Category - Stop DoS

1
Discord was down due to Cloudflare outage affecting parts of the web
2
3 Drivers Behind the Increasing Frequency of DDoS Attacks
3
California Dem hit with DDoS attacks during failed primary bid: report
4
DDoS Protection is the Foundation for Application, Site and Data Availability
5
A Scoville Heat Scale For Measuring Cybersecurity
6
McDreary? The Future of Medical Call Centers & DDoS
7
Rise in multifunctional botnets
8
The complete guide to understanding web applications security
9
Massachusetts Man Convicted of Cyber Attack on Hospital
10
10 Big Security Concerns About IoT For Business (And How To Protect Yourself)

Discord was down due to Cloudflare outage affecting parts of the web

Popular chat service Discord experienced issues today due to network problems at Cloudflare and a wider internet issue. The app was inaccessible for its millions of users, and even Discord?s website and status pages were struggling. Discord?s problems could be traced to an outage at Cloudflare, a content delivery network. Cloudflare started experiencing issues at 7:43AM ET, and this caused Discord, Feedly, Crunchyroll, and many other sites that rely on its services to have partial outages.

Cloudflare says it?s working on a ?possible route leak? affecting some of its network, but services like Discord have been inaccessible for nearly 45 minutes now. ?Discord is affected by the general internet outage,? says a Discord statement on the company?s status site. ?Hang tight. Pet your cats.?

?This leak is impacting many internet services including Cloudflare,? says a Cloudflare spokesperson. ?We are continuing to work with the network provider that created this route leak to remove it.? Cloudflare doesn?t name the network involved, but Verizon is also experiencing widespread issues across the East Coast of the US this morning. Cloudflare notes that ?the network responsible for the route leak has now fixed the issue,? so services should start to return to normal shortly.

Cloudfare explained the outage in an additional statement, commenting that ?Earlier today, a widespread BGP routing leak affected a number of Internet services and a portion of traffic to Cloudflare. All of Cloudflare?s systems continued to run normally, but traffic wasn?t getting to us for a portion of our domains. At this point, the network outage has been fixed and traffic levels are returning to normal.?

Source: https://www.theverge.com/2019/6/24/18715308/discord-down-outage-cloudflare-problems-crunchyroll-feedly

3 Drivers Behind the Increasing Frequency of DDoS Attacks

What’s causing the uptick? Motivation, opportunity, and new capabilities.

According to IDC Research’s recent US DDoS Prevention Survey, more than 50% of IT security decision makers said that their organization had been the victim of a distributed denial-of-service (DDoS) attack as many as 10 times in the past year. For those who experienced an attack, more than 40% lasted longer than 10 hours. This statistic correlates with our ATLAS?findings, which show there were 7.5 million DDoS attacks in 2017?? a rate, says Cisco, that is increasing at roughly the same rate as Internet traffic.

What’s behind the uptick? It boils down to three factors: motivation of the attackers; the opportunity presented by inexpensive, easy-to-use attack services; and the new capabilities that Internet of Things (IoT) botnets have.

Political and Criminal Motivations
In an increasingly politically and economically volatile landscape, DDoS attacks have become the new geopolitical tool for nation-states and political activists. Attacks on political websites and critical national infrastructure services are becoming more frequent, largely because of the desire and capabilities of attackers to affect real-world events, such as election processes, while staying undiscovered.

In June, a DDoS attack was launched against the website opposing a Mexican presidential candidate during a debate. This attack demonstrated how a nation-state could affect events far beyond the boundaries of the digital realm. It threatened the stability of the election process by knocking a candidate’s website offline while the debate was ongoing. Coincidence? Perhaps. Or maybe an example of the phenomenon security experts call “cyber reflection,” when an incident in the digital realm is mirrored in the physical world.

DDoS attacks carried out by criminal organizations for financial gain also demonstrate cyber reflection, particularly for global financial institutions and other supra-national entities whose power makes them prime targets, whether for state actors, disaffected activists, or cybercriminals. While extortion on the threat of DDoS continues to be a major threat to enterprises across all vertical sectors, cybercriminals also use DDoS as a smokescreen to draw attention away from other nefarious acts, such as data exfiltration and illegal transfers of money.

Attacks Made Easy
This past April, Webstresser.org ? one of the largest DDoS-as-a-service (DaaS) providers in existence, which allowed criminals to buy the ability to launch attacks on businesses and responsible for millions of DDoS attacks around the globe ? was taken down in a major international investigation. The site was used by a British suspect to attack a number of large retail banks last year, causing hundreds of thousands of pounds of damage. Six suspected members of the gang behind the site were arrested, with computers seized in the UK, Holland, and elsewhere. Unfortunately, as soon as Webstresser was shut down, various other similar services immediately popped up to take its place.

DaaS services like Webstresser run rampant in the underground marketplace, and their services are often available at extremely low prices. This allows anyone with access to digital currency or other online payment processing service to launch a DDoS attack at a target of their choosing. The low cost and availability of these services provide a means of carrying out attacks both in the heat of the moment and after careful planning.

The rage-fueled, irrational DDoS-based responses of gamers against other gamers is a good example of a spur-of-the-moment, emotional attack enabled by the availability of DaaS. In other cases, the DaaS platforms may be used in hacktivist operations to send a message or take down a website in opposition to someone’s viewpoint. The ease of accessibility to DaaS services enables virtually anyone to launch a cyberattack with relative anonymity.

IoT Botnets
IoT devices are quickly brought to market at the lowest cost possible, and securing them is often an afterthought for manufacturers. The result? Most consumer IoT devices are shipped with the most basic types of vulnerabilities, including hard code/default credentials, and susceptibility to buffer overflows and command injection. Moreover, when patches are released to address these issues, they are rarely applied. Typically, a consumer plugs in an IoT device and never contemplates the security aspect, or perhaps does not understand the necessity of applying regular security updates and patches. With nearly 27 billion connected devices in 2017, expected to rise to 125 billion by 2030 according to analysis from IHS Markit, they make extremely attractive targest for malware authors.

In the latter half of 2016, a high-visibility DDoS attack against a DNS host/provider was observed, which affected a number of major online properties. The malware responsible for this attack, and many others, was Mirai. Once the source code for Mirai was published on September 30, 2016, it sparked the creation of a slew of other IoT-based botnets, which have continued to evolve significantly. Combined with the proliferation of IoT devices, and their inherent lack of security, we have witnessed a dramatic growth in both the number and size of botnets. These new botnets provide the opportunity for attackers and DaaS services to create new, more powerful, and more sophisticated attacks.

Conclusion
Today’s DDoS attacks are increasingly multivector and multilayered, employing a combination of large-scale volumetric assaults and stealth infiltration targeting the application layer. This is just the latest trend in an ever-changing landscape where attackers adapt their solutions and make use of new tools and capabilities in an attempt to evade and overcome existing defenses. Businesses need to maintain a constant vigilance on the techniques used to target them and continually evolve their defenses to industry best practices.

Source: https://www.darkreading.com/attacks-breaches/3-drivers-behind-the-increasing-frequency-of-ddos-attacks/a/d-id/1332824

California Dem hit with DDoS attacks during failed primary bid: report

The campaign website of a Democratic congressional candidate in California was taken down by cyberattacks?several times during the primary election season, according to cybersecurity experts.

Rolling Stone reported on Thursday that cybersecurity experts who reviewed forensic server data and emails concluded that the website for Bryan Caforio, who finished third in?the June primary, was hit with distributed denial of service (DDoS) attacks while he was campaigning.

The attacks, which amount to artificially heavy website traffic that forces hosting companies to shut down or slow website services, were not advanced enough to access any data on the campaign site, but they succeeded in blocking access to bryancaforio.com four times before the primary, including during a crucial debate and?in the week before the election.

Caforio’s campaign didn’t blame his loss on the attacks, but noted that he failed to advance to a runoff against Rep. Steve Knight (R-Calif.) by coming up 1,497 votes short in his loss against fellow Democrat Katie Hill.

Caforio’s campaign tried several tactics to deter malicious actors, including upgrading the website’s hosting service and adding specific DDoS protections, which in the end failed to deter the attacks.

?As I saw firsthand, dealing with cyberattacks is the new normal when running for office, forcing candidates to spend time fending off those attacks when they should be out talking to voters,? Caforio told the magazine.

A spokeswoman for the Department of Homeland Security (DHS) told?Rolling Stone?that it offered to help Caforio’s campaign investigate the four attacks but received no response.

A DHS spokesperson did not immediately respond to a request for comment from The Hill.

An aide to the Democratic Congressional Campaign Committee, the campaign arm for House Democrats, told Rolling Stone that?it takes attacks such as the ones Caforio faced “very seriously.”

?While we don?t have control over the operations of individual campaigns, we continue to work with and encourage candidates and their staffs to utilize the resources we have offered and adopt best security practices,? the aide said.

Source: https://thehill.com/policy/cybersecurity/407608-california-democrat-hit-with-ddos-attacks-during-failed-primary-bid

DDoS Protection is the Foundation for Application, Site and Data Availability

When we think of DDoS protection, we often think about how to keep our website up and running. While searching for a security solution, you?ll find several options that are similar on the surface. The main difference is whether your organization requires a cloud, on-premise or hybrid solution that combines the best of both worlds. Finding a DDoS mitigation/protection solution seems simple, but there are several things to consider.

It?s important to remember that DDoS attacks don?t just cause a website to go down. While the majority do cause a service disruption, 90 percent of the time it does not mean a website is completely unavailable, but rather there is a performance degradation. As a result, organizations need to search for a DDoS solution that can optimize application performance and protect from DDoS attacks. The two functions are natural bedfellows.

The other thing we often forget is that most traditional DDoS solutions, whether they are on-premise or in the cloud, cannot protect us from an upstream event or a downstream event.

  1. If your carrier is hit with a DDoS attack upstream, your link may be fine but your ability to do anything would be limited. You would not receive any traffic from that pipe.
  2. If your infrastructure provider goes down due to a DDoS attack on its key infrastructure, your organization?s website will go down regardless of how well your DDoS solution is working.

Many DDoS providers will tell you these are not part of a DDoS strategy. I beg to differ.

Finding the Right DDoS Solution

DDoS protection was born out of the need to improve availability and guarantee performance. ?Today, this is critical. We have become an application-driven world where digital interactions dominate. A bad experience using an app is worse for customer satisfaction and loyalty than an outage.? Most companies are moving into shared infrastructure environments?otherwise known as the ?cloud?? where the performance of the underlying infrastructure is no longer controlled by the end user.

  1. Data center or host infrastructure rerouting capabilities gives organizations the ability to reroute traffic to secondary data centers or application servers if there is a performance problem caused by something that the traditional DDoS prevention solution cannot negate. This may or may not be caused by a traditional DDoS attack, but either way, it?s important to understand how to mitigate the risk from a denial of service caused by infrastructure failure.
  2. Simple-to-use link or host availability solutions offer a unified interface for conducting WAN failover in the event that the upstream provider is compromised. Companies can use BGP, but BGP is complex and rigid. The future needs to be simple and flexible.
  3. Infrastructure and application performance optimization is critical. If we can limit the amount of compute-per-application transactions, we can reduce the likelihood that a capacity problem with the underlying architecture can cause an outage. Instead of thinking about just avoiding performance degradation, what if we actually improve the performance SLA while also limiting risk? It?s similar to making the decision to invest your money as opposed to burying it in the ground.

Today you can look at buying separate products to accomplish these needs but you are then left with an age old problem: a disparate collection of poorly integrated best-of-breed solutions that don?t work well together.

These products should work together as part of a holistic solution where each solution can compensate and enhance the performance of the other and ultimately help improve and ensure application availability, performance and reliability. The goal should be to create a resilient architecture to prevent or limit the impact of DoS and DDoS attacks of any kind.

Source: https://securityboulevard.com/2018/09/ddos-protection-is-the-foundation-for-application-site-and-data-availability/

A Scoville Heat Scale For Measuring Cybersecurity

The?Scoville Scale?is a measurement chart used to rate the heat of peppers or other spicy foods. It can also can have a useful application for measuring cybersecurity threats. Cyber-threats are also red hot as the human attack surface is projected to reach over 6 billion people by 2022. In addition, cyber-crime damage costs are estimated to reach $6 trillion annually by 2021. The cybersecurity firm RiskIQ states that every minute approximately?1,861 people fall victim to cyber-attacks, while some $1.14 million is stolen. In recognition of these alarming stats, perhaps it would be useful to categorize cyber-threats in a similar scale to the hot peppers we consume.

I have provided my own Scoville Scale-like heat characterizations of the cyber threats we are facing below.

Data Breaches: According to Juniper Research, over The Next 5 Years, 146 Billion Records Will Be Breached. The 2017 Annual Data Breach Year-end Review?(Identity Theft Resource Center) found that 1,946,181,599 of records containing personal and other sensitive data that have been in compromised between Jan. 1, 2017, and March 20, 2018. The true tally of victims is likely much greater as many breaches go unreported. According to the?Pew Research Center,?a majority of Americans (65%) have already personally experienced a major data breach.? On the Scoville scale, data breaches, by the nature of their growing exponential threat can be easily categorized at a ?Ghost Pepper? level.

Malware: According to Forrester Research?s 2017 global security survey, there are 430 million types of malware online?up 40 percent from just three years ago. The Malware Tech Blog cited that 100,000 groups in at least 150 countries and more than 400,000 machines were infected by the Wannacry virus in 2017, at a total cost of around $4 billion. Malware is ubiquitous and we deal with it. It is a steady ?Jalepeno Pepper? on the scale.

Ransomware:? Cybersecurity Ventures predicts that ransomware damage costs will rise to $11.5 billion in 2019?with an attack occurring every 14 seconds. According to McAfee Lab’s Threat Report covering Q4 2017, eight new malware samples were recorded every second during the final three months of 2017. Cisco finds that Ransomware attacks are growing more than 350 percent annually. Experts estimate?that there are more than 125 separate families of ransomware and hackers have become very adept at hiding malicious code. Ransomware is scary and there is reason to panic, seems like a ?Fatali Pepper.?

Distributed Denial of Service (DDoS): ??In 2016, DDoS attacks were launched against a Domain Name System (DNS) called Dyn. The attack directed thousands of IoT connected devices to overload and take out internet platforms and services.? The attack used a simple exploit of a default password to target home surveillance cameras, and routers. DDoS is like a ?Trinidad Pepper? as it can do quick massive damage and stop commerce cold. DDoS is particularly a frightening scenario for the retail, financial. and healthcare communities.

Phishing: ?Phishing is a tool to infect malware, ransomware, and DDoS. The 2017 Ponemon State of Endpoint Security Risk Report?found that 56% of organizations in a survey of 1,300 IT decision makers identified targeted phishing attacks as their biggest current cybersecurity threat. According to an analysis by Health Information Privacy/Security Alert, 46,000 new phishing sites are created every day. According to Webroot, An average of 1.385 million new, unique phishing sites are created each month. The bottom line it is easy anyone to be fooled by a targeted phish. No one is invulnerable to a crafty spear-phish, especially the C-Suite. On the Scoville Scale, Phishing is prolific, persistent, and often causes harm. I rate it at the ?Habanero Pepper? level.

Protecting The Internet of Things:? The task of securing IoT is increasingly more difficult as mobility, connectivity and the cyber surface attack space grows. Most analysts conclude that there will be more than 20 billion connected Internet devices by 2020. According to a study conducted in April of 2017 by The Altman Vilandrie & Company, neary half of U.S. firms using The Internet of Things experienced cybersecurity breaches.??Last year, Symantec noted that IoT attacks were up 600 percent. Analysts predict 25 percent of cyber-attacks in 2020 will target IoT environments. Protect IoT can be the ?Carolina Reaper? as everything connected is vulnerable and the consequences can be devastating.

Lack of Skilled Cybersecurity Workers: Both the public and private sectors are facing major challenges from a dearth of cybersecurity talent. As companies evolve toward digital business, people with cybersecurity skills are becoming more difficult to find and more expensive for companies to hire and keep. A report out from Cybersecurity Ventures estimates there will be 3.5 million unfilled cybersecurity jobs by 2021. A 2017 research project by the industry analyst firm Enterprise Strategy Group?(ESG ) and the Information Systems Security Association (ISSA) found that 70 percent of cybersecurity professionals claimed their organization was impacted by the cybersecurity skills shortage. On the Scoville Scale, I rate the skills shortage as a ?Scotch Bonett,??dangerous but perhaps automation, machine learning and artificial intelligence can ease the pain.

Insider Threats: Insider threats can impact a company?s operational capabilities, cause significant financial damages, and harm a reputation. The?IBM Cyber Security Index found that 60% of all cyber- attacks were carried out by insiders.? And according to ?a recent Accenture HfS Research report 69% of enterprise security executives reported experiencing an attempted theft or corruption of data by insiders over one year. Malicious insider intrusions can involve theft of IP, social engineering; spear-phishing attacks, malware, ransomware, and in some cases sabotage. Often overlooked, insider threats correlate to a ?Red Savina Habanero.?

Identity Theft: Nearly 60 million Americans have been affected by identity theft, according to a 2018 online survey by The Harris Poll.?The reason for the increased rate of identity fraud is clear. As we become more and more connected, the more visible and vulnerable we become to those who want to hack our accounts and steal our identities. We are often enticed via social media or email phishing. Digital fraud and stealing of our identities is all too common and associated closely to data breaches, a ?Chocolate Habanero.?

Crypto-mining and Theft😕 Crypto poses relatively new threats to the cybersecurity ecosystem. Hackers need computing power to find and ?mine? for coins and can hijack your computer processor while you are online. Hackers place algorithm scripts on popular websites that people innocently visit.? You might not even know you are being hijacked.? Trend Micro disclosed that Crypto-mining malware detections jumped 956% in the first half of 2018 versus the whole of last year. Also, paying ransomware in crypto currencies seems to be a growing trend. The recent WannaCry and the Petya ransomware attackers demanded?payment in bitcoin. On The Scoville Scale, it?s still early for crypto and the threats may evolve but right now a ?Tabasco Pepper.?

Potential Remedies: Cybersecurity at its core essence is guided by risk management: people, process, policies, and technologies. Nothing is completely invulnerable, but there are some potential remedies that can help us navigate the increasingly malicious cyber threat landscape. Some of these include:

  • Artificial Intelligence and Machine Learning
  • Automation and Adaptive Networks
  • Biometrics and Authentication Technologies
  • Blockchain
  • Cloud Computing
  • Cryptography/Encryption
  • Cyber-hygiene
  • Cyber Insurance
  • Incident Response Plans
  • Information Threat Sharing
  • Managed Security Services
  • Predictive Analytics
  • Quantum-computing and Super-Computing
  • And ? Cold Milk

The bottom line is that as we try to keep pace with rising cybersecurity threat levels, we are all going to get burned in one way or another. But we can be prepared and resilient to help mitigate the fire. Keeping track of threats on any sale can be useful toward those goals.

Chuck Brooks?is the Principal Market Growth Strategist for General Dynamics Mission Systems for Cybersecurity and Emerging Technologies. He is also Adjunct Faculty in Georgetown University?s Graduate Applied Intelligence program.

Source: https://www.forbes.com/sites/cognitiveworld/2018/09/05/a-scoville-heat-scale-for-measuring-cybersecurity/#15abda233275

McDreary? The Future of Medical Call Centers & DDoS

As healthcare?s digital transformation continues, security remains a top priority ? especially as distributed denial-of-service (DDoS) attacks target the click-to-call features on websites.

Click-to-call defines the services that enable patients to immediately call a hospital or clinic directly from a button on their website, either using a traditional phone service or Voice over Internet Protocol (VoIP) technology. This is different from click-to-callback features, which are used for less pressing medical needs, and is an important differentiation when securing hospital communications from DDoS attacks.

Because direct click-to-call scenarios use more resources, such as audio streams and interactive voice response (IVR) systems, these types of connections are much easier to effect using an application-layer DDoS attack.

When a DDoS attack affects a healthcare system, click-to-call features are often taken fully offline. If this occurs during a health emergency, the implications can mean life or death.

However, click-to-call features also offer enhanced and more personalized engagement in a cost-effective manner, so simply removing them could result in delayed care or service abandonment as well as raise the cost of future care. So what?s the best move?

Neustar?s 2017 Worldwide DDoS Attacks and Cyber Insights Research Report found that while 99% of the organizations it surveyed had some sort of DDoS protection in place, the vast majority of them (90%) were planning to invest more than in the previous year, and 36% thought they should be investing even more than that.

The same way that keeping protected health information (PHI) secure continues to be of the utmost importance, further steps must be taken to protect healthcare organizations from DDoS attacks.

Gated access through proper authentication?
One of the primary ways healthcare organizations can prevent a DDoS attack is through proper authentication. Proper authentication reduces the attack surface by providing a gate of access to those systems and rules out certain flavors of anonymous attacks.

Anonymous DDoS attacks use an open access or resource and distribute/coordinate mass usage of the access, and are challenging to thwart as it is difficult to differentiate an attack from actual usage.

Proper authentication provides a simple differentiation. Credential loss is a possible attack vector even with authentication; however, coordinating DDoS attacks with authentication credentials is much more difficult due to the distribution of credentials. For instance, if an attacker has compromised a single access point and distributes the single authentication to all endpoints, a properly protected account could easily thwart an attack with access rate-limiting.

Securing Patient Portals?
Implementing secure patient portals is another way to prevent DDoS attacks on medical call centers.

Patient portals require strong authentication. If proper authentication is required before using resources such as call centers and call agents, then the ability to launch a large-scale attack would require numerous credentials. In circumstances where multi-factor authentication is required, the complexity of a successful DDoS attack only increases ? thereby making it more difficult to pull off.

For example, if a username/password entry into a patient portal required a text or email verification as well ? or even a prompt on an installed smartphone application ? then the loss of even a large set of credentials could not be used in an attack without also compromising some other form(s) of communication. Since patient portals also contain mass amounts of private data, securing that information to the highest degree in order to safeguard it properly is key and can also help prevent a large-scale attack on a hospital?s click-to-call functionality.

What the threat of DDoS attacks means to the global security community?
Today it?s obviously critical that global security managers remain aware of the daunting DDoS threat. When (not ?if?) an attack occurs, critical resources are consumed ? sometimes even resources that are unrelated.

For example, a DDoS attack against a website might consume networking resources, bringing down a patient portal, and an attack against a patient portal may consume database resources and prevent normal internal operations.

DDoS attacks on weak targets are relatively inexpensive for attackers ? existing botnets with simple traffic flooding exist and await the next purchase ? and simple networking attacks can be thwarted with up-to-date networking equipment front-ending services.

However, application-aware and custom attacks are much more expensive to create, and can be made prohibitively expensive by taking simple steps like requiring authentication before allowing access to resource offerings.

Additionally, keeping software up-to-date is critical as software flaws are discovered, and quickly updating components is effective at blocking attacks before they can be crafted and deployed. Regularly updating systems and keeping them free of malware not only reduces available botnet size, amplification points and reflection points, but may also prevent a hop-off point for more sophisticated attacks.

As more tech companies enter the healthcare field to enable its digitization, and information security continues to be top of mind in every field, it?s important for those in the security industry ? some of whom may directly dabble in healthcare ? as well as the healthcare organizations themselves to focus on increasing their security measures and to know what they should be doing to prevent this type of communications attack.

Source: https://www.infosecurity-magazine.com/opinions/mcdreary-medical-ddos/

Rise in multifunctional botnets

There is a growing demand around the world for multifunctional malware that is not designed for specific purposes but is flexible enough to perform almost any task.

This was revealed by Kaspersky Lab researchers in a report on botnet activity in the first half of 2018. The research analysed more than 150 malware families and their modifications circulating through 600 000 botnets around the world.

Botnets are large ‘nets’ of compromised machines that are used by cybercriminals to carry out nefarious activities, including DDoS attacks, spreading malware or sending spam. Kaspersky botnet activity on an ongoing basis to prevent forthcoming attacks or to stop a new type of Trojan before it spreads.

It does this by employing technology that emulates a compromised , trapping the commands received from threat actors that are using the botnets to distribute malware. Researchers gain valuable malware samples and statistics in the process.

Drop in single-purpose malware

The first half of 2018 also saw the number of single-purpose pieces of malware distributed through botnets dropping significantly in comparison to the second half of 2017. In H2 2017, 22.46% of all unique malware strands were banking Trojans. This number dropped to 13.25% in the first half of this year.

Moreover, the number of spamming bots, another type of single-purpose malware distributed through botnets, decreased dramatically, from 18.93% in the second half of 2017 to 12.23% in the first half 2018. DDoS bots, yet another typical single-purpose malware, also dropped, from 2.66% to 1.99%, in the same period.

The only type of single-purpose malicious programs to demonstrate notable growth within botnet networks were miners. Even though their percentage of registered files is not comparable to highly popular multifunctional malware, their share increased two-fold and this fits in the general trend of a malicious mining boom, as noted in previous reports.

There’s a RAT in my PC

Alongside these findings, the company noted distinctive growth in malware that is more versatile, in particular Remote Access Tools (RATs) that give cyber crooks almost unlimited opportunities for exploiting infected machines.

Since H1 2017, the share of RAT files found among the malware distributed by botnets almost doubled, rising from 6.55% to 12.22%, with the Njrat, DarkComet and Nanocore varieties topping the list of the most widespread RATs.

“Due to their relatively simple structure, the three backdoors can be modified even by an amateur threat actor. This allows the malware to be adapted for distribution in a specific region,” the researchers said.

Trojans, which can also be employed for a range of purposes, did not grow as much as RATs, but unlike a lot of single-purpose malware, still increased 32.89% in H2 2017 to 34.25% in H1 2018. In a similar manner to RATs, Trojans can be modified and controlled by multiple command and control servers, for a range of nefarious activities, including cyberespionage or the theft of personal information.

Bot economy

Alexander Eremin, a security expert at Kaspersky Lab, says the reason multipurpose malware is taking the lead when it comes to botnets is clear. “Botnet ownership costs a significant amount of money and, in order to make a profit, criminals must be able to use each and every opportunity to get money out of malware. A botnet built out of multipurpose malware can change its functions relatively quickly and shift from sending spam to DDoS or to the distribution of banking Trojans.”

In addition to switching between different ‘active’ malicious activities, it also opens an opportunity for a passive income, as the owner can simply rent out their botnet to other criminals, he added.

Source: https://www.itweb.co.za/content/LPwQ57lyaoPMNgkj

The complete guide to understanding web applications security

MODERN businesses use web applications every day?to do different things, from interacting and engaging with customers to supporting sales and operations.

As a result, web applications are rich with data and critical to the functioning of the company ? which means, special precautions must be taken in order to protect them from hackers.

However, not all organizations or their applications are subject to the same level of threats and attacks. In an exclusive interview with Gartner?s Research Director Dale Gardner, Tech Wire Asia learns how businesses can best protect their web applications.

Gartner splits attacks on web and mobile applications and web APIs into four categories:

# 1 | Denial of service (DoS)?

DoS is a specific subtype of abuse where the attacker?s goal is to disrupt the availability of the web application or service.

In particular, this attack type covers volumetric attacks, which overwhelm network capabilities, and so-called ?low and slow? attacks, which overwhelm application or service resources.

# 2 | Exploits?

Exploits take advantage of design, code or configuration issues that cause unintended behaviour of the application.

Some common examples include SQL Injection (SQLi), cross-site scripting (XSS), buffer overflows, and various Secure Sockets Layer (SSL) and Transport Layer Security (TLS) manipulation attacks.

# 3 | Abuse?

Abuse covers many non-exploit types of attack that primarily take advantage of business logic. This includes scraping, aggregating, account brute-forcing, scalping, spamming and other ? often automated ? scenarios.

# 4 | Access

Access violations?occur when an attacker or legitimate user takes advantage of weaknesses in the authentication (AuthN) or authorization (AuthZ) policies of a web application or service.

Of the four categories, Gardner says only exploits can be potentially addressed with secure coding and configuration. The others require design-level considerations that cannot be?reasonably?compensated for in code.

For example, although it?s arguably possible to defend against account takeovers in individual application code, it is much more economical and error-proof to do so in the identity and access management (IAM) system or another external capability.

In an ideal world, the highest level of protection would be available at all times or as needed, but this isn?t feasible due to complexity and cost factors.

And continuously providing the highest level of protection to all web assets can be an expensive proposition, both from economic and operational perspectives.

Securing web applications and web APIs from attacks and abuse requires businesses to assess what level of protection is necessary.

?Security teams must first pick a protection baseline. Then they must decide what extra protections are necessary to apply to specific assets,? recommends Gardner.

When thinking of protecting web applications, security teams often first look to existing network technologies, such as next-generation firewall (NGFW) platforms and intrusion detection and prevention systems (IDPSs).

But these do not provide strong-enough capabilities in any of the protection areas, warns Gardner.

They are not easily integrated to intercept TLS and do not have the same signatures, rules, behavioral analysis and business logic insight as security solutions that focus on web applications and APIs.

Organizations often first look at a ?completely automated public Turing test to tell computers and humans apart? (CAPTCHA) when they suffer from abuse of functionality.

But an always-on CAPTCHA creates user-experience hurdles for legitimate users, and it is also no guarantee to keep the abuser out (attackers keep finding ways to circumvent or solve many CAPTCHAs).

Multifactor authentication (MFA) and out of band (OOB) challenges are often used to enable strong access control, as well as to try to thwart abuse. Unfortunately, they suffer from similar issues as CAPTCHA, and in addition are often complex and expensive to implement.

Currently, no single security platform or solution implements the highest possible level of protection in each of the exploit, abuse of functionality, access violation and DoS mitigation categories.

Some organizations will still be able to start with a single solution to address the biggest potential risks. But they often find themselves needing greater security capabilities over time due to changes in threats and the application landscape.

Web application firewalls (WAFs) are broadly deployed, but buyers routinely express disappointment and frustration over factors such as accuracy, the ability to prevent attacks, the administrative overhead required to maintain attack detection profiles and price.

Incumbent vendors have begun addressing emerging requirements, but many products still lag.

The market for solutions to protect web applications will continue to grow, but given buyer dissatisfaction, vendors with innovative approaches and new product packaging will capture the bulk of new spending.

Buyers are shifting to service-based offerings, and demand for infrastructure as a service (IaaS) deployable products is growing. These shifts pose risks, especially to incumbents, but also present opportunities for new offerings and greater growth.

Gartner believes that by 2020, stand-alone WAF hardware appliances will represent less than 20 percent of new WAF deployments, down from 40 percent today.

By 2020, more than 50 percent of public-facing web applications will be protected by cloud-based WAAP services that combine content delivery networks, DDoS protection, bot mitigation and WAFs, which is an increase from fewer than 20 percent today.

Web applications, mobile applications,?and web APIs are subject to increased numbers and complexity of attacks.

Gardner, who will be speaking at the Gartner Security & Risk Management Summit in Sydney later this month explains what organizations must keep in mind when planning and implementing solutions:

  • Public, limited-access external, and internal applications require different levels of security.
  • No one capability covers all types of attack.
  • No two capabilities have interchangeable protection efficacy.
  • Some of the capabilities have strong overlaps in addressing specific attack subcategories.
  • Enforcement of policy may be centralized or distributed (for example, use of micro-gateways).

?As a result, a mix of capabilities, though not necessarily separate products, have to be put in place as a layered approach,? concludes Gardener.

Considering the range of exploits and abuse that can occur with web and mobile applications and web APIs, technical professionals must leverage a mix of externalized security controls to deliver appropriate protection and alleviate burdens to development staff.

Source:?https://techwireasia.com/2018/08/the-complete-guide-to-understanding-web-applications-security/

Massachusetts Man Convicted of Cyber Attack on Hospital

A Massachusetts man was convicted on Wednesday of carrying out a cyber attack on a Boston hospital’s network on behalf of the hacking activist group Anonymous in protest of its treatment of a teenager at the center of a high-profile custody dispute.

A federal jury in Boston found Martin Gottesfeld, 32, guilty of one count of conspiracy to damage protected computers and one count of damaging protected computers, prosecutors said.

Gottesfeld, who is in federal custody, is scheduled to be sentenced on Nov. 14. In a statement posted to YouTube that was recorded in case he was convicted, Gottesfeld said he plans to challenge the verdict.

He also accused prosecutors of ignoring what happened to the teen at the center of the case and of “not telling you the full truth.”

“I’m going to keep fighting,” he said. “I’m not going to give up.”

Prosecutors said that in late 2013, Gottesfeld, a computer systems engineer living in Somerville, Massachusetts, learned about a child custody dispute involving a Connecticut teenager named Justina Pelletier.

Pelletier had been taken into state custody in Massachusetts after a dispute over her diagnosis arose between her parents and Boston Children’s Hospital, which determined her health problems were psychiatric in nature and believed her parents were interfering with her treatment.

Her case garnered national headlines and drew the attention of religious and political groups who viewed it as an example of government interference with parental rights.

Gottesfeld, who disagreed with the hospital’s diagnosis, began advocating online for her release, prosecutors said.

They said Gottesfeld in March 2014 launched a distributed denial of service (DDOS) attack on a residential treatment facility called Wayside Youth & Family Support Network where Pelletier was a resident following her discharge from the hospital.

DDOS attacks shut down or slow websites by flooding them with data.

He later in April 2014 launched a DDOS attack on behalf of Anonymous on the network of Boston Children’s Hospital that not only knocked it off the internet but also affected several other nearby hospitals, prosecutors said.

Amid a federal investigation into his role in the cyber attacks, Gottesfeld in early 2016 fled, prosecutor said.

In mid-February 2016, a Disney Cruise Line vessel rescued Gottesfeld and his wife from a disabled powerboat off the coast of Cuba, prosecutors said. He was arrested when the cruise ship returned to Miami.

Source:?https://www.usnews.com/news/us/articles/2018-08-01/massachusetts-man-convicted-of-cyber-attack-on-hospital

10 Big Security Concerns About IoT For Business (And How To Protect Yourself)

In recent years, the Internet of Things (IoT) has vastly changed the way we view, use and interact with smart devices, especially in the business world. Internet-connected virtual assistants, appliances, security systems and more can all communicate and coordinate with each other, allowing business owners to automate and streamline mundane, time-consuming activities.

But for all the conveniences IoT devices afford us, there’s still one major concern that users need to consider: security. Anything that’s connected to the internet has the potential to be hacked and misused. This is especially unsettling considering the amount of personal data IoT devices collect and use.

Members of?Young Entrepreneur Council?discussed their top security concerns related to IoT, as well as how they’re protecting their businesses and customers.

1. Default ‘Raw Data’ Storage

Many developers default to saving data in raw form, provided they have the storage capacity to do so. But in an age when federal law enforcement officers choose to follow unconstitutional orders, storing data can be life-threatening. Whether a company sells a product to law enforcement officers or merely retains data that could be subpoenaed, evaluating how IoT devices and the data they collect can be used to endanger people is a part of modern risk assessment. Setting clear policies on anonymizing user data, as well as data retention, can help limit potential problems. But if you work with a homogeneous team, you won’t be equipped to see how some data may be used. While consultants can help on this point, hiring diversely is more effective and less expensive. -?Thursday?Bram,?The Responsible Communication Style Guide

2. Insecure Devices

Software security is a fundamental problem for the Internet of Things. Before the IoT, businesses had to worry about updating their servers, content management systems, and desktop computers. Today, they have to worry about updating everything from connected coffee machines to security cameras. Businesses are bringing insecure devices into their networks, and then failing to update the software. Failing to apply security patches is not a new phenomenon, but insecure IoT devices with a connection to the open internet are a disaster waiting to happen. Criminals can hack insecure security cameras, for example, and use them as beachheads to access the rest of the company’s network or combine thousands together into botnets to launch devastating DDOS attacks. -?Vik Patel,?Future Hosting

3. Trolls And Bad Players

One of the most notorious examples of IoT and security involves a troll who managed to send white supremacist literature to online printers all over the world simultaneously. This action showed both the overwhelming reach that this new technology holds and its vast potential for corruption. This single action terrified me more than any other exploit, leak, or hack since it showed me how vulnerable we are to those who may want to use this technology for evil purposes. To prevent this, I have adopted IoT technology sparingly and only after an exhaustive vetting process. Despite all of the amazing possibilities this phenomenon can provide, I just can’t trust its security and the intentions of those around me. I’ve passed this paranoia on to my clients, and they seem to appreciate my concern. -?Bryce Welker,?Crush The LSAT

4. Surveillance

With devices all around us, all collecting data, all accessible remotely, there is a new ability to measure and monitor individuals and groups behavior. Organizations have to have a new level of protective measures to ensure this data is not able to be hacked into from the outside. Two key aspects are network security and the encryption of the data. You can go to providers such as Cisco, Bayshore Networks, or Senrio to get new levels of network security. For encryption, look to providers such as Cisco, Entrust Datacard, Gemalto, HPE, Lynx Software Technologies and Symantec. There are many limitations to securing IoT devices so you?ll need to find solutions that work best for your organization and specific device types. -?Baruch Labunski,?Rank Secure

5. Lack Of Updates

Without a verified update cycle, most IoT devices will eventually get hacked.?It may not be?in one year, but it could happen as devices get several years old.?It is not uncommon to see devices five to seven years old in use in offices and at home.?After many years, the original manufacturer could be out of business.?Even if in business, their teams could have moved on to other projects and lack support of the product. Thus, the reliability of future updates is at stake.?When purchasing IoT devices, we try to pinpoint manufacturers who we believe will be around for years to come and have proven to update older products when there is an issue. -?Peter Boyd,?PaperStreet Web Design

6. Data Breaches

As we have learned from the recent Facebook debacle and the millions of personal data that they have shared with its partners, the IoT faces a similar threat as more and more devices join the network and share data. Millions of data points will be collected as devices track our every behavior (for example from when we wake up to how many times we open our refrigerator door) and this data can potentially be shared among a number of different network participants. Unlike Facebook, which is a single entity that controls most of the data, the IoT will see various major players. Managing (and protecting) user’s private data will be a challenge new to this industry. -?Diego Orjuela,?Cables & Sensors

7. Compliant Data Storage

The Internet of Things is generating a huge amount of data that must be processed and stored. Millions of devices will generate petabytes of data, some of which will be linked to identifiable individuals. Canada (PIPEDA) and Europe (GDPR) — and the U.S. to a more limited degree — have regulatory regimes around the privacy of personal data and the penalties can be devastating. As businesses collect more data via the IoT, they must take care not to suck up personal data without storing it securely and in accordance with international privacy standards. As a server hosting provider with data centers in Canada, Europe, and the US, we are compliant with the GDPR and implement a huge range of server, network, and physical security measures to ensure that data is kept safe. -?Justin Blanchard,?ServerMania Inc.

8. DDoS Attacks

The rise of IoT has meant there’s a huge amount of internet-connected computing power that simply didn’t exist before.?If hackers can gain access to insecure devices, they can take down huge portions of the internet by simply hammering servers with relentless requests from thousands or millions of connected devices (DDoS, or distributed denial-of-service). Even if you’re not an IoT company, you probably rely on the services that will be the targets — Amazon AWS, Google Cloud, Github, or Facebook, all of which have a big target on their back and all of which are now providing critical infrastructure to businesses.?You should always have a Plan B, or at the very least, elegant fallback for if and when you lose access to key technological components of your software setup. -?Tim Chaves,?ZipBooks Accounting Software

9. Sensitive Data Storage

To be honest, I?m not sure if there is anything anyone can do to stop the world?s best hackers. Many of them are even capable of hacking into government systems. I take a different approach of not storing super sensitive data in our own database. For example, my e-commerce company does not store credit card information in our database. Even when you offer a recurring billing service, you can always store that sensitive info in a payment gateway?s server (Braintree, PayPal Pro, Authorize.net, etc.). This will allow you to manage recurring billing services without needing to save credit card data on your server, further protecting this information in the event of a data breach. -?Shu Saito,?All Filters LLC

10. Smartphone Security

While my business is about SMS marketing rather than IoT, the common denominator is the widespread use of smartphones. I always urge my clients and employees to be vigilant about safeguarding their phones and apps as this is the entry point hackers often use to gain access to private data. Be sure to use secure passwords and be careful about who you share them with. Be cautious about downloading apps connected to smart devices. Make sure the vendor is trustworthy and be careful about the permissions you set on your apps. When it comes to IoT, you might also want to think about how much automation you really need. Sometimes it just makes your life more complicated, as well as less secure, to have everything connected and automated. -?Kalin Kassabov,?ProTexting

Source: https://www.forbes.com/sites/theyec/2018/07/31/10-big-security-concerns-about-iot-for-business-and-how-to-protect-yourself/#4bd33ebe7416

Copyright © 2013. Created by Meks. Powered by WordPress.