Category - Stop Hackers

Internet security: Slaying the botnet beast and the DDoS dragon
This new type of DDoS attack takes advantage of an old vulnerability
Nine Things That Are Poised To Impact Cybersecurity
How Can Blockchain Be Used to Aid Cybersecurity?
Combating DDoS attacks in Asia Pacific: It?s more than just a defence mechanism
DDoS Attacks Become More Complex and Costly
Bitcoin industry enters top 10 DDoS targets
Cybersecurity and Privacy Predictions for 2018

Internet security: Slaying the botnet beast and the DDoS dragon

Improving device security, better coordination between infrastructure companies, and smarter procurement by businesses are all part of tackling the botnet menace, according to a US government report.

The snappily titled Enhancing the Resilience of the Internet and Communications Ecosystem Against Botnets and Other Automated, Distributed Threats report is the result of an executive order signed by President Donald Trump last May aimed at strengthening the cyber security of federal networks and critical infrastructure.

Botnets and the distributed denial of service (DDoS) attacks they deliver are a growing menace.

Traditional ways of dealing with DDoS effectively involved network providers building in excess capacity to absorb the impact of an attack. However, these incidents have grown in size to more than one terabit per second, far outstripping expected size and excess capacity.

On top of this, standard ways of dealing with DDoS are unable to stop other uses of botnets, such as spreading ransomware. And as botnets add insecure Internet of Things (IoT) devices to magnify their attacks, future incidents can only increase in scale and complexity.

The report from the Department of Homeland Security and the Department of Commerce highlights a number of changes that need to be made.

Infrastructure providers should share more data about evolving threats — especially with smaller, less well-funded, or niche players — and see what benefits come from a move to IPv6, the report said.

Enterprises need to isolate legacy devices and other devices that cannot be secured, deploy on- and off-premise DDoS mitigation services and rethink their network architectures.

Industry and law enforcement should work to find ways to coordinate more often and earlier to detect and prevent threat activity, and to manage incidents that take place.

Devices: the biggest threat

But the biggest section of the report deals with the threat from devices — PCs, smartphones and IoT devices which, it said, have often been designed without security in mind.

“Developers are either unaware of good security design practices, assume that the device will be inaccessible (e.g., on a local network inaccessible from the Internet), or want to avoid security solutions that impose additional cost, increase time to market, or make a device harder for consumers to use. The resulting design choices, such as hard-coded administrative passwords, create inherently insecure devices. In other cases, appropriate security controls are present but usability and user interfaces result in less-secure configurations.”

The report noted that software development result in — optimistically — a flaw every 2,000 lines of code, and many of these flaws create exploitable security vulnerabilities. Although modern servers, desktops, laptops, and smartphones offer significantly fewer opportunities for compromise, this is not the case with new classes of device.

“IoT devices are often sorely lacking in security-focused features. These systems now offer the most attractive target to malicious actors, and are an increasingly large percentage of the devices in the ecosystem,” the report warned.

Another problem is that modern devices are not the only ones connected to the internet: many legacy servers, desktops, laptops, and mobile phones in use today are no longer supported by their manufacturers, so their vulnerabilities cannot be easily addressed. Software piracy can run as high as 70 percent in China, and manufacturers typically restrict the distribution of security patches to systems running legally purchased software, so these systems cannot be secured against known vulnerabilities.

All of this needs to change, the report said.

“Devices must be able to resist attacks throughout their deployment lifecycles — at the time of shipment, during use, and through to end-of-life. For this to occur, security must become a primary design requirement. Vendors must not ship devices with known serious security flaws, must include a secure update mechanism, and must follow best current practices (e.g., no hard-coded passwords, disabling software features that are not critical to operation) for system configuration and administration. Vendors should disclose the minimum duration of support to customers, and device manufacturers should maintain secure update services for the promised duration.”

However, the report acknowledged that at the moment the economics of tech work against security: “Market incentives appear to exacerbate the problem. Product developers prioritize time to market and innovative functionality over security and resilience. Security features are not easily understood or communicated to the consumer, which makes it difficult to generate demand.”

The report said that change could start with the enterprise buyer, and — perhaps optimistically — argued: “The value proposition for better security will likely start in the enterprise environment due to its economies of scale; once there is a generally accepted security posture in a given product class, few manufacturers would be likely to ignore it.”


This new type of DDoS attack takes advantage of an old vulnerability

The new technique has “the potential to put any company with an online presence at risk of attack”, warn researchers.

A newly-uncovered form of DDoS attack takes advantage of a well-known, yet still exploitable, security vulnerability in the Universal Plug and Play (UPnP) networking protocol to allow attackers to bypass common methods for detecting their actions.

Attacks are launched from irregular source ports, making it difficult to determine their origin and blacklist the ports in order to protect against future incidents.

The new form of distributed denial-of-service attack has been uncovered and detailed by researchers at security company Imperva, who say it has been used by unknown attackers twice.

The UPnP protocol is commonly used for device discovery, especially so by Internet of Things devices, which use it to find each other and communicate over a local network.

The protocol is still used, despite known issues around poor default settings, lack of authentication, and UPnP-specific remote code execution vulnerabilities, which make the devices vulnerable to attack.

Just like the much-discussed case of easily exploitable IoT devices, most UPnP device vendors prefer focusing on compliance with the protocol and easy delivery, rather than security,” Avishay Zawoznik, security research team leader at Imperva, told ZDNet.

“Many vendors reuse open UPnP server implementations for their devices, not bothering to modify them for a better security performance.”

Examples of problems with the protocol go all the way back to 2001, but the simplicity of using it means it is still widely deployed. However, Imperva researchers claim the discovery of how it can be used to make DDoS attacks more difficult to attack could mean widespread problems.

“We have discovered a new DDoS attack technique, which uses known vulnerabilities, and has the potential to put any company with an online presence at risk of attack,” said Zawoznik.

Researchers first noticed something was new during a Simple Service Discovery Protocol (SSDP) attack in April. This type of botnet tends to be small and spoofs their victim’s IP addresses in order to query common internet connected devices such as routers, printers and access points.

While most of the attacks were arriving from the usual SSDP port number of 1900, around 12 percent of payloads were arriving from randomised source ports. Imperva investigated and found that a UPnP-integrated attack method could be used to hide source port information.

Attackers could easily find devices to take advantage of by using the Shodan IoT search engine — researchers found over 1.3 million devices which could be exploitable, especially if the attacker used scripts to automate discovery.

In order to not fall victim to this, businesses “should come up with a DDoS protection that is based on the packet payloads, rather than source ports only,” said Zawoznik.

However, researchers note that there is a relatively simple way to protect systems from this and other UNPnP exploits: just block the device from being remotely accessible, because in the vast majority of cases, they note, “it serves no useful function or has any benefit for device users”.


Nine Things That Are Poised To Impact Cybersecurity

One important step every business should take to protect their sensitive customer data is invest in the latest security solutions. This means staying educated and up to date on what?technology?is available and what it does to keep you safe.

According to members of?Forbes?Technology?Council, here are the next big trends in encryption and cybersecurity that businesses should pay attention to.

1. Biometrics

Biometrics will become a critical part of cybersecurity and encryption going forward because it’s nearly impossible to replicate. -?Chalmers Brown,?Due

2. IoT Device Security

The next wave of cybersecurity attacks will come from the internet-of-things (IoT) devices like appliances, lights and cameras. These types of devices are cheap, easy to hack, can be found in large numbers and are geographically distributed, making them ideal targets for a hacker to commandeer and launch a distributed-denial-of-service (DDoS) attack on an unsuspecting enterprise. -?Mark Benson,?Exosite

3. Multi-Factor Authentication And SSO Technologies

Utilize multi-factor authentication and SSO technologies to get a handle on authentication. Integrating this with Hashicorp Vault or an HSM solution can bring about encryption key management, encryption key rotation and administration of all your data. For sensitive information within databases, consider field-level encryption so that even with the breach, any data that is leaked is encrypted. -?Venkat Rangan,?Clari

4. Decentralization Of Data

Decentralizing data used for authentication is here and doing?it for?more?PII is?next.?Firms are abandoning storage of biometrics, PINs,?and passwords and now secure them on endpoints like mobile devices. Users authenticate on-device and swap public keys with their service provider. This reduces the attack surface, lowers IT costs and gives firms more control than legacy centralized systems. -?Bojan Simic,?HYPR Corp.

5. Increased Monitoring And Visibility

Highly publicized cyberattacks of the past few years have all had a common thread — no one noticed the issue until it was far too late. From private files left in public cloud storage to intrusions into legacy systems, lack of visibility has been a killer. Attacks are unavoidable, but detailed monitoring and proactive exfiltration scanning can prevent?an unnoticed breach from making the news. -?Jason Gill,?The HOTH

6. Multi-Layered Approaches To Encryption?

In many cases, encryption may be augmented with blockchain?technology, which is harder to compromise. The model of distributed data storage, cryptographic security and synchronized validation provides multiple layers of protection that are more secure than simple encryption. Data and storage architectures will need to be re-architected to provide the same levels of usability we have today. – Brian NeSmith,?Arctic Wolf

7. Automated Breach Detection

Right now, many companies do penetration testing on their own, and they have logs and may have internal tools to detect breaches. That said, given the frequency of breaches occurring and the amount of time and energy it requires to be on top of them, it’s likely that there are many vendors that will enter this space to offer automated solutions for companies to get help both in finding and preventing breaches. -?David Murray,?

8. Simplified And Integrated Security Models

Layering reactive, signature-based tools still leaves security gaps. Encryption helps, but it does not solve this problem. First, a new, simplified, integrated model is needed and should focus on internal network, communications and endpoint monitoring. Second, defenders need to move away from the known signatures and IOCs to focus on the core network behaviors that all adversaries engage in. – Joseph Polverari,?Versive

9. Blockchain And Mesh Networking

With the rise in popularity of blockchain and decentralized networking, security concerns need to be rethought. It’s true that these technologies decrease centralized attacks, like DDoS. They also essentially eliminate data tampering. That said, the next big security task is protecting data in decentralized environments.?The enterprise will no longer own the hardware layer. – Tom Roberto,?Core?Technology?Solutions



Cybercrime is any criminal activity that involves a computer, networked device or a network. While most cybercrimes are carried out in order to generate profit for the cybercriminals, some cybercrimes are carried out against computers or devices directly to damage or disable them, while others use computers or networks to spread malware, illegal information, images or other materials. Some cybercrimes do both — i.e., target computers to infect them with viruses, which are then spread to other machines and, sometimes, entire networks.

A primary impact from cybercrime is financial, and cybercrime can include many different types of profit-driven criminal activity, including ransomware attacks, email and internet fraud and identity fraud, as well as attempts to steal financial account, credit card or other payment card information. Cybercriminals may target private personal information, as well as corporate data for theft and resale.

Defining cybercrime

The U.S. Department of Justice divides cybercrime into three categories: crimes in which the computing device is the target, for example, to gain network access; crimes in which the computer is used as a weapon, for example, to launch a denial-of-service (DoS) attack; and crimes in which the computer is used as an accessory to a crime, for example, using a computer to store illegally obtained data.

The Council of Europe Convention on Cybercrime, to which the United States is a signatory, defines cybercrime as a wide range of malicious activities, including the illegal interception of data, system interferences that compromise network integrity and availability, and copyright infringements. Other forms of cybercrime include illegal gambling, the sale of illegal items, like weapons, drugs or counterfeit goods, as well as the solicitation, production, possession or distribution of child pornography.

The ubiquity of internet connectivity has enabled an increase in the volume and pace of cybercrime activities because the criminal no longer needs to be physically present when committing a crime. The internet’s speed, convenience, anonymity and lack of borders make computer-based variations of financial crimes, such as ransomware, fraud and money laundering, as well as hate crimes, such as stalking and bullying, easier to carry out.

Cybercriminal activity may be carried out by individuals or small groups with relatively little technical skill or by highly organized global criminal groups that may include skilled developers and others with relevant expertise. To further reduce the chances of detection and prosecution, cybercriminals often choose to operate in countries with weak or nonexistent cybercrime laws.

How cybercrime works

Cybercriminals use a number of attack vectors to carry out their cyberattacks and are constantly seeking new methods and techniques for achieving their goals, while avoiding detection and arrest. Here are common types of attacks cybercriminals have been known to use:

  • Distributed DoS attacks (DDoS) are often used to shut down systems and networks. This type of attack uses a network’s own communications protocol against it by overwhelming its ability to respond to connection requests. DoS attacks are sometimes carried out simply for malicious reasons or as part of a cyberextortion scheme, but they may also be used to distract the victim organization from some other attack or exploit carried out at the same time.
  • Infecting systems and networks with malware is used to damage the system or harm users by, for example, damaging the system, software or data stored on the system. Ransomware attacks are similar, but the malware acts by encrypting or shutting down victim systems until a ransom is paid.
  • Phishing campaigns are used to infiltrate corporate networks by sending fraudulent email to users in an organization, enticing them to download attachments or click on links that then spread viruses or malware to their systems and through their systems to their company’s networks.
  • Credentials attacks, where the cybercriminal aims to steal or guess user IDs and passwords for the victim’s systems or personal accounts, can be carried out through the use of brute force attacks by installing key sniffer software or by exploiting vulnerabilities in software or hardware that can expose the victim’s credentials.
  • Cybercriminals may also attempt to hijack a website to change or delete content or to access or modify databases without authorization. For example, an attacker may use an SQL injection exploit to insert malicious code into a website, which can then be used to exploit vulnerabilities in the website’s database, enabling a hacker to access and tamper with records or gain unauthorized access to data, such as customer passwords, credit card numbers, personally identifiable information (PII), trade secrets, intellectual property and other sensitive information.

Cybercriminals often carry out their activities using malware and other types of software, but social engineering is often an important component for executing most types of cybercrime. Phishing email is an important component to many types of cybercrime, but especially so for targeted attacks, like business email compromise (BEC), in which the attacker attempts to impersonate, via email, a business owner in order to convince employees to pay out bogus invoices.

Types of cybercrime

There are many different types of cybercrime; most cybercrimes are carried out with the expectation of financial gain by the attackers, though the ways cybercriminals aim to get paid can vary. For example:

  • Cyberextortion is crime involving an attack or threat of attack coupled with a demand for money to stop the attack. One form of cyberextortion is the ransomware attack, in which the attacker gains access to an organization’s systems and encrypts its documents, files — anything of potential value — making the data inaccessible until a ransom is paid, usually in some form of cryptocurrency, such as bitcoin.
  • Cryptojacking attacks use scripts to mine cryptocurrencies within browsers without the user’s consent. Such attacks may involve loading cryptocurrency mining software to the victim’s system. However, many attacks depend on JavaScript code that does in-browser mining as long as the user’s browser has a tab or window open on the malicious site; no malware needs to be installed as loading the affected page executes the in-browser mining code.
  • Identity theft occurs when an attacker accesses a computer to glean a user’s personal information that they can then use to steal that person’s identity or access bank or other accounts. Cybercriminals buy and sell identity information on darknet markets, offering financial accounts, as well as other types of accounts, like video streaming services, webmail, video and audio streaming, online auctions and more. Personal health information is another frequent target of identity thieves.
  • Credit card fraud occurs when hackers infiltrate retailers’ systems to get the credit card and/or banking information of their customers. Stolen payment cards can be bought and sold in bulk on darknet markets, where hackers who have stolen mass quantities of credit cards profit by selling to lower-level cybercriminals who profit through credit card fraud against individual accounts.
  • Ransomware is a form of cyberextortion in which the victim device is infected with malware that prevents the owner from using the device or the data stored on it. To regain access to the device or data, the victim has to pay the hacker a ransom. Ransomware can be inadvertently downloaded by opening an infected email attachment, visiting a compromised website or clicking on a pop-up ad.
  • Cyberespionage occurs when a cybercriminal hacks into systems or networks to gain access to confidential information held by a government or other organization. Attacks may be motivated by profit or by ideology, and cyberespionage activities can include every type of cyberattack to gather, modify or destroy data, as well as using network-connected devices, like webcams or closed-circuit TV (CCTV) cameras, to spy on a targeted individual or groups and monitoring communications, including email, text messages and instant messages.

Impact of cybercrime on businesses

The true cost of cybercrime is difficult to accurately assess. In 2018, McAfee released a report on the economic impact of cybercrime that estimated the likely annual cost to the global economy was nearly $600 billion, up from $45 billion in 2014.

While the financial losses due to cybercrime can be significant, businesses can also suffer other disastrous consequences as a result of criminal cyberattacks, including:

  • Damage to investor perception after a security breach can cause a drop in the value of a company. In addition to potential share price drops, businesses may also face increased costs for borrowing and greater difficulty in raising more capital as a result of a cyberattack.
  • Loss of sensitive customer data can result in fines and penalties for companies that have failed to protect their customers’ data. Businesses may also be sued over the data breach.
  • Damaged brand identity and loss of reputation after a cyberattack undermine customers’ trust in a company and that company’s ability to keep their financial data safe. Following a cyberattack, firms not only lose current customers, they also lose the ability to gain new customers.

Businesses may also incur direct costs from a criminal cyberattack, including the cost of hiring cybersecurity companies to do incident response and remediation, as well as public relations and other services related to an attack and increased insurance premium costs.

Impact of cybercrime on national defense

Cybercrimes may have public health and national security implications, making computer crime one of the Department of Justice’s top priorities. In the United States, at the federal level, the FBI’s Cyber Division is the agency within the Department of Justice that is charged with combating cybercrime. The Department of Homeland Security (DHS) sees strengthening the security and resilience of cyberspace as an important homeland security mission, and agencies such as the U.S. Secret Service (USSS) and U.S. Immigration and Customs Enforcement (ICE) have special divisions dedicated to combating cybercrime.

The Secret Service’s Electronic Crimes Task Force (ECTF) investigates cases that involve electronic crimes, particularly attacks on the nation’s financial and critical infrastructures. The Secret Service also runs the National Computer Forensics Institute (NCFI), which provides state and local law enforcement, judges and prosecutors with training in computer forensics. The Internet Crime Complaint Center (IC3), a partnership between the FBI, the National White Collar Crime Center (NW3C) and the Bureau of Justice Assistance (BJA), accepts online complaints from victims of internet crimes or interested third parties.

How to prevent cybercrime

While it may not be possible to completely eradicate cybercrime, businesses can reduce their exposure to it by maintaining an effective cybersecurity strategy using a defense in depth approach to securing systems, networks and data.

Some steps for resisting cybercrime include:

  • developing clear policies and procedures for the business and employees;
  • outlining the security measures that are in place about how to protect systems and corporate data;
  • creating cybersecurity incident response management plans to support these policies and procedures;
  • training new, as well as existing, employees on cybersecurity policies and procedures and what to do in the event of security breaches;
  • keeping websites, endpoint devices and systems current with all software release updates or patches; and
  • backing up data and information regularly to reduce the damage in case of a ransomware attack or data breach.


How Can Blockchain Be Used to Aid Cybersecurity?

With the rapid advancement of internet-based technologies, cybersecurity is a constant cloud looming on the horizon. As the technology evolves, so too, do the cybercriminals. Their constant efforts to steal valuable data and disrupt business through DDoS attacks are increasingly sophisticated.

Holding companies hostage and monetizing data through ransomware techniques is sadly par for the course. In fact, it?s estimated that cybersecurity alone costs the global economy some $450 billion a year. With IT professionals scrambling to stay one step ahead of the hackers, how can blockchain be used to aid cybersecurity?

No Single Point of Failure

The decentralized nature of the blockchain means that there is no single point of failure, nor one central database waiting to be hacked. Information is stored over several databases, and each block is linked to the next in the chain, making no ?hackable? entrance. This provides infinitely greater security than our current, centralized structures.

Removing Human Error

The weakest link in our current system is simple logins that are vulnerable to being cracked. Blockchain can remove human error in cybersecurity, as businesses can authenticate devices without the need for a password system. Each device is provided with a specific SSL certificate, rather than a password. Human intervention becoming a potential hacker vector is consequently avoided.

Bitcoin advocate, adjunct professor at NYU Law School and practicing attorney, Andrew Hinkes, explains, ?Using a public blockchain with proof of work consensus can remove the foibles of human mistake or manipulation.?

Detecting Tampering in Real Time

The blockchain can uncover and reject suspicious behavior in the system in real time. Say, for example, that a hacker tried to interfere with the information in a block. The entire system would be alerted and examine all data blocks to locate the one that stood out from the rest. It would then be recognized as false and excluded from the system.

Improving IoT Security

With the rise in IoT devices, come inherent security risks. We?ve already seen problems occur when trying to disable compromised devices that become part of botnets. According to Kevin Curran, IEEE senior member and professor of cybersecurity at Ulster University, the blockchain can put an end to that:

?The blockchain, with its solid cryptographic foundation offering a decentralized solution can aid against data tampering, thus offering greater assurances for the legitimacy of the data.? This would mean that potentially billions of IoT devices could connect and communicate in a secure ecosystem.


All transactions on the blockchain are highly traceable, using a timestamp and digital signature. Companies can easily go back to the root of each and every transaction to a given date and locate the corresponding party. Since all transactions are cryptographically associated to a user, the perpetrator can be easily found.

Says Hinkes, ?Blockchains create an audit trail of all activity by its participants, which simplifies access control and monitoring.? This offers companies a level of security and transparency on every iteration.

The Takeaway

Currently, the impending threat of DDoS attacks comes from our existing Domain Name System. Blockchain technology would disrupt this completely by decentralizing the DNS and distributing the content to a greater number of nodes. This would make it virtually impossible for cybercriminals to hack and create a secure environment to host the world?s data.


Combating DDoS attacks in Asia Pacific: It?s more than just a defence mechanism

Imagine going to the frontlines of a battlefield wielding a sword and shield only to come face to face with fighter jets from the opponent instead. The crackdown against DDoS attacks is like an arms race enterprises have to face by evolving their weapons and defences against a cyber felon. As attack rates have grown, so has their impact. Despite an increase in DDoS defence spend, Neustar?s recent study found that 90 percent of organisations were hit by breaches that stemmed from DDoS offensives.

IoT as a DDoS attack tool

Just like the hallmarks of a fighter jet are its speed and manoeuvrability, the emergence of cloud computing and IoT devices has streamlined the infrastructure of today?s connected world. As IoT progressed from a stage of nascence to an enterprise driver capable of maintaining inventory levels, delivering real-time metrics on shipments and powering autonomous vehicles, organisations are left with their hands full in attempts to secure the enterprise value chain.

This year was inevitably a watershed moment in IoT security; headlined in the form of IoT botnet Reaper or IoT Troop. The perpetrators infected over a million organisations worldwide by infiltrating routers and smart devices ? far more sophisticated than the 2016 Mirai IoT botnet that exploited weak passwords and infected major websites across the U.S. such as Twitter, Netflix and the New York Times.

What?s more dangerous is that some of these attacks were used as smokescreens to disarm an organisation?s cybersecurity shield while simultaneously causing a temporary relaxation of networking defences to alleviate the effects of the DDoS. Neustar found that more than half (51 percent) of Asia Pacific organisations reported falling prey to viruses stemming from DDoS attacks. As IoT adoption increases, the number of IoT-driven botnets is only set to escalate, presenting attackers with more opportunities to elude detection.

The IoT Culprit

In Asia Pacific, IoT devices remain a tempting target for DDoS attacks ? more than 78 percent of enterprises experienced attacks while their IoT devices were in operation. To make matters worse, once attackers get hold of vulnerable IoT devices and exploit the security deficiency, it becomes nearly impossible to prevent infection without issuing a security update or recalling the affected devices. With 89 percent of organisations suffering a breach, including data theft, dangerous ransomware, and network compromise with DDoS attacks, the dream of a connected world might be a disaster in the waiting.

True to its name, the IoT botnet Reaper spreads through the security gaps in IoT software and hardware causing massive destruction at one go ? amassing more than 20,000 devices and affecting 2 million hosts that have been identified as potential botnet nodes.

Better Detection = Greater Protection

As attacks scale in complexity, organisations need to prime themselves to be at the vanguard in the fight against cyberattacks. The average organisation needs a couple of hours to definitively detect a DDoS attack with reaction times getting longer ? translating to greater vulnerability.

Through an Asia Pacific lens in Singapore, organisations in the financial services sector could be staring at revenue losses upwards of US$15.2m when six hours is taken to respond to a DDoS attack. In Hong Kong, the figure stands at US$29.9m for breaches in the public sector. This threat represents a new reality where the strikes have morphed beyond standard and commonplace into dangerous and continuous. The financial risks alone can exceed far beyond a quarter of a billion dollars and drives home the point that speed in detection and response is an ally to risk mitigation practices.

Neustar found the top three organisational motivations behind DDoS defense investments, namely: preserving customer confidence, prevention of associated attacks including ransomware and proactively strengthening existing protection. It should come as no surprise that those who seek to harm companies use DDoS as a weapon.

There is however, a silver lining. Businesses are acknowledging this threat by deploying Web Application Firewalls (WAF) that filter, analyse and isolate HTTP traffic stemming from web application security flaws. In fact, 53 percent of respondents have added WAF to their combat arsenals against DDoS ? tripling in numbers since March 2017.

The future ahead will offer opportunities for bad actors to devise craftier ways to launch far more dangerous DDoS attacks capable of distracting IT teams and stymieing forensics. Understanding the right combination of defences is crucial and this can be achieved by working with security consultants to develop strategies and law enforcement bodies to provide maximum protection for stakeholders, only then will we be able to remain ahead of the curve on the battlefield and defeat the attackers.



The police arrested an 18-year-old man from Oosterhout in connection with multiple DDoS attacks on the Tax Authority, tech site Tweakers?and internet provider Tweak last week, as well as on online bank Bunq in September last year. The man was arrested on Thursday, February 1st, the police said in a statement on Monday.

In a DDoS attack large amounts of data is sent to the targeted site, overloading the site’s server and thereby crashing the site.

The police worked closely with Tweakers and security company Redsocks?in this investigation. “With this arrest we show that people who commit DDoS attacks do not go unpunished. Investigation must show whether he acted alone or not”, Gert Ras, head of the police’s High Tech Crime team, said. The police are also investigating whether this man is linked to other DDoS attacks on Dutch banks last week. ABN Amro, ING and Rabobank were all hit by multiple attacks.

Redsocks?has indication that the man was also behind the attacks on ING and ABN Amro, investigator Ricky Gevers said to NOS. “We shared information about this with the police.”

Tweakers?reports that the the tech site tracked down the Oosterhout man after he claimed responsibility for several DDoS attacks online. “The suspect claims that he bought 40 euros of capacity from a ‘stresser’, an online service that can be used by companies to test their DDoS?resistance, but can just as easily be used for an actual DDoS.” Tweakers?writes. The suspect hid his identity with a so-called VPN connection, but based on IP addresses Tweakers found out that he had a Tweakers account. The tech site handed over his account details to the police on Thursday, and the police arrested him later that day.

The police also searched the suspect’s home and confiscated his computer and other data carriers for further investigation. The suspect will be arraigned on Tuesday.


DDoS Attacks Become More Complex and Costly

Distributed denial-of-service (DDoS) attacks are more complex and cause more financial damage than ever, new data shows.

According to NETSCOUT Arbor’s 2017?Worldwide Infrastructure Security Report?published today, the number of DDoS attacks that cost organization between $501 to $1,000 per minute in downtime increased by 60%. In addition, 10% of enterprises estimated a major DDoS attack cost them greater than $100,000 in 2017, five times more than previously seen.

Now in its 13th year, the report is based on 390 responses from service providers, hosting, mobile, enterprise, and other types of network operators from around the world. A full 66% of all respondents identify as security, network, or operations professionals.

Gary Sockrider, principal security technologist with NETSCOUT Arbor, says there was a 20% increase in multi-vector attacks in 2017 compared to the previous year. Multi-vector attacks combine high-volume floods, TCP state exhaustion attacks, and application-layer attacks in a single sustained offensive, which makes the attacks more difficult to mitigate and increases the attackers chance of success.

“We found that nearly half the group said they experienced a multi-vector attack,” Sockrider says.

“Along with revenue loss, companies also experience customer and employee churn as well as reputational damage,” he says.

DDoS attacks last year originated primarily from China, Russia, and inside the US, according to the report. The top motivators for the attacks were online gaming-related (50.5%), criminals demonstrating DDoS capabilities to potential customers (49.1%), and criminal extortion attempts (44.4%). Political/ideological disputes were fifth on the list at 34.5%.

Sockrider says due to the global shortage of IT security talent, many respondents were turning to automation? for DDoS mitigation: 36% of service providers use automation tools for DDoS mitigation, and 30% of providers employ on-premise or always-on cloud services for thwarting these attacks.

Meantime, researchers at Imperva researchers developed a list of the Top 12 DDoS Attack Types You Need to Know. Among them:

DNS Amplification: In a reflection type of attack, a perpetrator starts with small queries that use the spoofed IP address of the intended victim. Exploiting vulnerabilities on publicly-accessible DNS servers, the responses inflate into much larger UDP packet payloads and overwhelm the targeted servers.

UDP Flood: The perpetrator uses UDP datagram?containing IP packets to deluge random ports on a target network. The victimized system attempts to match each datagram with an application, but fails. The system soon becomes overwhelmed as it tries to handle the UDP packet reply volume.

DNS Flood: Similar to a UDP flood, this attack involves perpetrators using mass amounts of UDP packets to exhaust server-side resources. However, in this attack the target is DNS servers and their cache mechanisms, with the goal being to prevent the redirection of legitimate incoming requests to DNS zone resources.


Bitcoin industry enters top 10 DDoS targets

The bitcoin industry has become one of the top 10 industries most targeted by distributed denial of service attacks, a report has revealed

A spike in the number of bitcoin-related sites targeted by distributed denial of service (DDoS) attacks coincided with a spike in the value of the cryptocurrency of $4,672 in the third quarter, according to Imperva?s latest global DDoS report.

The report is based on data from 3,920 network layer and 1,755 application layer DDoS attacks on websites using Imperva Incapsula services between 1 July and 30 September 2017.

The data shows that 73.9% of all bitcoin exchanges and related sites on the Imperva Incapsula service were attacked during the quarter, ahead of the cryptocurrency?s meteoric rise to more than $11,600 in the first week of December.

As a result of the third-quarter spike, the relatively small and young bitcoin industry made it into the top 10 most attacked industries during the three-month period, taking eighth spot above the transport and telecoms sectors.

The most-attacked sector was gambling (34.5%), followed by gaming (14.4%) and internet services (10.8%).

Igal Zeifman, director at Imperva Incapsula, said the large number of attacks on bitcoin exchange sites is a clear example of DDoS attackers?following the money.

?As a rule, extortionists?and other?cyber criminals?are commonly?drawn to successful online industries,?especially emerging ones that?are less likely to be well-protected,? he said.

?Specifically for bitcoin, the DDoS attacks we mitigated could also have been attempts?to manipulate the price of bitcoin and other cryptocurrency, something we know?offenders have tried in the past.?

According to the report, organisations targeted by DDoS campaigns in the third quarter spent an average of 12 hours under attack, half of network layer targets were hit at least twice, and almost 30% were attacked more than 10 times.

Nearly one-third of DDoS targets in the third quarter were attacked 10 or more times, with an interval of at least an hour between assaults.

Hong Kong topped Imperva?s list of the most targeted countries for network layer assaults during the quarter, mainly because of a persistent attack on a local hosting service that was hit hundreds of times in the quarter.

The largest application layer assault targeted a financial services company headquartered in Europe, which was hit multiple times with attacks above 100,000 requests per second.

The quarter also saw high packet rate attacks, in which the packet forwarding rate escalates above 50 million packets per second (Mpps), becomes more common, with 5% of all network layer assaults above 50 Mpps, and the largest attack peaking at 238 Mpps.

This is a cause for concern, the report said, because many mitigation systems are ill-equipped to process?packets at such a high rate.

In November 2017, Harshil Parikh, director of security at software-as-a-service platform firm Medallia, told the?IsacaCSX Europe 2017?conference in London that any business dependent on the internet should use tried and tested ways of detecting and mitigating DDoS.

He said it is important that such organisations take time and effort to build their DDoS defence capabilities because DDoS attacks are fairly easy and cheap for attackers to carry out.

?With the advent of botnet-based DDoS attack services that will be effective against most companies, anyone can target an organisation for just a few bitcoins,? said Parikh.


Cybersecurity and Privacy Predictions for 2018

The past year in cybersecurity has been one of combating ransomware extortion attacks, bracing systems against DDoS attacks and securing internet of things (IoT) systems. Looking to next year, cybersecurity experts at McAfee Labs laid out their predictions for the industry’s top concerns in 2018.

Among the top concerns for next year are hackers using machine learning to create an arms race of development, newer ways that hackers will target businesses with ransomware and potential exploits in serverless applications. Privacy is also a growing concern as consumer data collection through our devices shows no signs of slowing.

The McAfee Labs 2018 Threats Predictions Report explains five of the top cybercrime trends to be aware of and prepare for.

Machine learning has been put to use in dozens of industries, including cybersecurity, but cyber criminals are adapting it to automate the process of discovering exploits, responding to defenses and disrupting systems. While machine learning can help automate our defenses by checking defenses and using data to predict attacks, attackers will likely use it as a response, creating an arms war of machine versus machine.

Attackers can use machine learning for a number of purposes, such as machine-driven searches for vulnerabilities, more sophisticated and data-driven phishing attacks, and successfully using weak or stolen credentials over services and devices. Machine-driven attacks can scan for vulnerabilities much faster than humans, allowing them to exploit systems faster than they can be patched.

“We must recognize that although technologies like machine learning, deep learning and artificial intelligence will be cornerstones of tomorrow’s cyber defenses, our adversaries are working just as furiously to implement and innovate around them,” said Steve Grobman, senior vice president and chief technology officer for McAfee.

According to McAfee, machine learning is only as good as the humans who feed it data. Therefore, human and machine partnerships will be essential for combating cyber criminals and their machine learning techniques. It will be up to human defenders to work with machines to find vulnerabilities first and patch them.

Ransomware has already been a problem for businesses everywhere, costing them millions of dollars. According to McAfee, ransomware attacks have risen 56 percent over the last year; however, payments toward the extortions have declined. This can be attributed to more companies improving their data backups, decryption technology and overall awareness of the attacks.

Cyber criminals adapt and are changing their strategies with ransomware. Traditional ransomware is targeted toward computers and databases, blocking users with encryption and demanding a fee (usually in nondetectable cryptocurrency) to return access. Experts, however, see an even greater potential for damage as more of our devices become part of our networks in IoT systems.

While it may seem outlandish now, imagine hackers locking you out of your smart car and demanding a ransom before unlocking it. If hackers find ways to gain access to a company’s devices that are essential to its productivity, analysts predict that the greater loss of profits due to these disruptions will prompt the attackers to go after higher-profile targets.

“The evolution of ransomware in 2017 should remind us of how aggressively a threat can reinvent itself as attackers dramatically innovate and adjust to the successful efforts of defenders,” Grobman said.

McAfee predicts that individuals who are seen as high-value targets can expect threats to shut down their essential devices, such as expensive smartphones and smart home appliances like thermostats and vehicles. Wealthier targets are perceived by hackers as more likely to pay the ransom.

Another trend with ransomware are attacks that encrypt businesses’ data and shut them out of essential systems but that don’t ask for a ransom or appear to have any means to request one. These types of attacks, such as the outbreak of WannaCry Ransomware, are puzzling, with experts theorizing that these attacks are tests or demonstrations to show others their destructive power, making an example of certain businesses so other companies are more willing to pay for their removal.

The use of serverless applications using platforms such as Amazon Web Service to build high-quality and smooth-running applications is growing in popularity, but security experts warn that proper precautions need to be taken before rushing into this technology. Serverless applications are built on a framework where the backend setup and upkeep are handled by a third-party cloud service.

McAfee says that while this saves developers the trouble of maintaining servers and allocating resources, these applications are still vulnerable through traditional means, such as privilege escalation attacks, which allow hackers to hijack the application’s network. Because an application’s function must be transferred over a network to the servers where the data resides, it creates a new point of intrusion for hackers.

As serverless applications continue to catch on, McAfee warns that attacks on the companies that implement them will also increase. As security methods evolve for serverless computing, it’s advised that developers ensure traffic on their application takes place over a VPN or that some form of encryption is used.

Gathering data on consumers becomes easier with each device added to a household. Corporations rely on a consumer’s willingness to hit the I Agree button on privacy agreements without reading them. Corporations have incentives to gather and sell as much data as possible so our connected devices that are capable of listening, watching, tracking and analyzing are turning consumers’ homes into buffets of information.

Corporations can, and likely will, push the line as to how far they can go with data collection, according to McAfee. New updates and firmware installations usually come with new privacy agreements that users must agree to in order to use them, with more permissions and disclosures snuck into the agreements. McAfee predicts that some corporations will tow this line by calculating the cost of breaking privacy laws and paying fines against profits gained by data collection.

While this mass data is consumed with the purpose of marketing in mind, with high-profile data breaches of notable corporations occurring regularly, this trend could result in such data falling into criminal hands.

It’s no secret that employers often pull up search results, histories and digital records of potential employees. For most adults, this history extends to the time we first starting using the internet and building social profiles. It’s technically possible that children born and raised during this time of mass collection could have these profiles created from moment they’re born.

For most small children, data collected is likely trivial. But habits and behaviors can still be recorded and stored. A worst-case scenario explained by McAfee is a child being denied entry to a school because officials could find out they spent most of their time binge-watching videos. The capabilities of technology to gather data on children should be concerning. While it’s hard to tell what this data collection will result in as time goes on, it’s important to know that it’s happening and will likely escalate.

If a child’s privacy is important, then parents are advised to pay attention to the devices they buy, turn off unnecessary features and change the default passwords to something stronger.


Copyright © 2013. Created by Meks. Powered by WordPress.