75% of organisations are worried about bot traffic posing a security threat, according to new research by the Neustar International Security Council

Thanks to the proliferation of the Internet of Things, the ability for bots to cause havoc at a global level has increased significantly.

IoT devices are susceptible to becoming part of a malicious botnet, and it’s possible for hackers to weaponise IoT devices to launch powerful DDoS attacks. As more devices are connected to the Internet, these types of attack pose an increased risk to not only the defences of an enterprise but also to a whole nation.

As such, 75% of organisations surveyed by the Neustar International Security Council (NISC) are concerned about bot traffic posing a threat to data security.

Security professionals perceived DDoS attacks to be the highest threat to their enterprise, 52% admitting to being on the receiving end of an attack. This was followed by system compromise, ransomware and financial theft.

“Fears around bot traffic and bot-powered DDoS attacks are extremely valid but by no means new,” said Rodney Joffe, Head of the NISC and Neustar Senior Vice President and Fellow. “Unfortunately, bot traffic makes up a large proportion of the Internet.”

Alarmingly, these fears persist even though the same number of enterprises already have bot traffic management solutions in place – implying a continuing gap between attack sophistication and organisational readiness.

“It is key that organisations make sure incoming data is scrubbed in real-time, while also identifying patterns of good and bad traffic to help with filtering. While it is encouraging to see that more organisations are implementing bot traffic management solutions, it is imperative that businesses employ a holistic protection strategy across every layer for the best level of protection. Implementing a Web Application Firewall (WAF) is crucial for preventing bot-based volumetric attacks, as well as threats that target the application layer.”

For the study, the NISC interviewed 200 senior position holders such as CTOs. IT directors and security consultants across the EMEA region.

 Source: https://www.information-age.com/bott-traffic-ddod-123479379/

2018 was a rocky year security-wise. Governments, universities, power companies and ‘big name’ entreprises became victims of elaborate hacks. This year, 75% of CEOs and board members name cybersecurity and technology acquisitions among their top priorities. Blockchain-based solutions are among the commonly considered options. And not just among business leaders.

Recently, NASA decided to implement blockchain technology in order to boost cybersecurity, and prevent denial of service and other attacks on air traffic services. They will do this by using the same distributed ledger technology that is often associated with bitcoin and other cryptocurrencies.

 Clearly, blockchain is emerging as a very viable technology when it comes to protecting businesses and other entities from cyber attacks. Here are four promising use cases, moving from the labs to real life.

1. Decentralized Storage Solutions

Data is becoming a more valuable currency, than well…currency. Your business accumulates tones of sensitive data about your customers. Unfortunately, this data is also quite attractive to  hackers. And one of the most convenient things you do for cyber criminals is store all of it in one place. It’s a bit like storing all of your cash and jewelry in a shoe box at home, then being shocked when a burglar walks off with the entire thing.

Unfortunately, businesses are still using centralized storage when it comes to data. However, this appears to be changing slowly. Blockchain-based storage solutions are gaining popularity. For instance, The Apollo data cloud (developed by Apollo Currency team) allows users to archive data on the blockchain and grant permission for accessing to third-parties. The cryptographic access key can be revoked at any time, further reducing the risk of a breach. Thanks to the decentralized nature of blockchain technology, hackers no longer have a single point of entry, nor can they access entire repositories of data in the event that they do get in.  This feature is one of the main reasons why enterprises are now considering blockchain as data privacy solution.

2. IoT Security

Hackers often gain access to systems by exploiting weaknesses in edge devices. These include routers and switches. Now, other devices such as smart thermostats, doorbells, even security cameras are also vulnerable. Simply put, the rigorousness is often not applied when ensuring whether these IoT devices are secure.

Blockchain technology can be used to protect systems, and devices from attacks. According to Joseph Pindar, co-founder of the Trusted IoT Alliance, blockchain can give those IoT devices enough “smarts” to make security decisions without relying on a central authority. For instance, devices can form a group consensus regarding the normal occurrences within a given network, and to lockdown any nodes that behave suspiciously.

Blockchain technology can also protect all the data exchanges happening between IoT devices. It can be used to attain near real-time secure data transmissions and ensure timely communication between devices located thousands of miles apart. Additionally, blockchain security means that there is no longer a centralized authority controlling the network and verifying the data going through it. Staging an attack would be much harder (if even possible).

3. Safer DNS

DNS is largely centralized. As a result, hackers can break into the connection between website name and IP address and wreak havoc. They can cash websites, route people to scam websites, or simply make a website unavailable. They can also pair DNS attacks with DDoS attacks to render websites utterly unusable for extended periods of time. The current most effective solution to such issues is to tail log files and enable real-time alerts for suspicious activities.

A blockchain-based system can take security one step further. Because it’s decentralized, it would be that much more difficult for hackers to find and exploit single points of vulnerability. Your domain information can be stored immutably on a distributed ledger, and the connection can be powered by immutable smart contracts.

4. Implementing Security in Private Messaging

As conversational commerce becomes more popular, a lot of meta data is collected from customers during these exchanges on social media.

While many messaging systems use end-to-end encryption, others are beginning to use blockchain to keep that information secure. At the moment, most messaging apps lack a standard set of security protocols and a unified API framework for enabling “cross-messenger” communications. The emerging secure blockchain communication ecosystems tackle this issue and work towards creating a new system of unified communication. Blockchain is a great solution for that as it secures all data exchanges and enables connectivity between different messaging platforms.

No matter where or how it’s applied, the key factor in using blockchain as a cybersecurity  method is decentralization. When access control, network traffic, and even data itself is no longer held in a single location, it becomes much more difficult for cyber criminals to exploit. This has the potential to mean more security, and less vulnerability.

Source: https://www.forbes.com/sites/andrewarnold/2019/02/20/4-promising-use-cases-of-blockchain-in-cybersecurity/#478fd4c76c1a

Beijing: As the Chinese government rejects claims it is behind the cyber attack on the Australian Parliament, Chinese research shows China is the world’s biggest target of cyber attacks.

Beijing security firm Knownsec Information Technology reported on Monday that Chinese organisations suffered an average of 800 million cyber attacks daily in 2018, hitting a peak of 4.9 billion a day in August.

Most (97 per cent) were by domestic hackers, but a growing percentage came from overseas, the report said.

Tens of millions of attacks each day came from the US, South Korea and Japan with government and financial websites more likely to be targets.

The annual report claimed China suffered the worst rate of distributed denial of service attacks (DDOS) in the world last year . But scanning and backdoor intrusions made up the majority of attacks.

“The pressure on cyber attacks on government websites is increasing. Especially during sensitive events such as sudden political and military incidents, there will be a significant increase in attacks on government websites,” the Knownsec report said.

In a mirror-like claim to those often directed at China by western democracies, the report, intended for Chinese business executives, warned:  “Some hidden professional hacking organisations have carried out long-term infiltration to Chinese government, military, financial and other industry websites”.

 Australian think-tanks blame China for the sophisticated cyber attack on Australia’s Parliament and major political parties. The federal government has not attributed blame but embarked on an investigation to find the “state actor” responsible.

Director of the Australian Studies Centre at East China Normal University, Chen Hong, said blaming China was “purely paranoid”.

“Observers here are getting increasingly fed up with such ceaseless slandering, finger-pointing against China, while no evidence could substantiate their accusations,” he said from Shanghai.

He said “hacking is an international criminal activity that has been affecting many countries. China has been a victim and China is developing its own capabilities to counter hackers.”

Kaspersky Labs founder Eugene Kaspersky told an Internet World Conference in 2017 that 80 to 90 per cent of the “highly complicated, very professional malicious projects” his researchers uncovered each year were state-sponsored attacks.

“We don’t do attribution because attribution in cyber space is very complicated and very easy to point the finger at the wrong source,” the Russian computer scientist said.  US government agencies are banned from using Kaspersky software.

Chinese Foreign Ministry spokeswoman Hua Chungying last month hit back at claims China was hacking international organisations by citing the PRISM program, the Equation Group and WannaCry ransomware which she said were “the result of a particular country’s attempt to develop offensive cyber tools, that wreaked havoc globally”.

The Equation Group is a hacking group that was alleged by Kaspersky Labs in 2015 to be linked to the United States National Security Agency (NSA).

Prism is a program used by NSA to tap communications in popular western social media apps.

WannaCry – which was ultimately attributed to a North Korean hacker – used stolen NSA code, Wired magazine has reported.

Chinese Foreign Ministry spokesman Geng Shuang said on Monday in response to Australian media reports that China was behind the Parliament attack: “With cyberspace being a highly virtual one, filled with multiple actors whose behaviour is difficult to trace, one should present abundant evidence when investigating and determining the nature of a cyberspace activity instead of making baseless speculations and firing indiscriminate shots at others.”

Source: https://www.smh.com.au/world/asia/china-the-world-s-biggest-hacking-victim-chinese-report-says-20190219-p50yu8.html

Federal authorities have arrested two alleged members of a hacking group known as the Apophis Squad on charges of making false threats of violent attacks and staging attacks on multiple computer systems.

According to an announcement from the Department of Justice (DoJ), the two defendants, Timothy Dalton Vaughn, 20, of Winston-Salem, North Carolina, and George Duke-Cohan, 19, of Hertfordshire, United Kingdom, are allegedly part of a global group of hackers suspected of wreaking havoc on the internet for the better part of 2018, including launching distributed-denial-of-service (DDoS) attacks.

Duke-Cohan, who is already serving a three-year sentence in the UK for threatening an airline, which turned out to be a hoax, is believed to go by the names DigitalCrimes and 7R1D3N7 online.

The defendants face multiple charges, including conducting cyber- and swatting attacks against individuals, businesses and institutions in the US and the UK, according to the DoJ.

“Members of Apophis Squad communicated various threats – sometimes using ‘spoofed’ email addresses to make it appear the threats had been sent by innocent parties, including the mayor of London,” the announcement stated.

“They also allegedly defaced websites and launched denial-of-service attacks. In addition, Vaughn allegedly conducted a DDoS attack that took down hoonigan.com, the website of a Long Beach motorsport company, for three days, and sent extortionate emails to the company demanding a Bitcoin payment to cease the attack.”

If convicted of all charges in the 11-count indictment, Vaughn could be sentenced to a maximum of 80 years in prison. Duke-Cohen, who is facing nine charges, would be sentenced to a maximum of 65 years if found guilty.

“The Apophis Squad also took credit for hacking and defacing the website of a university in Colombia, resulting in visitors to the site seeing a picture of Adolf Hitler holding a sign saying ‘YOU ARE HACKED’ alongside the message ‘Hacked by APOPHIS SQUAD,’” the DoJ wrote.

Source: https://www.infosecurity-magazine.com/news/doj-charges-hackers-with-staging-1/

Distributed denial of service (DDoS) attacks are a particularly pernicious form of cyberattack where the bad actor seeks to take down a web site or even an entire corporate network by flooding it with malicious traffic.

DDoS attacks have been around for years – and many cybersecurity vendors have risen to the challenge, bringing increasingly sophisticated DDoS mitigation technologies to market.

The bad actors’ response is woefully predictable: increasingly advanced approaches to DDoS, leading to an escalating cat-and-mouse game, as enterprises and governments seek to stay ahead of the deluge of bad traffic hitting their networks.

Bring in the Bots

DDoS attackers use numerous Internet protocols, from the HTTP at the core of the web to simpler, lower-level protocols that do little more than request a brief acknowledgement from a server as part of an ongoing interaction. Request too many acknowledgements at one time, however, and the server can bog down.

At the next level of sophistication, hackers send such malicious requests from a ‘spoofed’ IP address, fooling the target server into sending a response to a different server, which is the true target. In this way, hackers dupe unwitting organizations into playing a role in the attack, while the victim only sees traffic from presumably trustworthy sites or services, thus amplifying the effect of an attack by a factor of one hundred or more.

DDoS attacks, however, have reached an even higher level of sophistication, as hackers are now able to compromise millions of computers, smartphones, and even Internet of Things (IoT) devices like security cameras and baby monitors, recruiting these devices into botnets that can launch increasingly massive, unpredictable attacks on global targets.

 

To make matters even worse, DDoS technology is simple and inexpensive to purchase on the Dark Web – leading to a black market for increasingly innovative DDoS malware. “There has been increased innovation in DDoS attack tools and techniques,” according to the NETSCOUT Threat Intelligence Report. “The availability of such improved tools has lowered the barrier of entry, making it easier for a broader spectrum of attackers to launch a DDoS attack.”

Size Matters

The simplest mitigation is for an enterprise or government agency to have on-premises equipment with sufficient capacity to absorb DDoS traffic, filtering out the malicious messages while allowing legitimate requests through, a process the industry calls scrubbing.

However, with the increasing sizes of the attacks, such a do-it-yourself approach rapidly becomes too expensive. “The increase in the impact and complexity of attacks continues unabated,” says Marc Wilczek, COO of Link11. “When faced with DDoS bandwidths well over 100 Gbps and multi-vector attacks, traditional IT security mechanisms are easily overwhelmed, and unprotected companies risk serious business disruption, loss of revenue and even fines.”

To place 100 gigabits per second (Gbps) into context, the fastest enterprise local-area ‘gigabit Ethernet’ networks generally run at one Gbps, and the fastest home Internet service will run around 100 megabits per second (Mbps) or a bit higher, which equals one tenth as much bandwidth as one Gbps.

Volumetric DDoS attacks – that is, attacks that consist of the sheer volume of traffic – can well exceed 100 Gbps. According to James Willett, VP technology at DDoS mitigation vendor Neustar, his company has mitigated attacks in excess of 460 Gbps. The largest attacks on record have exceeded 1,700 Gbps.

However, such volumetric attacks are easy to detect – and thus mitigation vendors with high mitigation capacities like Neustar’s 10+ Terabit per second (10,000+ Gbps) globally-distributed platform are able to deal with them in a straightforward fashion.

To respond to this mitigation capability, bad actors are mounting more complex attacks that typically involve enough volume to take down average Internet connections, but do so with intermittent bursts of diverse types of traffic over longer periods of time. “One of our clients is a gaming company,” Willett explains. “This client experienced an attack that lasted six days across numerous network protocols. It was an intermittent attack that generated 91 alerts for new attacks. The attacker was probing different network segments, but also using different attack vectors looking for weakness.”

Some attacks take even longer. “The longest DDoS attack in 2016 lasted 292 hours according to Kaspersky Lab’s research, or about 12 days,” according toRuss Madley, cybersecurity specialist at SecureData Europe, formerly head of B2B at Kapersky Lab. “Most online businesses can ill-afford to have their ‘doors closed’ for even an hour, let alone for 292 hours, as criminals take advantage of their poor defences.”

Multifaceted DDoS Mitigation

When a Neustar on-demand customer detects an incoming DDoS attack, it redirects its network traffic to the Neustar network, which scrubs it and returns the bona fide traffic back to the customer’s network.

This mitigation technique requires a level of sophistication commensurate to the attacker’s. “An attacker’s goal is to mimic legitimate traffic as closely as possible, so that it’s harder to figure out what to filter,” Willett explains. “Neustar tweaks and adjusts filtering in real-time, often looking inside the packets to identify patterns of good or bad traffic to help with filtering.”

Understanding what to filter is almost as important as what not to filter. “We use tools like ThousandEyes to determine whether we are scrubbing too much, which impacts clean traffic, or under-scrubbing, which allows too much dirty traffic,” Willett continues. “We also use ThousandEyes and our own monitoring toolsets to monitor clean traffic tunnels at key points in the infrastructure after scrubbing to ensure availability.”

Neustar’s approach is similar to other DDoS mitigation vendors in the market, including Radware, NETSCOUT Arbor (which NETSCOUT acquired in 2015), Akamai Prolexic (acquired in 2014), and F5.

Regardless of the vendor, however, proper configuration is essential. “For DDoS mitigation to continue working properly it needs to be perfectly configured to the specific network it is protecting,” according to The State of DDoS Protection Report by MazeBolt Technologies. “The problem is that enterprise networks are constantly changing with servers and services added to networks to meet new demands. In order to ensure that DDoS mitigation is perfectly configured, enterprises need to match each network change with a respective fine-tuning of their DDoS mitigation posture.”

Industry analysts are also quick to sound a warning around the complexity of DDoS mitigation. “For bad traffic to be diverted to a scrubbing centre in a seamless action to reduce any downtime, organisations need to have seamless integration between cloud and on-premise solutions, implemented in front of an infrastructure’s network to help mitigate an attack before it reaches core network assets and data,” says Sherrel Roche, senior market analyst at IDC.

Gartner IT +0.32% also offers words of caution. “To implement multiple denial-of-service defence measures at different layers would go beyond purchasing a single security product or signing up with a single service provider,” warns Gartner senior research analyst Rajpreet Kaur.

Who are the Bad Actors?

Unless you’re in the business of creating and selling malware on the Dark Web, the path to profit for a DDoS attacker is murkier than, say, cryptojacking or ransomware.

The key question: what’s in it for them? “The DDoS landscape is driven by a range of actors, from malware authors to opportunistic entities offering services for hire. They are a busy group, constantly developing new technologies and enabling new services while utilizing known vulnerabilities, pre-existing botnets, and well-understood attack techniques,” continues the NETSCOUT Threat Intelligence Report.

At the core of such threats: nation-states. “State-sponsored activity has developed to the point where campaigns and frameworks are discovered regularly for a broad tier of nations,” the NETSCOUT report continues. “Our findings include campaigns attributed to Iran, North Korea, Vietnam, and India, beyond the actors commonly associated with China and Russia.”

Kaspersky Lab also has an opinion. “We expect the profitability of DDoS attacks to continue to grow,” Madley adds. “As a result, [we] will see them increasingly used to extort, disrupt and mask other more intrusive attacks on businesses.”

In addition, the situation is likely to get worse. “When cybercriminals do not achieve their goals of earning money by launching simple DDoS attacks, they have two options,” says Alexey Kiselev, business development manager on the Kaspersky DDoS Protection team. “They can reconfigure the capacities required for DDoS attacks towards other sources of revenue, such as cryptomining, or malefactors who orchestrate DDoS attacks have to improve their technical skills.”

Kiselev concludes: “Given this, we can anticipate that DDoS attacks will evolve in 2019 and it will become harder for companies to detect them and stay protected.”

DDoS attacks, therefore, may not be the quickest route to profitability for bad actors, but given the importance of this attack technique to nation-state cyberwar adversaries, we can expect continued innovation on the part of the hackers. Enterprises and government agencies cannot afford to relax their efforts to combat such attacks.

Source:https://www.forbes.com/sites/jasonbloomberg/2019/02/12/are-hackers-winning-the-denial-of-service-wars/#4b701bc228ea