DDoS Protection Specialist Archive

Spreading tiny parts of junk traffic across a wide range of IP addresses can wreak havoc, while avoiding detection.

A new type of DDoS attacks has emerged, and it targets communications service providers (CSP). According to security firm Nexusguard, cybercriminals attack the large attack surface of ASN-level (autonomous system number) CSPs by spreading ‘tiny attack traffic’ across hundreds of IP addresses.

This allows them to avoid being detected.

Roughly two thirds (65.5 per cent) of DDoS attacks in the third quarter of last year targeted CSPs. Hundreds of IP prefixes were used, which means hackers had access to a ‘diverse pool’ of IP addresses.

“As a result, the year-over-year average attack size in the quarter fell measurably – 82 per cent,” the report states.

The activity usually goes like this: first cybercriminals map out the network landscape of their target, and try to identify key IP ranges. Then they inject tiny pieces of junk traffic to mix with the legitimate one. The small size allows it to bypass detection.

“Perpetrators are using smaller, bit-and-piece methods to inject junk into legitimate traffic, causing attacks to bypass detection rather than sounding alarms with large, obvious attack spikes,” said Juniman Kasman, chief technology officer for Nexusguard. “Diffused traffic can cause communications service providers to easily miss large-scale DDoS attacks in the making, which is why these organizations will need to share the load with the cloud at the network edge to minimize attack impact.”

Source: https://www.itproportal.com/news/small-scale-ddos-attacks-are-on-the-rise/

THE innovative technologies and advance development facilitated by the digital age have benefited humanity immensely, completely transforming every facet of our lives while helping set the trajectory of the future.

However, along with the significant beneficial impact of technologies, also comes the dark, seedy side of the digital world – cyber crimes and cybersecurity threats-  which are also getting more sophisticated by the day.

A recent media report, claims that digital devices that are connected to the internet – computers, phones, and webcams – are being attacked on average every five minutes.

Referred to as “doorknob -rattling,” these are the same types of attack deployed by Mirai botnet to unleash distributed denial-of-service (DDoS) attack on major websites such as Netflix and Twitter in 2016 after taking control of over 600,000 devices.

While most computers and smartphones are protected from such attacks due to built-in security measures, many IoT devices that are connected to the internet, such as webcams, CCTV cameras, and printers among others are not impervious.

Security experts believe that as long as any device is connected to a public network, and has a public IP address, someone is going try hack into it, and the attempts to breach into machines are akin to the background noise of the internet.

Armies of malicious devices and botnets always seeking to take control of other devices that are sharing a common network is now a permanent feature of the digital realm.

The botnet Mirai was created by a US computer science student, Paras Jha who first deployed it on his university website to stall an exam. He also provided his expertise to other companies to protect them from similar attacks.

In an effort bamboozle the authorities who were hot on his heels, he releases the Mirai’s source code online which led a proliferation of the Mirai-like botnets controlled by legions of cybercriminals around the world.

Network security companies often set up what is called “honeypots” which are simulated connections that are intentionally left vulnerable to attract these botnets and record their modus operandi.

Generally, Mirai-style botnets, choosing IP address at random will attack the honeypot within minutes and seek to connect to it using default username and passwords.

With the emergence of IoT, cybersecurity experts have sounded the alarm, raising concerns that explosion in the number of IoT devices that still uses passwords and rarely updated will become an easy target to hackers to access a home network.

Users, however, could take proactive security measure to protect themselves from malicious botnets or to connect to the internet via a firewall or a home router.

Beyond that, to fend off more sophisticated attacks that will emerge with the constant development of technologies, more advanced security measure that integrates future technologies such AI and machine learning has to be developed and deployed to stay one step ahead of the cyber threats.

Source: https://techwireasia.com/2019/01/will-the-emergence-of-iot-make-the-internet-less-safe/

Bots that can launch hundreds of attacks per second are making account takeover fraud more difficult to defend against.

Modern malicious botnets can do far more than launch huge DDoS attacks: According to a new report, criminals participating in account takeover activities are using botnets to launch more than 100 of these attacks every second.

The report, published by e-commerce fraud prevention company Forter, says that between 20% and 30% of all account takeover attacks are launched by organized fraud rings, and these organized groups are seeing greater success. More than 80% of all account takeover attacks are launched by fewer than 10% of the attackers targeting the site.

Organizations that offer more services on their web sites may increase customer loyalty, but they also increase their site’s attractiveness to criminals, says the report. Loyalty programs, for example, increase their risk of account takeover attacks by as much as 200%.

As for prevention, the report points out that a focus solely on the point of transaction may be misguided, since fraud actors may well have been watching a victim’s behavior for days or weeks.

Source: https://www.darkreading.com/vulnerabilities-and-threats/report-bots-add-volume-to-account-takeover-attacks/d/d-id/1333658

  • Cybersecurity company Recorded Future conducted a research study on the history of Iran’s hacker culture, its ties to the country’s government and mistakes the loosely tied-together group has made along the way.
  • Forums started in 2002 have provided a launch point for a series of sophisticated attacks against world governments and companies throughout the past two decades, according to the report.

Iranian hackers have congregated since at least 2002 in online forums to share tips on the best ways to create successful cyberattacks.

Those conversations have given birth to some of the most significant global cybersecurity incidents, including devastating attacks on Saudi Aramco, attacks against the public-facing websites of large banks and espionage campaigns on a wide range of Western targets, according to new research by cybersecurity intelligence firm Recorded Future.

Among the findings in the report:

  • A forum called “Ashiyane,” created by a cybersecurity company called the Ashiyane Digital Security Team, served as a medium for Iranian contractors to show off their talents for executing successful online offensive campaigns.
  • The forum was one of Iran’s most popular with around 20,000 users and had direct ties to Iran’s Islamic Revolutionary Guard Corps.
  • Many of the hackers on the forum considered themselves “gray hats,” a term for hackers that participate in both legitimate and criminal cyber actions. It’s a mixture of the term “white hat,” which refers to ethical hackers, and “black hats,” which refers to hackers who take part in malicious or illegal activities.
  • During the Iranian green movement of 2009, the forum was one of only a few that remained in use as Iran’s government cracked down on hacking websites.
  • The forum’s archives feature details of how participants shared information on how to execute distributed denial of service attacks, or DDOS attacks, which are meant to push websites out of service by flooding them with information, as well as Android exploits and commonly used cyberattack techniques.
  • The forum was shutdown in 2018. Though the reason for the shutdown is not clearly known, Recorded Future cites sources as saying the forums became involved in online gambling, an endeavor explicitly prohibited in the Islamic state.

Source: https://www.cnbc.com/2019/01/16/new-research-offers-a-glimpse-inside-the-online-forums-where-iranian-hackers-congregate.html

Malware and bots, phishing, and DDoS attacks are some of the top threats companies face, according to Radware.

The average estimated cost of a cyberattack on an enterprise was $1.1 million in 2018—up 52% from the year before, according to a Tuesday report from Radware. For companies with a formal cost calculation process, that estimate rises to $1.7 million, the report found, with the top impacts being operational/productivity loss (54%), negative customer experiences (43%), and brand reputation loss (37%).

The report surveyed 790 IT executives worldwide across industries. These IT leaders perceive the goals of the attacks to be service disruption (45%), data theft (35%), unknown reasons (11%), or espionage (3%).

Some 21% of businesses experience daily cyberattacks, up from 13% last year, the report found. Another 13% said they were attacked weekly, 13% said monthly, and 27% said once or twice a year. Only 7% of organizations said they have never been attacked, according to the report.

The most common types of attacks on enterprises are malware and bots (76%), socially engineered threats like phishing (65%), DDoS attacks (53%), web application attacks (42%), ransomware (38%), and cryptominers (20%).

Hackers are also increasing their usage of emerging attack vectors to bring down networks and data centers, the report found: IT leaders reporting HTTPS Floods rose from 28% in 2017 to 34% in 2018, while reports of DNS grew from 33% to 38%. Burst attacks rose from 42% to 49%, and reports of bot attacks grew from 69% to 76%.

“While threat actors only have to be successful once, organizations must be successful in their attack mitigation 100% of the time,” Anna Convery-Pelletier, chief marketing officer for Radware, said in a press release. “A cyberattack resulting in service disruption or a breach can have devastating business impacts. In either case, you are left with an erosion of trust between a brand and its constituency.”

To combat security threats in 2019, CXOs can follow these tips, and focus on training employees.

The big takeaways for tech leaders:

  • The average estimated cost of a cyberattack on an enterprise was $1.1 million in 2018, up 52% from the year before. — Radware, 2019
  • Top goals of cyberattacks are perceived to be service disruption (45%), data theft (35%), unknown reasons (11%), and espionage (3%). — Radware, 2019

Source: https://www.techrepublic.com/article/cyberattacks-now-cost-businesses-an-average-of-1-1m/