Federal authorities have arrested two alleged members of a hacking group known as the Apophis Squad on charges of making false threats of violent attacks and staging attacks on multiple computer systems.

According to an announcement from the Department of Justice (DoJ), the two defendants, Timothy Dalton Vaughn, 20, of Winston-Salem, North Carolina, and George Duke-Cohan, 19, of Hertfordshire, United Kingdom, are allegedly part of a global group of hackers suspected of wreaking havoc on the internet for the better part of 2018, including launching distributed-denial-of-service (DDoS) attacks.

Duke-Cohan, who is already serving a three-year sentence in the UK for threatening an airline, which turned out to be a hoax, is believed to go by the names DigitalCrimes and 7R1D3N7 online.

The defendants face multiple charges, including conducting cyber- and swatting attacks against individuals, businesses and institutions in the US and the UK, according to the DoJ.

“Members of Apophis Squad communicated various threats – sometimes using ‘spoofed’ email addresses to make it appear the threats had been sent by innocent parties, including the mayor of London,” the announcement stated.

“They also allegedly defaced websites and launched denial-of-service attacks. In addition, Vaughn allegedly conducted a DDoS attack that took down hoonigan.com, the website of a Long Beach motorsport company, for three days, and sent extortionate emails to the company demanding a Bitcoin payment to cease the attack.”

If convicted of all charges in the 11-count indictment, Vaughn could be sentenced to a maximum of 80 years in prison. Duke-Cohen, who is facing nine charges, would be sentenced to a maximum of 65 years if found guilty.

“The Apophis Squad also took credit for hacking and defacing the website of a university in Colombia, resulting in visitors to the site seeing a picture of Adolf Hitler holding a sign saying ‘YOU ARE HACKED’ alongside the message ‘Hacked by APOPHIS SQUAD,’” the DoJ wrote.

Source: https://www.infosecurity-magazine.com/news/doj-charges-hackers-with-staging-1/

Distributed denial of service (DDoS) attacks are a particularly pernicious form of cyberattack where the bad actor seeks to take down a web site or even an entire corporate network by flooding it with malicious traffic.

DDoS attacks have been around for years – and many cybersecurity vendors have risen to the challenge, bringing increasingly sophisticated DDoS mitigation technologies to market.

The bad actors’ response is woefully predictable: increasingly advanced approaches to DDoS, leading to an escalating cat-and-mouse game, as enterprises and governments seek to stay ahead of the deluge of bad traffic hitting their networks.

Bring in the Bots

DDoS attackers use numerous Internet protocols, from the HTTP at the core of the web to simpler, lower-level protocols that do little more than request a brief acknowledgement from a server as part of an ongoing interaction. Request too many acknowledgements at one time, however, and the server can bog down.

At the next level of sophistication, hackers send such malicious requests from a ‘spoofed’ IP address, fooling the target server into sending a response to a different server, which is the true target. In this way, hackers dupe unwitting organizations into playing a role in the attack, while the victim only sees traffic from presumably trustworthy sites or services, thus amplifying the effect of an attack by a factor of one hundred or more.

DDoS attacks, however, have reached an even higher level of sophistication, as hackers are now able to compromise millions of computers, smartphones, and even Internet of Things (IoT) devices like security cameras and baby monitors, recruiting these devices into botnets that can launch increasingly massive, unpredictable attacks on global targets.

 

To make matters even worse, DDoS technology is simple and inexpensive to purchase on the Dark Web – leading to a black market for increasingly innovative DDoS malware. “There has been increased innovation in DDoS attack tools and techniques,” according to the NETSCOUT Threat Intelligence Report. “The availability of such improved tools has lowered the barrier of entry, making it easier for a broader spectrum of attackers to launch a DDoS attack.”

Size Matters

The simplest mitigation is for an enterprise or government agency to have on-premises equipment with sufficient capacity to absorb DDoS traffic, filtering out the malicious messages while allowing legitimate requests through, a process the industry calls scrubbing.

However, with the increasing sizes of the attacks, such a do-it-yourself approach rapidly becomes too expensive. “The increase in the impact and complexity of attacks continues unabated,” says Marc Wilczek, COO of Link11. “When faced with DDoS bandwidths well over 100 Gbps and multi-vector attacks, traditional IT security mechanisms are easily overwhelmed, and unprotected companies risk serious business disruption, loss of revenue and even fines.”

To place 100 gigabits per second (Gbps) into context, the fastest enterprise local-area ‘gigabit Ethernet’ networks generally run at one Gbps, and the fastest home Internet service will run around 100 megabits per second (Mbps) or a bit higher, which equals one tenth as much bandwidth as one Gbps.

Volumetric DDoS attacks – that is, attacks that consist of the sheer volume of traffic – can well exceed 100 Gbps. According to James Willett, VP technology at DDoS mitigation vendor Neustar, his company has mitigated attacks in excess of 460 Gbps. The largest attacks on record have exceeded 1,700 Gbps.

However, such volumetric attacks are easy to detect – and thus mitigation vendors with high mitigation capacities like Neustar’s 10+ Terabit per second (10,000+ Gbps) globally-distributed platform are able to deal with them in a straightforward fashion.

To respond to this mitigation capability, bad actors are mounting more complex attacks that typically involve enough volume to take down average Internet connections, but do so with intermittent bursts of diverse types of traffic over longer periods of time. “One of our clients is a gaming company,” Willett explains. “This client experienced an attack that lasted six days across numerous network protocols. It was an intermittent attack that generated 91 alerts for new attacks. The attacker was probing different network segments, but also using different attack vectors looking for weakness.”

Some attacks take even longer. “The longest DDoS attack in 2016 lasted 292 hours according to Kaspersky Lab’s research, or about 12 days,” according toRuss Madley, cybersecurity specialist at SecureData Europe, formerly head of B2B at Kapersky Lab. “Most online businesses can ill-afford to have their ‘doors closed’ for even an hour, let alone for 292 hours, as criminals take advantage of their poor defences.”

Multifaceted DDoS Mitigation

When a Neustar on-demand customer detects an incoming DDoS attack, it redirects its network traffic to the Neustar network, which scrubs it and returns the bona fide traffic back to the customer’s network.

This mitigation technique requires a level of sophistication commensurate to the attacker’s. “An attacker’s goal is to mimic legitimate traffic as closely as possible, so that it’s harder to figure out what to filter,” Willett explains. “Neustar tweaks and adjusts filtering in real-time, often looking inside the packets to identify patterns of good or bad traffic to help with filtering.”

Understanding what to filter is almost as important as what not to filter. “We use tools like ThousandEyes to determine whether we are scrubbing too much, which impacts clean traffic, or under-scrubbing, which allows too much dirty traffic,” Willett continues. “We also use ThousandEyes and our own monitoring toolsets to monitor clean traffic tunnels at key points in the infrastructure after scrubbing to ensure availability.”

Neustar’s approach is similar to other DDoS mitigation vendors in the market, including Radware, NETSCOUT Arbor (which NETSCOUT acquired in 2015), Akamai Prolexic (acquired in 2014), and F5.

Regardless of the vendor, however, proper configuration is essential. “For DDoS mitigation to continue working properly it needs to be perfectly configured to the specific network it is protecting,” according to The State of DDoS Protection Report by MazeBolt Technologies. “The problem is that enterprise networks are constantly changing with servers and services added to networks to meet new demands. In order to ensure that DDoS mitigation is perfectly configured, enterprises need to match each network change with a respective fine-tuning of their DDoS mitigation posture.”

Industry analysts are also quick to sound a warning around the complexity of DDoS mitigation. “For bad traffic to be diverted to a scrubbing centre in a seamless action to reduce any downtime, organisations need to have seamless integration between cloud and on-premise solutions, implemented in front of an infrastructure’s network to help mitigate an attack before it reaches core network assets and data,” says Sherrel Roche, senior market analyst at IDC.

Gartner IT +0.32% also offers words of caution. “To implement multiple denial-of-service defence measures at different layers would go beyond purchasing a single security product or signing up with a single service provider,” warns Gartner senior research analyst Rajpreet Kaur.

Who are the Bad Actors?

Unless you’re in the business of creating and selling malware on the Dark Web, the path to profit for a DDoS attacker is murkier than, say, cryptojacking or ransomware.

The key question: what’s in it for them? “The DDoS landscape is driven by a range of actors, from malware authors to opportunistic entities offering services for hire. They are a busy group, constantly developing new technologies and enabling new services while utilizing known vulnerabilities, pre-existing botnets, and well-understood attack techniques,” continues the NETSCOUT Threat Intelligence Report.

At the core of such threats: nation-states. “State-sponsored activity has developed to the point where campaigns and frameworks are discovered regularly for a broad tier of nations,” the NETSCOUT report continues. “Our findings include campaigns attributed to Iran, North Korea, Vietnam, and India, beyond the actors commonly associated with China and Russia.”

Kaspersky Lab also has an opinion. “We expect the profitability of DDoS attacks to continue to grow,” Madley adds. “As a result, [we] will see them increasingly used to extort, disrupt and mask other more intrusive attacks on businesses.”

In addition, the situation is likely to get worse. “When cybercriminals do not achieve their goals of earning money by launching simple DDoS attacks, they have two options,” says Alexey Kiselev, business development manager on the Kaspersky DDoS Protection team. “They can reconfigure the capacities required for DDoS attacks towards other sources of revenue, such as cryptomining, or malefactors who orchestrate DDoS attacks have to improve their technical skills.”

Kiselev concludes: “Given this, we can anticipate that DDoS attacks will evolve in 2019 and it will become harder for companies to detect them and stay protected.”

DDoS attacks, therefore, may not be the quickest route to profitability for bad actors, but given the importance of this attack technique to nation-state cyberwar adversaries, we can expect continued innovation on the part of the hackers. Enterprises and government agencies cannot afford to relax their efforts to combat such attacks.

Source:https://www.forbes.com/sites/jasonbloomberg/2019/02/12/are-hackers-winning-the-denial-of-service-wars/#4b701bc228ea

The website of the National Union of Journalists of the Philippines has again come under a distributed denial of service (DDoS) attack on Monday, February 11, 2019, and already been taken down twice since this morning.

The DDoS displays the same characteristics as the earlier attack that shut down our site twice last Friday.

Between 8-10 a.m. Monday, we were hit with a 76 gb DDoS attack. Although our digital security auditors managed to restore the site Monday morning, another spike in access requests was recorded mid-afternoon, shutting the site a second time.

The website was back online at 4:15 p.m.

According to the initial report of our security auditors, the attackers’ most requested URL path ishttps://nujp.org/?s=duterte, a page that appears when keyword “Duterte” is searched on the website.

Since Friday, the site has been subjected to total of 615 gigabytes of traffic, peaking at 468gb.

Like the previous attack, we strongly believe this is part of an orchestrated campaign to silence critical outfits and organizations that has also targeted alternative news sites such as those of our affiliates, Bulatlat, Kodao Productions, AlterMidya and its latest target, Pinoy Weekly.

Aside from the DDoS attacks, all these organizations, including the NUJP, have also been subjected to red-tagging.

 

Source: https://www.mindanews.com/statements/2019/02/statement-ddos-attacks-on-nujp-alternative-media-continue/

When there’s a DDoS attack against your voice network, are you ready to fight against it?

An estimated 240 million calls are made to 911 in the US each year. With the US population estimated at more than 328 million people as of November 2018, this means each US resident makes, on average, more than one 911 call per year. 911 is a critical communications service that ensures the safety and individual welfare of our nation’s people.

So, what happens when the system goes down?

Unfortunately, answers can include delays in emergency responses, reputational damage to your brand or enterprise by being associated with an outage, and even loss of life or property. We have seen very recent examples of how disruption in 911 services can impact municipalities. For example, days after Atlanta was struck by a widespread ransomware attack, news broke of a hacking attack on Baltimore’s computer-assisted dispatch system, which is used to support and direct 911 and other emergency calls. For three days, dispatchers were forced to track emergency calls manually as the system was rebuilt — severely crippling their ability to handle life-and-death situations.

In 2017, cybersecurity firm SecuLore Solutions reported that there had been 184 cyberattacks on public safety agencies and local governments within the previous two years. 911 centers had been directly or indirectly attacked in almost a quarter of those cases, most of which involved distributed denial-of-service (DDoS) attacks.

Unfortunately, these kinds of DDoS attacks will continue unless we make it a priority to improve the security of voice systems, which remain dangerously vulnerable. This is true not just for America’s emergency response networks, but also for voice networks across a variety of organizations and industries.

The Evolving DDoS Landscape
In today’s business world, every industry sector now relies on Internet connectivity and 24/7 access to online services to successfully conduct sales, stay productive, and communicate with customers. With each DDoS incident costing $981,000 on average, no organization can afford to have its systems offline.

This is a far cry from the early days of DDoS, when a 13-year-old studentdiscovered he could force all 31 users of the University of Illinois Urbana-Champaign’s CERL instruction system to power off at once. DDoS was primarily used as a pranking tool until 2007, when Estonian banks, media outlets, and government bodies were taken down by unprecedented levels of Internet traffic, which sparked nationwide riots.

Today, DDoS techniques have evolved to use Internet of Things devices, botnets, self-learning algorithms, and multivector techniques to amplify attacks that can take down critical infrastructure or shut down an organization’s entire operations. Last year, GitHub experienced the largest-ever DDoS attack, which relied on UDP-based memcached traffic to boost its power. And just last month, GitHub experienced a DDoS attack that was four times larger.

As these attacks become bigger, more sophisticated, and more frequent, security measures have also evolved. Organizations have made dramatic improvements in implementing IP data-focused security strategies; however, IP voice and video haven’t received the same attention, despite being equally vulnerable. Regulated industries like financial services, insurance, education, and healthcare are particularly susceptible — in 2012, a string of DDoS attacksseverely disrupted the online and mobile banking services of several major US banks for extended periods of time. Similarly, consider financial trading — since some transactions are still done over the phone, those jobs would effectively grind to a halt if a DDoS attack successfully took down their voice network.

As more voice travels over IP networks and as more voice-activated technologies are adopted, the more DDoS poses a significant threat to critical infrastructure, businesses, and entire industries. According to a recent IDC survey, more than 50% of IT security decision-makers say their organization has been the victim of a DDoS attack as many as 10 times in the past year.

Say Goodbye to DDoS Attacks
For the best protection from DDoS attacks, organizations should consider implementing a comprehensive security strategy that includes multiple layers and technologies. Like any security strategy, there is no panacea, but by combining the following solutions with other security best practices, organizations will be able to better mitigate the damages of DDoS attacks:

  • Traditional firewalls: While traditional firewalls likely won’t protect against a large-scale DDoS attack, they are foundational in helping organizations protect data across enterprise networks and for protection against moderate DDoS attacks.
  • Session border controllers (SBCs): What traditional firewalls do for data, SBCs do for voice and video data, which is increasingly shared over IP networks and provided by online services. SBCs can also act as session managers, providing policy enforcement, load balancing and network/traffic analysis. (Note: Ribbon Communications is one of a number of companies that provide SBCs.)
  • Web application firewalls: As we’ve seen with many DDoS attacks, the target is often a particular website or online service. And for many companies these days, website uptime is mission-critical. Web application firewalls extend the power of traditional firewalls to corporate websites.

Further, when these technologies are paired with big data analytics and machine learning, organizations can better predict normative endpoint and network behavior. In turn, they can more easily identify suspicious and anomalous actions, like the repetitive calling patterns representative of telephony DoS attacks or toll fraud.

DDoS attacks will continue to be a threat for organizations to contend with. Cybercriminals will always look toward new attack vectors, such as voice networks, to find the one weak spot in even the most stalwart of defenses. If organizations don’t take the steps necessary to make voice systems more secure, critical infrastructure, contact centers, healthcare providers, financial services and educational institutions will certainly fall victim. After all, it only takes one overlooked vulnerability to let attackers in.

Source: https://www.darkreading.com/attacks-breaches/when-911-goes-down-why-voice-network-security-must-be-a-priority-/a/d-id/1333782

The internet of things (IoT) brings has opened new horizons, from smart-city advancements to transforming how industries produce goods. For example, by connecting assets in a factory, manufacturers can have better insight into the health of their machinery and predict any major problems with their hardware before it happens, allowing them to stay one step ahead of their systems and keep costly outages to a minimum.

But, despite its life-enhancing and cost-saving benefits, IoT has proven to be a minefield to secure.

There are several reasons why. First and foremost is a general lack of awareness among consumers and businesses. The convenience and cost-saving benefits of IoT tech appear to outweigh the potential risks.

Another challenge is securing not just the IoT devices but also the networks over which their data is transferred. IoT devices increase the amount of entry points into a home or business network, which in turn could give hackers access to devices such as computers that contain sensitive data.

Eventually we could see almost every home device connected to the internet, not necessarily with any consumer benefit but instead geared toward data collection. And IoT sensors increasingly are being used by businesses of all sizes across numerous industries including health care and manufacturing. This setup can be incredibly valuable for businesses, but is also highly susceptible to penetration by hackers.

In the past, businesses haven’t always focused on building end-to-end security into the network. This is set to change as attitudes evolve. In fact, thanks to emerging tech platforms, the industry is developing new ways to protect IoT devices from increasingly sophisticated hackers and there will be significant opportunities for those working in the IoT security space.

Let’s look at the impact of some emerging platforms on the security space:

Using blockchain technology can reduce the risk of IoT devices being put at risk by a security breach at a single point. By getting rid of a central authority in IoT networks, blockchain would enable device networks to validate and protect themselves. For example, devices in a common group could stop or alert the user if asked to carry out tasks that appear unusual, such as being commandeered by hackers to carry out distributed denial of service (DDoS) attacks.

Artificial intelligence can help to speed up the process of identifying potential risks. AI is set to be so integral to cybersecurity in the future that it is estimated that the global AI security market will reach $18.2 billion by 2023, according to a recent report.

Meanwhile, just as new technology platforms have opened doors for hackers, new security platforms are being developed to combat the threat. Interactive visual walls, dashboard displays, 3D object recognition and a virtual reality experience provide a glimpse of the security capabilities that can help organizations build and monitor cybersecurity platforms, as suited to their business needs.

Be Ready for Anything

At this point, security breaches have become almost inevitable, rather than something that can be completely avoided. Without adequate security, even innocuous items that generally pose no threat can be transformed into something far more sinister—for example, traffic lights that tell cars and pedestrians to go at the same time.

As a result, it’s important that organizations take time to think about how they can work together to create an end-to-end infrastructure that can deal with the influx of new devices. With this increased threat, the focus is shifting from prevention to resilience.

Education is key and makers of IoT devices, ISPs and the government all must play a vital role in boosting awareness of IoT security among consumers and businesses. At a government level, it also may be necessary to provide education to boost the digital literacy of policymakers. More regulation and standardization are needed to ensure that IoT devices adhere to a certain level of security, while manufacturers must develop clear privacy policies for their IoT devices and ensure that consumers know how to adjust the security settings. Even simple steps such as not setting default passcodes as “0000” or “1234” could help keep devices more secure in the future.

Businesses must talk openly about vulnerabilities, promoting awareness and accountability. Resources that are currently focused on prevention need to be redeployed toward the timely detection of and response to potential security hacks.

The best way to approach this is a layered security solution. That means security at the device level, over the air and once it gets to the network. This approach can secure the end device, over the air like a VPN, the pipe between a device and the network and once it gets onto the network.

With emerging technological platforms such as cloud computing and IoT offering more gateways to hackers, it is now more critical than ever for companies to institute holistic security platforms to deal with these threats. Only with everyone working together toward a common goal will the new technology platforms that have the power to improve our lives be used only to do good.

Source: https://securityboulevard.com/2019/02/the-evolving-approach-to-iot-security/