Blocking DDoS Archive

More than 4 in 5 IT teams are involved in security efforts, and a majority of them report an increase of at least 25 percent in time spent on these efforts over the past 12 months, according to Viavi.

network teams security efforts

The most striking conclusion is that network-based conversation wire data has become the top data source for security incidents, with its use tripling, demonstrating that threat levels have driven enterprises to seek the most reliable forensic data available.

The State of the Network study captured the insights of Network Operations (NetOps) and Security Operations (SecOps) professionals worldwide, highlighting their challenges in security, performance management and deployment of new technologies.

Eighty-three percent of network teams are now engaged in supporting security issues, and of those, 91 percent spend up to 10 hours or more per week dealing with increasingly sophisticated security threats.

As hackers continue to circumvent existing security tools — even those with AI or machine learning — additional strategies are needed to quickly identify and contain security threats, the consequences of which can be devastating.

“This year’s State of the Network study highlights a clear way forward in today’s IT reality with a combination of prevention and ongoing detection to catch threats not flagged by security tools alone, such as an internal data breach by an employee, whether accidental or intentional.

“IT professionals need to better understand what is normal network behavior and what is not, and engage in proactive threat hunting,” said Douglas Roberts, Vice President and General Manager, Enterprise & Cloud Business Unit, VIAVI.

“Findings also show that network teams now depend on wire data as their most important source of information for security incidents, demonstrating that more NetOps teams are turning to the optimum peace of mind for issue resolution and compliance in the event of a breach.”

Key takeaways

Network teams are critical to protecting business resources and strengthening IT security. Increases in threat workloads were reported, with 74 percent of respondents stating they spend up to 10 hours or more per week on security. Three out of four of those teams report an increase of at least 25 percent of time spent over the past 12 months.

When asked how the nature of security threats has changed in the past year, IT teams identified a rise in email and browser-based malware attacks (59 percent), and an increase in threat sophistication (57 percent). Significant numbers of respondents also reported increases in exfiltration attacks on database servers (34 percent), application attacks (33 percent), DDoS attacks (32 percent) and ransomware attacks (30 percent).

Wire data has taken a central role in resolving suspected or known security threats, with 71 percent of respondents reporting that they used packet capture and 46 percent reporting that they used flow data, compared to 23 percent and 10 percent respectively in the 2017 State of the Network study.

NetOps teams play an active role in aiding SecOps before, during and after a threat has been detected, due to an increase in volume and sophistication of security threats.

Respondents highlight the importance of understanding normal network behavior and the ability to quickly hunt for malefactors when suspicious activity is noted.

Collaboration between SecOps and NetOps has accelerated, maximizing security initiatives and minimizing resolution time to limit negative impact to the business and customers.

While NetOps teams pivot to assist with security, they are still challenged to maintain acceptable service performance and end-user experience, despite the rapid deployments of new technologies and large increases in network traffic loads.

Source: https://www.helpnetsecurity.com/2019/07/17/network-teams-security-efforts/

Cybersecurity analysts explore a range of industry research to examine trends around cyber incidents and their financial impact.

Cybersecurity incidents cost an estimated $45 billion in 2018, according to a new report that aggregates data from different types of reported security incidents from around the world.

It’s difficult to get a complete picture of the cyber incident landscape, says Jeff Wilbur, technical director of the Internet Society’s Online Trust Alliance (OTA), which today published its “2018 Cyber Incident & Breach Trends Report.” “Everyone’s viewing it from their own lens,” he says.

When the OTA published its first edition of this report 11 years ago, it only focused on data breaches, Wilbur adds. A rapidly evolving threat landscape forced it to broaden its scope.

“A few years ago we realized this underrepresented the number of cyber incidents,” he explains. “We started looking at adding business email compromise, ransomware, and other DDoS attacks because those are orders of magnitude larger than breaches that get reported.

What’s interesting, he continues, is many of the techniques cybercriminals use to break into systems have largely remained the same: They use employee credentials, for example, or exploit a known vulnerability in an organization that hasn’t updated its software. “The ways to get in have been relatively constant for a while,” says Wilbur, though there are some changes.

Internet of Things (IoT) devices, for example, have introduced new ways of breaking into organizations, as has organizations’ growing reliance on third-party vendors. “The clever way to get into systems is through third parties that may be less secure,” Wilbur adds. More attackers are breaking into target organizations by planting malware on or gaining unauthorized access into vendor systems.

Supply chain- and IoT-based attacks may be growing, but email attacks and vulnerability exploitation remain the most common ways to break into a target system. However, the actions cybercriminals take once they gain access to a network continue to shift over time.

Tracking Trends in Cybercrime
In their exploration of how attack patterns fluctuate over time, researchers noticed ransomware declined overall between 2017 and 2018, though it specifically increased among enterprise users. Cryptojacking became prominent in late 2017 and grew in 2018; however, it later started to rapidly decline as cryptocurrency’s value plummeted and attackers sought new ways to generate illicit income. Researchers found reports of 1.3 million incidents of cryptojacking in 2018 and 500,000 of ransomware.

Distributed denial-of-service (DDoS) attacks were reportedly down in 2018, though some reports indicate they’re still causing chaos in some industries. The challenge with DDoS attacks is determining how many attacks are successful, researchers point out. There is no aggregated reporting, and most businesses hesitate to acknowledge where they are vulnerable.

Business email compromise (BEC) was up significantly in 2018, researchers say. The FBI’s Internet Crime Complaint Center reported more than 20,000 BEC incidents in the US resulted in nearly $1.3 billion in losses in 2018 – up from 16,000 incidents and $677 million lost in 2017.

It’s one of many types of attacks contributing to the overall cost of cyber incidents in 2018. While financial impact is tough to determine, strong estimates put the cost of ransomware at $8 billion and credential stuffing at $5 billion. Some estimates are more general; for example, the Ponemon Institute reported the average cost of a data breach grew to hit $3.86 million.

Even with loose estimates, researchers estimate a total financial impact of at least $45 billion in 2018.

What does this data mean for the rest of 2019? “We’ve seen more supply chain attacks, [and] we’ve seen more ransomware, especially in the US,” he says, pointing to the new trend of cybercriminals targeting US cities including Baltimore, Maryland; Riviera Beach, Florida; and Atlanta, Georgia. While cryptojacking continues to drop off, we can expect to see more of the same threats we saw in late 2018 and early 2019, Wilbur says.

Back to Basics
As Wilbur explains, attack vectors leading to major breaches are typically simple.

These can be seen in many of the high-profile security incidents that made headlines in 2018. The breach of Aadhaar, India’s national ID database, compromised 1.1 billion records and was attributed to an unsecured API. An attack on the Marriott/Starwood system affected 383 million people and was caused by intruders who had been on the Starwood network since 2014 and would have been found by a routine network check prior to its acquisition by Marriott.

Given OTA found 95% of data breaches in 2018 were preventable, it seems organizations are not taking simple steps to protect themselves. “The same rules apply, so it’s actually the trend that organizations aren’t doing the basics really well,” he says.

This puts pressure on organizations to step up their game: you want to be the organization that, when attackers start to intrude, they don’t find a vulnerability and move on to an easier target.

Source: https://www.darkreading.com/risk/financial-impact-of-cybercrime-exceeded-$45b-in-2018/d/d-id/1335199

‘DerpTrolling’ group also attacked Dota 2, Battle.net

Another hacker behind attacks on Daybreak Game Company, then known as Sony Online Entertainment, is going to prison. Austin Thompson of Utah will be behind bars for the next 27 months, the U.S. Attorney’s Office for the Southern District of California announced Tuesday.

Thompson, 23, pleaded guilty in November (official charge: “Damage to a Protected Computer”) in connection with attacks in late 2013 against SOE; his group, “DerpTrolling,” was allegedly behind several denial-of-service attacks on online service for several SOE games, plus Battle.net, League of Legends, and Dota 2 in late 2013.

Thompson’s attacks preceded by about six months those of a group calling itself Lizard Squad, which targeted SOE and even made a bomb threat that forced a flight carrying its then-president to land. Thompson was not involved in those crimes.

In early January 2014, whoever was running DerpTrolling’s Twitter account said that federal agents had shown up at their home, but they had escaped through the bathroom. Thompson’s plea agreement said he was in charge of that account.

“Thompson typically used the Twitter account @DerpTrolling to announce that an attack was imminent and then posted ‘scalps’ (screenshots or other photos showing that victims’ servers had been taken down) after the attack,” prosecutors said in a statement.

Thompson will begin serving his sentence Aug. 23. He was also ordered to pay $95,000 in restitution to Daybreak Game Company.

Although unrelated, prosecutors in the United States and Finland also secured convictions for two members of Lizard Squad for their roles in attacks on the same target over the 2014 holidays. Zachary Buchta, then 20, of Maryland, received three months in federal prison and was ordered to pay $350,000 in restitution after his guilty plea in late 2017. And Julius Kivimaki was convicted in Finland in July 2015, receiving a two-year suspended prison sentence for his actions.

Source: https://www.polygon.com/2019/7/3/20680975/soe-hacker-sentenced-derptrolling-austin-thompson-utah

DDoS attacks as a service have kicked off 2019 stronger than ever, according to a new report by Nexusguard, claiming the booter-originated attacks more than doubled their amounts compared to the fourth quarter of last year.

The Nexusguard’s Q1 2019 Threat Report says the attacks are growing despite FBI’s best efforts to curb them. DNS amplification types of DDoS attacks are still the favorite ones among DDoS-for-hire websites. These rose more than 40 times, quarter-on-quarter.

Telecommunications companies and communications service providers seem to be the number one victims, with those originating from Brazil being the most common target.

According to the report, communications service providers should be careful with these evolved attacks, tackling them with scalable, cloud-based DDoS detection and mitigation. Those that choose a different path risk being targeted with ‘bit-and-piece’ attacks.

The bit-and-piece DDoS attack differs from your traditional DDoS attack, as it takes advantage of the large attack surface and spreads tiny attack traffic across hundreds of IP addresses. That way, the attack can successfully evade being detected using a diversion.

“Due to the increasing demand for DDoS attack services and the boom in connected devices, hackers for hire have doubled and DDoS campaigns are not going away for organizations,” said Juniman Kasman, chief technology officer for Nexusguard. “Businesses will need to ensure their attack protections can seamlessly evolve with new vectors and tactics that attackers seek out, which ensures service uptime, avoids legal or reputational damages, and preserves customer satisfaction.”

Source:https://www.itproportal.com/news/ddos-for-hire-attacks-on-the-rise/

Update June 18, 2019 3:20pm CT: Ubisoft has resolved issues stemming from today’s DDoS attack and all services have been restored.

 Ubisoft says it’s suffering from a series of distributed denial-of-service (DDoS) attacks. They hit right as Rainbow Six Siege’s Operation Phantom Sight is getting underway and are currently affecting server connectivity and latency.

In a DDoS attack, a web service or website is flooded with an overwhelming amount of traffic making it unstable and unusable. While it’s not clear who’s responsible for the attack, Ubisoft says it’s working to remedy the issues, according to its support page. Ubisoft put out a similar statement when it was hit by a large DDoS attack just under a year ago.

Screen Shot 2019-06-19 at 13.05.17

Fans should be aware that Ubisoft services are likely to be impacted until the issue is resolved. Last time a large scale DDoS attack hit Ubisoft it took about 10 hours for the company to be able to remedy the situation.

With the new operators of Operation Phantom Sight just being rolled out for all to play, it’s a bummer that some may not get to try them out until the issue is resolved.

Source: https://dotesports.com/rainbow-6/news/ubisoft-hit-with-string-of-ddos-attacks-just-as-r6s-operation-phantom-sight-goes-live