more information:

About CHJ Technologies:

Founded in 1987 and headquartered in Singapore, we have become one of Asia’s leading and fastest-growing managed cybersecurity service providers. Our expertise and product lines enable organizations to discover, risks and mitigate them. Continually pushing boundaries, we protect our customers’ critical assets and information wherever it lives – in the cloud and on-premises.

For more information:

Contact Information:
Lew Yong-He
+65 6896 7998


  • 0