DDoS Attack Specialist Archive

Check out the top five cybersecurity vulnerabilities and find out how to prevent data loss or exposure, whether the problem is end-user gullibility, inadequate network monitoring or poor endpoint security defenses.

The threat landscape gets progressively worse by the day. Cross-site scripting, SQL injection, exploits of sensitive data, phishing and denial of service (DDoS) attacks are far too common. More and more sophisticated attacks are being spotted, and security teams are scrambling to keep up. Faced with many new types of issues — including advanced phishing attacks that are all too successful, and ransomware attacks that many seem helpless to prevent — endpoint security strategies are evolving rapidly. In the SANS “Endpoint Protection and Response” survey from 2018, 42% of respondents indicated at least one of their endpoints had been compromised, and 20% didn’t know if any endpoints had been compromised at all.

How are hackers able to wreak havoc on enterprisesand cause sensitive data loss and exposure? The answer is through a variety of cybersecurity vulnerabilities in processes, technical controls and user behaviors that allow hackers to perform malicious actions. Many different vulnerabilities exist, including code flaws in operating systems and applications, systems and services misconfiguration, poor or immature processes and technology implementations, and end user susceptibility to attack.

Some of the most common attacks that resulted in data breaches and outages included phishing, the use of stolen credentials, advanced malware, ransomware and privilege abuse, as well as backdoors and command and control channels on the network set up to allow continued access to and control over compromised assets, according to the Verizon “2019 Data Breach Investigations Report,” or Verizon DBIR.

What are the major types of cybersecurity vulnerabilities that could lead to successful attacks and data breaches and how can we ideally mitigate them? Check out the top five most common vulnerabilities organizations should work toward preventing or remediating as soon as possible to avoid potentially significant cybersecurity incidents.

1. Poor endpoint security defenses

Most enterprise organizations have some sort of endpoint protection in place, usually antivirus tools. But zero-day exploits are becoming more common and many of the endpoint security defenses in place have proved inadequate to combat advanced malware and intrusions targeting end users and server platforms.

Causes. Many factors can lead to inadequate endpoint security defenses that become vulnerabilities. First, standard signature-based antivirus systems are no longer considered good enough, as many savvy attackers can easily bypass the signatures. Second, smart attackers may only be caught through unusual or unexpected behaviors at the endpoint, which many tools don’t monitor. Finally, many endpoint security defenses haven’t offered security teams the ability to dynamically respond to or investigate endpoints, particularly on a large scale.

How to fix it. More organizations need to invest in modern endpoint detection and response tools that incorporate next-generation antivirus, behavioral analysis and actual response capabilities. These tools provide more comprehensive analysis of malicious behavior, along with more flexible prevention and detection options. If you’re still using traditional antivirus tools, consider an upgrade to incorporate more behavioral inspection, more detailed forensic details and compromise indicators, as well as real-time response capabilities.

2. Poor data backup and recovery

With the recent threat of ransomware looming large, along with traditional disasters and other failures, organizations have a pressing need to back up and recover data. Unfortunately, many organizations don’t excel in this area due to a lack of sound backup and recovery options.

Causes. Many organizations neglect one or more facets of backup and recovery, including database replication, storage synchronization or end-user storage archival and backup.

How to fix it. Most organizations need a multi-pronged backup and recovery strategy. This should include data center storage snapshots and replication, database storage, tape or disk backups, and end user storage (often cloud-based). Look for enterprise-class tools that can accommodate granular backup and recovery metrics and reporting.

3. Poor network segmentation and monitoring

Many attackers rely on weak network segmentation and monitoring to gain full access to systems in a network subnet once they’ve gained initial access. This huge cybersecurity vulnerability has been common in many large enterprise networks for many years. It has led to significant persistence in attackers compromising new systems and maintaining access longer.

Causes. A lack of subnet monitoring is a major root cause of this vulnerability, as is a lack of monitoring outbound activity that could indicate command and control traffic. Especially in large organizations, this can be a challenging initiative, as hundreds or thousands of systems may be communicating simultaneously within the network and sending outbound traffic.

How to fix it. Organizations should focus on carefully controlling network access among systems within subnets, and building better detection and alerting strategies for lateral movement between systems that have no business communicating with one another. They should focus on odd DNS lookups, system-to-system communication with no apparent use, and odd behavioral trends in network traffic. Proxies, firewalls and microsegmentation tools may help create more restrictive policies for traffic and systems communications.

4. Weak authentication and credential management

One of the most common causes of compromise and breaches for this cybersecurity vulnerability is a lack of sound credential management. People use the same password over and over, and many systems and services support weak authentication practices. This is one of the major causes of related attack vectors listed in the Verizon DBIR.

Causes. In many cases, weak authentication and credential management is due to lack of governance and oversight of credential lifecycle and policy. This includes user access, password policies, authentication interfaces and controls, and privilege escalation to systems and services that shouldn’t be available or accessible in many cases.

How to fix it. For most organizations, implementing stringent password controls can help. This may consist of longer passwords, more complex passwords, more frequent password changes or some combination of these principles. In practice, longer passwords that aren’t rotated often are safer than shorter passwords that are. For any sensitive access, users should also be required to use multifactor authentication for accessing sensitive data or sites, often with the aid of multifactor authentication tools.

5. Poor security awareness

Much has been written about the susceptibility of end users to social engineering, but it continues to be a major issue that plagues organizations. The 2019 Verizon DBIR states that end user error is the top threat action in breaches. Many organizations find the initial point of attack is through targeted social engineering, most commonly phishing.

Causes. The most common cause of successful phishing, pretexting and other social engineering attacks is a lack of sound security awareness training and end-user validation. Organizations are still struggling with how to train users to look for social engineering attempts and report them.

How to fix it. More organizations need to conduct regular training exercises, including phishing tests, pretexting and additional social engineering as needed. Many training programs are available to help reinforce security awareness concepts; the training needs to be contextual and relevant to employees’ job functions whenever possible. Track users’ success or failure rates on testing, as well as “live fire” tests with phishing emails and other tactics. For users who don’t improve, look at remediation measures appropriate for your organization.

While other major cybersecurity vulnerabilities can be spotted in the wild, the issues addressed here are some of the most common seen by enterprise security teams everywhere. Look for opportunities to implement more effective processes and controls in your organization to more effectively prevent these issues from being realized.

Source: https://searchsecurity.techtarget.com/feature/How-to-fix-the-top-5-cybersecurity-vulnerabilities

DDoS attacks as a service have kicked off 2019 stronger than ever, according to a new report by Nexusguard, claiming the booter-originated attacks more than doubled their amounts compared to the fourth quarter of last year.

The Nexusguard’s Q1 2019 Threat Report says the attacks are growing despite FBI’s best efforts to curb them. DNS amplification types of DDoS attacks are still the favorite ones among DDoS-for-hire websites. These rose more than 40 times, quarter-on-quarter.

Telecommunications companies and communications service providers seem to be the number one victims, with those originating from Brazil being the most common target.

According to the report, communications service providers should be careful with these evolved attacks, tackling them with scalable, cloud-based DDoS detection and mitigation. Those that choose a different path risk being targeted with ‘bit-and-piece’ attacks.

The bit-and-piece DDoS attack differs from your traditional DDoS attack, as it takes advantage of the large attack surface and spreads tiny attack traffic across hundreds of IP addresses. That way, the attack can successfully evade being detected using a diversion.

“Due to the increasing demand for DDoS attack services and the boom in connected devices, hackers for hire have doubled and DDoS campaigns are not going away for organizations,” said Juniman Kasman, chief technology officer for Nexusguard. “Businesses will need to ensure their attack protections can seamlessly evolve with new vectors and tactics that attackers seek out, which ensures service uptime, avoids legal or reputational damages, and preserves customer satisfaction.”

Source:https://www.itproportal.com/news/ddos-for-hire-attacks-on-the-rise/

Botnets in 2018 continued to use DDoS as their primary weapon to attack high-speed networks, according to NSFOCUS.

Continuous monitoring and research of botnets discovered significant changes taking place in the coding of malware used to create bots, operations, and maintenance of botnets and IP Chain-Gangs.

Throughout 2018, NSFOCUS developed profiles on 82 IP Chain-Gangs, groups of bots from multiple botnets acting in concert during specific cyber-attack campaigns. Understanding botnets in general and IP Chain-Gangs, in particular, helps improve defensive strategies and, thus, the ability to better mitigate attacks.

Key findings

  • NSFOCUS detected 111,472 attack instructions from botnet families that were received by a total of 451,187 attack targets, an increase of 66.4 percent from last year.
  • The U.S. (47.2 percent) and China (39.78 percent) were the two worst-hit countries when it came to botnet attacks.
  • Statistical analysis shows that gambling and porn websites were the most targeted, suffering 29,161 (an average of 79 per day) DDoS attacks throughout 2018.
  • Botnets were shifted from Windows platforms towards Linux and IoT platforms, leading to the fast decline of older Windows-based families and the thriving of new IoT-based ones.
  • As for platforms hosting Command and Control (C&C) servers, families using IoT platforms, though smaller in quantity, were more active, attracting 87 percent of attackers.
  • In 2018, a total of 35 active families were found to issue more than 100 botnet instructions, accounting for 24 percent of all known families. Several families with the highest level of instruction activity accounted for most of the malicious activities throughout 2018.

“Security service providers need to adapt their strategies to better mitigate the increasing threats posed by the new generation of botnets,” said Richard Zhao, COO at NSFOCUS.

“As defenders, we not only need to enhance our capabilities of countering ransomware and cryptominers but also need to improve the protections for IoT devices.

“While the total number of IoT devices globally surges rapidly and IoT product lines are increasingly diversified, IoT devices still have poor security. Insecure firmware and communication protocols lead to numerous vulnerabilities in IoT platforms.”

Source: https://www.helpnetsecurity.com/2019/06/20/botnets-shift/

While there were fewer cyber threat incidents in Singapore last year, the republic continues to be the target for cyber attacks by advanced threat actors, the Cyber Security Agency of Singapore (CSA) said in its third annual Cyber Landscape report.

Here is a look at six alarming cyber security trends highlighted in the report:

DATA BREACHES

With data becoming the most valued currency or “commodity” in cyberspace, the CSA said that cyber criminals will try even harder to breach electronic databases.

Those that store large amounts of private and personal information will be the biggest target for hackers and cyber criminals.

The data breach involving healthcare cluster SingHealth was Singapore’s worst cyber attack, with the personal information of more than 1.5 million patients – including Prime Minister Lee Hsien Loong – stolen by hackers in June last year.

THREATS TO GLOBAL SUPPLY CHAINS

Supply chains that consumers depend on for their goods are increasingly becoming interconnected and automated thanks to rapidly developing technology.

But the CSA warned that cyber criminals are trying to disrupt them. This could be for reasons such as extracting information from the companies involved in these supply chains, or holding them to ransom. Industries dominated by a few companies are especially vulnerable as problems in one stage of production could potentially lead to a breakdown in the entire supply chain.

ATTACKS ON CLOUD DATABASES

An increasing number of databases are being hosted in the cloud, which is where software and systems are designed specifically to be deployed over a network.

This means that cyber criminals will be on the lookout to exploit potential vulnerabilities in cloud infrastructure.

“While their primary goal remains data theft, threat actors will also try to exploit cloud services for other malicious aims, such as to amplify Distributed Denial-of-Service (DDoS) attacks,” the agency said in its report.

SMART BUILDINGS AND CONNECTED SYSTEMS

The advent of Internet of Things (IoT) devices and connected industrial control systems in buildings and factories might improve and quicken processes, but it also means that they are open to more danger.

As these buildings and systems become ‘smarter’, the risk of them being attacked to hold their owners to ransom, or be exploited to spread malware or conduct DDoS attacks, also increases, said CSA.

ARTIFICIAL INTELLIGENCE (AI)

AI will be able to significantly enhance the capabilities of security systems in cases such as detecting unusual behaviour and rolling out appropriate responses and mitigation measures in the case of an attack.

But the CSA warned that threat actors can also use AI to search for vulnerabilities in computer systems.

It could also potentially be used to create malicious software that bypasses existing online security measures in an organisation.

BIOMETRIC DATA

As biometric authentication, such as the use of fingerprints or facial scanning, becomes increasingly common, threat actors will shift to target and manipulate biometric data, to build virtual identities and gain access to personal information.

Source: https://www.straitstimes.com/tech/six-alarming-cyber-security-trends-highlighted-by-the-csa

We live in a world where foreign governments are routinely accused of cyber meddling to subvert democratic elections. Is anyone surprised that an authoritarian government is blamed for a massive DDoS attack that shut down Telegram – a key social media channel used to organize dissent and protest?

What is perhaps surprising in this case, is that the social media channel was Telegram, famous for being the most secure messaging app. Telegram’s security is based on encryption, distributed servers, and an optional message self-destruction feature. So, the content of your messages on Telegram should be pretty safe.

BUT if the service is unavailable, all that security is useless. That’s the sinister beauty of DDoS – Distributed Denial of Service. When a DDoS attack floods your network, overwhelming your infrastructure – with up to Terabits per Second of garbage data – it doesn’t matter how secure your service is.  Nobody can access it.

DDoS isn’t only about denial of service. Sometimes it’s used as an enabler for other cybercrimes. While services (including aspects of network security) are down, other malicious software may be infiltrated into your network devices resulting in massive data breaches, ransomware, theft of IP and more.

DDoS Attacks: Bad and Getting Worse

DDoS is here and it’s not going away! It seems that every month we hear about a new, record-breaking DDoS attack—and it’s not surprising that many types of DDoS attacks are referred to as floods—there is even one called a Tsunami—because their impact is overwhelming. They marshal a bot army of infected network devices to inundate and flood network resources, including elements such as firewalls that are intended to ensure network security.

How will 5G affect DDoS attacks?

5G holds a lot of promise for improved communications but may well worsen the DDoS nightmare. 5G’s anticipated exponential spread of high-speed bandwidth and connected IoT means that in addition to widespread motivation, easily available attack tools, and proliferating IoT attack sources, dramatically bigger attacks will be possible because the “5G highway” will have many more lanes to enable vastly higher rates of traffic—both good and bad. In the words of Brijesh Datta, the CSIO of Reliance Jio, “5G’s bandwidth will easily flood servers…with 5G, every individual would have a 1 Gbps worth of bandwidth, thereby attacks would become more drastic.”

What should service providers do to secure their network against DDoS attacks? 

In a whitepaper focused on service providers, but equally applicable to enterprises, Frost and Sullivan stress the following points:

  1. “…service providers may be better served by high-performance DDoS mitigation appliances with sufficient scalability to eliminate attacks, inline and in real time
  2. “An inline solution that provides DPI-based policy control capabilities ensures that firewalls and other security infrastructure are protected and functional at all times.”

Source: https://securityboulevard.com/2019/06/telegram-hit-by-powerful-ddos-attack-blames-china/