Stop DDoS Archive

Popular chat service Discord experienced issues today due to network problems at Cloudflare and a wider internet issue. The app was inaccessible for its millions of users, and even Discord’s website and status pages were struggling. Discord’s problems could be traced to an outage at Cloudflare, a content delivery network. Cloudflare started experiencing issues at 7:43AM ET, and this caused Discord, Feedly, Crunchyroll, and many other sites that rely on its services to have partial outages.

Cloudflare says it’s working on a “possible route leak” affecting some of its network, but services like Discord have been inaccessible for nearly 45 minutes now. “Discord is affected by the general internet outage,” says a Discord statement on the company’s status site. “Hang tight. Pet your cats.”

“This leak is impacting many internet services including Cloudflare,” says a Cloudflare spokesperson. “We are continuing to work with the network provider that created this route leak to remove it.” Cloudflare doesn’t name the network involved, but Verizon is also experiencing widespread issues across the East Coast of the US this morning. Cloudflare notes that “the network responsible for the route leak has now fixed the issue,” so services should start to return to normal shortly.

Cloudfare explained the outage in an additional statement, commenting that “Earlier today, a widespread BGP routing leak affected a number of Internet services and a portion of traffic to Cloudflare. All of Cloudflare’s systems continued to run normally, but traffic wasn’t getting to us for a portion of our domains. At this point, the network outage has been fixed and traffic levels are returning to normal.”


The Future Today Institute, an organization that provides forecasts about how emerging technology will disrupt business and transform the workforce, has once again looked into its crystal ball—and cyber security executives might not be thrilled with the predictions.

In its 2018 Tech Trends Report, the institute said organizations and individuals can expect to see more sophisticated data breaches, advanced hacker tactics, and targeted ransomware against devices in offices and homes.

Here are some of the key security-related prognostications:

  • The historical tension between security and privacy domains will unleash new challenges this year, report said. Individuals are providing more data each day, and as more connected devices enter the marketplace the volume of available data will continue to rise. But the companies making devices and managing consumer data are not planning for future scenarios, and off-the-shelf compliance checklists will not be sufficient. Managers will need to develop and constantly update their security policies and make the details transparent. Today, most organizations aren’t devoting enough budget to securing their data and devices, the report said.
  • Distributed denial of service attacks (DDoS) will increase. In the past few years the number of DDoS attacks have spiked, the report said. The U.S. was hit with 122 million DDoS attacks between April and June 2017 alone. One of the more notable DDoS incidents was a massive attack that shut down many leading Internet cites, caused by the Mirai botnet and infecting Dyn, a company that controls a large portion of the Internet domain name system infrastructure. Cyber criminals are leveraging more sophisticated tools, and that means future attacks will be larger in scope and could have greater impact.
  • Ransomware will continue to be a threat with the growth of cryptocurrencies. There was a spread of ransomware attacks, including WannaCry, Petya, and NotPetya, during 2017. In England, WannaCry shut down systems in dozens of medical centers, which resulted in hospitals diverting ambulances and 20,000 cancelled appointments. Because cash and online bank transfers are easy to track, the currency of choice for ransomware attacks is bitcoin, which moves through an encrypted system and can’t be traced. The rise of blockchain and cryptocurrencies have transformed ransomware into a lucrative business, according to the report. Just backing up data will probably not be enough of a measure against these attacks.
  • Russia will remain a big source of hacker attacks. The country is home to the world’s most gifted and prolific hackers, who are motivated both by a lack of economic opportunity and weak law enforcement, according to the report. In the past two years it has become clear that Russia’s military and government intelligence agencies are eager to put home-grown hackers to work, infiltrating the Democratic National Committee, Olympic organizations and European election commissions, it said.
  • Zero-day exploits will be on the rise. These attacks are dangerous, and finding vulnerabilities is a favorite activity of malicious hackers, the report noted. A number of zero-day exploits have been lying dormant for years—and two emerged late in 2017. A flaw found on chips made by Intel and ARM led to the realization that virtually every Intel processor shipped since 1995 was vulnerable to two new attacks called Spectre and Meltdown.
  • There will be more targeted attacks on digital assistants. Now that digital assistants such as Alexa, Siri, and Cortana have moved from the fringe to the mainstream, expect to see targeted attacks, the report said. Whether they target the assistants or their hardware (Amazon Echo, Apple HomePod, Google Home), it’s clear that the next frontier in hacking are these platforms.
  • In the wake of several hacking attacks during elections around the world, several government agencies are now making public their plans to hack offensively, according to the report. The U.K.’s National Health Service has started hiring white hat hackers to safeguard it against a ransomware attack such as WannaCry, which took the nation’s health care system offline. Singapore’s Ministry of Defense is hiring white hat hackers and security experts to look for critical vulnerabilities in its government and infrastructure systems. And in the U.S., two agencies responsible for cyberwarfare—the U.S. Cyber Command and the National Security Agency—are looking to leverage artificial intelligence (AI) as a focus for the U.S. cyber strategy.
  • Also thanks to advancements in AI, one of the big trends in security is automated hacking—software designed to out-hack human hackers. The report said the Pentagon’s research agency DARPA launched a Cyber Grand Challenge project in 2016, with a mission to design computer systems capable of beating hackers at their own game. The agency wanted to show that smarter automated systems can reduce the response time—and develop fixes in system flaws—to just a few seconds. Spotting and fixing critical vulnerabilities is a process that can take human hackers months or even years to complete, the report said.


Understand the essence of cyber security and the issues facing digital, internet and mobile users.

What is cyber security, and what kinds of security threats and implications face personal and business users of the internet and digital realm? These questions often confuse and occasionally overwhelm, as we’re bombarded on an almost daily basis with horror stories of major hacks, data breaches, and abuses of online privacy.

Building on our basic introduction to malware, viruses, and spyware online, in this article we’ll be looking not only to answer the question “What is cyber security?” but also to simplify some of the complexity surrounding its methods, and the security issues facing individuals and corporate users of digital, internet, and mobile technologies.

We’ll start with the basics.

What Is Cyber Security?

The word “cyber” is a fairly recent addition to the English vocabulary, and is a general term used to describe things in the world of computers, information and digital technology. And “security” is a term that’s been around for a very long time, which concerns the safety of people, corporate entities, and institutions, in the face of threats and dangers.

So it should come as little surprise that cyber security is a blanket term covering the people, processes, and technology involved in protecting computers, networks, mobile devices, software applications, and data from attacks and attempts to gain unauthorised access.

Cyber security embraces individuals, organisations, networks, and the infrastructure that connects them. And it runs the gamut from the protection of physical assets and hardware, through to the technology and procedures used in safeguarding digital assets such as software and information, and the assessment and management of the risks facing each of these environments.

Risk Management

Total security is an impossible ideal. No matter how “foolproof” a system or business process may seem, there’s always scope for something to go wrong. And with the ingenuity and resources available to hackers and cyber criminals, new threats and new methods of exploiting weaknesses in techniques and technologies are constantly developing.

The best that individuals and corporate bodies can hope to achieve is to manage the risks that they face in the best way possible. A risk management strategy for cyber security requires an understanding of the threat landscape, knowledge of the risks that are most likely to be relevant, and the establishment of procedures for reducing vulnerability to these threats.

Basically, this all boils down to:

  1. Becoming aware of what’s out there, and what’s likely or possible to hit you, then
  2. Taking steps to reduce the likelihood of you being affected, and
  3. Making plans for how to respond, and minimise the damage in the event that your precautions fail.

Cyber Security Tools and Methods

There’s an entire industry that’s grown out of the sale of cyber security tools like anti-virus applications, password managers, and data encryption software (which scrambles information, so that it can’t be read), as well as dedicated security hardware, and the contracting out of related services.

But tools and talent will only go so far. A comprehensive approach to cyber security requires not only these assets, but also the information and methodology needed to make the strategy effective.

Cyber Security and Regulatory Frameworks

Frameworks are sets of rules, guidelines, and best practices which provide a formalised structure for individual operators and corporate bodies to follow in order to beef up their security stance, or meet the requirements of regulatory compliance regimes and the law.

Frameworks for cyber security typically take the form of a set of recommendations. They may also describe procedures and tools that may be used to put those recommendations into practice.

Ten Steps to Cyber Security, a report issued by the National Cyber Security Centre (NCSC, a division of UK intelligence headquarters GCHQ) to help business executives get to grips with the subject, is an example of this approach.

In terms of regulatory compliance, frameworks will typically spell out the exact conditions that organisations or individuals will have to satisfy in order to continue operating in a particular industry, discipline, or market sector, without running the risk of fines or legal action.

The recently launched General Data Protection Regulation or GDPR is one such framework, created by the European Union (EU) to set conditions guarding the data privacy of its citizens and residents.

There are many different frameworks in existence, and organisations have to be careful to choose the ones that are most effective and appropriate for them. After all, what is cyber security to one business may be too complex, or not far-reaching enough, for others.

Security Policies

Based on the demands of the law, regulatory requirements, and the conditions of their own working environment, organisations are usually advised to draw up a formalised policy, laying out how security matters should be handled.

Security policies will usually spell out what practices are permissible and which ones aren’t, in promoting and maintaining cyber security for the enterprise. They’ll also specify the powers and privileges that every member of the organisation has in respect to things like network and database access, control of intellectual property, and other issues. Fines and penalties for abusing corporate security policy may also be laid out here.

Security Architecture

The security architecture of an establishment is the structure of physical hardware, software applications, procedures, partnerships, and related services that maintain and monitor the cyber security of the enterprise. These may include:

  • Physical security measures: Gates, security cameras, scanners, locks, identity tags, and associated hardware.
  • Access control: The mechanisms and procedures that keep unauthorised users or visitors at bay.
  • Authentication and validation: Methods of ensuring that only authorised members of an organisation or invited guests can check in and out of the networks and resources they’re entitled to.
  • Intrusion detection and/or intrusion prevention: Hardware and software that guard against attempts to infiltrate networks and systems by hackers and spies.
  • Monitoring: Qualified security and IT personnel, dedicated hardware, and/or automated systems running constant checks against threats and signs of infection or system compromise.
  • Incident Response: Deployment of specialised teams of responders, in the case of alerts or confirmed evidence of an attack.

Cyber Threat Intelligence

With new attack methods and new strains of malware (malicious software) emerging or being developed even as we speak, much of the security challenge for private individuals and businesses lies in staying on top of the latest happenings in the world of cyber security. This is where cyber threat intelligence comes into play.

As its name suggests, cyber threat intelligence consists of detailed information (or intelligence) on current security threats, the people, technology, and criminal organisations currently responsible for them, and the latest methods for combating the threats that they pose.

Cyber threat intelligence may come in several forms. Common among these are online databases, white papers (advisory documents), discussion forums, specialist consultants, and pools of shared knowledge drawn from experts in the field, and from organisations that have been affected by cyber threats of various kinds.

Security Awareness Training

With human error, poor judgement, and just plain foolishness often assisting hackers and cyber criminals more than the malicious software and other tools they use, it’s important for network and internet users to become aware of the threats they actually face, and the best methods for avoiding them. That’s where cyber security awareness training comes into the picture.

Aside from raising awareness, the aim of security awareness training is to instil a culture and attitude that makes cyber security and risk management a part of daily life.

This training may be formally conducted (e.g., by a business organisation), or sought out independently. Interactive exercises, tests, and engaging presentation techniques are typically used to explain prevailing cyber threats, the risks to individuals and businesses, and best practices for staying safe.

Penetration Testing

All the tools and security training in the world don’t help if systems and people crumple under the pressure of a real security incident or hacking attack. So many business enterprises conduct what are known as random penetration tests. These are the equivalent of live drills, for fire or emergency response.

In penetration testing, external contractors are usually called in and given a free hand to stage a cyber attack on an organisation’s network and personnel, using various methods such as brute force assaults on passwords, email and message phishing (trying to fool people into giving up sensitive information, visiting booby-trapped websites, or opening file attachments loaded with malware), or overloading system resources.

The goal of these exercises is to gauge and monitor the performance of workers and incident response teams under the pressure of a real attack, and to highlight areas where the security defences of an enterprise can be improved.

Penetration testing is typically performed by security professionals who have a familiarity with the latest hacking techniques, but use these skills for benevolent purposes. So if you ever come across terms like “white hat hackers” or “ethical hacking”, this is what they’re referring to.

Security Threats to Personal Users

In terms of what is cyber security for the individual, the sad truth is that it’s a precarious environment out there, and pretty much always has been. Among the numerous security threats facing personal users of networks, the internet, and mobile devices are:

  • Malicious software or malware, in general: Traditional computer viruses, Trojans or Trojan Horse programs (look like one thing, actually do another), and worms (software capable of reproducing itself so that it can spread from one computer to the next over a network), plus things like spyware, adware, and key-loggers (which can record your strokes on the keyboard, or mouse movements) are all examples.
  • Ransomware: A specialised breed of malware that can immobilise complete systems by encrypting all the information on them, so that the owner can’t understand or access it. Victims are extorted for money (usually in the form of Bitcoin or some other cryptocurrency), for the keys to unlock their devices. The likes of WannaCry and Petya have wreaked havoc and made considerable sums for the criminals distributing them.
  • Crypto-jacking software: Programs hidden inside otherwise legitimate software or websites that hijack a user’s or visitor’s system resources to mine for cryptocurrencies.
  • Phishing and social engineering: Bogus messages (email, SMS, false advertising, or voice calls) aimed at getting victims to divulge useful information, or at leading them to download malicious file attachments or visit web sites booby-trapped with malware.
  • Identity theft: Gathering of personal and business information (from browsing activity, social media, company profiles, etc.) that enables cyber criminals to impersonate victims, or sell their digital identities on to third parties.
  • Information leaks: Exposure of personal, financial, and other sensitive data due to hacks, security breaches, mobile apps with links to third parties, or indiscreet practices online.

Security Threats to Businesses

Business organisations are composed of individual people, so of course all of the above security threats apply to businesses as well. But in addition to the personal threats, there are other more institutional cyber security risks that businesses have to consider. These include:

  • Infiltration of corporate networks: This may occur through direct action (such as successful attempts at password breaking) or indirectly (e.g. using spyware slipped to an employee through a phishing email).
  • Corruption of corporate data: If hackers gain access to corporate information, in some cases they can insert their own data as acts of sabotage or market manipulation.
  • Theft of intellectual property or copyright infringement: Secret projects, hot new products, or top-selling existing material that can be pirated for profit or claimed as someone else’s are all vulnerable, here.
  • Leakage of company credentials: Often as a result of workers using office email and other credentials on public sites like social media, which are then hacked.
  • Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks: Organised assaults against online services, networks, and web applications that clog the system so that users can’t get through.
  • System hijacking: In extreme cases (or as the final pay-off for sustained attacks known as APTs or advanced persistent threats), individual systems or entire networks may fall under the control of cyber criminals.
  • Insider threats: Often overlooked as a possibility until it’s too late, the work of disgruntled former employees or dissatisfied current ones can lead to mistakes or deliberate attempts at sabotage that give the upper hand to cyber criminals.

Final Thoughts

So, what is cyber security, and what does it involve? All of the above, plus techniques and tools to bolster your security stance and provide protection against known and unknown threats. We’ll be considering some of those in our next instalment of this series.

In the meantime, you can check out the security advice and commentary on the FileHippo blog and news feeds, and get access to some great software that’s all available to download for free.


Every employee at your organisation should be prepared to deal with right to be forgotten requests.

It’s estimated that 75% of employees will exercise their right to erasure now GDPR (General Data Protection Regulation) has come into effect. However, less than half of organisations believe that they would be able to handle a ‘right to be forgotten’ (RTBF) request without any impact on day-to-day business.

These findings highlight the underlying issues we’re seeing in the post-GDPR era and how the new regulations put businesses at risk of being non-compliant. What is also worrying, is that there are wider repercussions for organisations not being prepared to handle RTBF requests.

No matter how well business is conducted, there is always the possibility of someone who holds a grudge against the company and wants to cause disruption to daily operations. One way to do this, without resorting to a standard cyber-attack, is through inundating an organisation with RTBF requests. Especially when the company struggles to complete one request, this can drain a company’s resources and grind the business to a halt. In addition to this, failing to comply with the requests in a timely manner can result in a non-compliance issue – a double whammy.

An unfortunate consequence of the new GDPR regulations is that the right to erasure is free to submit, meaning it is more likely customers or those with a grudge will request to have their data removed. There are two ways this can be requested. The first is a simple opt-out, to remove the name – usually an email address – from marketing campaigns. The other is a more time consuming, complex discovery and removal of all applicable data. It is this second type of request where there is a potential for hacktivists, be-grudged customers, or other cyber-attackers to weaponise the regulation requirement.

One RTBF request is relatively easy to handle – as long as the company knows where its data is stored of course – and the organisation actually has a month to complete the request from the day it was received. However, if a company is inundated with requests coming in on the same or consecutive days, it becomes difficult to manage and has the potential to heavily impact daily operations. This kind of attack is comparable to Distributed Denial of Service (DDoS) attacks – for example the attack on the UK National Lottery last year which saw its entire online and mobile capabilities knocked out for hours because cyber criminals flooded the site with traffic – with companies becoming overloaded with so many requests that it has to stop their services entirely.

When preparing for a flood of RTBF requests, it is essential that all organisations have a plan in place that streamlines processes for discovery and deletion of customer data, making it as easy as possible to complete multiple requests simultaneously.

Don’t let your weakest link be your downfall

The first thing to consider is whether or not the workforce is actually aware of what to do should a RTBF request come in (let alone hundreds). Educating all employees on what to do should a request be made – including who in the company to notify and how to respond to the request – is essential in guaranteeing an organisation is prepared. It will mean that any RTBF request is dealt with both correctly and in a timely manner. The process must also have clearly defined responsibilities and actions able to be audited. For companies with a DPO (Data Protection Officer) or someone who fulfils that role, this is the place to begin this process.

Discovering data is the best defence

The key to efficiency in responding to RTBF requests is discovering the data. This means the team responsible for the completion of requests is fully aware of where all the data for the organisation is stored. Therefore, a complete list of where the data can be found – and how to find it – is crucial. While data in structured storage such as a database or email is relatively simple to locate and action, it is the unstructured data, such as reports and files, which is difficult to find and is the biggest culprit of draining time and resources.

Running a ‘data discovery’ exercise is invaluable in helping organisations achieve an awareness of where data is located, as it finds data on every system and device from laptops and workstations to servers and cloud drives. Only when you know where all critical data is located, can a team assess its ability to delete it and, where applicable, remove all traces of a customer. Repeating the exercise will highlight any gaps and help indicate where additional tools may be required to address the request. Data-At-Rest scanning is frequently found as one part of a Data Loss Prevention (DLP) solution.

Stray data – a ticking time bomb

Knowing where data is stored within the organisation isn’t the end of the journey however. The constant sharing of information with partners and suppliers also has to be taken into account – and for this, understanding the data flow into and out of the company is important. Shared responsibility clauses within GDPR rules means that all partners involved with critical data are liable should a breach happen or a RTBF request cannot be completed. If critical data sitting with a partner is not tracked by the company that received the RTBF request, it makes it impossible to truly complete it and the organisation could face fines of up to 20 million EUR (or 4% of their global turnover). Therefore, it’s even more important to know how and where critical data is moving at all times, minimising the sharing of information to only those who really need to know.

While there is no silver bullet to prevent stray data, there are a number of technologies which can help to control the data which is sent both in and out of a company. Implementing automated solutions, such as Adaptive Redaction and document sanitisation, will ensure that no recipient receives unauthorised critical data. This will build a level of confidence around the security of critical data for both the organisation and the customer.

With the proper processes and technologies in place, dealing with RTBF requests is a straightforward process, whether it is a legitimate request, or an attempt by hacktivists or disgruntled customers to wreak havoc on an organisation. Streamlining data discovery processes and controlling the data flowing in and out of the company will be integral in allowing a business to complete a RTBF request and ultimately defend the organisation against a malicious use of GDPR.


Surviving a cyberattack isn’t like weathering a Cat 5 hurricane or coming through a 7.0 earthquake unscathed. Granting that natural disasters too often have horrendous consequences, there’s also a “right place, right time” element to making it through. Cyber-disasters – which can be every bit as calamitous in their own way as acts of nature – don’t typically bend to the element of chance. If you come out the other side intact, it’s probably no accident. It is, instead, the result of specific choices, tools, policies and practices that can be codified and emulated – and that need to be reinforced.

Consider the recent case of GitHub, the target of the largest DDoS attack ever recorded. GitHub’s experience is instructive, and perhaps the biggest takeaway can be expressed in four simple words: Your web host matters.

That’s especially crucial where security is concerned. Cloud security isn’t like filling out a job application; it’s not a matter of checking boxes and moving on. Piecemeal approaches to security simply don’t work. Patching a hole or fixing a bug, and then putting it “behind” you – that’s hardly the stuff of which effective security policies are made. Because security is a moving target, scattershot repairs ignore the hundreds or even thousands of points of vulnerability that a policy of continuing monitoring can help mitigate.

Any cloud provider worth its salt brings to the task a phalanx of time-tested tools, procedures and technologies that ensure continuous uptime, regular backups, data redundancy, data encryption, anti-virus/anti-malware deployment, multiple firewalls, intrusion prevention and round-the-clock monitoring. So while data is considerably safer in the cloud than beached on equipment under someone’s desk, there is no substitute for active vigilance – accent on active, since vigilance is both a mindset and a verb. About that mindset: sound security planning requires assessing threats, choosing tools to meet those threats, implementing those tools, assessing the effectiveness of the tools implemented – and repeating this process on an ongoing basis.

Among the elements of a basic cybersecurity routine: setting password expirations, obtaining certificates, avoiding the use of public networks, meeting with staff about security, and so on. Perfection in countering cyberattacks is as elusive here as it is in any other endeavor. Even so, that can’t be an argument for complacence or anything less than maximum due diligence, backed up by the most capable technology at each organization’s disposal.

In this of events is a counterintuitive lesson about who and what is most vulnerable during a hack. The experience of public cloud providers should put to rest the notion that the cloud isn’t safe. GitHub’s experience makes a compelling argument that the cloud is in fact the safest place to be in a cyber hurricane. Internal IT departments, fixated on their own in-house mixology, can be affected big-time – as they were in a number of recent ransomware attacks — raising the very legitimate question of why some roll-your-own organizations devote precious resources, including Bitcoin, to those departments in the belief that the cloud is a snakepit.

Cloud security isn’t what it used to be – and that’s a profound compliment to the cloud industry’s maturity and sophistication. What once was porous is now substantially better in every way, which isn’t to deny that bad actors have raised their game as well. Some aspects of cloud migration have always been threatening to the old guard. Here and there, vendors and other members of the IT community have fostered misconceptions about security in the cloud – not in an effort to thwart migration but in a bid to control it. Fear fuels both confusion and dependence.

Sadly, while established cloud security protocols should be standard-issue stuff, they aren’t. The conventional wisdom is that one cloud hosting company is the same as another, and that because they’re committed to life off-premises, they all must do the exact same thing, their feature sets are interchangeable, and the underlying architecture is immaterial. The message is, it doesn’t matter what equipment they’re using — it doesn’t matter what choice you make. But in fact, it does. Never mind the analysts; cloud computing is not a commodity business. And never mind the Street; investors and Certain Others fervently want it to be a commodity, but because those Certain Others go by the name of Microsoft and Amazon, fuzzing the story won’t fly. They want to grab business on price and make scads of money on volume (which they are).

The push to reduce and simplify is being driven by a combination of marketing gurus who are unfamiliar with the technology and industry pundits who believe everything can be plotted on a two-dimensional graph. Service providers are trying to deliver products that don’t necessarily fit the mold, so it’s ultimately pointless to squeeze technologies into two or three dimensions. These emerging solutions are much more nuanced than that.

Vendors need to level with users. The devil really is in the details. There are literally hundreds of decisions to make when architecting a solution, and those choices mean that every solution is not a commodity. Digital transformation isn’t going to emerge from some marketing contrivance, but from technologies that make cloud computing more secure, more accessible and more cost-effective.