Stop DoS Archive

Almost 60 per cent of Scottish councils and more than half of Scotland’s health boards have been targeted by cyber criminals since 2014, a Scotsman investigation has revealed.

Nine universities and numerous government bodies have also been hit during the last three years, the investigation found.

Some local authorities reported being bombarded with thousands of spam emails and receiving ransom demands to decrypt data.

Freedom of Information requests showed 19 of Scotland’s 32 councils experienced either attempted or successful attacks since 2014.

Ransomware attacks were reported by 14 local authorities, sometimes on multiple occasions.

Four councils refused to reveal any information, with two fearing doing so would leave them vulnerable to future attacks. Of the incidents logged by 19 councils, only nine authorities reported any of them to police, although no data was stolen or lost.

The investigation revealed Scottish local authorities were subject to more than 50 notable incidents in the past three financial years.

Aberdeen City Council was one of the hardest hit. Between 2014 and 2017, it suffered 12 successful cyber attacks, including six ransomware incidents, and had its webpage defaced. It also recorded more than 15 million attempts, including intrusion threats, spam, web risks and viruses, in the last eight months of 2016. Police were notified of two incidents.

Highland Council reported being targeted 953 times, including two partially-successful ransomware attacks, while more than 415,000 unsuccessful spam emails were sent to East Lothian Council.

Perth and Kinross Council reported blocking an average of 1.2 million spam emails every month. None of its three ransomware attacks were reported to any authority as it said “attacks were treated as business as usual and not significant enough to warrant reporting”.

Falkirk, Glasgow City, North Ayrshire and Dumfries and Galloway councils refused to disclose any details.

Three ransomware hits got through Dundee City’s defences, North Lanarkshire Council had two malware incidents in 2015 and three ransomware in 2016 and Edinburgh City Council reported nine incidents, including malware preventing access to systems, a sustained denial of service (ddos) attack, and malware being installed and copied.

A spokesman for local authority umbrella body Cosla said: “This is a fine balancing act for councils.

“Scotland’s councils have good defences in place and as such are confident around them preventing it happening to us. That said, we are certainly not, and never will be complacent or think that this couldn’t happen to us. “

We fully recognise how important our cyber security is and we are doing everything we can to safeguard councils against such attacks.“

The research, conducted together with The Scotsman’s sister titles in Johnston Press, found 11 of Scotland’s health boards were affected by the WannaCry attack in May which affected the NHS network across the UK.

In addition, NHS Fife logged 693 attempted malware attacks in the past three years. It was also hit by three successful ransomware attacks which required PCs to be rebuilt.

NHS Lanarkshire reported 51 attempted or successful attacks and NHS Greater Glasgow and Clyde was subject to four cyber breaches in 2016. Files became inaccessible after being encrypted by ransomware. However, data was recovered and the ransom was not paid.

NHS Ayrshire and Arran said it did not record attempts, but has one successful ransomware attack on a GP practice in 2015.

In the past year, NHS Highland had one ransomware email that attacked a “small number of files”. No ransom was paid and no data was lost.

NHS Tayside reported being bombarded with up to 7,000 attempts every month including ransomware.

NHS Orkney refused to reveal the details, stating that disclosure could pose a risk to national security. NHS Grampian did not respond, and NHS Lothian reported no cyber attacks had resulted in a breach of security.

Dumfries and Galloway, Shetland and the Borders health boards said they had no attempted cyber attacks. No board reported losing data.

Jann Gardner, director of planning and strategic partnerships with responsibility for IT at NHS Fife, said: “Of the 693 attempted malware attacks, only three affected small areas of our network, with swift action taken to contain and repair systems.

“No patient data was lost or compromised.”

A Scottish Government spokesperson said: “Scotland’s public sector bodies take cyber security seriously and already implement a wide range of measures to ensure basic security standards are met.

“The Scottish Government has committed to accelerating the development of a public sector action plan to help promote a common approach to cyber resilience across Scotland’s public bodies.

“Ministers expect to receive recommendations from the National Cyber Resilience Leaders’ Board (NCRLB) shortly.

“Following this, the Scottish Government will consult with Scottish public bodies on any implementation challenges before taking the plan forward.

“The NCRLB’s recommendations are expected to have reference to the Cyber Essentials accreditation scheme, which is endorsed by the National Cyber Security Centre, and which helps protect organisations from the most common forms of cyber-attack.

“The Cyber Essentials scheme is open to the public, private and third sectors, and offers a sound foundation of basic cyber security measures that all types of organisation can implement and potentially build upon.”

A spokesman for NHS Lanarkshire said that only the Wannacry incident was reported to the police as no data was lost or stolen in the other cases.

A spokeswoman for Police Scotland said: “We always encourage anyone who thinks they’ve been a victim of cybercrime to come forward and report it to police.”

Detective Inspector Eamonn Keane from Police Scotland’s cyber crime unit, added: “Cyber crime has witnessed significant growth.

“The cyber threat to Scotland is indicative of that local, national and international threat applicable to all regions in the UK.”


Business is under attack to the point of all out cyber war, and there is nowhere more lucrative right now than cyberspace, where a $200-billion-plus market is ripe for investors looking to turn profits that make the pre-bubble era look like chump change.

There are plenty of catalysts, thanks to hackers who most recently managed to hijack the systems of one of the biggest shipping companies in the world, one of the biggest pharmaceutical companies in the world and thousands of others—forcing them to pay ransom in bitcoins to get their data back.

There will be no slowdown in cyber-attacks. On the contrary, by 2019, IDC research estimates that 70 percent of major multinational corporations will “face significant cybersecurity attacks aimed at disrupting the distribution of commodities.”

Cybersecurity stocks were soaring already—especially since hackers in May managed to take control of tens of thousands of computers. But the late June perfection of cyber kidnapping for ransom has caused stocks to spike by 4 percent or more.

According to giant Cisco, there was a 172 percent jump in DDoS (distributed denial-of-service) attacks in 2016, and we’ll be looking at a near tripling of that by 2021. Just in the first quarter of this year there was a reported 380 percent increase in DDoS attacks, according to Nexusguard.

Data breaches cost businesses $5.85 million EACH in 2014. This year, that bill will be in the neighborhood of $7.35 million. In total, last year, cybercrime cost the global economy over $450 billion. The cyber-attack on global business in May this year alone could end up costing $4 billion.

So, giant multinational corporations are willing to pay a lot for better cybersecurity—and cyber insurance.

Global spending on cybersecurity will hit $1 trillion over the next five years, and cybercrime damages will exceed $24 trillion over the same period, according to the Steven Morgan Cybersecurity Industry Outlook: 2017 to 2021.

And this is where the big profits are available for the taking. For the foreseeable future, nothing is more lucrative than data security.

Here are our top 5 picks as cybersecurity becomes THE most critical industry of our time:

#1 FireEye, Inc. (NASDAQ:FEYE)

This is one of the most impressive cybersecurity barnstormers out there. It only went public in September 2013, and by December that same year it was spending $1 billion on a major acquisition, Mandiant, which was one of the top data breach and response companies in the space.

This is now a massive and fast-growing company of highly sought-after cyber experts and products, all rolled into a cloud-based platform that is a favorite among key Fortune 500 companies, not to mention Global 2000 companies.

There was a very aggressive acquisition spree here—and last year the company moved into the black. FireEye peaked in mid-2015 at $55 a share, and then slid to under $11 in mid-March this year. But since then, it’s gained 42 percent and the trajectory looks fantastic, especially in the current cyber warfare climate.

#2 Identillect Technologies Corp. (TSXV:ID; IDTLF:US)

This is a little-known company sitting in pole position in a $64-billion market that is up for grabs. It’s come up with a two-minute email security solution that could revolutionize encryption, and could corner the lion’s share of the profits in this segment.

Half of all email is unencrypted—and it’s at the mercy of pretty much anyone with decent hacking skills. Existing encryption programs are expensive and can take a month to install, but this company is breaking onto the scene with a simple, 2-minute email install solution.

It works with Outlook, Office 365, Hotmail, Gmail…PLUS a phone “app” that works on iPhone, Android, Windows and more.

There are only 250 professional cryptographers in the U.S… and two of them work at Identillect – a major selling point for this company coming right out of the gates.

Customers are lining up because it’s the first solution to a long-time problem that’s now reaching a climax, with companies being fined for NOT encrypting email. They’re already paying an average of $7 million for every data breach.

This company is on its way to Silicon Valley, and its patent on the first easy solution to a massive problem is likely to get it a lot of attention in the form of M&A rumblings that dot this cybersecurity landscape. Even more so right now.

Since it went commercial in the first quarter of 2015, subscribers have grown over 663 percent, and 19 out of 20 of them stay. They’re compounding monthly, and the breakeven point is almost there. That’s why we’re looking at a 70 percent profit margin in this one.

With 5 million Yahoo accounts breached in just one of many huge-scale incidents, encryption is the Holy Grail of our day, and this company has figured out how to make it cheap and easy.

#3 Palo Alto Networks (NYSE:PANW)

For expansion, this $12.7-billion market-cap company is a top pick with its sales of next-generation firewall solutions. It covers 150 countries and it protects data infrastructure of at least 85 Fortune 100 companies and—even better—more than half of the Global 2000. That’s some major market share at a time when there is nothing short of corporate panic over data infrastructure protection.

It even beat its own outlook. We’re looking at mind-blowing record earnings ($431.8 million in fiscal Q3). This is the clear advantage in the cybersecurity space right now—and it’s all about continual, relentless expansion.

#4 Intel Corporation (NASDAQ:INTC)

Nothing dominates the semiconductor industry like INTC. We’re looking at over seven divisions here, but the Client Computing Group (CCG) and the Data Center Group (DCG) are the big ones in terms of financial performance, accounting for 87 percent of the company’s total sales last year. INTC dominates the PC market and the server microprocessor market, and its PC chip market share can be as high as an unbelievable 99 percent.

Still, some might say this pick is the counter-intuitive one, but…not really. INTC stock has taken a major beating, but with this sector on fire like no other, this is your way in with the giants in this field. INTC had an official correction this year and April earnings caused Wall Street to beat it down. But INTC is still 10 percent higher than last year, regardless. It’s cheaper than its competitors right now, so this may be a buying opportunity.

What investors are afraid of, though, is one competitor in particular…our next pick…

#5 Advanced Micro Devices, Inc. (NASDAQ:AMD)

This stock has seen some unbelievable performance over the past year, and that’s why INTC investors are shying away. But while AMD has been impressing beyond belief, we list it as #5 because it’s largely thanks to enthusiasm and future expectations—so there may be a pullback soon. This is the time to keep a close eye on AMD, but also to be very careful about watching whether the company is now going to actually achieve its goals—because the expectations are quite high and now much more is at stake. It’s the right industry to be doing this in, certainly…

While AMD had a truly dynamic growth spurt that began in March last year, since February this year, it hasn’t reached any new highs, and the launch of its Ryzen line of products wasn’t embraced by the market with as much excitement as expected. Now things are getting a bit more volatile, which is why INTC might be a better pick right now.

Honorable Mentions in the Cybersecurity Space

BlackBerry Ltd. (TSE:BB): Forget about the BlackBerry as something you hold—an electronic gadget. This company is back better than ever with software for industrial customers, including security software and services to stop hackers. Quarterly earnings at the end of March were impressive, and April news of a $1-billion cash win from arbitration with Qualcomm can fund more growth. This is the NEW BlackBerry.

Absolute Software Corporation (ABT.TO): Absolute Software Corp provides endpoint security and data risk management solutions for commercial, healthcare, education and government customers, tablets and smartphones. Absolute has seen a strong 21% stock growth year to date and is expected to see strong growth as the cyber security market grows at a rampant pace.

Avigilon (TSX.AVO): Avigilon develops, manufactures, markets and sells HD and megapixel network-based video surveillance systems, video analytics and access to control equipment. We expect strong continuous growth in the video analytics business and a company such as Avigilon is well positioned to capture market share in the Canadian markets.

Sandvine Corporation (TSE:SVC): Ontario is seeing some a vibrant cybersecurity as well, Sandvine corp. is engaged in the development and marketing of network policy control situations for high-speed fixed and mobile Internet service providers. Products include Business Intelligence, Revenue Generation, Traffic Optimization and Network Security. The company has grown 52% year-to-date and we expect strong growth throughout 2017.

Pivot Technology Solutions Inc. (TSX:PTG): Pivot focuses on the strategy to acquire and integrate technology solution providers, primarily in North America. It sells and supports integrated computer hardware, software and networking products for business database, network and network security systems. Pivot has seen explosive growth so far this year and we expect the current cyber threats to add to the already strong sentiment in cyber security stocks.


Distributed denial of service (DDoS) attacks have been threatening organizations across the globe in recent years, damaging corporate reputations and causing down time that has inconvenienced customers at best and crippled businesses at worst. 2016 marked a watershed for the volume, virulence and sophistication of attacks. However, this is just the beginning, the worst is yet to come.

According to the findings of the recent Neustar Worldwide DDoS Attacks and Cyber Insights Research Report, more than eight in ten organisations surveyed globally have been attacked at least once in the previous 12 months (an increase of 15 percent since 2016). Furthermore, 85 percent of those attacked were hit more than once.

Despite knowing the threats, companies are still struggling to detect and respond to DDoS attacks effectively and efficiently. In fact, 40 percent of respondents globally were only alerted to a DDoS attack by customers, a major embarrassment for their brands. This figure is up from 29 percent in 2016.

What is new for DDoS?

It is crucial to highlight that the DDoS attack size, complexity, and ferocity will continue to grow this year. Multi-vector attacks, termed advanced persistent denial of service (APDoS), have become near-universal experience – demonstrating that attackers are consolidating the most effective methods to launch multi-pronged attacks on the network, servers and software in organizations. Using botnets such as the Mirai botnet of insecure Internet of Things devices to perform attacks and probe for vulnerabilities will also shape DDoS attack strategies and experiences in 2017.

Permanent Denial of Service (PDoS) attacks, or ‘phlashing’, is another way to wreak havoc in 2017. PDoS attack code aims to render a target device useless. Attackers can remotely or physically replace the software controlling connected hardware such as routers or printers with a version that does nothing, or even overload power subsystems. The potential damage could be significant. Consider the fire hazard an overheating smartphone can be, for example; or managing a disaster without a communications network.

DDoS attack in APAC

With organisations across Asia Pacific (APAC) being attacked more often, businesses should regularly re-examine the effectiveness of existing security strategies, including DDoS mitigation. The consequences of a DDoS attack can be significant.

After a DDoS attack 33 percent of APAC organizations reported average revenue losses of $250,000 or more, with 49 percent taking three hours or longer to detect the attack, and 42 percent taking at least three hours to respond.

Further, DDoS attacks are often used to mask with other cybercrime activities. The installation of ransomware and malware in concert with DDoS attacks was reported by 49 percent of organisations in APAC. In 2017, the victims of DDoS attacks around the world have experienced more malware (43% reported vs 37% a year before), network breaches/damage (32% vs 25%), customer data theft (32% vs 21%), ransomware (23% vs 15%), financial theft (21% vs 14%) and lost intellectual property (21% vs 15%).

While nine in 10 companies globally are investing more in DDoS-specific defenses today, stronger defenses are likely needed to mitigate the growing risk and likely impact of a major DDoS attack quickly and effectively.

Finding the right solution

Currently, there are several solutions in the market that organisations could consider.

Several low cost content delivery network (CDN) style services can offer inexpensive DDoS protection, however they may impose usability issues and be unable to stop a significant attack.

Similarly, DDoS mitigation appliances can be effective against certain types of attacks, however increasingly popular large-scale floods can overwhelm circuit capacity and render the appliance ineffective.

On demand cloud where network traffic is redirected to a mitigation cloud is reliable and cost effective. However, it is dependent on swift failover to the cloud in order to avoid downtime.

Always routed cloud, on the other hand, involves the redirection of web traffic on a constant basis. The constant redirection can affect network latency, even during non-attack conditions, and additional services may be required to address application layer attacks.

Adopting a DDoS mitigation approach that includes a managed appliance and cloud (hybrid) is the best option, yet can be costly. The appliance will stop any DDoS attack within the circuit capacity feeding the network, and automatically trigger cloud mitigation, if the circuit is in danger of becoming overwhelmed.

DDoS attacks are likely to frustrate even more organizations from now on, with new attack vectors, and a focus on destroying the utility of devices Those working to protect the customer experience, revenues, and brand reputations can best protect themselves from attacks by working with knowledgeable partners that have an extensive experience with identifying and addressing contemporary DDoS attacks, plus access to multiple sources of intelligence and a drive to continually improve on its expertise.


Infoblox DNS Threat Index finds criminals are creating more ransomware-domains than ever, and predicts a continuing increase in attacks as more criminals rush to cash in. 


Emboldened by the wave of successful ransomware attacks in early 2016, more cybercriminals are rushing to take advantage of this lucrative crime spree.

Networking company Infoblox’s quarterly threat index shows cybercriminals have been busy in the first quarter of 2016 creating new domains and subdomains and hijacking legitimate ones to build up their ransomware operations.

The number of domains serving up ransomware increased 35-fold in the first three months of 2016 compared to the end of 2015, according to the latest Infoblox DNS Threat Index. The index doesn’t measure actual attack volumes but observes malicious infrastructure — the domains used in individual campaigns. Criminals are constantly creating new domains and subdomains to stay ahead of blacklists and other security filters. The fact that the attack infrastructure for ransomware is growing is a good indicator that more cybercriminals are shifting their energies to these operations.

“There is an old adage that success begets success, and it seems to apply to malware as in any other corner of life,” Infoblox researchers wrote in the report.

The threat index hit an all-time high of 137 in the first quarter of 2016, compared to 128 in fourth quarter 2015. While there was a lot of activity creating infrastructure for all types of attacks, including malware, exploit kits, phishing, distributed denial-of-service, and data exfiltration, the explosion of ransomware-specific domains helped propel the overall threat index higher, Infoblox said in its report. Ransomware-related domains, which include those hosting the actual download and those that act as command-and-control servers for infected machines, accounted for 60 percent of the entire malware category.

“Again in simple terms: Ransomware is working,” the report said.

Instead of targeting consumers and small businesses in “small-dollar heists,” cybercriminals are shifting toward “industrial-scale, big-money” attacks on commercial entities, said Rod Rasmussen, vice president of cybersecurity at Infoblox. Cybercriminals don’t need to infect several victims for $500 each if a single hospital can net them $17,000 in bitcoin, for example.

The latest estimates from the FBI show ransomware cost victims $209 million in the first quarter of 2016, compared to $24 million for all of 2015. That doesn’t cover only the ransoms paid out — it also includes costs of downtime, the time required to clean off the infection, and resources spent recovering systems from backup.

Toward the end of 2015, Infoblox researchers observed that cybercriminals appeared to have abandoned the “plant/harvest cycle,” where they spent a few months building up the attack infrastructure, then a few months reaping the rewards before starting all over again. That seems to be the case in 2016, as there was no meaningful lull in newly created threats and new threats — such as ransomware — jumped to new highs. The harvest period seems to be less and less necessary, as criminals get more efficient shifting from task to task, from creating domains, hijacking legitimate domains, creating and distributing malware, stealing data, and generally causing harm to their victims.


“Unfortunately, these elevated threat levels are probably with us for the foreseeable future — it’s only the nature of the threat that will change from quarter to quarter,” Infoblox wrote.

Ransomware may be the fastest-growing segment of attacks, but it still accounts for a small piece of the overall attack infrastructure. Exploit kits remain the biggest threat, accounting for more than 50 percent of the overall index, with Angler leading the way. Angler is the toolkit commonly used in malvertising attacks, where malicious advertisements are injected into third-party advertising networks and victims are compromised by navigating to websites displaying those ads. Neutrino is also gaining popularity among cybercriminals. However, the lines are blurring as Neutrino is jumping into ransomware, as recent campaigns delivered ransomware, such as Locky, Teslacrypt, Cryptolocker2, and Kovter, to victims.

Recently, multiple reports have touted ransomware’s rapid growth, but what gets lost is that ransomware isn’t the most prevalent threat facing enterprises today. Organizations are more likely to see phishing attacks, exploit kits, and other types of malware, such as backdoors, Trojans, and keyloggers. Note Microsoft’s recent research, which noted that in 2015, ransomware accounted for less than 1 percent of malware. The encounter rate for ransomware jumped 50 percent over the second half of 2015, but that is going from 0.26 percent of attacks to 0.4 percent. Even if there are 35 times more attacks in 2016, that’s still a relatively small number compared to all other attacks.

The good news is that staying ahead of ransomware requires the same steps as basic malware prevention: tightening security measures, keeping software up-to-date, and maintaining clean backups.

“Unless and until companies figure out how to guard against ransomware — and certainly not reward the attack — we expect it to continue its successful run,” warned the report.



As of June 1st, Ghost Squad Hackers – the same group leading #OpIcarus – have launched a series of coordinated attacks against leading members of the corporate mainstream media. Giving credit where credit is due, Tec.mic and Softpedia were the first to report the operation. But their reports only tell a portion of the whole story, we will explain why in a moment.


Broadly speaking, the goal of the #OpSilence is to attack all the corrupt major news networks that mislead and censor information from the general public. More specifically, the news agencies who conceal the crimes of Israel, while misleading the population about the mistreatment of the Palestinian people. The operation is off to a quick start, Ghost Squad has successfully” carried out DDoS attacks on CNN and FOX News” already just this month. More attacks are promised, NBC and MSM appears to be their next target. “FOXNEWS” Email server has been crashed for 8+ hours by #GhostSquadHackers

— s1ege (@s1ege_) June 1, 2016



When Tech.mic and Softpedia presented their coverage of the hacks, they included images and references directly to Anonymous. But upon reading these articles, Ghost Squad had a message of their own that they want everyone to hear:



— s1ege (@s1ege_) June 1, 2016



It is no secret Ghost Squad has a close affiliation with Anonymous; I am sure this is how the group got started in the first place. The group insists they speak for themselves, they are essentially trying to get their own reputation – credibility.


But there is a second layer to this discussion highlighting the recent divide within Anonymous. There has been a “Civil War” of sorts in recent months, and the reputation of the Anonymous collective as a whole has been damaged. Last winter, prominent hacktivist group Ghostsec also cut their ties with Anonymous. In a statement they said “Anonymous has a habit of shooting in every direction and asking questions later.” In other interviews they imply that Anonymous has developed a reputation for behaving immature – more concerned with silly DDoS’ing attacks than changing the world.


Since the quarreling of #OpWhiteRose many people have splintered off, or left Anonymous entirely – just another in the long list of strange effects Donald Trump has had on the entire world. Ghost Squad is one of the groups effected by this ‘Civil War.’ In the time since this happened last March, the group has exploded onto the scene, quickly becoming one of the most influential and talked about hacking groups in the entire world in 2016.


I have no doubt about the origins of this operation though, this goes back to#OpMediaControl which began last June. The operation called for the hacking of every major news network in the United States, testing their email systems, DDoS’ing web sites, attempting to hack in teleprompters or live feeds – anything you could think of. Last I heard back in December, they were still trying to recruit people to join them for an event this summer. Sound familiar to what Ghost Squad is doing right now?


For the purposes of accuracy, AnonHQ News reached out to our contacts in #OpMediaControl. We gave them a preview of the article and asked them what they thought. They showed us a press release dating May 28, 2016, a video proclaiming that#OpMediaControl has been re-engaged. Of course, #OpSilence proceeded to begin June 1st. In another interesting note, earlier last month Anonymous Resistance Movement, one of the groups behind #OpMediaControl, conducted an interview with GhostSquad. So as you can see, the two groups are well acquainted with one another – these operations are no coincidence.

Ghost Squad may be stepping up from the pack here, but make no mistake, this operation has been in the making for over a year and Anonymous led the way.