Category - Denial of Service

1
How HTML5 Ping Is Used in DDoS Attacks
2
Man charged over Cheshire and Greater Manchester Police cyber-attacks
3
New Mirai Variant Comes with 27 Exploits, Targets Enterprise Devices
4
The DDoS landscape: where we are, and where we?re going
5
2018 In the Rearview Mirror
6
5 biggest security vulnerabilities of 2018
7
Security Think Tank: Smart botnets resist attempts to cut comms
8
6 Network Security Challenges in the Year Ahead
9
Most UK retailers plan to up cyber security
10
2018 In Review: Healthcare Under Attack

How HTML5 Ping Is Used in DDoS Attacks

A new type of distributed denial-of-service (DDoS) attack is abusing a common HTML5 attribute to overwhelm targeted victims.

Security firm Imperva reported on April 11 that it has discovered a campaign where hackers abused the <a> tag ping HTML5 attribute in a DDoS attack that generated 70 million requests in four hours. The ping attribute is intended to be used by websites as a mechanism to notify a website if a user follows a given link on a page. Typically, a ping is a single action, but Imperva discovered that hackers have found a way to amplify the ping into a more persistent data flow, triggering the DDoS attack.

“The attacker, probably using social engineering, forced users to visit a website that contained malicious JavaScript,” Vitaly Simonovich, security researcher at Imperva, told eWEEK. “This script generated links with the target site in the ‘ping’ attribute and clicked it without personal involvement of the user. Auto-generated clicks reflected as ping back to the victim, continuously, the entire time the user stayed on the webpage.”

Imperva’s analysis of the attack explained that when the user clicks on the hyperlink, a POST request with the body ?ping? will be sent to the URLs specified in the attribute. It will also include headers ?Ping-From,? ?Ping-To? and a ?text/ping? content type.

“We observe DDoS attacks daily,” Simonovich said. “We discovered this attack?last month. However, when we looked back in our logs, we noticed that the first time the attack occurred on our network in December 2018, it was using the ping feature.”

The attack that Imperva found was able make use of 4,000 user IPs, with a large percentage of them from China. The campaign lasted four hours, with a peak of 7,500 requests per second (RPS), resulting in more than 70 million requests hitting the target victim’s website.

How the Ping Attack Overwhelms a Server

A simple ping on its own is not enough to disturb a web server and, in fact, for basic availability web servers are regularly hit with ping requests. Ping requests are also low bandwidth and would not likely be able to constitute a volumetric DDoS attack, which aims to overwhelm the available bandwidth of a target server.

The DDoS attack discovered by Imperva, however, was not a basic ping and, according to Simonovich, could impact a web application server in a couple ways:

  1. Targeting the web server using high RPS, the server will be forced into processing the DDoS attack and not handle legitimate traffic.
  2. Targeting the web application by finding an injection point will cause a high resource consumption. For example, the login form will cause a query to the database.

“The attack is performed on the application layer aimed to clog server resources by processing several HTTP requests,” Simonovich explained. “As such, attack bandwidth is not the weakest resource in the chain, but CPU or memory of the server.”

He added that 7,500 RPS is far from the most powerful application DDoS attack, which can reach 100,000 RPS and more, but it is enough to deny availability for a midsize website.

Defending Against Ping DDoS

There are several things that organizations can do to minimize the risk of a Ping DDoS attack.

Imperva recommends that organizations that do not need to receive ping requests on a web server block any web requests that contain ?Ping-To? and/or ?Ping-From? HTTP headers on the edge devices (firewall, WAF, etc.). DDoS services, including the one that Imperva offers, also can be employed to help limit risk.

“Attackers are constantly looking for new and sophisticated methods to abuse legitimate services and bypass mitigation mechanisms,” Simonovich?said. “Utilization of the ping functionality is a good example of this, especially since most of the browsers by default support it. The challenge that attackers are facing is how to force legitimate users to visit the malicious page and stay on this page as long as possible to make the attack run longer.”

Source:?https://www.eweek.com/security/how-html5-ping-is-used-in-ddos-attacks

Man charged over Cheshire and Greater Manchester Police cyber-attacks

A man has been charged over cyber-attacks which targeted the websites of two police forces.

Liam Reece Watts, 19, of Stratford Road in Chorley, Lancashire, faces two counts of unauthorised acts with intent to impair operation of or prevent access to a computer.

The charges relate to deliberate denial of service (DDoS) attacks on the Greater Manchester and Cheshire forces.

He is due to appear at Chester Magistrates’ Court later.

DDoS attacks involve flooding a target’s service with extremely high volumes of traffic in an effort to overwhelm them.

Source:?https://www.bbc.com/news/uk-england-lancashire-47708237

New Mirai Variant Comes with 27 Exploits, Targets Enterprise Devices

A new Mirai variant comes with?eleven new exploits, the enterprise WePresent WiPG-1000 Wireless Presentation system and the?LG Supersign TV being the most notable new devices being targeted.

A previous report by Palo Alto Networks’ Unit 42 from September saw a strain?of the?Mirai?botnet switching targets to attack?Apache Struts servers using an exploit also employed during last year’s Equifax breach, while a?new Gafgyt?version was observed while assailing?SonicWall?firewalls, as part of a larger move against enterprise assets.

In both those instances, the Unit 42 security researchers saw exploits of older and already patched?vulnerabilities used in the attacks, hinting at the threat actors trying to make their work easier by compromising unpatched devices impacted by severe security flaws such as the?CVE-2017-5638?for Apache Struts.

Mirai?attacks against enterprise devices mounting up

This time, as previously mentioned, the researchers found that, besides its usual marks represented by routers, network video cameras, modem routers, and wireless controllers, the Mirai?version detected during January 2019 is now also scanning for and exploiting LG Supersign TVs and WePresent WiPG-1000 Wireless Presentation systems present in enterprise environments.

On top of that, with the 11 new exploits added by its masters?to be used in the attacks, the total now reaches 27. As further discovered by Unit 42, the botnet’s malicious?payload is hosted on a Colombian company’s server which, ironically,?provides “electronic security, integration and alarm monitoring” services.

“These new features afford the botnet a large attack surface. In particular, targeting enterprise links also grants it access to larger bandwidth, ultimately resulting in greater firepower for the botnet for DDoS attacks,” according to Unit 42.

Vulnerability Affected Devices
CVE-2018-17173 LG Supersign TVs
WePresent WiPG-1000 Command Injection WePresent WiPG-1000 Wireless Presentation systems
DLink DCS-930L Remote Command Execution DLink DCS-930L Network Video Cameras
DLink diagnostic.php Command Execution DLink DIR-645, DIR-815 Routers
Zyxel P660HN Remote Command Execution Zyxel P660HN-T routers
CVE-2016-1555 Netgear WG102, WG103, WN604, WNDAP350, WNDAP360, WNAP320, WNAP210, WNDAP660, WNDAP620 devices
CVE-2017-6077, CVE-2017-6334 Netgear DGN2200 N300 Wireless ADSL2+ Modem Routers
Netgear Prosafe Remote Command Execution Netgear Prosafe WC9500, WC7600, WC7520 Wireless Controllers

? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?Newly added exploits

The new Mirai?variant spotted by Unit 42 also comes with a handful of new features:

Mirai is a self-propagating botnet created by?Paras Jha, Josiah White, and Dalton Norman, originally?designed to?target?Internet of Things (IoT) devices such as routers,?digital video recorders, and IP cameras, transforming them into “bots” upon successful compromise?which can later be used as sources for large-scale Distributed Denial of Service attacks.

During 2016, some malicious actors were advertising huge Mirai botnets of hundreds of thousands of infected devices capable of DDoS attacks over 650Gbps?and managing?to impact hundreds of thousands of devices?[1, 2] during a single campaign.

Mirai?still going strong despite creators’ getting caught

It all started after Jha posted the Mirai’s source code on a hacking forum during 2016 and, since then, other bad actors have used to create numerous other botnets?using the code he shared as a starting point,?most of them being on at least the same level of sophistication but, once in a while, adding newer and more complex?attack tools [1, 2, 3, 4, 5, 6].

While their “masterpiece”?was and is being improved by others and it still going strong as proven by?Unit 42’s newest report on the new Mirai?variant,?Jha, White, and Norman were indicted and pleaded guilty for their role in the creation of the malware during December 2018, after?Jha was first questioned by the FBI?in January 2017?and the US authorities charged all three of them?in May 2017.

Paras Jha was sentenced during October and ordered “to pay $8.6 million in restitution and serve six months of home incarceration” according to?a?DoJ release?from?October 26, 2018.

?The group behind Mirai?was?sentenced?to serve a five-year period of probation and do 2,500 hours of community service, as well as?pay $127,000 as restitution while also having to abandon?the cryptocurrency seized during the?investigation. Jail time was removed from the sentence after they assisted the FBI in other cybercriminal investigations.
Source:?https://www.bleepingcomputer.com/news/security/new-mirai-variant-comes-with-27-exploits-targets-enterprise-devices/

The DDoS landscape: where we are, and where we?re going

If a week is a long time in politics, as former British Prime Minister Harold Wilson observed, a year in cyber security can seem like an eternity. But despite the rapid changes, many things remain constant. We can always expect cyber criminals to embrace new technology as fast as legitimate businesses do, and to use it to launch new types of attacks that are ever more damaging and harder to defend against.

DDoS attacks are a case in point. In April 2018, the UK?s National Crime Agency named DDoS as the leading threat facing businesses. The Agency noted the sharp increase in attacks on a range of organisations during 2017 and into 2018, and advised organisations to take immediate steps to protect themselves against the escalating threat.

DDoS gets bigger, stronger, smarter

This warning was timely, as through late 2017 and into 2018, DDoS attacks got much larger ? and that trend is showing no signs of slowing down. In Q3 of 2018, the average DDoS attack volume more than doubled compared to Q1, from 2.2 Gbps to 4.6 Gbps according to Link11?s latest DDoS Report. These attack volumes are far beyond the capacity of most websites, so this is an alarming trend. Compared to Q2, the total number of attacks also grew by 71% in Q3, to an average of over 175 attacks per day.

Attacks also got more sophisticated. 59% of DDoS incidents in Q3 of 2018 used two or more attack vectors, compared with 46% in Q2. Meanwhile, a highly targeted and strategic approach to DDoS attacks was observed as the year went on; our operation centre saw DDoS attacks on e-commerce providers increase by over 70% on Black Friday (23 November) and by a massive 109% on Cyber Monday (26 November) compared with the November average. Attacks are focusing on specific sectors, with the aim of causing more disruption.

DDoS as a service

At the same time, these larger, more sophisticated DDoS attacks are easier for criminals to launch than ever before too, from DDoS-as-a-Service provider. Perhaps the best known of these, Webstresser.org was selling multi-gigabit DDoS attacks on the Darknet for as little as $11 per attack before it was shut down by police in early 2018. Webstresser?s services were used in early 2018 to bring online services from several Dutch banks and numerous other financial and government services in the Netherlands to a standstill. Customers were left without access to their bank accounts for days.

Other services have sprung up to take Webstresser?s place, offering DDoS by the hour for $10, and by the day at bulk discount rates of $200. No expertise is required: just enter your (stolen) credit card details, and the domain you want to target. Even cloud services can be knocked offline, with very little money and little to no technical expertise required to launch an attack.

Web application attacks

Another increasingly targeted component of organisations? IT estates during 2018 was web applications. 2018 saw high-profile breaches affecting tens of millions of customers from several high-profile companies in the travel and financial sectors. The aim of these attacks is to exfiltrate sensitive data for re-use or resale, with the attackers seeking to exploit weaknesses in the application itself, or the platform it is running on to get access to the data.

2019: predictions and protection

So as 2018 saw attacks growing in volume and complexity, what attacks can we expect to see in 2019?

We have already seen how versatile botnets are for crypto-mining and sending spam ? this will extend into DDoS attacks too. Botnets benefit from the ongoing rapid growth in cloud usage and increasing broadband connections as well as the IoT, and the vulnerabilities that they address are on the protocol and application level and are very difficult to protect using standard network security solutions. Bots in public cloud environments can also propagate rapidly to build truly massive attacks.

Attack tactics, for which SSL encryption have long since ceased to be a defence, will gain even more intelligence in the coming months. The only possible answer to this can be defence strategies that cover machine learning and artificial intelligence, which can process large data streams in real time and develop adaptive measures. Highly-targeted attacks, such as those on web applications, will also continue because the rewards are so high ? as we?ve seen from the 2018 data breaches we touched on earlier.

Also, 2019 could be the year in which a hacktivist collective or nation-state will launch a coordinated attack against the infrastructure of the internet itself. The 2016 DDoS attack against hosting provider Dyn showed that a single attack against a hosting provider or registrar could take down major websites. DDoS tools and techniques have evolved significantly since then, creating a very real risk of attacks that could take down sections of the Web ? as shown by the attack which targeted ISPs in Cambodia. Other forms of critical infrastructure are also vulnerable to DDoS exploits, as we saw in 2018?s attack on the Danish rail network.

In conclusion, tech innovations will continue to accelerate and enable business, and cyber criminals will also take advantage of those innovations for their own gain. With more and more business taking place online, dependence on a stable internet connection rises significantly. Likewise, revenues and reputation are more at risk than ever before. Therefore, organisations must be proactive and deploy defences that can keep pace with even new, unknown threats ? or risk becoming the next victim of increasingly sophisticated, highly targeted mega-attacks.

 

Source:?https://www.information-age.com/the-ddos-landscape-123478142/

2018 In the Rearview Mirror

Among this year’s biggest news stories: epic hardware vulnerabilities, a more lethal form of DDoS attack, Olympic ‘false flags,’ hijacked home routers, fileless malware – and a new world’s record for data breaches.

It was a year that shook IT security experts and users out of their post-holiday cheer as soon as they got back to their desks after the new year began, with the disclosure of a new and widespread class of hardware attack that affected most computers worldwide.

In addition, the long tail of the now-infamous?Spectre and Meltdown?vulns continued to haunt the security industry all year, with more findings exposing security flaws in hardware and related side-channel attack scenarios. Mass updates to?operating systems, browsers, and firmware ensued – often with performance trade-offs.

A researcher at Black Hat USA this summer also added a new spin to hardware hacking when he demonstrated how he cracked CPU security controls to gain kernel-level control, aka “God mode.”

What else? Deceptive cyberattacks became a new M.O. for nation-states this year: Russia’s GRU military hacking team posed as North Korean hackers in a widespread?targeted attack?against the Winter Olympics in South Korea. They employed destructive malware to knock out the games’ IT systems, Wi-Fi, monitors, and ticketing website.

Meanwhile, Russia was up to its old tricks with another novel and destructive campaign: Some 500,000 home and small-office routers and network-attached storage (NAS) devices worldwide were discovered infected as part of a massive botnet. The so-called VPNFilter attack infrastructure?included stealthy, modular components that infect, spy, steal, and self-destruct. The initial target appeared to be Ukraine, where the majority of infected Internet of Things (IoT) devices were found, but the losing battle of getting consumers to update or patch their home and IoT devices was a chilling wake-up call.

2018 also featured a new more damaging form of distributed denial-of-service?(DDoS) attack that exploits unprotected Memcached servers, as well as the new reality of attackers “living off the land” with so-called fileless malware attacks, using legitimate tools such as PowerShell to do their hacking. These malware-free attacks increased by 94% in the first half of the year, and they don’t show any signs of slowing down.

And those are just some of the biggest news stories of 2018. For a closer look at yet another year to remember, check out Dark Reading’s new report, “The Year in Security: 2018,”

Source:?https://www.darkreading.com/threat-intelligence/2018-in-the-rearview-mirror/a/d-id/1333532

5 biggest security vulnerabilities of 2018

2018 brought massive, hardware-level security vulnerabilities to the forefront. Here’s the five biggest vulnerabilities of the year, and how you can address them.

2018 was a year full of headaches for IT professionals, as security vulnerabilities became larger and more difficult to patch, since software mitigations for hardware vulnerabilities require some level of compromise. Here’s the five biggest security vulnerabilities of 2018, and what-if anything-you can do to address them in your organization.

1. Spectre and Meltdown dominated security decisions all year

On January 4, the Spectre and Meltdown vulnerabilities allowing applications to read kernel memory were disclosed, and posed security problems for IT professionals all year, as the duo represented largely hardware-level flaws, which can be mitigated-but not outright patched-through software. Though Intel processors (except for Atom processors before 2013, and the Itanium series) are the most vulnerable, microcode patches were necessary for AMD, OpenPOWER, and CPUs based on Arm designs. Other software mitigations do exist, though some require vendors to recompile their programs with protections in place.

The disclosure of these vulnerabilities sparked a renewed interest in side-channel attacks requiring manipulative or speculative execution. Months later, the BranchScope vulnerability was disclosed, focusing on the shared branch target predictor. The researchers behind that disclosure indicated that BranchScope provides the ability to read data which should be protected by the SGX secure enclave, as well as defeat ASLR.

Between the initial disclosure, Spectre-NG, Spectre 1.2, and SpectreRSB, a total of eight variants were discovered, in addition to related work like SgxPectre.

2. Record-breaking DDoS attacks with memcached

Malicious actors staged amplification attacks using flaws in memcached, reaching heights of 1.7 Tbps. The attack is initiated by a server spoofing their own IP address-specifying the attack target address as the origin address-and sending a 15-byte request packet, which is answered by a vulnerable memcached server with responses ranging from 134KB to 750KB. The size disparity between the request and response-as much as 51,200 times larger-made this attack particularly potent.

Proof-of-concept code, which can be easily adapted for attacks was published by various researchers, among them “Memcrashed.py,” which integrates with the Shodan search engine to find vulnerable servers from which you can launch an attack.

Fortunately, it is possible to stop memcached DDoS attacks, though users of memcached should change the defaults to prevent their systems from being abused. If UDP is not used in your deployment, you can disable the feature with the switch -U 0. Otherwise, limiting access to localhost with the switch -listen 127.0.0.1 is advisable.

3. Drupal CMS vulnerability allows attackers to commandeer your site

A failure to sanitize inputs resulted in the announcement of emergency patches for 1.1 million Drupal-powered websites in late March. The vulnerability relates to a conflict between how PHP handles arrays in URL parameters, and Drupal’s use of a hash (#) at the beginning of array keys to signify special keys that typically result in further computation, allowing attackers to inject code arbitrarily. The attack was nicknamed “Drupalgeddon 2: Electric Hashaloo” by Paragon Initative’s Scott Arciszewski.

In April, the same core issue was patched for a second time, relating to the URL handling of GET parameters not being sanitized to remove the # symbol, creating a remote code execution vulnerability.

Despite the highly publicized nature of the vulnerability, over 115,000 Drupal websites were still vulnerable to the issue, and various botnets were actively leveraging the vulnerability to deploy cryptojacking malware.

ZDNet’s Catalin Cimpanu broke a story in November detailing a new type of attack which leverages Drupalgeddon 2 and Dirty COW to install cryptojacking malware, which can proliferate due to the number of unpatched Drupal installations in the wild.

4. BGP attacks intercept DNS servers for address hijacking

Border Gateway Protocol (BGP), the glue that is used to determine the most efficient path between two systems on the internet, is primed to become the target of malicious actors going forward, as the protocol was designed in large part before considerations of malicious network activity were considered. There is no central authority for BGP routes, and routes are accepted at the ISP level, placing it outside the reach of typical enterprise deployments and far outside the reach of consumers.

In April, a BGP attack was waged against Amazon Route 53, the DNS service component of AWS. According to Oracle’s Internet Intelligence group, the attack originated from hardware located in a facility operated by eNet (AS10297) of Columbus, Ohio. The attackers redirected requests to MyEtherWallet.com to a server in Russia, which used a phishing site clone to harvest account information by reading existing cookies. The hackers gained 215 Ether from the attack, which equates to approximately $160,000 USD.

BGP has also been abused by governments in certain circumstances. In November 2018, reports indicated that the Iranian government used BGP attacks in an attempt to intercept Telegram traffic, and China has allegedly used BGP attacks through points of presence in North America, Europe, and Asia.

Work on securing BGP against these attacks is ongoing with NIST and DHS Science and Technology Directorate collaborating on Secure Inter-Domain Routing (SIDR), which aims to implement “BGP Route Origin Validation, using Resource Public Key Infrastructure, [which] can address and resolve the erroneous exchange of network routes.”

5. Australia’s Assistance and Access Bill undermines security

In Australia, the “Assistance and Access Bill 2018,” which provides the government “frameworks for voluntary and mandatory industry assistance to law enforcement and intelligence agencies,” basically provides government access to the contents of encrypted communication. It is essentially the definition of a self-inflicted wound, as the powers it provides the government stand to undermine confidence in Australian products, as well as the Australian outposts of technology companies.

The bill hastily passed on December 7 and was touted as necessary in the interest of “safeguarding national security,” though subtracting perpetrators. Australia has seen a grand total of seven deaths related to terrorist activities since 2000. Additionally, the bill permits demands to be issued in relation to “the interests of Australia’s foreign relations or the interests of Australia’s national economic well-being.”

While the bill appears to not provide the full firehose of user data unencrypted to government agencies, it does permit the government to compel companies to provide content from specific communication, though forbids the disclosure of any demands made to companies about compliance. Stilgherrian provides a balanced view of the final bill in his guide on ZDNet.

Source:?https://www.techrepublic.com/article/5-biggest-security-vulnerabilities-of-2018/

Security Think Tank: Smart botnets resist attempts to cut comms

As attackers begin to use multiple command and control systems to communicate with backdoors and other malware, how can organisations ensure that they detect such methods and that all C&C systems are removed, including “sleepers” designed to be activated at a future date.

When it comes to all kinds of cyber defence, it is always less expensive to prevent attacks and infections than to deal with them once they are in place.

This is especially true in the case of botnets. What is a botnet? A botnet is an army of mini-programs; malicious softwaredesigned to infiltrate large numbers of digital devices and then use them for any number of tactics.

For example, botnets can be instructed to steal data or launch huge distributed denial of service (DDoS) attacks and all while simultaneously stealing the electricity and computing power to do it.

Most organisations aim to have at least some cyber security in place. These fundamentals can include Items such as implementing the most effective choice of anti-malware, configuring digital devices and software with as much hardened security as practical and ensuring that security patches are always applied swiftly.

However, even when an organisation invests in implementing cyber security essentials, it is still no guarantee of a fully bot-free environment.

As shown in all of the major breaches that hit the headlines, hackers are very keen on remaining unnoticed for as long as possible. The dwell time is the term given to the duration between the initial intrusion and the point of discovery.

In many cases, Yahoo, Starwood and other mega breaches included, you might have noticed that the dwell time was measured not in hours, days, weeks or even months ? it was years between the initial intrusion and eventual discovery.

Determined hackers design their bots to be as stealthy as possible, to hide as best as they can and to communicate as efficiently and discreetly as possible.

When researchers find new botnet armies, they often do it by accident and say things like, ?We stumbled across this data anomaly?, eventually tracing the cause back to a new botnet force.

Although botnet communications may try to hide, the thing about bots is that they generally need to communicate to work. These botnets used to work through command and control servers. That meant that disconnecting communications between bots and their botnet command and control servers was enough to ?decapitate? the bot and render it unable to steal anything or accept new commands.

However, newer botnets are smarter. They still need to communicate, but now many of them can spawn dynamic, peer-to-peer networks.

Bots do still need instructions to work and they also need destinations to send anything they steal. Identify and block those communication routes and your bots will cease to offer their bot master any value.

The challenge is that not all organisations use or install the technologies that can detect and block bots.

For the few organisations that do have the budget and motivation to ramp up their anti-bot defences, there is plenty that can be done.

It starts with ramping up the security that prevents initial infection and locking down unnecessary trust permissions. Prevention is still better than detection and the expenses involved in containing and resolving the threat. There is a huge difference in the efficacy of many security products and sadly, many of those with the highest marketing budget are far from the most effective.

There are also great, real-time security technologies that can detect, alert or block botnet activity in real-time. These operate by continually analysing network traffic and local system logs.

If your organisation does not have the budget for real-time monitoring, then it is still worth inspecting devices and checking for any suspicious processes that seem to be taking up a lot of memory ? especially if any users are reporting their device has slowed down. That can be an indicator of compromise, but only when the botnet is awake and active.

And if you are wondering just how much of a threat botnets are, just think about this: most of our attention as cyber security professionals is on the botnets we can detect and eliminate from our own environments, but the internet of things and sub-standard security present in many devices means the internet is riddled with enough botnets to effectively stop the internet from working.

The only thing stopping that from happening at present is that it would harm rather than profit the hackers. After all, 2019 might just be the year when the proceeds from cyber crime reaches a trillion dollars.

Source:?https://www.computerweekly.com/opinion/Security-Think-Tank-Smart-botnets-resist-attempts-to-cut-comms

6 Network Security Challenges in the Year Ahead

The network security threat landscape in 2019 is expected to look much like it did in 2018. Here’s a look at six network security challenges for 2019 for businesses and individual users to keep in mind.

In many ways, the network security threat landscape in 2019 will look much like it did in 2018. From viruses to DDoS attacks, even when threats aren’t multiplying in number year over year, they’re managing to become more sophisticated and damaging. Here’s a look at six network security challenges for 2019 for businesses and individual users to keep in mind.

1. A Greater Amount of Sensitive Traffic Than Ever

In a 2018 survey, PwC reported that mobile channels were the only segment that saw growth that year among banking customers. In other words, demand for mobile-friendly banking tools is higher than ever. That means a lot of very sensitive data flowing over public and private networks.

In 2018, security experts from Kaspersky discovered what appeared to be a years-long router-hacking campaign performed by as-yet-unknown cyber-assailants. Researchers discovered digital fingerprints all over the world indicating that routers in public places had been subtly hacked to allow kernel-level access for any device connected to it.

Kernel-level access is the deepest access possible, indicating that the data being sought here was highly personal ? including, potentially, banking transactions and communication records.

2. Worms and Viruses

Viruses and worms are some of the most well-known network security challenges. In 2015, Symantec estimated that as many as one million new malware threats are released into the wild every day or a total of 217 million in a calendar year.

In 2017, AV-Test released research indicating that the number of new malware threats had declined for the first time ever, down to 127 million over the year.

Viruses can lay dormant until the user performs an action that triggers it, meaning there’s not always an indication that something’s even amiss. Worms infect specific files, such as documents, and self-replicates itself once it’s inside a target system.

For individual internet users, network architects and IT specialists, anti-virus and anti-malware programs are still necessary for keeping this class of threats at bay. For IT departments especially, high-profile computer bugs are a reminder that a vast majority of attacks target unpatched software and out-of-date hardware. The number of new threats might be gradually declining, but the severity of these threats hasn’t abated.

3. Compelling Students to Enter the STEM Fields

Let’s switch focus for a moment and look at the next generation of people who will detect, fix and communicate about modern threats on the digital seas. All of the STEM fields are vital to national competitiveness but, of the top college majors ranked by a number of job prospects, computer science takes first place.

According to the National Bureau of Economic Research, skills obtained in the fields of math, science and technology are increasingly transferable to, and relevant in, a wide variety of industries and potential career paths. Part of the reason is the ubiquity of technology and the rate of data exchange across the world, which powers commerce, finance, and most other human endeavors.

Unfortunately, the NBER has also indicated that the U.S. requires many more STEM students than it currently has, in order to compete in a digital and globalized world.

The number and types of cyber threats are a huge part of the reason why, with world powers and unknown parties engaging in cyber-espionage and attempted hacking at regular intervals, against both private and public infrastructure. Making a stronger push to get kids interested in these fields will also help address unemployment and opportunity gaps in struggling communities.

4. DDoS Attacks

For companies whose business model revolves around selling digital services, or selling anything else online for that matter, DDoS attacks can be crippling, not to mention ruinously expensive due to lost revenue.

DDoS attacks have made a lot of news recently thanks to WannaCry and others, but the motivation behind them seems to be shifting. Perpetrators today are less concerned with crippling a target’s infrastructure and more interested, potentially, in using DDoS attacks as a distraction while they carry out more sophisticated penetration attempts without interference.

Either way, using the Internet of Things to overwhelm an organization’s digital infrastructure is a type of network security threat became more common in 2017 than in 2016 ? up 24 percent ? with no obvious signs of relenting. Early detection is the best weapon, as are Web Application Firewalls. Both solutions require either an attentive in-house IT team or effective collaboration with your service provider.

5. Cryptojacking

Cryptocurrencies are either worthless or about to take off in a big way. But despite the uncertainty over its future, the limited applications, and the slow adoption rate, “crypto-jacking” is becoming a favorite pastime of hackers.

Cryptojacking occurs when a malicious app or script on a user’s digital device mines cryptocurrency in the background without the user’s knowledge or permission. “Mining” cryptocurrency requires a fair amount of hardware power and other resources, meaning users who’ve been cryptojacked will find that their programs and devices don’t work as expected.

Worse, the sheer variety of techniques used to introduce cryptojacking scripts into counterfeit and even legitimate web and mobile applications is positively dizzying. And since they come in all shapes and forms, cryptojacking attacks could well have other underhanded intentions beyond mining cryptocurrencies, including accessing forbidden parts of the code or sensitive user information.

6. Bring Your Own Device

Let’s close with a few words of advice about BYOD ? bring your own device ? policies in the workplace. There are clear benefits to allowing employees to use their favorite devices at work, including higher productivity and morale. But doing so also introduces a panoply of potential security threats.

IT departments already struggle sometimes with keeping computers and devices patched and updated, and the public struggles even more. Thanks to the fragmented nature of the Android operating system, for instance, “most” Android phones and tablets in operation today are not running the latest security fixes, according to security vendor Skycure.

Your employees and your business have a lot to gain from implementing BYOD. But doing so requires a comprehensive set of rules for employees to abide by, including turning on auto-updates for OS patches, completing training on how to respond to phishing attempts and other cybersecurity threats, and delivering regular reminders about good password hygiene.

No network security threat is insurmountable, but most of them do require vigilance ? and in most cases, a great IT team or a security-minded vendor.

Source:?https://www.readitquik.com/articles/security-2/6-network-security-challenges-in-the-year-ahead/

Most UK retailers plan to up cyber security

The majority of UK retailers are planning to increase cyber security measures during the Christmas season, a survey reveals

Retailers plan to increase cyber security measures during the holiday season, according to a poll of IT professionals in the sector in the UK, Germany, Belgium, the Netherlands, Luxembourg and the US.

Some 63% of UK and 62% of German retailers claimed to increase cyber security measures during the holiday season, according to the survey, commissioned by IT automation and security firm Infoblox.

The main reason cited for the increase by one-third of respondents in these countries was a seasonal rise in social engineering attacks, which were also identified as a dominant concern for 25% of IT professionals in the Netherlands? retail sector.

Other kinds of attack cited were social media scams, distributed denial of service (DDoS) and ransomware.

Social media scams were of most concern in the US (19%), followed by the UK (15%), the Netherlands (14%) and Germany (12%).

DDoS attacks were of greatest concern in the Netherlands (20%), followed by Germany (17%), the UK (12%) and the US (7%).

Ransomware was of greatest concern in the US (12%), followed by Germany (11%), the UK (10%) and the Netherlands (9%).

The research found that among the main threats posed to networks within the UK were unpatched security vulnerabilities (28%), online consumers themselves (25%) and internet-connected devices (21%).

Within the UK, artificial intelligence (43%) was cited as the technology most likely to be implemented within the next year, followed by internet-connected devices (35%), portable media technology (24%), omni-channel technology (23%) and augmented reality (17%).

The majority of IT decision-makers in the UK (55%) said they were concerned about new technologies, in stark contrast to those in the Netherlands, where only 20% claimed to be concerned.

The survey also polled consumers on their experiences and attitudes towards online data privacy and security while shopping online.

Although most global consumers shop online to some degree, 17% do nothing to protect their data while doing so. The UK is the most complacent, with just one in five taking no proactive action to protect their data. German consumers are more cautious when shopping online, with more than half (53%) shopping only on secured Wi-Fi networks.

?The level of online shopping activity always increases significantly during the holiday season, and can provide rich pickings for the opportunistic cyber criminal, so it?s no coincidence that more than half of retailers will increase their cyber security spending during their most prosperous and dangerous time of year,? said Gary Cox, technology director, western Europe at Infoblox.

?It is critical that enterprises take measures to get additional network visibility, so they can respond quickly to potential cyber incidents which could result in lost revenue and brand damage.?

IT professionals in the UK named unpatched security vulnerabilities as the main source of an attack (28%), followed by consumer/end-user error (25%), vulnerabilities in the supply chain (22%), and unprotected internet-connected devices (21%).

When holiday shopping, delivery is the biggest point of concern for UK consumers (55%), followed by ID fraud (16%), data security (13%) and website crashing (13%).

Just 48% of UK consumers said they were only ?somewhat? or ?not at all? aware of the data being collected through store loyalty cards, while only 34% claimed to trust retailers to hold their personal data.

?It is interesting that so few consumers around the world are actively concerned with the protection of their own data when shopping online, particularly when two-thirds of those we surveyed had little trust in how retailers held that data,? said Cox.

?More education is clearly required about the risks that online shoppers face, especially over Christmas, and the steps they can take to better protect their own data and identity from those intent on theft and fraud.?

Source:?https://www.computerweekly.com/news/252454330/Most-UK-retailers-plan-to-up-cyber-security

2018 In Review: Healthcare Under Attack

Radware?s ERT and Threat Research Center monitored an immense number of events over the last year, giving us a chance to review and analyze attack patterns to gain further insight into today?s trends and changes in the attack landscape. Here are some insights into what we have observed over the last year.

Healthcare Under Attack

Over the last decade there has been a dramatic digital transformation within healthcare; more facilities are relying on electronic forms and online processes to help improve and streamline the patient experience. As a result, the medical industry has new responsibilities and priorities to ensure client data is kept secure and available?which unfortunately aren?t always kept up with.

This year, the healthcare industry dominated news with an ever-growing list of breaches and attacks. Aetna, CarePlus, Partners Healthcare, BJC Healthcare, St. Peter?s Surgery and Endoscopy Center, ATI Physical Therapy, Inogen, UnityPoint Health, Nuance Communication, LifeBridge Health, Aultman Health Foundation, Med Associates and more recently Nashville Metro Public Health, UMC Physicians, and LabCorp Diagnostics have all disclosed or settled major breaches.

Generally speaking, the risk of falling prey to data breaches is high, due to password sharing, outdated and unpatched software, or exposed and vulnerable servers. When you look at medical facilities in particular, other risks begin to appear, like those surrounding the number of hospital employees who have full or partial access to your health records during your stay there. The possibilities for a malicious insider or abuse of access is also very high, as is the risk of third?party breaches. For example, it was recently disclosed that NHS patient records may have been exposed when passwords were stolen from Embrace Learning, a training business used by healthcare workers to learn about data protection.

Profiting From Medical Data

These recent cyber-attacks targeting the healthcare industry underscore the growing threat to hospitals, medical institutions and insurance companies around the world. So, what?s driving the trend? Profit. Personal data, specifically healthcare records, are in demand and quite valuable on today?s black market, often fetching more money per record than your financial records, and are a crucial part of today?s Fullz packages sold by cyber criminals.

Not only are criminals exfiltrating patient data and selling it for a profit, but others have opted to encrypt medical records with ransomware or hold the data hostage until their extortion demand is met. Often hospitals are quick to pay an extortionist because backups are non-existent, or it may take too long to restore services. Because of this, cyber-criminals have a focus on this industry.

Most of the attacks targeting the medical industry are ransomware attacks, often delivered via phishing campaigns. There have also been cases where ransomware and malware have been delivered via drive-by downloads and comprised third?party vendors. We have also seen criminals use SQL injections to steal data from medical applications as well as flooding those networks with DDoS attacks. More recently, we have seen large scale scanning and exploitation of internet connected devicesfor the purpose of crypto mining, some of which have been located inside medical networks. In addition to causing outages and encrypting data, these attacks have resulted in canceling elective cases, diverting incoming patients and rescheduling surgeries.

For-profit hackers will target and launch a number of different attacks against medical networks designed to obtain and steal your personal information from vulnerable or exposed databases. They are looking for a complete or partial set of information such as name, date of birth, Social Security numbers, diagnosis or treatment information, Medicare or Medicaid identification number, medical record number, billing/claims information, health insurance information, disability code, birth or marriage certificate information, Employer Identification Number, driver?s license numbers, passport information, banking or financial account numbers, and usernames and passwords so they can resell that information for a profit.

Sometimes the data obtained by the criminal is incomplete, but that data can be leveraged as a stepping stone to gather additional information. Criminals can use partial information to create a spear-phishing kit designed to gain your trust by citing a piece of personal information as bait. And they?ll move very quickly once they gain access to PHI or payment information. Criminals will normally sell the information obtained, even if incomplete, in bulk or in packages on private forums to other criminals who have the ability to complete the Fullz package or quickly cash the accounts out. Stolen data will also find its way to public auctions and marketplaces on the dark net, where sellers try to get the highest price possible for data or gain attention and notoriety for the hack.

Don?t let healthcare data slip through the cracks; be prepared.

Source:?https://securityboulevard.com/2018/12/2018-in-review-healthcare-under-attack/

Copyright © 2013. Created by Meks. Powered by WordPress.