DoS Attacks Archive

On Monday, Europol said it was closing in on more than 250 customers of Webstresser.org and other DDoS-for-hire services. In April, authorities took down the site for letting buyers knock websites offline.

If you were a big buyer of DDoS attacks, you may be in trouble. Police in Europe plan to go after customers of Webstresser.org, a major DDoS-for-hire website it shut down last year

On Monday, Europol said it was closing in on more than 250 customers of Webstresser.org and other DDoS-for-hire services. “Actions are currently underway worldwide to track down the users of these Distributed Denial of Service (DDoS) attacks,” the agency added.

In April, Europol shut down Webstresser.org for letting buyers knock websites offline. For as little as $18.99 a month, the site offered access to DDoS attacks, which can overwhelm an IP address or website with enough internet traffic to disrupt access to it.

Webstresser.org was believed to be the world’s largest market for DDoS-for-hire services, according to Europol. Before its shutdown, the site helped launch 4 million attacks. It had also attracted 151,000 registered users under the guise of selling “server stress testing” services.

Now all those customers are in danger of facing potential prosecution. That’s because authorities have uncovered a “trove of information” on Webstresser.org’s users.

“In the United Kingdom, a number of webstresser.org users have recently been visited by the police,” Europol said in its announcement. “UK police are also conducting a number of live operations against other DDoS criminals.”

Although police have typically focused on targeting the sellers of DDoS attacks, Europol said law enforcement is ramping up activities to crack down on buyers as well. Last month, US federal investigators also warned they were going after customers of DDoS-for-hire websites.

“Whether you launch the DDoS attack or hire a DDoS service to do it for you, the FBI considers it criminal activity,” FBI Assistant Director Matthew Gorham said in December. “Working with our industry and law enforcement partners, the FBI will identify and potentially prosecute you for this activity.”

Source: https://www.pcmag.com/news/366214/europol-crackdown-targets-ddos-attack-buyers

While ransomware attacks declined in 2018, cryptominers dominated the malware landscape and impacted 37 per cent organisations worldwide, Israel-based cybersecurity solutions provider Check Point Software Technologies said in a report here on Tuesday.

According to “Check Point’s 2019 Security Report”, despite a fall in the value of all cryptocurrencies, 20 per cent of the companies continued to be hit by cryptomining attacks every week.

In 2018, cryptominers occupied the types of top four most prevalent malware.

On the other hand, ransomware usage fell sharply in 2018, impacting just 4 per cent of organisations globally.

“From the meteoric rise in cryptomining to massive data breaches and DDoS attacks, there was no shortage of cyber-disruption caused to global organisations over the past year,” Peter Alexander, Chief Marketing Officer of Check Point Software Technologies, said in a statement.

“These multi-vector, fast-moving, large-scale ‘Gen V’ attacks are becoming more and more frequent, and organisations need to adopt a multi-layered cybersecurity strategy that prevents these attacks from taking hold of their networks and data.
“The 2019 Security Report offers knowledge, insights and recommendations on how to prevent these attacks,” he added.

The report examines the latest emerging threats against various industry sectors, and gives a comprehensive overview of the trends observed in the malware landscape, in emerging data breach vectors, and in nation-state cyber-attacks.

Mobiles were found as a moving target. Over 30 per cent of organisations worldwide were hit by mobile malware, with the leading three malware types targeting the Android OS.

2018 saw several cases where mobile malware was pre-installed on devices, and apps available from app stores that were actually malware in disguise, the report said.

Bots were the third most common malware type, with 18 per cent of organisations hit by bots which are used to launch DDoS attacks and spread other malware. Bot infections were instrumental in nearly half (49 per cent) of organisations experiencing a DDoS attack in 2018.

The report is based on data from Check Point’s ThreatCloud intelligence — a collaborative network for fighting cybercrime which delivers threat data and attack trends from a global network of threat sensors — over the last 12 months.

It is also based on a new survey of IT professionals and C-level executives that assesses their preparedness for today’s threats.

Source: https://economictimes.indiatimes.com/news/international/business/cryptomining-impacted-37-organisations-worldwide-in-2018/articleshow/67639012.cms

 

If a week is a long time in politics, as former British Prime Minister Harold Wilson observed, a year in cyber security can seem like an eternity. But despite the rapid changes, many things remain constant. We can always expect cyber criminals to embrace new technology as fast as legitimate businesses do, and to use it to launch new types of attacks that are ever more damaging and harder to defend against.

DDoS attacks are a case in point. In April 2018, the UK’s National Crime Agency named DDoS as the leading threat facing businesses. The Agency noted the sharp increase in attacks on a range of organisations during 2017 and into 2018, and advised organisations to take immediate steps to protect themselves against the escalating threat.

DDoS gets bigger, stronger, smarter

This warning was timely, as through late 2017 and into 2018, DDoS attacks got much larger – and that trend is showing no signs of slowing down. In Q3 of 2018, the average DDoS attack volume more than doubled compared to Q1, from 2.2 Gbps to 4.6 Gbps according to Link11´s latest DDoS Report. These attack volumes are far beyond the capacity of most websites, so this is an alarming trend. Compared to Q2, the total number of attacks also grew by 71% in Q3, to an average of over 175 attacks per day.

Attacks also got more sophisticated. 59% of DDoS incidents in Q3 of 2018 used two or more attack vectors, compared with 46% in Q2. Meanwhile, a highly targeted and strategic approach to DDoS attacks was observed as the year went on; our operation centre saw DDoS attacks on e-commerce providers increase by over 70% on Black Friday (23 November) and by a massive 109% on Cyber Monday (26 November) compared with the November average. Attacks are focusing on specific sectors, with the aim of causing more disruption.

DDoS as a service

At the same time, these larger, more sophisticated DDoS attacks are easier for criminals to launch than ever before too, from DDoS-as-a-Service provider. Perhaps the best known of these, Webstresser.org was selling multi-gigabit DDoS attacks on the Darknet for as little as $11 per attack before it was shut down by police in early 2018. Webstresser’s services were used in early 2018 to bring online services from several Dutch banks and numerous other financial and government services in the Netherlands to a standstill. Customers were left without access to their bank accounts for days.

Other services have sprung up to take Webstresser’s place, offering DDoS by the hour for $10, and by the day at bulk discount rates of $200. No expertise is required: just enter your (stolen) credit card details, and the domain you want to target. Even cloud services can be knocked offline, with very little money and little to no technical expertise required to launch an attack.

Web application attacks

Another increasingly targeted component of organisations’ IT estates during 2018 was web applications. 2018 saw high-profile breaches affecting tens of millions of customers from several high-profile companies in the travel and financial sectors. The aim of these attacks is to exfiltrate sensitive data for re-use or resale, with the attackers seeking to exploit weaknesses in the application itself, or the platform it is running on to get access to the data.

2019: predictions and protection

So as 2018 saw attacks growing in volume and complexity, what attacks can we expect to see in 2019?

We have already seen how versatile botnets are for crypto-mining and sending spam – this will extend into DDoS attacks too. Botnets benefit from the ongoing rapid growth in cloud usage and increasing broadband connections as well as the IoT, and the vulnerabilities that they address are on the protocol and application level and are very difficult to protect using standard network security solutions. Bots in public cloud environments can also propagate rapidly to build truly massive attacks.

Attack tactics, for which SSL encryption have long since ceased to be a defence, will gain even more intelligence in the coming months. The only possible answer to this can be defence strategies that cover machine learning and artificial intelligence, which can process large data streams in real time and develop adaptive measures. Highly-targeted attacks, such as those on web applications, will also continue because the rewards are so high – as we’ve seen from the 2018 data breaches we touched on earlier.

Also, 2019 could be the year in which a hacktivist collective or nation-state will launch a coordinated attack against the infrastructure of the internet itself. The 2016 DDoS attack against hosting provider Dyn showed that a single attack against a hosting provider or registrar could take down major websites. DDoS tools and techniques have evolved significantly since then, creating a very real risk of attacks that could take down sections of the Web – as shown by the attack which targeted ISPs in Cambodia. Other forms of critical infrastructure are also vulnerable to DDoS exploits, as we saw in 2018’s attack on the Danish rail network.

In conclusion, tech innovations will continue to accelerate and enable business, and cyber criminals will also take advantage of those innovations for their own gain. With more and more business taking place online, dependence on a stable internet connection rises significantly. Likewise, revenues and reputation are more at risk than ever before. Therefore, organisations must be proactive and deploy defences that can keep pace with even new, unknown threats – or risk becoming the next victim of increasingly sophisticated, highly targeted mega-attacks.

Source: https://www.information-age.com/the-ddos-landscape-123478142/

The growth of cybercrime will cost the global economy more than $2 trillion by 2019, according to the Better Business Bureau’s 2017 State of Cybersecurity Among Small Businesses in North America report.

Cost of a Cyber Attack

When it comes to small businesses, the report said the overall annual loss was estimated at almost $80K or $79,841 on average. And as more small businesses become equal parts digital and brick-and-mortar, securing both aspects of their company is more important than ever.

The risks small business owners face in the digital world has increased their awareness of the dangers of this ecosystem. A survey conducted by GetApp in 2017 revealed security concerns ranked second as the challenges small businesses were facing.

In its report GetApp says, small businesses have to implement a multipronged approach with defense mechanism designed to “Ward off attacks from different fronts.”

However, the company doesn’t forget to address the challenges small business owners face when it comes to tackling cybersecurity with limited budgets and IT expertise while at the same time running their business.

Adopting a Small Business Cybersecurity Strategy

Why is adopting a cybersecurity strategy important for small businesses? Because according to eMarketer, in 2017 retail e-commerce sales globally reached $2.304 trillion, which was a 24.8% increase over the previous year.





Of this total, mCommerce accounted for 58.9% of digital sales and overall eCommerce made up 10.2% of total retail sales worldwide in 2017, an increase of 8.6% for the year.

What this means for small businesses is they can’t afford not to be part of this growing trend in digital commerce. They have to ensure the digital platform they have protects their organization and customers whether they are on a desktop, laptop or mobile device.

Have Clear Goals and Objectives

When it comes to cybersecurity, having clear goals and objectives will greatly determine the success of the tools, processes, and governance you put in place to combat cybercriminals.

According to GetApp, with the right cybersecurity solution in place, your small business will be able to detect and prevent a cyber-attack before it takes place.

It is important to note, there is no such thing as 100% security, whether it is in the digital or physical world. Given enough time and resources, bad actors may be able to find a vulnerability in any system. The data breaches at some of the largest organizations in the world are proof of this fact.

As a small business, your goal is to make it as difficult as possible for these bad actors to penetrate the security protocols you have in place.

Don’t Rely on a Single Solution

The GetApp report says small businesses have to fortify their organization against different threats emerging from multiple fronts.

The company says there is no single cybersecurity solution which offers complete defense against all the different types of threats that are out there. At any given time a small business can be under attack from a distributed denial of service or DDoS attack, ransomware attacks, cryptojacking, and others.

To address these challenges, GetApp recommends small businesses to implement a cybersecurity strategy with investments which include a combination of antivirus, firewall, spam filter, data encryption, data backup, and password management applications.

Last but not least, even if you have the best system in place, you have to stay vigilant at all times. Cybercriminals rely on complacency.

Source: https://smallbiztrends.com/2018/12/cost-of-a-cyber-attack-small-business.html

Executives express mixed feelings and a surprisingly high level of confidence in Radware’s 2018 Web Application Security Report. 

As we close out a year of headline-grabbing data breaches (British Airways, Under Armor,  Panera Bread), the introduction of GDPR and the emergence of new application development architectures and frameworks, Radware examined the state of application security in its latest report. This global survey among executives and IT professionals has yielded insights about threats, concerns and application security strategies.

The common trend among a variety of application security challenges including data breaches, bot management, DDoS mitigation, API security and DevSecOps, was the high level of confidence reported by those surveyed. 90% of all respondents across regions reported confidence that their security model is effective at mitigating web application attacks.

Attacks against applications are at a record high and sensitive data is shared more than ever. So how can execs and IT pros have such confidence in the security of their applications?

To get a better understanding, we researched the current threat landscape and application protection strategies organizations currently take. Contradicting evidence stood out immediately:

  • 90% suffered attacks against their applications
  • One in three shared sensitive data with third parties
  • 33% allowed 3rd parties to create/modify/delete data via APIs
  • 67% believed a hacker can penetrate their network
  • 89% see web-scraping as a significant threat to their IP
  • 83% run bug bounty programs to find vulnerabilities they miss

As it turned out there are quite a few threats to application services that are not properly addressed as traditional security approaches are challenged and stretched. In parallel, the adoption of emerging frameworks and architectures, which rely on numerous integrations with multiple services, adds more complexity and increases the attack surface.

Current Threat Landscape

Last November, OWASP released a new list of top 10 vulnerabilities in web applications. Hackers continue to use injections, XSS, and a few old techniques such as CSRF, RFI/LFI and session hijacking to exploit these vulnerabilities and gain unauthorized access to sensitive information. Protection is becoming more complex as attacks come through trusted sources such as a CDN, encrypted traffic, or APIs of systems and services we integrate with. Bots behave like real users and bypass challenges such as CAPTCHA, IP-based detection and others, making it even harder to secure and optimize the user experience.

Web application security solutions must be smarter and address a broad spectrum of vulnerability exploitation scenarios. On top of protecting the application from these common vulnerabilities, it has to protect APIs and mitigate DoS attacks, manage bot traffic and make a distinction between legitimate bots (search engines for instance) and bad ones like botnets, web-scrapers and more.

DDoS Attacks

63% suffered denial of service attack against their application. DoS attacks render applications inoperable by exhausting the application resources. Buffer overflow and HTTP floods were the most common types of DoS attacks, and this form of attack is more common in APAC. 36% find HTTP/Layer-7 DDoS as the most difficult attack to mitigate. Half of the organizations take rate-based approaches (such as limiting the number of request from a certain source or simply buying a rate-based DDoS protection solution) which are ineffective once the threshold is exceeded and real users can’t connect.

API Attacks

APIs simplify the architecture and delivery of application services and make digital interactions possible. Unfortunately, they also introduce a wide range of risks and vulnerabilities as a backdoor for hackers to break into networks. Through APIs, data is exchanged in HTTP where both parties receive, process and share information. A third party is theoretically able to insert, modify, delete and retrieve content from applications. This is nothing but an invitation to attack:

  • 62% of respondents did not encrypt data sent via API
  • 70% of respondents did not require authentication
  • 33% allowed third parties to perform actions (GET/ POST / PUT/ DELETE)

Attacks against APIs:

  • 39% Access violations
  • 32% Brute-force
  • 29% Irregular JSON/XML expressions
  • 38% Protocol attacks
  • 31% Denial of service
  • 29% Injections

Bot Attacks

The amount of both good and bad bot traffic is growing. Organizations are forced to increase network capacity and need to be able to precisely tell a friend from a foe so both customer experience and security are maintained. Surprisingly, 98% claimed they can make such a distinction. However, a similar amount sees web-scraping as a significant threat. 87% were impacted by such an attack over the past 12 months, despite a variety of methods companies use to overcome the challenge – CAPTCHA, in-session termination, IP-based detection or even buying a dedicated anti-bot solution.

Impact of Web-scraping:

  • 50% gathered pricing information
  • 43% copied website
  • 42% theft of intellectual property
  • 37% inventory queued/being held by bot
  • 34% inventory held
  • 26% inventory bought out

Data Breaches

Multinational organizations keep close tabs on what kinds of data they collect and share. However, almost every other business (46%) reports having suffered a breach. On average an organization suffers 16.5 breach attempts every year. Most (85%) take between hours and days to discover. Data breaches are the most difficult attack to detect, as well as  mitigate, in the eyes of our survey respondents.

How do organizations discover data breaches?

  • 69% Anomaly detection tools/SIEM
  • 51% Darknet monitoring service
  • 45% Information was leaked publicly
  • 27% Ransom demand

IMPACT OF ATTACKS

Negative consequences such as loss of reputation, customer compensation, legal action (more common in EMEA), churn (more common in APAC), stock price drops (more common in America) and executives who lose their jobs are quick to follow a successful attack, while the process of repairing the damage and rebuild of a company’s reputation is long and not always successful. About half admitted having encountered such consequences.

Securing Emerging Application Development Frameworks

The rapidly growing amount of applications and their distribution across multiple environments requires adjustments that lead to variations once a change to the application is needed. It is nearly impossible to deploy and maintain the same security policy efficiently across all environments. Our research shows that ~60% of all applications undergo changes on a weekly basis. How can the security team keep up?

While 93% of organizations use a Web Application Firewall (WAF), only three in ten use a WAF that combines both positive and negative security models for effective application protection.

Technologies Used By DevOps

  • 63% – DevOps and Automation Tools
  • 48% – Containers (3 in 5 use Orchestration)
  • 44% – Serverless / FaaS
  • 37% – Microservers

Among the respondents that used micro-services, one-half rated data protection as the biggest challenge, followed by availability assurance, policy enforcement, authentication, and visibility.

Summary

Is there a notion that organizations are confident? Yes. Is that a false sense of security? Yes. Attacks are constantly evolving and security measures are not foolproof. Having application security tools and processes in place may provoke a sense of being in control but are likely to be breached or bypassed sooner or later. Another question we are left with is whether senior management is fully aware of the day to day incidents. Rightfully so, they look to their internal teams tasked with application security to manage the issue, but there seems to be a mismatch between their perceptions of the effectiveness of their organizations’ application security strategies and the actual exposure to risk.

Source: https://securityboulevard.com/2018/10/are-your-applications-secure