Defend Against DDoS Archive

Server configuration is the top healthcare software vulnerability, followed by information leakage and cryptographic issues, according to Veracode’s State of Software Security (SOSS) study.

Other top vulnerabilities for healthcare include faulty deployment considerations, cross-site scripting holes, credentials management issues, and code quality.

“The highly regulated healthcare industry got high marks in many of this year’s SOSS metrics,” the report noted.

Healthcare scored highest on percentage of applications passing the OWASP Top 10 guidelines, considered a measure of industry best practices for software security. A full 55.3 percent of healthcare apps passed the OWASP test, compared to 27.7 percent of applications for all industries, based on scans conducted by Veracode.

“Flaw persistence analysis shows that when looking at all found vulnerabilities, this industry is statistically closing the window on app risk more quickly than any other sector,” the report concluded.

The report offered four key takeaways for security professionals, app developers, and business executives from its analysis of software security across industries.

First, the faster organizations close software vulnerabilities, the less risk applications pose over time.

Second, organizations need to prioritize which software security flaws to fix first, given the sheer volume of open software flaws. “While many organizations are doing a good job prioritizing by flaw severity, data this year shows that they’re not effectively considering other risk factors such as the criticality of the application or exploitability of flaws,” the report noted.

Third, DevSecOps has a positive effect on software security. The more often an organization scans software per year, the faster security fixes are made. “The frequent, incremental changes brought forth by DevSecOps makes it possible for these teams to fix flaws lightning fast compared to the traditional dev team,” it noted.

Fourth, organizations are still struggling with vulnerable open source components in their software. “As organizations tackle bug-ridden components, they should consider not just the open flaws within libraries and frameworks, but also how those components are being used,” the report observed.

A major software security concern for healthcare organizations is securing application programming interfaces (APIs). The June 2018 HIMSS Healthcare and Cross-sector Cybersecurity Report warned that hackers will be exploiting APIs more to gain access to healthcare organizations and stealing sensitive data.

API attack vectors include man in the middle attacks, session cookie tampering, and distributed denial of service (DDoS) attacks, the report noted.

To address the risks that unsecured APIs pose for healthcare, the American Hospital Association (AHA) recommended that stakeholders in the mobile healthcare environment develop a secure app ecosystem for sharing health data.

“To ensure a robust, secure set of tools for individuals to engage with hospitals and health systems via apps, stakeholders will need to work together to build an app ecosystem that is based on a rigorous and continuous vetting process that takes into account evolving risks. This could be done in the public sector, through certification, or through a public-private partnership,” AHA said.

AHA cited the example of the Payment Card Industry Data Security Standard (PCI DSS), which is an industry-developed standard that includes security requirements companies must adhere to if they want to process credit and debit cards.

The federal government should also develop a consumer education program to make it clear that commercial providers of health apps may not be subject to the HIPAA Privacy Rule, according to the association.

“Commercial app companies generally are not HIPAA-covered entities. Therefore, when information flows from a hospital’s information system to an app, it likely no longer will be protected by HIPAA,” said AHA.

“Most individuals will not be aware of this change and may be surprised when commercial app companies share their sensitive health information obtained from a hospital, such as diagnoses, medications or test results, in ways that are not allowed by HIPAA,” the association noted.

Source: https://healthitsecurity.com/news/server-configuration-is-top-healthcare-software-vulnerability

Ecommerce revenue worldwide amounts to more than 1.7 trillion US dollars, in the year 2018 alone. And the growth is expected to increase furthermore.

However, with growth comes new challenges. One such problem is cybersecurity. In 2017, there were more than 88 million attacks on eCommerce businesses. And a significant portion includes small businesses.

Moreover, online businesses take a lot of days to recover from the attacks. Some businesses completely shut down due to the aftermath of the security breaches.

So, if you are a small business, it is essential to ensure the safety and security of your eCommerce site. Else, the risks pose a potential threat to your online business.

Here we discuss some basics to ensure proper security to your eCommerce site.

Add an SSL certificate

An SSL Certificate ensures that the browser displays a green padlock or in a way shows to the site visitors that they are safe; and that their data is protected with encryption during the transmission.

To enable or enforce an SSL certificate on your site, you should enable HTTPS—secured version of HyperText Transfer Protocol (HTTP)—across your website.

In general, HTTP is the protocol web browsers use to display web pages.

So, HTTPS and SSL certificates work hand in hand. Moreover, one is useless without the other.

However, you have to buy an SSL certificate that suits your needs. Buying a wrong SSL certificate would do no good for you.

Several types of SSL certificates are available based on the functionality, validation type, and features.

Some common SSL certificates based on the type of verification required are:

  1. Domain Validation SSL Certificate: This SSL certificate is issued after validating the ownership of the domain name.
  2. Organization Validation SSL Certificate: This SSL certificate additionally requires you to verify your business organization. The added benefit is it gives the site visitors or users some more confidence. Moreover, small online businesses should ideally opt for this type of SSL certificate.
  3. Extended Validation SSL Certificate: Well, this type of SSL certificate requires you to undergo more rigorous checks. But when someone visits your website, the address bar in the browser displays your brand name. It indicates users that you’re thoroughly vetted and highly trustworthy.

Here are some SSL certificate types based on the features and functionality.

  1. Single Domain SSL Certificate: This SSL certificate can be used with one and only one domain name.
  2. Wildcard SSL Certificate: This SSL certificate covers the primary and all the associated subdomains.
    Every subdomain along with the primary domain example.com will be covered under a single wildcard SSL certificate.
  3. Multi-Domain SSL Certificate: One single SSL certificate can cover multiple primary domains. The maximum number of domains covered depends on the SSL certificate vendor your purchase the certificate from. Typically, a Multi-Domain SSL Certificate can support up to 200 domain names.

Nowadays, making your business site secure with SSL certificate is a must. Otherwise, Google will punish you. Yes, Google ranks sites with HTTPS better than sites using no security.

However, if you are processing online payments on your site, then SSL security is essential. Otherwise, bad actors will misuse your customer information such as credit card details, eventually leading to identity theft and fraudulent activities.

Use a firewall

In general, a firewall monitors incoming and outgoing traffic on your servers, and it helps you to block certain types of traffic—which may pose a threat—from interacting or compromising your website servers.

Firewalls are available in both virtual and physical variants. And it depends on the type of environment you have in order to go with a specific firewall type.

Many eCommerce sites use something called a Web Application Firewall (WAF).

On top of a typical network firewall, a WAF gives more security to a business site. And it can safeguard your website from various types of known security attacks.

So, putting up a basic firewall is essential. Moreover, using a Web Application Firewall (WAF) is really up to the complexity of the website or application you have put up.

Protect your site from DDoS attacks

A type of attack used to bring your site down by sending huge amounts of traffic is nothing but denial-of-service-attack. In this attack, your site will be bombarded with spam requests in a volume that your website can’t handle. And the site eventually goes down, putting a service disruption to the normal/legitimate users.

However, it is easy to identify a denial-of-service-request, because too many requests come from only one source. And by blocking that source using a Firewall, you can defend your business site.

However, hackers have become smart and highly intelligent. They usually compromise various servers or user computers across the globe. And using those compromised sources, hackers will send massive amounts of requests. This type of advanced denial-of-service attack is known as distributed-denial-of-service-attack. Or simply put a DDoS attack.

When your site is attacked using DDoS, a common Firewall is not enough; because a firewall can only defend you from bad or malicious requests. But in DDoS, all requests can be good by the definition of the Firewall, but they overwhelm your website servers.

Some advanced Web Application Firewalls (WAF) can help you mitigate the risks of DDoS attacks.

Also, Internet Service Providers (ISPs) can detect them and stop the attacks from hitting your website servers. So, contact your ISP and get help from them on how they can protect your site from DDoS attacks.

If you need a fast and straightforward way to secure your website from distributed-denial-of-service attacks, services like Cloud Secure from Webscale Networks is a great option.

In the end, it is better to have strategies in place to mitigate DDoS attacks. Otherwise, your business site may go down and can damage your reputation—which is quite crucial in the eCommerce world.

Get malware protection

A Malware is a computer program that can infect your website and can do malicious activities on your servers.

If your site is affected by Malware, there are a number of dangers your site can run into. Or, the user data stored on your servers might get compromised.

So, scanning your website regularly for malware detection is essential. Symantec Corporation provides malware scanning and removal tools. These tools can help your site stay safe from various kinds of malware.

Encrypt data

If you are storing any user or business related data, it is best to store the data in encrypted form, on your servers.

If the data is not encrypted, and when there is a data breach, a hacker can easily use the data—which may include confidential information like credit card details, social security number, etc. But when the data is encrypted, it is much hard to misuse as the hacker needs to gain access to the decryption key.

However, you can use a tokenization system. In which, the sensitive information is replaced with a non-sensitive data called token.

When tokenization implemented, it renders the stolen data useless. Because the hacker cannot access the Tokenization system, which is the only component that can give access to sensitive information. Anyhow, your tokenization system should be implemented and isolated properly.

Use strong passwords

Use strong passwords that are at least 15 character length for your sites’ admin logins. And when you are remotely accessing your servers, use SSH key-based logins wherever possible. SSH key-based logins are proven to be more secure than password-based logins.

Not only you, urge your site users and customers to use strong password combinations. Moreover, remind them to change their password frequently. Plus, notify them about any phishing scams happening on your online business name.

For example, bad actors might send emails to your customers giving lucrative offers. And when a user clicks on the email, he will be redirected to a site that looks like yours, but it is a phishing site. And when payment details are entered, the bad actor takes advantage and commits fraudulent activities with the stolen payment info.

So, it is important to notify your user base about phishing scams and make your customers knowledgeable about cybersecurity.

Avoid public Wi-Fi networks

When you are working on your business site or logging into your servers, avoid public wifi networks. Often, these networks are poorly maintained on the security front. And they can become potential holes for password leaks.

However, public wifi networks can be speedy. So, when you cannot avoid using a public wifi network, use VPN services like ProtonVPN, CyberGhost VPN, TunnelBear VPN, etc, to mitigate the potential risks.

Keep your software update

To run an online business, you have to use various software components, from server OS to application middleware and frameworks.

Ensure that all these components are kept up to date timely and apply the patches as soon as they are available. Often these patches include performance improvements and security updates.

Some business owners might feel that this is a tedious process. But remember, one successful cyber attack has the potential to push you out of business for several days, if not entirely.

Conclusion

In this 21st century, web technology is growing and changing rapidly. So do the hackers from the IT underworld.

The steps mentioned above are necessary. But we cannot guarantee that they are sufficient. Moreover, each business case is different. You always have to keep yourself up to date. And it would help if you took care of your online business security from time to time. Failing which can make your business site a victim of cyber attacks.

Source: https://londonlovesbusiness.com/how-to-secure-your-online-business-from-cyber-threats/

Artificial intelligence (AI) is poised to impact every industry in the near future—including the lucrative business of malicious hacking and the cybersecurity industry working to defend against those attacks.

Enterprise IT and security professionals recognize AI’s potential in cybersecurity, according to a new report from Neustar: 87% of the 301 senior technology and security workers surveyed agreed that AI will make a difference in their company’s defenses. However, 82% said they are also afraid of attackers using AI against their company, the report found.

In a cyberattack, IT and security professionals said they most fear stolen company data (50%), loss of customer trust (19%), unstable business performance (16%), and the cost implications (16%).

Despite the risks, 59% of security pros said they remain apprehensive about adopting AI for security purposes, the report found.

“Artificial intelligence has been a major topic of discussion in recent times – with good reason,” Rodney Joffe, head of the the Neustar International Security Council and Neustar senior vice president and fellow, said in a press release. “There is immense opportunity available, but as we’ve seen today with this data, we’re at a crossroads. Organizations know the benefits, but they are also aware that today’s attackers have unique capabilities to cause destruction with that same technology. As a result, they’ve come to a point where they’re unsure if AI is a friend or foe.”

In terms of threats, security professionals said they were most concerned about DDoS attacks (22%), system compromise (20%), and ransomware (15%). Nearly half of organizations surveyed (46%) said they had been on the receiving end of a DDoS attack in Q3 2018, a higher proportion than in years past, the report found.

“What we do know is that IT leaders are confident in AI’s ability to make a significant difference in their defenses,” Joffe said in the release. “So what’s needed now is for security teams to prioritize education around AI, not only to ensure that the most efficient security strategies have been implemented, but to give organizations the opportunity to embrace – and not fear – this technology.”

The big takeaways for tech leaders:

  • 82% of security professionals said they are afraid of attackers using AI in cyberattacks against their company. — Neustar, 2018
  • Security professionals said they were most concerned about DDoS attacks (22%), system compromise (20%), and ransomware (15%). — Neustar, 2018

Source:https://www.techrepublic.com/article/82-of-security-pros-fear-hackers-using-ai-to-attack-their-company/

Large companies are hit by cyberattacks at an above average rate, according to the Cybersecurity Monitor of Dutch statistics bureau CBS for 2018. Among companies of 250+ employees, 39 percent were hit at least once by a cyberattack in 2016, such as a hack or DDoS attack. By contrast, around 9 percent of small companies (2-10 employees) were confronted with such an ICT incident.

Of the larger companies, 23 percent suffered from failure of business processes due to the outside cyberattacks. This compares to 6 percent for the smaller companies. Of all ICT incidents, failures were most common, for all sizes, though again, the larger companies were more affected (55%) than the smaller ones (21%). The incidents led to costs for both groups of companies.

Chance of incident bigger at large company

CBS noted that ICT incidents can arise from both from an outside attack and from an internal cause, such as incorrectly installed software or hardware or from the unintentional disclosure of data by an employee. The fact that larger companies suffer more from ICT incidents can be related to the fact that more people work with computers; this increases the chance of incidents. In addition, larger companies often have a more complex ICT infrastructure, which can cause more problems.

The number of ICT incidents also varies per industry. For example, small businesses in the ICT sector (12%) and industry (10%) often suffer from ICT incidents due to external attacks. Small companies in the hospitality sector (6%) and health and welfare care (5%) were less often confronted with cyberattacks.

Internal cause more common at smaller companies

Compared to larger companies, ICT incidents at small companies more often have an internal cause: 2 out 3, compared to 2 out of 5 for larger companies. ICT incidents at small companies in health and welfare care most often had an internal cause (84%). In the ICT sector, this share was 60 percent.

About 7 percent of companies with an ICT incident report them to one or more authorities, including police, the Dutch Data Protection Authority AP, a security team or their bank. The largest companies report ICT incidents much more often (41%) than the smallest companies (6%). Large companies report these ICT incidents most frequently to the AP, complying with law. After that, most reports are made to the police. The smallest companies report incidents most often to their bank.

Smaller: less safe

Small businesses are less often confronted with ICT incidents and, in comparison with large companies, take fewer security measures. Around 60 percent of small companies take three or more measures. This goes to 98 percent for larger companies.

Source: https://www.telecompaper.com/news/over-third-39-of-large-dutch-firms-hit-by-cyberattack-in-2016-cbs–1265851

The hacks — first reported by Rolling Stone — targeted a Democratic candidate in one of the country’s most competitive primary races

WASHINGTON — The FBI has opened an investigation into cyberattacks that targeted a Democratic candidate in a highly competitive congressional primary in southern California.

As Rolling Stone first reported in September, Democrat Bryan Caforio was the victim of what cybersecurity experts believe were distributed denial of service, or DDoS, attacks. The hacks crashed his campaign website on four separate occasions over a five-week span, including several hours before the biggest debate of the primary race and a week before the election itself, according to emails and other forensic data reviewed by Rolling Stone. They were the first reported instances of DDoS attacks on a congressional candidate in 2018.
Caforio was running in the 25th congressional district represented by Republican Rep. Steve Knight, a vulnerable incumbent and a top target of the Democratic Party. Caforio ultimately finished third in the June primary, failing to move on to the general election by several thousand votes.

“I’m glad the FBI has now launched an investigation into the hack,” Caforio tells Rolling Stone in a statement. “These attacks put our democracy at risk, and they’ll keep happening until we take them seriously and start to punish those responsible.”

It was unclear from the campaign’s data who launched the attacks. But in early October, a few weeks after Rolling Stone’s report, Caforio says an FBI special agent based in southern California contacted one of his former campaign staffers about the DDoS attacks. The FBI has since spoken with several people who worked on the campaign, requested forensic data in connection with the attacks and tasked several specialists with investigating what happened, according to a source close to the campaign.

According to the source, the FBI has expressed interest in several details of the DDoS attacks. The bureau asked about data showing that servers run by Amazon Web Services, the tech arm of the online retail giant, appear to have been used to carry out the attacks. The FBI employees also seemed to focus on the last of the four attacks on Caforio’s website, the one that came a week before the primary election.

An FBI spokeswoman declined to comment for this story.

A DDoS attack occurs when a flood of online traffic coming from multiple sources intentionally overwhelms a website and cripples it. The cybersecurity company Cloudflare compares DDoS to “a traffic jam clogging up a highway, preventing regular traffic from arriving at its desired destination.” Such attacks are becoming more common in American elections and civic life, according to experts who monitor and study cyberattacks. “DDoS attacks are being used to silence political speech and voters’ access to the information they need,” George Conard, a product manager at Jigsaw, a Google spin-off organization, wrote in May. “Political parties, campaigns and organizations are a growing target.”

Matthew Prince, the CEO of Cloudflare, told Rolling Stone last month that his company had noticed an increase in such attacks after 2016 and the successful Russian operations on U.S. soil.

“Our thesis is that, prior to 2016, U.S.-style democracy was seen as the shining city on the hill. The same things you could do to undermine a developing democracy wouldn’t work here,” Prince says. “But after 2016, the bloom’s off the rose.”

The FBI has since created a foreign influence task force to combat future efforts to interfere and disrupt U.S. elections.

Southern California, in particular, has seen multiple cyberattacks on Democratic congressional candidates during the 2018 midterms. Rolling Stone reported that Hans Keirstead, a Democratic candidate who had challenged Rep. Dana Rohrabacher (R-CA), widely seen as the most pro-Russia and pro-Putin member of Congress, had been the victim of multiple hacking efforts, including a successful spear-phishing attempt on his private email account that resembled the 2016 hack of John Podesta, Hillary Clinton’s campaign chairman. Hackers also reportedly broke into the campaign computer of Dave Min, another Democratic challenger in a different southern California district, prompting the FBI to open an investigation.

On Friday, the nation’s four top law enforcement and national security agencies — the FBI, Justice Department, Department of Homeland Security and the Office of the Director of National Intelligence — released a joint statement saying there were “ongoing campaigns by Russia, China and other foreign actors, including Iran” that include interference in the 2018 and 2020 elections. Cybersecurity experts and political consultants say there are many reports of hacking attempts on 2018 campaigns that have not been publicized. But the proximity of the attacks is significant because Democrats have a greater chance of taking back the House of Representatives if they can flip multiple seats in Southern California.

Source: https://www.rollingstone.com/politics/politics-news/california-congressional-race-hack-745519/