Bots that can launch hundreds of attacks per second are making account takeover fraud more difficult to defend against.

Modern malicious botnets can do far more than launch huge DDoS attacks: According to a new report, criminals participating in account takeover activities are using botnets to launch more than 100 of these attacks every second.

The report, published by e-commerce fraud prevention company Forter, says that between 20% and 30% of all account takeover attacks are launched by organized fraud rings, and these organized groups are seeing greater success. More than 80% of all account takeover attacks are launched by fewer than 10% of the attackers targeting the site.

Organizations that offer more services on their web sites may increase customer loyalty, but they also increase their site’s attractiveness to criminals, says the report. Loyalty programs, for example, increase their risk of account takeover attacks by as much as 200%.

As for prevention, the report points out that a focus solely on the point of transaction may be misguided, since fraud actors may well have been watching a victim’s behavior for days or weeks.

Source: https://www.darkreading.com/vulnerabilities-and-threats/report-bots-add-volume-to-account-takeover-attacks/d/d-id/1333658

  • Cybersecurity company Recorded Future conducted a research study on the history of Iran’s hacker culture, its ties to the country’s government and mistakes the loosely tied-together group has made along the way.
  • Forums started in 2002 have provided a launch point for a series of sophisticated attacks against world governments and companies throughout the past two decades, according to the report.

Iranian hackers have congregated since at least 2002 in online forums to share tips on the best ways to create successful cyberattacks.

Those conversations have given birth to some of the most significant global cybersecurity incidents, including devastating attacks on Saudi Aramco, attacks against the public-facing websites of large banks and espionage campaigns on a wide range of Western targets, according to new research by cybersecurity intelligence firm Recorded Future.

Among the findings in the report:

  • A forum called “Ashiyane,” created by a cybersecurity company called the Ashiyane Digital Security Team, served as a medium for Iranian contractors to show off their talents for executing successful online offensive campaigns.
  • The forum was one of Iran’s most popular with around 20,000 users and had direct ties to Iran’s Islamic Revolutionary Guard Corps.
  • Many of the hackers on the forum considered themselves “gray hats,” a term for hackers that participate in both legitimate and criminal cyber actions. It’s a mixture of the term “white hat,” which refers to ethical hackers, and “black hats,” which refers to hackers who take part in malicious or illegal activities.
  • During the Iranian green movement of 2009, the forum was one of only a few that remained in use as Iran’s government cracked down on hacking websites.
  • The forum’s archives feature details of how participants shared information on how to execute distributed denial of service attacks, or DDOS attacks, which are meant to push websites out of service by flooding them with information, as well as Android exploits and commonly used cyberattack techniques.
  • The forum was shutdown in 2018. Though the reason for the shutdown is not clearly known, Recorded Future cites sources as saying the forums became involved in online gambling, an endeavor explicitly prohibited in the Islamic state.

Source: https://www.cnbc.com/2019/01/16/new-research-offers-a-glimpse-inside-the-online-forums-where-iranian-hackers-congregate.html

If a week is a long time in politics, as former British Prime Minister Harold Wilson observed, a year in cyber security can seem like an eternity. But despite the rapid changes, many things remain constant. We can always expect cyber criminals to embrace new technology as fast as legitimate businesses do, and to use it to launch new types of attacks that are ever more damaging and harder to defend against.

DDoS attacks are a case in point. In April 2018, the UK’s National Crime Agency named DDoS as the leading threat facing businesses. The Agency noted the sharp increase in attacks on a range of organisations during 2017 and into 2018, and advised organisations to take immediate steps to protect themselves against the escalating threat.

DDoS gets bigger, stronger, smarter

This warning was timely, as through late 2017 and into 2018, DDoS attacks got much larger – and that trend is showing no signs of slowing down. In Q3 of 2018, the average DDoS attack volume more than doubled compared to Q1, from 2.2 Gbps to 4.6 Gbps according to Link11´s latest DDoS Report. These attack volumes are far beyond the capacity of most websites, so this is an alarming trend. Compared to Q2, the total number of attacks also grew by 71% in Q3, to an average of over 175 attacks per day.

Attacks also got more sophisticated. 59% of DDoS incidents in Q3 of 2018 used two or more attack vectors, compared with 46% in Q2. Meanwhile, a highly targeted and strategic approach to DDoS attacks was observed as the year went on; our operation centre saw DDoS attacks on e-commerce providers increase by over 70% on Black Friday (23 November) and by a massive 109% on Cyber Monday (26 November) compared with the November average. Attacks are focusing on specific sectors, with the aim of causing more disruption.

DDoS as a service

At the same time, these larger, more sophisticated DDoS attacks are easier for criminals to launch than ever before too, from DDoS-as-a-Service provider. Perhaps the best known of these, Webstresser.org was selling multi-gigabit DDoS attacks on the Darknet for as little as $11 per attack before it was shut down by police in early 2018. Webstresser’s services were used in early 2018 to bring online services from several Dutch banks and numerous other financial and government services in the Netherlands to a standstill. Customers were left without access to their bank accounts for days.

Other services have sprung up to take Webstresser’s place, offering DDoS by the hour for $10, and by the day at bulk discount rates of $200. No expertise is required: just enter your (stolen) credit card details, and the domain you want to target. Even cloud services can be knocked offline, with very little money and little to no technical expertise required to launch an attack.

Web application attacks

Another increasingly targeted component of organisations’ IT estates during 2018 was web applications. 2018 saw high-profile breaches affecting tens of millions of customers from several high-profile companies in the travel and financial sectors. The aim of these attacks is to exfiltrate sensitive data for re-use or resale, with the attackers seeking to exploit weaknesses in the application itself, or the platform it is running on to get access to the data.

2019: predictions and protection

So as 2018 saw attacks growing in volume and complexity, what attacks can we expect to see in 2019?

We have already seen how versatile botnets are for crypto-mining and sending spam – this will extend into DDoS attacks too. Botnets benefit from the ongoing rapid growth in cloud usage and increasing broadband connections as well as the IoT, and the vulnerabilities that they address are on the protocol and application level and are very difficult to protect using standard network security solutions. Bots in public cloud environments can also propagate rapidly to build truly massive attacks.

Attack tactics, for which SSL encryption have long since ceased to be a defence, will gain even more intelligence in the coming months. The only possible answer to this can be defence strategies that cover machine learning and artificial intelligence, which can process large data streams in real time and develop adaptive measures. Highly-targeted attacks, such as those on web applications, will also continue because the rewards are so high – as we’ve seen from the 2018 data breaches we touched on earlier.

Also, 2019 could be the year in which a hacktivist collective or nation-state will launch a coordinated attack against the infrastructure of the internet itself. The 2016 DDoS attack against hosting provider Dyn showed that a single attack against a hosting provider or registrar could take down major websites. DDoS tools and techniques have evolved significantly since then, creating a very real risk of attacks that could take down sections of the Web – as shown by the attack which targeted ISPs in Cambodia. Other forms of critical infrastructure are also vulnerable to DDoS exploits, as we saw in 2018’s attack on the Danish rail network.

In conclusion, tech innovations will continue to accelerate and enable business, and cyber criminals will also take advantage of those innovations for their own gain. With more and more business taking place online, dependence on a stable internet connection rises significantly. Likewise, revenues and reputation are more at risk than ever before. Therefore, organisations must be proactive and deploy defences that can keep pace with even new, unknown threats – or risk becoming the next victim of increasingly sophisticated, highly targeted mega-attacks.

Source: https://www.information-age.com/the-ddos-landscape-123478142/

Malware and bots, phishing, and DDoS attacks are some of the top threats companies face, according to Radware.

The average estimated cost of a cyberattack on an enterprise was $1.1 million in 2018—up 52% from the year before, according to a Tuesday report from Radware. For companies with a formal cost calculation process, that estimate rises to $1.7 million, the report found, with the top impacts being operational/productivity loss (54%), negative customer experiences (43%), and brand reputation loss (37%).

The report surveyed 790 IT executives worldwide across industries. These IT leaders perceive the goals of the attacks to be service disruption (45%), data theft (35%), unknown reasons (11%), or espionage (3%).

Some 21% of businesses experience daily cyberattacks, up from 13% last year, the report found. Another 13% said they were attacked weekly, 13% said monthly, and 27% said once or twice a year. Only 7% of organizations said they have never been attacked, according to the report.

The most common types of attacks on enterprises are malware and bots (76%), socially engineered threats like phishing (65%), DDoS attacks (53%), web application attacks (42%), ransomware (38%), and cryptominers (20%).

Hackers are also increasing their usage of emerging attack vectors to bring down networks and data centers, the report found: IT leaders reporting HTTPS Floods rose from 28% in 2017 to 34% in 2018, while reports of DNS grew from 33% to 38%. Burst attacks rose from 42% to 49%, and reports of bot attacks grew from 69% to 76%.

“While threat actors only have to be successful once, organizations must be successful in their attack mitigation 100% of the time,” Anna Convery-Pelletier, chief marketing officer for Radware, said in a press release. “A cyberattack resulting in service disruption or a breach can have devastating business impacts. In either case, you are left with an erosion of trust between a brand and its constituency.”

To combat security threats in 2019, CXOs can follow these tips, and focus on training employees.

The big takeaways for tech leaders:

  • The average estimated cost of a cyberattack on an enterprise was $1.1 million in 2018, up 52% from the year before. — Radware, 2019
  • Top goals of cyberattacks are perceived to be service disruption (45%), data theft (35%), unknown reasons (11%), and espionage (3%). — Radware, 2019

Source: https://www.techrepublic.com/article/cyberattacks-now-cost-businesses-an-average-of-1-1m/

A council has been hit by 400,000 spam emails in one week.

Hackers have targeted Sunderland City Council with phishing and spoofing emails, and at least one Distributed Denial of Service (DDoS) attack.

Officers also experienced a “spray attack” where accounts were locked out after criminals repeatedly used common passwords to try to gain access.

The attacks took place during a week in November and the council has said it will improve its IT security.

The council’s IT security breach was revealed in a scrutiny co-ordinating committee report, the Local Democracy Reporting Service said.

Last year, the Local Government Association published a “cyber-stocktake” based on a questionnaire completed by councils.

Sunderland received green and amber ratings in several areas, but was labelled red in technology standards and compliance and detection.

The council said it planned to improve its security by moving PCs to Windows 10 and making sure default passwords were changed.

It said that although measures were being taken, there was “no silver bullet that guarantees 100% protection”.

Source: https://www.bbc.com/news/uk-england-tyne-46865177