DDoS Attacks Archive

With three months left in the year, 2019 has already seen an exceptional number of major cybersecurity incidents.

An avalanche of hacks, breaches, and data exposures have rattled government agencies and private companies alike, and the victims are typically consumers or citizens.

An attack earlier this summer that targeted Uighur Muslims and Tibetans in China exposed flaws in systems like iOS that were previously thought to be impenetrable. Ransomware attacks have swept government agencies across the US, debilitating them for days on end.

Hackers are becoming increasingly innovative with the techniques they use to access sensitive data. In many cases, new technologies that have just hit the market are boons to hackers, who capitalize on people’s lack of understanding of how those technologies work, as well as undiscovered holes in new systems’ security.

In turn, cybersecurity experts are highlighting certain technologies that have been repeatedly exploited by hackers, calling for heightened awareness of their vulnerability to bad actors.

Here are seven emerging technologies that pose threats to modern cybersecurity.

AI-generated “deepfake” audio and video can help hackers scam people.

“Deepfake” technology — which allows people to manipulate video and audio in a way that looks very real — has made leaps and bounds in recent years Indeed, anyone familiar with face-swapping filters on Snapchat or Instagram has witnessed a rudimentary version of deepfake technology firsthand.

As deepfakes become increasingly sophisticated and hard to tell apart from the real thing, cybersecurity experts worry that hackers could use the technology for phishing scams, wherein hackers pose as somebody else to get victims to hand over private information.

Some companies are working on AI-driven software to detect deepfakes, but these efforts are still in the early stages of development.

Quantum computing could easily crack encryption.

In September, Google announced that it had achieved “quantum supremacy,” meaning it built a functioning quantum computer — a feat that had been theorized but never achieved. The announcement was a major milestone in the field, but the technology is still nascent and doesn’t have many practical applications yet.

Nonetheless, the announcement raised immediate concerns for security watchdogs, who say that quantum computers — which channel aberrant phenomena from quantum physics into computing power — could easily break encryption currently used in products seen as airtight, like blockchain or credit card transactions.

While quantum computers haven’t been used to this end by hackers yet, experts worry that the technology could continue to advance in years to come, threatening encrypted data sets that organizations like banks protect for decades.

 

5G networks will bring faster speeds, and a host of new vulnerabilities.

5G is beginning to roll out as the next generation of wireless network, promising faster wireless internet with the bandwidth to support more devices.

But security watchdogs warn that the shift to 5G could give hackers new inroads to target systems that use the network. The increased speed could make 5G devices more susceptible to DDoS attacks, which aim to flood victims’ servers with traffic in order to overwhelm and shut them down, according to Security Boulevard.

 

The “internet of things” creates new threats to security infrastructure.

The “internet of things,” or networks specifically made for internet-connected devices and appliances to communicate with each other, is now used widely across industries.

As this technology becomes more common, however, hackers are increasingly finding vulnerabilities in IoT networks and using them to compromise companies’ operations. In one high-profile example, hackers breached the network used by Verizon’s shipping vessels and were able to track where the company was shipping its most valuable cargo.

Hackers are using artificial intelligence to outsmart cybersecurity systems.

As artificial intelligence makes leaps forward in sophistication and versatility, hackers are already using it to get around cybersecurity defenses. Hackers can use AI-driven programs to quickly scan networks to find weak points, or predictive text functions to impersonate insiders and trick targets into handing over sensitive information.

“We do imagine that there will be a time when attackers use machine learning and artificial intelligence as part of the attack. We have seen early signs of that,” Nicole Egan, CEO of cybersecurity firm Darktrace, told the Wall Street Journal.

 

As companies outsource high-tech functions to third parties, supply-chain hacks proliferate.

A growing number of recent data breaches came about as the result of “supply chain” hacks, wherein break into a company’s software that’s in turn distributed to clients.

This trend is the result of an increasing number of companies and agencies outsourcing services to third parties, which widens the range of potential victims for hackers to target. According to a recent report by cybersecurity firm Aon, the number of targets that are potentially vulnerable to supply chain hacks is growing exponentially.

 

More operational functions are moving online, which is good news for hackers.

ompanies and government agencies are maximizing the number of operations that use internet connectivity, drawn in by the efficiency the internet brings.

But doing so comes at a security cost — with more internet connectivity, the “attack surface” that’s vulnerable to hacks becomes wider, lowering an organization’s defenses, according to the Aon report. If hackers compromise one internet-connected facet of an organization, it’s easy for them to laterally hack other devices on the network.

Source:  https://www.businessinsider.com/7-emerging-technologies-that-cybersecurity-experts-are-worried-about-2019-10#more-operational-functions-are-moving-online-which-is-good-news-for-hackers-7

WASHINGTON — In the past year, political campaigns, parties, and pro-democracy groups around the world have faced more than 800 cyberattacks, according to new data provided to Rolling Stone by tech giant Microsoft.

“The threat is real and it’s not stopping,” Tom Burt, a vice president of customer security and trust at Microsoft, tells Rolling Stone. “Anyone involved in the democratic process needs to know that it’s likely not a question of if they’ll be targeted but whether they will be breached, and there’s a lot they can do today — basic cybersecurity hygiene — to protect themselves.”

The 2016 presidential race demonstrated how a foreign adversary’s hackingoperation could wreak havoc in US democracy — in that case, by digitally breaking into the DNC and the personal email account of Clinton campaign chief John Podesta and then weaponizing those stolen emails and documents through publishing them online.

Despite Special Counsel Robert Mueller’s indictment of 12 Russian intelligence officers for the DNC and Podesta hacks, the cyberattacks didn’t let up in the 2018 midterm elections. In the summer of 2017, shortly after President Trump took aim at then-Sen. Claire McCaskill (D-Mo.) and told a Missouri rally crowd to “vote her out of office,” Russian-affiliated hackers targeted staffers in McCaskill’s Senate office and tried to dupe those staffers into handing over their email passwords.

Rolling Stone broke two stories that revealed online attacks targeting two Democratic candidates for Congress in competitive races, one of whom was challenging then-Rep. Dana Rohrabacher (R-Calif.), widely seen as the most pro-Russia lawmaker in Washington. (Rohrabacher lost his race last year.) The other Democratic candidate was Bryan Caforio, whose official campaign website was crippled multiple times by distributed denial of service attacks.

The FBI has investigated both of these incidents and continues to look into the DDoS attacks on Bryan Caforio, according to a source with knowledge of the investigation.

Then-Director of National Intelligence Dan Coats said in the summer of 2018 that the warning lights for future cyberattacks on American elections were “blinking red.” A month later, Microsoft announced that it had used a court order to disrupt and shut down phony domain names used by Fancy Bear, the Russian-affiliated hacking operation, to attack U.S. Senate staffers and employees of nonprofit groups like International Republican Institute that have been critical of Russia and its leader, President Vladimir Putin.

As part of its Defending Democracy Program, Microsoft created a free tool called AccountGuard that political candidates, parties, and democracy-focused NGOs can use for free to protect themselves against the hacking attempts and other cyberthreats. There are approximately 60,000 accounts enrolled in AccountGuard, which is available in more than two dozen countries, according to Microsoft.

Tom Burt, the Microsoft executive in charge of customer security, tells Rolling Stone that the majority of nation-state attacks the company has detected against all Microsoft customers have originated with actors in Iran, North Korea, and Russia. (The company doesn’t specify which nation-states are behind attacks on political campaigns, parties, and pro-democracy groups that use the AccountGuard tool.)

Burt says that he and his team have detected a pattern in the cyberattacks that they’re seeing. “Early on in election cycles, we often see the majority of attacks targeting NGOs and think tanks involved in policy-making process and that are in communication with campaigns,” Burt says. “As we get closer to elections themselves, we often see more attacks targeting campaigns themselves and the personal email of campaign staff.”

The Microsoft data suggest that, when it comes to the threat of cyberattacks, the 2020 elections are shaping up to be as bad or worse than 2016.

Source: https://www.rollingstone.com/politics/politics-news/cyberattack-election-meddling-democracy-2020-892623/

Fostering business efficiencies and security, Eastern Communications, one of the premier telecommunications companies in the country, introduces its newly upgraded and most advanced products and services in partnership with global allies DOSarrest and Cloud Sigma.

According to the Global Connectivity Index (GCI), Philippines’ digital connectivity has improved from Starter to Adopter status and ranked 57 out of 79 countries in 2018. This is reportedly due to expanded smartphone and computer use, higher speed 4G coverage, and national planning with “cloud first policy” in government’s aim of reducing expenses through cloud technology. Connectivity plays a vital role in businesses today as it allows companies to adapt and have efficient operations. With the transformation emerging in the business environment, security threats arise, and flexibility becomes a challenge.

 

Cost-effective business operations

Cloud service is starting to get recognized in the business landscape. It is a cost-effective method of storing and sharing company data and applications securely over the Internet instead of computer hard drive. Eastern Communications joined forces with international cloud service provider Cloud Sigma to launch its public cloud solutions providing the full spectrum of infrastructure and IT Services. Established in 2009 in Switzerland, CloudSigma has been providing a pure-cloud infrastructure-as-a-service (IaaS) that enables the digital industrial economy through its enterprise-class hybrid cloud servers and cloud hosting solutions in Europe, the U.S., Asia, and Australia. Big companies can get the best of cloud service such us Public Cloud, one of the most customizable services available in the market, a type of computing in which a service provider makes resources available to the public via the internet and accessible by anyone who wants to pay for subscription or use it for free.

Protecting enterprises from cyber threatsCyber threat landscape is constantly changing. Local companies and even institutions have been victims of several data breaches and cyberattacks, affecting their business security and operations.  Eastern Communications partners with Canada-based cybersecurity solutions provider DOSarrest in the aim of equipping Filipino companies with the right technology against cyber threats. DOSarrest was founded in 2007 and has been mitigating Distributed Denial of Service or DDoS attacks for a global customer base with its leading-edge cloud-based DDoS protection.With this partnership, companies of all sizes can now secure their business from basic to the most sophisticated DDoS attacks. Eastern Communications has various cybersecurity solutions such as Web Application Firewall (WAF) that blocks any Layer 7 threat like cross-site forgery, cross-site scripting, among others; while Content Delivery Network (CDN) generates faster loading of a website, which saves companies money yet enhances website performance at the same time.  “It’s always been Eastern Communications’ High-Tech promise to provide the best and right solutions especially to businesses that aim for utmost productivity and efficiency without compromising security. And through our partnership with reputable global firms in the industry like DOSarrest and CloudSigma, we’re looking forward to helping companies here in the country to elevate their business connectivity and harness the long-term benefits our services can offer,” shared Product and Innovation Head Edsel Paglinawan.

Source: http://manilastandard.net/spotlight/305935/strengthening-efficiency-and-security-eastern-communications-launches-upgraded-cloud-services-and-cyber-defense.html

Network layer and application layer DDoS attacks are significant threats. Learn about the differences between them and what you can do to reduce their effects.

A distributed denial of service, or DDoS, attack is a method to bring down a service by sending a flood of legitimate or illegitimate requests from multiple source devices. The goal is to overwhelm the target device so that it can no longer operate normally. Let’s examine two: network layer and application layer DDoS attacks.

Network DDoS attacks attempt to overwhelm the target by overtaxing available bandwidth. Network DDoS protections formerly were implemented at the network edge — typically, using next-gen firewalls and intrusion prevention systems. But, even with DDoS protections in place, a large-scale bot network can quickly overwhelm the edge.

Today, it’s more common for enterprises to tap into the resources of a cloud security service engineered with a high-capacity network expansive enough to handle massive amounts of data in the event a DDoS attack occurs. Because the service can handle the bandwidth capacity without the threat of its resources succumbing to overutilization, it can successfully identify and scrub DDoS traffic while passing on legitimate traffic to your servers. This architecture moves the threat of a bottleneck closer to the source of the attack where it can be better handled without interruption.

How application layer attacks work

Application layer DDoS attacks, on the other hand, don’t target network bandwidth. Instead, they strike the application (Layer 7 of the OSI model) running the service end users are trying to access. To that end, the server, server application and back-end resources are the main target. The goal of these attacks is to consume the resources of a specific service, thus slowing it or stopping it altogether.

Application layer DDoS attacks are trickier to identify and mitigate compared to a network layer DDoS attack. Common methods include the use of CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) tests to validate bots from humans. Additionally, the use of a web application firewall (WAF) is a great way to protect against more sophisticated application DDoS attacks. The purpose of a WAF is to use various signatures to discern between normal human requests and those sent from bots. A WAF can be deployed either on premises or through a third-party cloud security service provider.

Source: https://searchsecurity.techtarget.com/answer/Do-network-layer-and-application-layer-DDoS-attacks-differ

More than 70% of websites now use SSL encryption. The Google Transparency Report statistics below show a very rapid rise in adoptions of HTTPS for Chrome browser users worldwide.

Unfortunately, the security provided by SSL/TLS is also misused to attack applications by injecting malicious content and hide malware. SSL is also being used to facilitate data leakage from within an organization. HTTPS floods are now frequently used in many DDoS attack campaigns.

A Double Edged Sword

As more and more
applications and websites use end-to-end encryption and adopt HTTP/S and TLS
1.3, the ability to inspect traffic has become an important element of the
security posture. However, the encryption of traffic has made visibility
challenging.

Most DDoS mitigation services do not actually inspect SSL traffic, as doing so would require decrypting the traffic. Gaining visibility to SSL/TLS traffic also requires extensive server resources. Mitigating SSL attacks thus poses several challenges, including the burden of implementing encryption and decryption mechanisms at every point where traffic needs to be inspected.

Encryption and decryption at many different points in the traffic data path not only adds latency to the traffic, but is also expensive and problematic to scale.

However, despite all the
challenges, SSL/TLS remain the standards for ensuring secure communications and
commerce on the web.

In order to detect any application security issues before your customers experience them, it is essential to have an end-to-end monitoring capability that provides actionable insights and alerts through visualization.

As application delivery controllers are deployed at the intersection of the network and applications, ADCs can act in conjunction with your edge protection solutions to detect and mitigate an encrypted security attack or prevent leakage of proprietary information.

Conclusion

Even though you may be protected by the most
advanced firewall technology, your existing security mechanisms may still fail
to see into encrypted SSL/TLS traffic. You should deploy enterprise security
solutions that enhances your existing security posture to gain visibility into
the encrypted traffic and prevent encrypted attacks on your organization.

Source: https://securityboulevard.com/2019/09/visibility-do-you-know-whats-in-your-network/