Most Updated News on How to Protect Against DoS Attacks!

1
3 Key Questions You Should Be Aware Of When Fighting Off Cyber Crime
2
Black Friday and Cyber Monday are upon us. Is your network ready?
3
DDoS attacks have doubled in six months, up 91% on first quarter
4
Securing your APIs
5
DDoS attacks on UK businesses double in six months
6
Kodi Users on Apple TV at Risk of Getting Hacked
7
The Internet of Things could easily be the Internet of Threat
8
Distributed-Denial-Of-Service Attacks And DNS
9
Are they prepared: The healthcare industry’s fear of the cyber threat
10
Man charged for using vDOS hacker for hire against Minnesota firm

3 Key Questions You Should Be Aware Of When Fighting Off Cyber Crime

Fighting cyber crime is an ongoing task that has only been getting harder and harder to accomplish. DDoS attacks against networks have been getting larger and more complex so it is important to know the right questions to ask when one such attack happens. Of course there are obvious questions like ‘Who is doing the attack?’ ‘How are they doing it?’ ‘Why are they doing it?’ and ‘Where from is the attack coming?’ but here are three other questions you need to have at the front of your mind when preparing for a  cyber-attack.     

1. How Do You Protect Your Networks & Applications Against Modern, Sophisticated DDoS Attacks?

According to a recent report, DDoS attacks of greater than 50Gbps have more than quadrupled and companies experiencing between six and 25 attacks per year has ballooned by more than four times since 2015. Defending against this deluge of DDoS is imperative. To do this you need to make sure to utilise three key weapons, detection, mitigation and analytics, when fighting in this war against modern multi-vector DDoS attacks.

Powerful DDoS detection and mitigation software is a must as an effective one will help to discover encrypted and harmful traffic, then dispose of it. The best way of doing this is by analysing the common traffic trends during peace time and then running those findings to help eliminate anomalous changes. This will prevent any potentially harmful traffic from entering your network.

2. How Do You Eliminate The SSL/TLS Blind Spot?

Recent studies show that roughly 70 percent of all traffic is encrypted. That means if your company is not decrypting and inspecting encrypted traffic, there’s no way of knowing what kind of nefarious files or threats are flowing through unnoticed. It seems what you don’t know really can hurt you!

However, by offloading CPU-intensive SSL decryption and encryption functions from third-party security devices, while ensuring compliance with privacy standards, it is possible to eliminate these blind spots completely. There are some great programs out there that can handle this, just make sure you find one that can decrypt traffic because many do not.

3. How Can You Manage Application Delivery Across Hybrid Clouds & On-Premise?

You’re either already running applications in the cloud, or you plan to in the near future. But the move to the cloud introduces a new set of challenges, one of which is: how do you easily manage your on-premise applications and your cloud applications in a centralised fashion?

Well, the best way is to use a cloud-based controller that can connect to and manage all of your applications. These programs can configure and manage policies for other applications as well as collect performance data and other analytics. Some can even be self-managed and automate the set-up process of new applications you install, improving efficiency and saving precious time.

Those are just three of the questions to be had about cyber-security in the workplace. No doubt there will be many more. Thankfully many of these fixes can be implemented almost immediately with very little assembly required. So if you are worried about how secure your network really is then just answer these three questions. Ask them to your IT team and see if they can give you an answer. It is important that everyone knows what to do so that you can keep your network safe from any kind of nefarious attacker.

Source: http://www.businesscomputingworld.co.uk/3-key-questions-you-should-be-aware-of-when-fighting-off-cyber-crime/

Black Friday and Cyber Monday are upon us. Is your network ready?

Dive Brief:

  • Black Friday, Small Business Saturday and Cyber Monday are part of the most popular shopping weekend of the year. To prepare for the influx of traffic, Walmart’s IT department initiates tests for e-commerce year-round “to scale, meet and exceed traffic projections” during the weekend, Paul Antony, senior vice president of global infrastructure and operations for Walmart Labs, told CIO Dive in an email.
  • The big-box retailer launches tests based on traffic trends to best serve the 79% of consumers expected to shop both in-store and online for Black Friday, according to a Deloitte survey of 1,200 U.S. consumers.
  • About 36% of respondents said they are “influenced by deals from a mobile device while in-store,” and brick-and-mortar stores with an e-commerce site should also prepare for the 46% of consumers they stand to lose if they have to wait for a website experiencing technical issues, according to the report

Dive Insight:

The holiday shopping season is like open season for hackers. Because of the influx of online traffic, hackers take full advantage of the financial vulnerability of consumers. Phishing schemes and distributed denial-of-service (DDoS) attacks are some of the most prevalent threats this coming weekend.

The fear of cyberthreats is not only for retailers. Nearly one-third of shoppers won’t shop online this holiday season for fear of a website’s weak security. That’s not to mention that only about 18% of consumers believe a retailer’s cybersecurity efforts are at the status they should be.

But Black Friday and Cyber Monday invite the elevated risk of a DDoS attack. DDoS attacks increased by 380% in quarter one alone this year. This is in part due to DDoS attacks’ low-costs. Hackers only need to spend $5 for a 300-second attack, and a 24-hour attack costs about $400.

While it only costs hackers around $18 an hour, half of the companies targeted could lose up to $100,000 or more per hour during an attack. In 2015, about 73% of enterprises experienced at least one DDoS attack.

Retailers can’t afford to lose customers due to too much traffic or a hacker purposefully flooding their network, so businesses should ensure that redundancy measures are in place for the threats of a DDoS attack or a data breach as Black Friday and Cyber Monday approach.

Source: https://www.retaildive.com/news/black-friday-and-cyber-monday-are-upon-us-is-your-network-ready/511436/

DDoS attacks have doubled in six months, up 91% on first quarter

IoT devices in the dock as DDoS stages a resurgence, but stealth and sophistication also on the rise.

Businesses are being hammered by an average of eight DDoS attack attempts per day, an increase of 35 percent compared to Q2 2017, and a massive 91 percent increase over Q1 2017, according to new figures.

The huge increase in volume is partly due to the prevalence of DDoS services online, often marketed as ‘Booters’ ‘Stressers’ and similar tools, as well as the volume of easily-compromised IoT devices, according to the researchers from Correro. One example being the Reaper botnet, which has allegedly compromised more than one million organisations all across the globe, and has been described as “more sophisticated” than Mirai and “the next cyber-hurricane”.

Russ Madley, head of VSMB & channel, Kaspersky Lab UK said: “While DDoS attacks have been a threat for many years, it’s still important that businesses take them seriously as they are one of the most popular weapons in a cyber-criminal’s arsenal. A DDoS attack can be just as damaging to a business as any other cyber-crime, especially if used as part of a bigger targeted attack. The ramifications can be far-reaching as they’re able to reach deep into a company’s internal systems. Organisations must understand that protection of the IT infrastructure requires a comprehensive approach and continuous monitoring, regardless of the company’s size or sphere of activity.”

Unfortunately, while the sheer volume and scale of attacks has risen, their sophistication has too, with fifth of the DDoS attack attempts recorded during Q2 2017 deploying multiple attack vectors to pick apart victim’s defences. The researchers also pointed out that many less sophisticated DDoS attacks are designed to be a distraction and delaying tactic to tie up internal security experts and resources while a more subtle incursion is under way elsewhere.

Stephanie Weagle, VP, Corero Network Security warned that: “Sophisticated multi-vector DDoS attacks are becoming the new normal, with the potential to knock organisations of all types and sizes offline. Often lasting just a few minutes, these quick-fire attacks can be used as a smokescreen, designed not to outright deny service but to distract from an alternative motive, usually data theft and network infiltration. In order to effectively meet the challenge of this rapidly evolving threat landscape, organisations need to adopt modern DDoS defences that will provide both instantaneous visibility into DDoS events, real-time mitigation as well as long-term trend analysis to identify adaptations in the DDoS landscape.”

Source: https://www.scmagazineuk.com/ddos-attacks-have-doubled-in-six-months-up-91-on-first-quarter/article/709147/

Securing your APIs

Covering your APIs

Web APIs are not exactly a new technology. You can find an API for almost any service offered online. The reason for the popularity is not surprising, APIs easily and efficiently facilitate integration between applications. This inter-application communication allows partnerships to efficiently share data and resources, allowing the automation of many tasks that would otherwise require human interaction.

This inter-application access is a double-edged sword. By design these APIs allow external systems to access, and often manipulate, data and processes within your application. This exposes far more of your internal systems and operations than a webserver ever could. Yet despite this risk it is surprising how many companies fail to adequately protect their APIs.

Web APIs, at their heart, are just web requests.

They are transmitted via the HTTP protocol just like web pages. They are stateless transactions, just like web pages. It shouldn’t be any surprise then that web APIs need all the same protection that your webapplication does.

Use SSL Encryption:

I can’t think of a single web API use case where encryption is a bad idea. If we were talking about the same access to data, or functional ability on a website form you wouldn’t hesitate to secure the webpage with HTTPS; it shouldn’t be any less for APIs that carry that same data / functionality plus any authentication credentials that are submitted along with every request. Just because there is no browser warning to the user is no reason to skip an essential security step.

Validate parameters

Just like above, if this was a web form, you wouldn’t skip this right? Just like a web form data validation protects you from malicious code, errors and just plain nonsensical results. Unlike the web form the direct submitter isn’t a rational thinking person, any gaps or errors in data on their side can cause an automated process to submit all kinds of interesting requests.

Web APIs are so much more than web requests.

APIs also grant an elevated level of access to your internal systems, above and beyond what is available in a typical webpage. Furthermore,most API calls happen within applications internal mechanisms, which aren’t going to read error messages or apply common sense to their inputs. This means, compared to websites, APIs are an increased risk and need to be protected as such.

Use Strong Authentication / Authorization

Unlike web pages, which are generally published for public consumption, APIs are designed to share information with specifically authorized partners.There is an important distinction to be made between Authentication and Authorization. Typically, APIs will use the same token for both and use the term authentication token and authorization token interchangeably. Authentication proves the identity of the requestor, and authorization deals with the permissions of the requestor. OAuth and Authentication Tokens are two common ways to implement strong authentication.Forauthorization implementations consider using access control protocols like XACML to define what a user or role may access.

Restrict Methods

Web requests typically use GET or POST requests to retrieve or send data respectively. HTTP allows for many other lesser known methods like PUT, DELETE, or TRACE. These methods can have unexpected consequences on APIs if they are not properly handled. Restrict request methods to only those explicitly required by the API.

Lastly your APIs are publicly available, and you need to be aware of what information is being leaked through them.

Provide Error Handling Routines

Mistakes happen, sooner or later your application will have to deal with unexpected inputs or events, some of which can cause errors in your application. The default error messages often contain sensitive information about the internal workings of your system.

Warning: mysql_connect() [function.mysql-connect]: Can’t connect to MySQL server on ‘localhost’ (10013) in /var/local/www/include/dbconfig.php on line 23

Failure to handle and censor these errors delivers sensitive information to the end user.

Employ Anti-fusking

Sequential or predictable IDs allow visitors to easily guess IDs of resources they shouldn’t have access to. Hash IDs or UUIDs obscure this information. By itself this might not seem like much of a risk, but combined with any other misconfiguration it makes an attacker’s job an order of magnitude easier.

How DOSarrest can help protect your API:

Use DOSarrest VIP as API gateway

Most secure systems recommend separating your internal / sensitive systems from public systems via an intermediary perimeter system, sometimes known as DMZ. The DMZ, often protected by firewalls, serves as control point restricting what is exposed from the internal zones.

The core design of DOSarrest VIP services function exactly like API gateways, restricting access only to what is explicitly permitted.

Protect APIs with Threat Detection / Removal

Web APIs by and large are far more computationally expensive than websites. Consequently, application DoS attacks are far more effective when targeting APIs.

DOSarrest is able to deal with DoS attacks and other threats like SQL injection at a scale much greater than any appliance could ever manage.

Use Proven Solutions

If its’s not tested, it’s not secure. One of the basic principles of security is to only use proven, tested solutions. At DOSarrest we have been providing internet security solutions for over 10 years. We are not an add-on service to another existing business. We are not generalists. Since our inception DOSarrest was created to stop attacks.

Sean Power

Security Solutions Architect

DOSarrest Internet Security

Source: https://www.dosarrest.com/ddos-blog/securing-your-apis/

DDoS attacks on UK businesses double in six months

Vulnerable IoT devices and DDoS-as-a-service drive surge in attacks

British businesses are under siege from a growing wave of DDoS attacks, as new figures reveal the number of incidents has almost doubled over the past six months.

UK organisations suffered an average of 237 DDoS attacks per month during Q3 2017, equivalent to eight attacks every single day. This figure is up by 35% from the previous quarter, and more than 90% compared to Q1 2017, according to a new report from DDoS mitigation firm Corero, based on data gathered from attack attempts against its customers.

DDoS attacks work by flooding a target server with so much traffic that it falls over, disrupting normal operations and knocking any related systems or services offline. The tactic is a perennial favourite of cyber criminals and malicious pranksters, as it is cheap and easy to execute.

This has become even more true in recent years. The leaking of the Mirai source code, used to take down a DNS firm providing access to high profile sites like Twitter, has led to an explosion in botnets populated by thousands of unsecured IoT devices, and dark web marketplaces now allow non-technical users to cheaply hire DDoS services that can be directed against whomever they choose.

“The growing availability of DDoS-for-hire services is causing an explosion of attacks,” said Corero CEO Ashley Stephenson, “and puts anyone and everyone into the crosshairs. These services have lowered the barriers to entry in terms of both technical competence and price, allowing anyone to systematically attack and attempt to take down a company for less than $100.”

Cyber criminals are also getting smarter about how they deploy DDoS attacks, the research reveals. Rather than simply using sustained, high-volume attacks, criminals are instead targeting multiple layers of a company’s security simultaneously with short bursts of traffic.

“Despite the industry fascination with large scale, internet-crippling DDoS attacks,” said Stephenson, “the reality is that they don’t represent the biggest threat posed by DDoS attacks today.”

“Often lasting just a few minutes, these quick-fire attacks evade security teams and can sometimes be accompanied by malware and other data exfiltration threats. We believe they are often used in conjunction with other cyber attacks, and organisations that miss them do so at their peril.”

Source: http://www.itpro.co.uk/security/29989/ddos-attacks-on-uk-businesses-double-in-six-months

Kodi Users on Apple TV at Risk of Getting Hacked

Kodi, the free media player, is pretty popular among those who use Apple TV and it has always been an open-ended approach to streaming. It appears that the software is vulnerable and those who installed it are at risk of being hacked.

TvAddons warns Kodi users to be careful

An anonymous writer posted on TvAddons that Apple TV 2 requires a jailbreak to run Kodi. The Apple TV 2 jailbreak comes with an OpenSSH protocol and the default password “alpine”. Many of those who follow this process do not bother to even change the password and it leaves their device at the mercy of hackers.

How to solve this conundrum?

The easiest solution is to use the nitoInstaller app that jailbroke Apple TV 2 and change your password. To do so, the first step is to connect to your Apple TV and then go to the Advanced bar (on nito’s toolbar). The second and final step is to click on the option Change SSH Password. By changing the password your device might receive some extra security. An unsecured Apple TV could be the victim of DDoS attacks, spam, malware and more.

Apple TV 2 is a little outdated

The latest Kodi update for Apple TV 2 was released in 2015 and it is not a good idea to continue using them together. A good solution would be to buy a newer device or use Nvidia Shield or Amazon Fire TV.

Kodi: a popular open source media player

The software has been developed by XMBC Foundation and it allows those who download it to play and watch streaming media: videos, music, podcasts, internet videos and more. Many Kodi fans like the software because it is very customizable: several skins and plenty of plug-ins. Users can stream media via Amazon Prime Instant Video, Crackle, Spotify, Pandora Internet Radio and more.

Source: https://www.terrorismattacks.com/tech-journal/kodi-users-apple-tv-risk-getting-hacked/3403

The Internet of Things could easily be the Internet of Threat

In more devices connecting and communicating to each other, we run the risk of one particular threat on the Internet – that of botnets.

The Internet of Things (IoT), unlike SMAC (Social Mobile Analytics Cloud), moved faster from being an industry buzzword to reality. However, what needs to be examined is whether businesses are prepared to fully leverage IoT.

The McKinsey Quarterly for March of 2010defined IoT as: “sensors and actuators embedded in physical objects—from roadways to pacemakers—are linked through wired and wireless networks, often using the same Internet Protocol (IP) that connects the Internet. These networks churn out huge volumes of data that flow to computers for analysis. When objects can both sense the environment and communicate, they become tools for understanding complexity and responding to it swiftly.”

Essentially, vast volumes of information that, primarily, is exchanged between devices. This has several benefits to organizations. One use case to emphasize this is predictive maintenance.

Machines enabled with sensors and connectivity give businesses real-time capability to measure production equipment, allowing for cost-effective approaches to maintenance that can improve both factory productivity and capacity utilization by avoiding breakdowns. In effect, businesses can now move to a model of predict and prevent from repair and replace.

Predictive maintenance and city-wide systems are just two use cases. There are several more that straddle retail environments, offices, and vehicles.

However, in more devices connecting and communicating to each other, we run the risk of one particular threat on the Internet – that of botnets. A botnet is a group of computers/devices connected in a coordinated fashion for malicious purposes; wherein each node within the botnet is referred to as a bot.

Botnets give rise to DDoS (Distributed Denial of Service) attacks much like the one in 2016 that affected ISPs in India, which was in the range of 200 gigabytes per second. At Akamai, we have successfully defended against DDoS attacks exceeding 620 Gbps. What’s important to focus on is not only the size of the attacks but the prevalence of them. In an age where IoT is supposed to be making things better, scope for equally nefarious applications of useful technology exist.

In India, IoT adoption is growing. According to a NASSCOM report titled IoT in India: The Next Big Wave, the IoT market in India is poised to reach USD 15 billion by 2020 accounting for nearly five percent of the total global market.

As the number of devices connecting with each other increases, so does the attack surface. India is already a prime target (and source of) web application attacks – according to data in our Second Quarter, 2017 State of the Internet / Security Report, India is 2nd in the list of countries in Asia Pacific that sourced the most web application attack traffic with close to 12,000,000 (12 Million) web application attacks attributed as originating from the country after China.

While this is a significant number, India also ranks 8th in the list of target countries for Web Application Attacks, globally.

The growth and use cases in IoT are not all for naught, however. While the threat looms, there are ways out. What’s required is awareness and standardization of processes. Threats and remedies to internet-based vulnerabilities are constantly evolving and at times depend on the individual capabilities within organizations. Going forward, there should be a constant exchange of information across organizations.

At a broad level, organizations do collaborate with CERT-In, the Indian Computer Emergency Response Team. While it’s truly positive to see that there’s increased information sharing between individual organizations and the government entity tasked with the Nation’s cybersecurity effort, what would be more impactful is when organizations come together, as a collective, to address the problem and arrive at approaches on how best to move forward, to safeguard their IP and their users.

Source: https://tech.economictimes.indiatimes.com/news/corporate/the-internet-of-things-could-easily-be-the-internet-of-threats/61671652

Distributed-Denial-Of-Service Attacks And DNS

Distributed-denial-of-service (DDoS) attacks have become the scourge of the internet. DDoS attacks use compromised internet devices to generate enormous volumes of data and direct that data at a particular target such as a web server or router. That target either keels over due to some critical resource becoming exhausted, or it finds its connection to the internet saturated by garbage traffic.

DDoS attacks are simultaneously cheap to carry out and expensive to defend against. Almost anyone can order a DDoS attack against any target with no technical knowledge required. All that’s necessary is a website from which to order the attack (yes, such things exist) and some bitcoins with which to pay for it. The attacks generally use botnets with devices that have been compromised and infected with malware. Building internet infrastructure capable of withstanding the volume of data generated by a botnet requires costly over-engineering, commercial DDoS mitigation services or both.

Unfortunately, DDoS attacks have a special relationship to the Domain Name System: DDoS attacks both target and exploit DNS servers. By “target,” I mean that attackers frequently direct DDoS attacks at an organization’s authoritative DNS servers. These are the DNS servers responsible for advertising your DNS data to the rest of the internet; a successful DDoS attack against them will render your customers unable to visit your website or send you email. Every organization with a presence on the internet must have a set of authoritative DNS servers, and given even the most basic information — for example, one of your email addresses or the domain name of your website — a would-be attacker can find the names and addresses of those DNS servers, giving them a list of targets.

A particularly notable DDoS attack on authoritative DNS servers was the attack on Dyn in October 2016.  Attackers used the Mirai botnet to overwhelm Dyn’s DNS servers with a whopping 1.2 terabits per second of traffic. Dyn’s DNS servers couldn’t respond to legitimate DNS queries under the load, which left Dyn’s customers — including the New York Times, Reddit, Tumblr and Twitter — unreachable.

However, DNS servers are not just opportune targets of DDoS attacks. Clever attackers will use DNS servers to make their attacks more effective and to conceal their origins. This is possible for two main reasons: 1) Relatively small DNS queries can elicit large responses, and 2) DNS works over a “connectionless” protocol that’s easily spoofed.

Let’s discuss the first issue: DNS queries are generally small (less than 100 bytes long). However, they can generate much larger responses (4,000 bytes or more). This is what we refer to as amplification. In this case, the amplification factor is 4,000 bytes/100 bytes, or 40x.

Amplification wouldn’t be a problem if DNS responses were always sent back to the source of the query. However, DNS’s use of the User Datagram Protocol (UDP) makes it easy to spoof queries — that is, to send queries that look as though they came from another address. UDP is connectionless: Each UDP “datagram” is independent, like a postcard sent through the postal service rather than a text message in a stream of such messages. All an attacker needs to do is to use the address of his target as the source address in the packet that contains a DNS query — like writing a bogus return address on a postcard — and the DNS server will send the reply to the target rather than the real source of the query.

This makes it easy to enlist DNS servers as unwitting accomplices in a DDoS attack. An attacker can use a botnet to generate a high volume of queries to well-connected DNS servers on the internet, spoofing the source address of their target, and the DNS servers amplify the query traffic into a larger volume of response traffic. Moreover, the traffic that arrives at the target comes from the DNS servers rather than the attacker, making it difficult to trace the attack back to its origin.

Thankfully, there are several mechanisms that can help DNS servers defend against DDoS attacks. One is “anycast,” a configuration technique that lets a distributed group of DNS servers share a single address. The internet’s routing infrastructure directs queries sent to that address to the closest DNS server in the anycast group. This is efficient, of course, but it also implies that an attack launched from one part of the internet can only reach a single DNS server in an anycast group at any time. For example, a DDoS attack using a botnet based in China and targeting the anycast address used by a group of DNS servers would find all of its traffic directed to the closest DNS server in the anycast group. As a result, many organizations, including most DNS hosting companies, use anycast to make their DNS infrastructures resistant to DDoS attacks.

Newer DNS servers also incorporate a mechanism called Response Rate Limiting (RRL) to prevent their use as amplifiers in DDoS attacks. RRL limits the rate at which a particular response is sent to the source of a query. For example, if a DNS server receives too many queries for any records about Infoblox.com from the same address, it will throttle responses to that address. If the source of the query is legitimate, this won’t cause a problem: It will cache the response, making duplicate responses unnecessary. But if the queries are spoofed and the DNS server is being used as an amplifier, this will limit the amplification and therefore the damage it can do.

Companies need to anticipate the possibility that their DNS services could be the target of these attacks. Without DNS, all internet applications and services are unreachable, bringing business to a grinding halt. In fact, recent research from Infoblox found that 24% of companies lost $100,000 or more due to downtime from their last DNS attack. Today, far too many businesses put all their eggs in one basket, relying on a single cloud-based DNS provider, leaving them vulnerable to an attack like we saw on Dyn.

Source: https://www.forbes.com/sites/forbestechcouncil/2017/11/15/distributed-denial-of-service-attacks-and-dns/#54fbe1036076

Are they prepared: The healthcare industry’s fear of the cyber threat

Infoblox report finds 1 in 4 UK healthcare IT professionals aren’t confident in their organisation’s ability to respond to cyber attacks.

Technology is booming in healthcare organisations with digital transformation policies leading to increased adoption of connected medical devices, big data analytics for faster and more accurate diagnoses, and paperless systems for the easy exchange of patient information.

 As technology becomes more ingrained into core healthcare offerings, there is an increased threat of cyberattacks disrupting services, stealing sensitive patient data, and putting lives at risk. Infoblox commissioned a survey of UK and US healthcare IT professionals to gain a better understanding of whether the healthcare industry is adequately prepared to combat this evolving threat.

Ready for ransomware

Following the significant disruption caused to the NHS by WannaCry in May 2017, many healthcare organisations are preparing themselves for further ransomware attacks. One quarter of participating healthcare IT professionals reported that their organisation would be willing to pay a ransom in the event of a cyber attack. Of these, 85% of UK respondents have a plan in place for this situation.

Dangerous operating systems

The number of connected devices on healthcare organisations’ networks is exploding, with 47 per cent of the large healthcare organisations surveyed indicating that they are managing over 5,000 devices on their network.

One in five healthcare IT professionals reported that Windows XP is running on their network, which has been unsupported since April 2014. 18 per cent indicated that connected medical devices on their network are running on the unsupported operating system, leaving organisations open to exploitation through security flaws in these unpatched devices.

Patching outdated operating systems is impossible for the 7% of IT professionals responding that they don’t know what operating systems their medical devices are running on. Even when the operating system these devices run on is known, a quarter (26%) of large organisations either can’t or don’t know if they can update these systems.

Investing against the threat

85% of healthcare IT professionals reported that their organisation has increased their cyber security spending in the past year, with 12% of organisations increasing spending by over 50%.

Traditional security solutions are the most popular, with anti-virus software and firewalls the solutions most invested in over the past year, at 61% and 57% respectively.

Half of organisation have invested in network monitoring to identify malicious activity on the network; one third have invested in DNS security solutions, which can actively disrupt Distributed Denial of Service (DDoS) attacks and data exfiltration; and 37% have invested in application security to secure web applications, operating systems and software.

Rob Bolton, Director of Western Europe at Infoblox said: “The healthcare industry is facing major challenges that require it to modernise, reform and improve services to meet the needs of ever more complex, instantaneous patient demands. Digital transformation presents a massive opportunity to support the doctors and nurses who work tirelessly – but these new technologies also introduce new cyber risk that must be mitigated.

The widespread disruption experienced by the NHS during the WannaCry outbreak demonstrated the severe impact to health services that can be caused by a cyberattack. It’s crucial that healthcare IT professionals plan strategically about how they can manage risk within their organisation and respond to active threats to ensure the security and safety of patients and their data.”

The report includes a case study on how Geisinger Health uncovered malicious activity on its network and was able to quickly and accurately identify the offending device, containing the malware before it spread throughout the network.

Commenting on the event, Rich Quinlan, senior technical analyst at Geisinger Health, said: “In spite of all the conventional steps we take to protect our internal network, patient care could still be affected. We could have an entire hospital full of useless ultrasound devices because one was brought in with a virus and we have no control over them. And if it was able to exfiltrate data, we would have a compliance issue.”

Source: http://www.information-age.com/business-can-stamp-credential-theft-123469539/

Man charged for using vDOS hacker for hire against Minnesota firm

Federal prosecutors are charging John Kelsey Gammell, 46, with using hackers for hire to launch DDoS attacks against former employers and other companies.

Gammell has been charged with intentional damage to a protected computer and authorities say he made monthly payments between July 2015 and September 2016 to services like the now defunct vDOS platform along with others to launch periodic attacks and to bring down Washburn Computer Group in Monticello, Minn. according to court records.

Authorities say Gammell also used these services on at least half a dozen other companies as well.

Gammell’s attorney, Rachel Paulose argues that her client never personally attacked the company and that authorities instead should focus their efforts on the hackers for ihire.

“The government has failed to charge a single one of those ‘cyber hit men’ services, named and evidently well known to the government,” Paulose said according to the Star Tribune. “Instead the government’s neglect has allowed the professional cyber hit men for hire to skip off merrily into the night.”

Paulose added that the Washburn attacks were essentially a prank on a dormant site not doing business. If convicted Gammell could serve between 15 and 17 years in prison.

Source: https://www.scmagazine.com/man-faces-charges-in-hacking-for-hire-case/article/707035/

Copyright © 2014. DoS Protection UK. All Rights Reserved. Website Developed by: 6folds Marketing Inc. | Demo Test