Mirai: Trio confesses to creating the world’s most powerful DDoS botnet

One of the hackers also open sourced the code, enabling criminals to launch their own attacks

Three men have admitted to being the authors of the devastating Mirai botnet, which was used to launch a DDoS attack that took large parts of the internet offline last year before being widely shared with cyber criminals.

Paras Jha, 21, of Fanwood, New Jersey; Josiah White, 20, of Washington, Pennsylvania; and Dalton Norman, 21, of Metairie, Louisiana, all pleaded guilty to operating Mirai last week, in a court case unsealed by the US Department of Justice yesterday.

The trio built the botnet over the summer and autumn of 2016, targeting IoT devices like routers and wireless cameras, and targeting device vulnerabilities that would let Mirai enslave connected gadgets.

Mirai was behind one of the most effective DDoS attacks ever, hammering DNS provider Dyn with access requests from tens of millions of different IP addresses to force it offline and thereby bring down Github, Reddit, Twitter, Spotify and other huge companies that rely on Dyn to route users to their sites.

  • 0

Throwing Caution to the Cloud?

The Hidden Costs of Moving IT operations onto the Cloud

As the CTO of a Cloud DDoS Protection Service, it would seem that I would be shooting myself in the foot by raising alarms about hidden costs in moving onto the cloud. After all, shouldn’t everything IT (including Security) be moved to cloud, with it’s promises of low cost, high flexibility and immediate scalability? On the surface, this sounds like a great opportunity for CIO’s and CSO’s who are trying to deal with a volatile budget, but like anything else in life, it’s best to take a closer look before committing.

When I speak with our customers, many of whom have been transitioning their system and storage to a cloud provider, we’ll often have discussions about support of their new setups within Amazon, Azure, etc. These migrations pose no problems for the DOSarrest service, and the conversations will invariably pivot into a Q&A on ideal hosting setups within these popular platforms, as I have had experience working with cloud hosting in my past lives. What I have noticed in conversing with these customers is that the same mistakes of the past are still occurring with high frequency even now, which is the pursuit of short term saving without fully auditing their existing setups and requirements. IT managers are still often attempting to take a snapshot of their server inventory and attempt to replicate it in the cloud during a migration, without fully appreciating that they have excess server capacity. This results in buying extra capacity when it is not required. What’s even worse are when IT managers are blissfully ignorant of the resources and processes operating within their environment that typically have little cost, and have no idea what that will look like on the invoice sheet when those same processes get moved into the cloud. Some good examples of areas that get overlooked in the migration are:

  1. CPU & Memory – it’s a safe bet you could walk into any enterprise datacenter and the vast majority of the systems will be running idle with the occasional 10% CPU load and minimal RAM. Yet each system will have robust specs (eg. 8 core, 32 Gb/s of RAM). Do you really need to replicate those specs in the cloud, even if it is cheaper than buying the actual server yourself?
  2. Storage –Similar to point 1, you will see a lot of disk space being unused in a datacenter. We all have to deal with growing and shrinking volumes, but have you recorded peak disk usages on a system for 1 day, 1 month, 1 year? Doing so would help ensure you don’t simply get the 5 TB option when it’s not needed
  3. Data Transfer/Bandwidth – it’s surprising to me how bandwidth generated by a server farm is often ignored by IT managers. BW plans with their upstreams will allow them to be ignorant of that I suppose. However, when moving to the cloud, you could end up with a hefty bill if you are unsure how much traffic your systems can generate during peak loads. You should also be aware of charges for data transfer between regions and zones.

When it comes to Security in the cloud, there are again other considerations one should account for to avoid paying extra costs.

a) Service Level Agreements – Does the cloud service provider have triple 9’s, Quadruple 9’s? More importantly, does the SLA have a limit to the size of attacks it will support? Is there a different price for each tier of SLA’s?

b) Throughput – the Service provider may say that they have Tb/s of capacity, but is there extra charges if there is a sustained attack over 50 Gb/s? 100 Gb/s? 500 Gb/s?

c) Tiered Support – often you will see a different price schedule for the types of support. 30 minute response versus 15. Phone support being extra

d) Cost for features – Are their additional charges for CDN? How about Web Application Firewall? Machine Learning for identifying anomalous traffic patterns?

At DOSarrest we recognize the cost risk for IT managers, and put all services under one fixed price, simplifying their budgetary exercises and minimizing potential cost over runs in the face of an unknown threat landscape. I know that if a customer of ours is fully using the services we offer that have no extra cost to them they can save thousands of dollars a month on a cloud hosting platform invoice.

In summary, do your due diligence. The cloud can be incredibly powerful with significant savings, but understand what your requirements are.

Jag Bains

CTO, DOSarrest Internet Security

Source: https://www.dosarrest.com/ddos-blog/throwing-caution-to-the-cloud/

  • 0

Bitfinex restored after DDoS attack

Bitcoin exchange Bitfinex says its systems have been restored after the company was hit by a second denial of service attack in just over a week.

Bitfinex, which claims to be the world’s largest and most advanced cryptocurrency exchange, says it has restored its systems after coming under a “heavy” distributed denial of service (DDoS) attack.

Despite claiming on its website that Bitfinex is “protected by automatic distributed denial of service” systems, the company has been affected twice in December 2017 and once in November by DDoS attacks.

According to Bitfinex, the attackers created “hundreds of thousands of new accounts,” causing stress on the Bitfinex’s infrastructure. The exchange said it took about 12 hours to restore normal operations and that new user signups had been suspended temporarily to reduce demand on its infrastructure.

The latest DDoS attack on Bitfinex comes just days after an Imperva report showed that the bitcoin industry was one of the top ten industries most targeted by DDoS attacks in the third quarter of 2017.

Cyber security industry analysts say the increased interest in Bitcoin as its value continues to surge is making it a prime target for cyber criminals either for extortion or theft.

Igal Zeifman, director at Imperva Incapsula, extortionists and other cyber criminals are commonly drawn to successful online industries, especially emerging ones that are less likely to be well protected.

“Specifically for bitcoin, the DDoS attacks we mitigated could also have been attempts to manipulate the price of bitcoin and other cryptocurrency, something we know offenders had tried in the past,” he said.

According to the Imperva report, organisations targeted by DDoS campaigns in the third quarter spent an average of 12 hours under attack.

This latest DDoS attack on Bitfinex underlines how increased prominence can make businesses more vulnerable to DDoS attacks, said Kirill Kasavchenko, principal security technologist for Europe at Arbor Networks.

“The bitcoin market has been a hot topic over the past week, which has led to a surge in buyers,” he said. “Hackers are notoriously opportunistic, so it makes sense that they’re seizing this opportunity to make it difficult for Bitfinex to maintain usual business activities.”

Businesses which rely on their website as a route to market, said Kasavchenko, must learn lessons from this, and evaluate whether their current DDoS protection could work harder for their business.

“In response to bitcoin’s growth, attackers might launch DDoS attacks against exchanges not only as extortion threat, but also as a way to manipulate cryptocurrency rates by making trading platforms unavailable.

“Last but not least, cryptocurrencies do not have any legal status in most countries,” he said. “This means prosecution of attackers is often problematic not only from technical, but also from a legal point of view.”

Targeting bitcoin exchanges

In line with the trend of targeting bitcoin exchanges, cyber criminals stole nearly $80m worth of bitcoin from bitcoin mining and exchange service NiceHash.

According to NiceHash, the attackers – believed to be from outside the EU – accessed the company’s systems at around 00:18 GMT on 7 December, and began stealing bitcoin three and a half hours later.

This is the latest in a string of cryptocurrency heists in 2017, and security researchers are predicting the trend will only intensify in 2018.

As the bitcoin value continues to soar, its attractiveness to attackers – both at a criminal and nation state level – will increase in proportion, according to Richard Ford, chief scientist at security firm Forcepoint.

Source: http://www.computerweekly.com/news/450431741/Bitfinex-restored-after-DDoS-attack

  • 0

Be Sure To Ask Tough Questions Of Your DDoS Mitigation Solution

Every time I read another report about distributed denial of service (DDoS), I find myself either cringing or smiling. That’s the easiest way to boil down my reactions. Much in the same vein of “each data breach cost one bajillion dollars!” while making my best Dr. Evil face. The scoring, or the methodology used, in general usually causes me to pause if it isn’t immediately clear how the scores were arrived upon. Then there are reports where the ledes can get buried. The juicy pieces that might not seem immediately clear.

Last week the Forrester research team released their Forrester Wave report as it pertained to DDoS Mitigation Solutions. It made for an interesting read. Kudos to all of the companies that scored well in the report. Naturally, each company released their respective “we’re number one” press releases, my own company included. It makes perfect sense that they would all do this as they all have that to be proud of. Beyond that, what jumped out me as I read the report was that 1) appliances don’t scale, 2) the ability to react and respond is paramount and 3) the ability to scale is key.

I was at a conference earlier this year where I had some time to walk the vendor floor. There were two prevalent themes that I took away from this stroll. There were dozens of ransomware protection related startups that were vying for customers attention. But, more relevant to my interests was the swath of ‘DDoS mitigation’ companies that were there. One in particular, who was not on the Wave report, trumpeted that they could afford their customers 1.5 GB of protection from DDoS attacks…with their appliance.

Let that soak in for a moment. This was a company that was using the idea of holding up gauze in front of a semi-truck and hoping it would offer some sort of protection (Hat tip to the late great Robin Williams). When we take into account that there have been documented DDoS attacks in excess of 600 Gbps this seems cold comfort.

A couple years ago I was speaking with a customer that had an appliance-based solution in place. I asked them how they would deal with an attack that exceeded their stated capacity and the response was “we’d buy more boxes.” This ranks right up there with having a line in your disaster recovery report that says you will go to Best Buy to purchase laptops in the event of a calamity.

The Wave report had this passage, “Akamai received favorable feedback on its ability to detect new attack types while yielding few false positives. Reference customers remarked on the company’s responsiveness, expertise, and ability to immediately stop attacks.” A wonderful endorsement from Akamai’s customers. This is important when you have a company that is service based. You can’t just get a signed P.O., drop the product off, and ride off into the sunset. This happened to me back in the 90s when I deployed a security system and I made the naive inquiry as to how we could update the software and how often the updates would be made available. This was met with a slack jawed look from the sales representative. You need to live in the shoes of your customer.

As a customer, you need to be an advocate for your company. You need to be able to ask the tough questions. How will the product scale? How are updates handled? What sort of bench strength does your company have to support my organization? Does the vendor have an acceptable use policy? You don’t want to have the uncomfortable realization that you might be sharing a platform or service with criminal hackers.

A DDoS mitigation solution should be a partner. This isn’t a line item on a budgeting spreadsheet after staplers and coffee creamer. No matter what sort of industry report you might be reading be sure to peel back the layers. You need to advocate for your company and ensure you are getting the best of breed service and support – and are not playing the catcher position on the javelin team!

Source: https://www.forbes.com/sites/davelewis/2017/12/11/be-sure-to-ask-tough-questions-of-your-ddos-mitigation-solution/#377ee5d13f53

  • 0

Bitcoin industry enters top 10 DDoS targets

The bitcoin industry has become one of the top 10 industries most targeted by distributed denial of service attacks, a report has revealed

A spike in the number of bitcoin-related sites targeted by distributed denial of service (DDoS) attacks coincided with a spike in the value of the cryptocurrency of $4,672 in the third quarter, according to Imperva’s latest global DDoS report.

The report is based on data from 3,920 network layer and 1,755 application layer DDoS attacks on websites using Imperva Incapsula services between 1 July and 30 September 2017.

The data shows that 73.9% of all bitcoin exchanges and related sites on the Imperva Incapsula service were attacked during the quarter, ahead of the cryptocurrency’s meteoric rise to more than $11,600 in the first week of December.

As a result of the third-quarter spike, the relatively small and young bitcoin industry made it into the top 10 most attacked industries during the three-month period, taking eighth spot above the transport and telecoms sectors.

The most-attacked sector was gambling (34.5%), followed by gaming (14.4%) and internet services (10.8%).

Igal Zeifman, director at Imperva Incapsula, said the large number of attacks on bitcoin exchange sites is a clear example of DDoS attackers following the money.

“As a rule, extortionists and other cyber criminals are commonly drawn to successful online industries, especially emerging ones that are less likely to be well-protected,” he said.

“Specifically for bitcoin, the DDoS attacks we mitigated could also have been attempts to manipulate the price of bitcoin and other cryptocurrency, something we know offenders have tried in the past.”

According to the report, organisations targeted by DDoS campaigns in the third quarter spent an average of 12 hours under attack, half of network layer targets were hit at least twice, and almost 30% were attacked more than 10 times.

Nearly one-third of DDoS targets in the third quarter were attacked 10 or more times, with an interval of at least an hour between assaults.

Hong Kong topped Imperva’s list of the most targeted countries for network layer assaults during the quarter, mainly because of a persistent attack on a local hosting service that was hit hundreds of times in the quarter.

The largest application layer assault targeted a financial services company headquartered in Europe, which was hit multiple times with attacks above 100,000 requests per second.

The quarter also saw high packet rate attacks, in which the packet forwarding rate escalates above 50 million packets per second (Mpps), becomes more common, with 5% of all network layer assaults above 50 Mpps, and the largest attack peaking at 238 Mpps.

This is a cause for concern, the report said, because many mitigation systems are ill-equipped to process packets at such a high rate.

In November 2017, Harshil Parikh, director of security at software-as-a-service platform firm Medallia, told the IsacaCSX Europe 2017 conference in London that any business dependent on the internet should use tried and tested ways of detecting and mitigating DDoS.

He said it is important that such organisations take time and effort to build their DDoS defence capabilities because DDoS attacks are fairly easy and cheap for attackers to carry out.

“With the advent of botnet-based DDoS attack services that will be effective against most companies, anyone can target an organisation for just a few bitcoins,” said Parikh.

source: http://www.computerweekly.com/news/450431318/Bitcoin-industry-enters-top-10-DDoS-targets

  • 0

Alleged DDOS attack wipes almost $2,000 off Bitcoin price

BTC now trying to stablize around $9,500

Over the past 24 hours, Bitcoin (BTC) has been on a parabolic run all the way from $10,000 up to almost $11,500. Many including myself feared a sharp correction would be due at any moment, as the kind of growth we saw was not sustainable, not even in the crazy world of crypto.
BTC hit a high of $11, 441 on Bitfinex before tumbling quickly all the way down to $9,000 in just a few minutes. Many went to Twitter to voice opinion that the reason for the drop was a DDOS attacked on many of the largest exchanges around the world. While a mass DDOS attacked has not been confirmed yet, it seems likely it was the cause of the sudden crash.

Screen Shot 2017-11-30 at 08.56.57

Approximately $53 billion was wiped off the total cryptocurrency market cap in under an hour, a figure which calculates the value of Bitcoin and other alternative coins combined. At the time of publishing, Bitcoin was trading close to $9600, but appears to be facing resistance heading back to $10,000 and beyond.

Source: https://www.tweaktown.com/news/59992/alleged-ddos-attack-wipes-2-000-bitcoin-price/index.html

  • 0

THIS IS HOW TO PREPARE FOR A CYBER ATTACK

Cybersecurity is only in the spotlight when it fails. After high-profile, large-scale data breaches, it takes a beating. But cybersecurity provides critical layers of infrastructure in our modern, cyber-dependent society. Rehearsing for potential failures is always worthwhile.

Executives tend to relegate cybersecurity to the IT department.

That is a mistake, because cyber incidents affect the entire organisation. We should conduct regular cybersecurity drills, as we do fire and safety drills. That’s where tabletop exercises can play a big role.

At last month’s Cyber3 Conference Tokyo 2017, international stakeholders from academia, industry, government and civil society gathered at Keio University for the third annual conference on cybersecurity.

The meeting was an opportunity for ministries and agencies to align on cybersecurity, and for the private sector to follow suit. Japan’s private sector has the lowest efficiency and productivity in the G7; improving its cybersecurity could change this.

During the two-day conference, a tabletop exercise (or TTX) simulated cyber-attacks on Japan’s forthcoming 2019 Rugby World Cup. The simulation generated insights applicable not only to large-scale sports events such as the 2020 Tokyo Olympic and Paralympic Games, but also to the national cybersecurity infrastructure of Japan and other countries.

HACKING THE RUGBY WORLD CUP

The simulation, dubbed Operation Rugby Daemon, was aimed at helping Japanese government agencies, businesses, and other stakeholders understand, coordinate and better respond to potential cyber threats to information flows and critical infrastructures. It was sponsored by the Sasakawa Peace Foundation USA.

Three types of cyberattacks were simulated between a theoretical date range of 20 September to 2 November, 2019: (1) phishing e-mails to acquire access to critical industrial control systems, (2) disruption of the power grid based on network access gained from these e-mails, and (3) distributed denial of service (DDoS) attacks against the Rugby World Cup website and related internet addresses.

In the TTX, four teams of eight to 10 people from government and industry acted as a public-private task force to ensure security during the World Cup. They were given clues through a series of injects on two dates, with information coming from domestic and foreign sources.

The energy grid penetration and the DDoS attacks occurred simultaneously, emulating the ‘fog’ of cyberwar. The teams were challenged to identify the sources of the attacks and prevent serious consequences. They were also asked to present a five-minute summary of their response to a control team of observers.

In the phishing attack, hypothetical adversaries sent emails to staff at a large Japanese power utility, industrial conglomerates, and Japan’s Ministry of Economy, Trade and Industry (METI). The phishing e-mail contained a description in Japanese that concealed malicious code. In the scenario, a utility worker clicked on the attachment, giving attackers a foothold in the utility’s local area network (LAN).

If team members failed to take effective steps, there would be a power failure at Yokohama Stadium during the World Cup’s final game. If they took remedial steps, a small part of the grid would go down, but the utility would be able to react quickly and compensate.

In the DDoS attacks, websites associated with the Japanese prime minister, the Rugby World Cup, and other public and private entities were hit with more than 700 Gbps of incoming traffic, causing them to go down. A ransom note, purportedly from an anti-whaling group, was sent to the utility’s CEO. The attacks appeared to be foreign botnet operators conducting the DDoS through an overseas address. The scenario included diversion-tactic information sent to Japan’s National Police Agency. Teams that took effective steps were able to mitigate the extent of damage from the DDoS attacks.

LESSON LEARNED

The teams were encouraged to coordinate and act quickly. This tests a very real-world problem of authority’s ability to respond in crises. Aside from the need to coordinate horizontally, government officials must know what they can and cannot do. Otherwise, they will lose precious time sending permission requests to higher-ups, who may then send them further up the chain of command, slowing the response and wasting crucial time.

As Paul Maddinson of the UK National Cyber Security Centre told conference attendees, the most useful thing he could do when managing a team of responders during the WannaCry attack was to order pizza for them. They knew their roles, responsibilities and authority. Mr Maddinson stepped back and let them do their job.

The most effective participants communicated rapidly with domestic and international partners, shared information, and formed conclusions that helped mitigate the DDoS attacks and the power grid disruption. Other teams chose not to make key recommendations to higher authorities because they questioned their legality. Some players tried to send requests directly up the chain of command to lead agencies, instead of sharing horizontally.

Aside from the importance of sharing information and communicating across regulatory jurisdictions, one of the most important lessons gained from the TTX is that participants need to develop situational awareness as events unfold. This involves understanding how the individual pieces fit into the bigger picture, as well as being aware of the timeline of phishing attacks transitioning to power grid disruptions. The same will hold for any large cyber incident.

Operation Rugby Daemon showed that Japan must develop a series of TTXs to raise awareness about cybersecurity for the upcoming sports events. It must develop experienced game veterans who can offer useful recommendations in real-world situations. Japan also needs experts with the ability to make decisions based on incomplete information – a stressful experience that can only be prepared for during TTX exercises like the Rugby World Cup scenario. Book knowledge and checklists are no match for the ability to coordinate, share information and make quick decisions that can have a huge impact in a crisis.

“The fact that we store our wealth and treasure in databases in computers more than banks makes us vulnerable,” Richard Ledgett, former deputy director of the US National Security Agency, told conference attendees after participating in the TTX.

“Cybersecurity underpins our daily existence and democracy. These threats are serious and real. With the tabletop exercises, we highlighted how hard it is to respond. We need to practice, practice.”

Several of the security industry’s leading vendors and academic institutions now offer cyber range centres, which provide testing and training to simulate cyber-attack preparedness and response in much the same way TTX do. Any technology vendor should have a good answer when asked about training resources. Keeping cyber skills sharp can make as much difference during a crisis as any other investment in people, process or technology.

Source: http://ewn.co.za/2017/11/29/this-is-how-to-prepare-for-a-cyber-attack

  • 0

3 Key Questions You Should Be Aware Of When Fighting Off Cyber Crime

Fighting cyber crime is an ongoing task that has only been getting harder and harder to accomplish. DDoS attacks against networks have been getting larger and more complex so it is important to know the right questions to ask when one such attack happens. Of course there are obvious questions like ‘Who is doing the attack?’ ‘How are they doing it?’ ‘Why are they doing it?’ and ‘Where from is the attack coming?’ but here are three other questions you need to have at the front of your mind when preparing for a  cyber-attack.     

1. How Do You Protect Your Networks & Applications Against Modern, Sophisticated DDoS Attacks?

According to a recent report, DDoS attacks of greater than 50Gbps have more than quadrupled and companies experiencing between six and 25 attacks per year has ballooned by more than four times since 2015. Defending against this deluge of DDoS is imperative. To do this you need to make sure to utilise three key weapons, detection, mitigation and analytics, when fighting in this war against modern multi-vector DDoS attacks.

Powerful DDoS detection and mitigation software is a must as an effective one will help to discover encrypted and harmful traffic, then dispose of it. The best way of doing this is by analysing the common traffic trends during peace time and then running those findings to help eliminate anomalous changes. This will prevent any potentially harmful traffic from entering your network.

2. How Do You Eliminate The SSL/TLS Blind Spot?

Recent studies show that roughly 70 percent of all traffic is encrypted. That means if your company is not decrypting and inspecting encrypted traffic, there’s no way of knowing what kind of nefarious files or threats are flowing through unnoticed. It seems what you don’t know really can hurt you!

However, by offloading CPU-intensive SSL decryption and encryption functions from third-party security devices, while ensuring compliance with privacy standards, it is possible to eliminate these blind spots completely. There are some great programs out there that can handle this, just make sure you find one that can decrypt traffic because many do not.

3. How Can You Manage Application Delivery Across Hybrid Clouds & On-Premise?

You’re either already running applications in the cloud, or you plan to in the near future. But the move to the cloud introduces a new set of challenges, one of which is: how do you easily manage your on-premise applications and your cloud applications in a centralised fashion?

Well, the best way is to use a cloud-based controller that can connect to and manage all of your applications. These programs can configure and manage policies for other applications as well as collect performance data and other analytics. Some can even be self-managed and automate the set-up process of new applications you install, improving efficiency and saving precious time.

Those are just three of the questions to be had about cyber-security in the workplace. No doubt there will be many more. Thankfully many of these fixes can be implemented almost immediately with very little assembly required. So if you are worried about how secure your network really is then just answer these three questions. Ask them to your IT team and see if they can give you an answer. It is important that everyone knows what to do so that you can keep your network safe from any kind of nefarious attacker.

Source: http://www.businesscomputingworld.co.uk/3-key-questions-you-should-be-aware-of-when-fighting-off-cyber-crime/

  • 0

Black Friday and Cyber Monday are upon us. Is your network ready?

Dive Brief:

  • Black Friday, Small Business Saturday and Cyber Monday are part of the most popular shopping weekend of the year. To prepare for the influx of traffic, Walmart’s IT department initiates tests for e-commerce year-round “to scale, meet and exceed traffic projections” during the weekend, Paul Antony, senior vice president of global infrastructure and operations for Walmart Labs, told CIO Dive in an email.
  • The big-box retailer launches tests based on traffic trends to best serve the 79% of consumers expected to shop both in-store and online for Black Friday, according to a Deloitte survey of 1,200 U.S. consumers.
  • About 36% of respondents said they are “influenced by deals from a mobile device while in-store,” and brick-and-mortar stores with an e-commerce site should also prepare for the 46% of consumers they stand to lose if they have to wait for a website experiencing technical issues, according to the report

Dive Insight:

The holiday shopping season is like open season for hackers. Because of the influx of online traffic, hackers take full advantage of the financial vulnerability of consumers. Phishing schemes and distributed denial-of-service (DDoS) attacks are some of the most prevalent threats this coming weekend.

The fear of cyberthreats is not only for retailers. Nearly one-third of shoppers won’t shop online this holiday season for fear of a website’s weak security. That’s not to mention that only about 18% of consumers believe a retailer’s cybersecurity efforts are at the status they should be.

But Black Friday and Cyber Monday invite the elevated risk of a DDoS attack. DDoS attacks increased by 380% in quarter one alone this year. This is in part due to DDoS attacks’ low-costs. Hackers only need to spend $5 for a 300-second attack, and a 24-hour attack costs about $400.

While it only costs hackers around $18 an hour, half of the companies targeted could lose up to $100,000 or more per hour during an attack. In 2015, about 73% of enterprises experienced at least one DDoS attack.

Retailers can’t afford to lose customers due to too much traffic or a hacker purposefully flooding their network, so businesses should ensure that redundancy measures are in place for the threats of a DDoS attack or a data breach as Black Friday and Cyber Monday approach.

Source: https://www.retaildive.com/news/black-friday-and-cyber-monday-are-upon-us-is-your-network-ready/511436/

  • 0

DDoS attacks have doubled in six months, up 91% on first quarter

IoT devices in the dock as DDoS stages a resurgence, but stealth and sophistication also on the rise.

Businesses are being hammered by an average of eight DDoS attack attempts per day, an increase of 35 percent compared to Q2 2017, and a massive 91 percent increase over Q1 2017, according to new figures.

The huge increase in volume is partly due to the prevalence of DDoS services online, often marketed as ‘Booters’ ‘Stressers’ and similar tools, as well as the volume of easily-compromised IoT devices, according to the researchers from Correro. One example being the Reaper botnet, which has allegedly compromised more than one million organisations all across the globe, and has been described as “more sophisticated” than Mirai and “the next cyber-hurricane”.

Russ Madley, head of VSMB & channel, Kaspersky Lab UK said: “While DDoS attacks have been a threat for many years, it’s still important that businesses take them seriously as they are one of the most popular weapons in a cyber-criminal’s arsenal. A DDoS attack can be just as damaging to a business as any other cyber-crime, especially if used as part of a bigger targeted attack. The ramifications can be far-reaching as they’re able to reach deep into a company’s internal systems. Organisations must understand that protection of the IT infrastructure requires a comprehensive approach and continuous monitoring, regardless of the company’s size or sphere of activity.”

Unfortunately, while the sheer volume and scale of attacks has risen, their sophistication has too, with fifth of the DDoS attack attempts recorded during Q2 2017 deploying multiple attack vectors to pick apart victim’s defences. The researchers also pointed out that many less sophisticated DDoS attacks are designed to be a distraction and delaying tactic to tie up internal security experts and resources while a more subtle incursion is under way elsewhere.

Stephanie Weagle, VP, Corero Network Security warned that: “Sophisticated multi-vector DDoS attacks are becoming the new normal, with the potential to knock organisations of all types and sizes offline. Often lasting just a few minutes, these quick-fire attacks can be used as a smokescreen, designed not to outright deny service but to distract from an alternative motive, usually data theft and network infiltration. In order to effectively meet the challenge of this rapidly evolving threat landscape, organisations need to adopt modern DDoS defences that will provide both instantaneous visibility into DDoS events, real-time mitigation as well as long-term trend analysis to identify adaptations in the DDoS landscape.”

Source: https://www.scmagazineuk.com/ddos-attacks-have-doubled-in-six-months-up-91-on-first-quarter/article/709147/

  • 0