The website of Edinburgh University was still down at the time of writing after the institution suffered a major cyber-attack during its Freshers’ Week.

A university spokesman told the Edinburgh Evening News that it has “rigid measures in place” to protect IT systems and data.

“Our defenses reacted quickly and no data has been compromised,” he added. “We will continue to work with our internet service provider, [national cybercrime investigators] and with other universities to prevent these network attacks in future.”

The main ed.ac.uk site was still down on Thursday morning, nearly 24 hours after the first reports of an attack went online. That would indicate a serious DDoS attack.

Jisc, the UK non-profit which runs the super-fast Janet network for research and educational institutions, released a statement claiming that a “number of universities” have been targeted this week and adding that the number of DDoS attacks on them “typically increases at this time of year, when students are enrolling at, or returning to university.”

“While Jisc is responsible for protecting connections to the Janet Network for its members (colleges, universities and research centres), members are responsible for protecting their own cyberspace,” it added. “However, Jisc also provides DDoS threat intelligence to its community and provides advice to members affected by cyber-attacks on how to deal with the problem and minimize the impact.”

Ironically, Edinburgh University was praised by the government this year for carrying out cutting-edge cybersecurity research. It is one of 14 Academic Centres of Excellence in Cyber Security Research, backed by the £1.9bn National Cyber Security Strategy.

DDoS attacks grew by 40% year-on-year in the first six months of 2018, according to new figures from Corero Networks.

The security firm claimed that attacks are becoming shorter — with 82% lasting less than 10 minutes — and smaller, with 94% under 5Gbps. However, one in five victims are hit with another attack within 24 hours, the report revealed.

Source: https://www.infosecurity-magazine.com/news/edinburgh-uni-hit-by-major-cyber/

Two separate reports have detailed the biggest threats to businesses this year

Two separate reports have highlighted the mounting threat of DDoS and mobile fraud attacks, demonstrating the shifting security landscape and the need for businesses to adapt their security policies.

Corero Network Security’s DDoS report revealed attacks were up 40% year-on-year, with 77% of them lasting ten minutes or less and 63% less than five minutes. Companies that have experienced an attack have a one in five chance of finding themselves under siege less than 24 hours after the first.

The most common type of DDoS attack on organisations is low volume strikes, with 4% less than 5Gbps. However, the number of high-volume attacks (over 10Gbps) have more than doubled over the last year, suggesting they will rise in intensity in the coming period.

“Organisations are dependent on the Internet as a means to conduct business and deliver consumer/citizen services,” Corero’s CEO Ashley Stephenson said. “Any event that affects this ability to function will have a significant impact on that business.
“With Internet resilience coming down to a fraction of a second, it’s easy to see why DDoS attacks are considered one of the most serious threats to Internet availability today resulting in damage to a brand’s reputation, customer trust and revenue.”

ThreatMetrix’s investigation into mobile threats revealed that mobile attacks in the US have risen by 44% year-on-year (24% worldwide), as criminals take advantage of mobile usage to complete digital transactions such as mobile banking and purchasing. Additionally, it noted that because 85% of social media and dating site activity happens on mobile, these are becoming targets for hackers.

Now, a third of all fraud-related activities originate from mobile devices, which although highlights the need for mobile security, suggests desktop is still the less secure platform.

Device spoofing is the biggest threat to financial services, while mule networks and bot attacks are on the rise. ThreatMetrix explained large retailers are the biggest targets as criminals attempt to break into user accounts and steal payment information.

“Mobile is quickly becoming the predominant way people access online goods and services, and as a result, organisations need to anticipate that the barrage of mobile attacks will only increase,” said Alisdair Faulkner, Chief Identity Officer at ThreatMetrix.

“The good news is that as mobile usage continues to increase, so too does overall customer recognition rates, as mobile apps offer a wealth of techniques to authenticate returning customers with a very high degree of accuracy.”

He added that the key vulnerability in the mobile atmosphere is during the app registration and account creation step. To prevent criminals from breaking into the system using this security hole, businesses must use global intelligence that can uncover their true digital identity, with information compiled from the various places customer information is available on.

Source: http://www.itpro.co.uk/security/31906/ddos-attacks-and-mobile-fraud-are-surging-in-2018

Average DDoS attack is five times stronger this year, compared to the year before.
The average DDoS attack is five times stronger this year, compared to the year before, and the biggest DDoS attack is four times stronger than last year’s strongest, according to new reports.

Nexusguard’s Q2 2018 Threat Report analysed thousands of DDoS attacks worldwide and came to the conclusion that the average DDoS attack is now bigger than 26 Gbps, and the maximum attack size is now 359 Gbps.

IoT botnets are still largely in use, mostly because of the increasing number of IoT-related malware exploits, as well as the huge growth in large-scale DDoS attacks.

The report says that CSPs and susceptible operations should ‘enhance their preparedness to maintain their bandwidth, especially if their infrastructure don’t have full redundancy and failover plans in place’.

“The biggest zero-day risks can stem from various types of home routers, which attackers can exploit to create expansive DDoS attacks against networks and mission-critical services, resulting in jumbo-sized attacks intended to cripple targets during peak revenue-generating hours,” said Juniman Kasman, chief technology officer for Nexusguard. “Telcos and other communications service providers will need to take extra precautions to guard bandwidth against these supersized attacks to ensure customer service and operations continue uninterrupted.”

Universal datagram protocol, or UDP, is the hacker’s favourite attack tool, with more than 31 per cent of all attacks using this approach. This is a connectionless protocol which helps launch mass-generated botnets.

Top two sources of these attacks are the US and China.

Source: https://www.itproportal.com/news/ddos-attacks-are-getting-even-larger/

When we think of DDoS protection, we often think about how to keep our website up and running. While searching for a security solution, you’ll find several options that are similar on the surface. The main difference is whether your organization requires a cloud, on-premise or hybrid solution that combines the best of both worlds. Finding a DDoS mitigation/protection solution seems simple, but there are several things to consider.

It’s important to remember that DDoS attacks don’t just cause a website to go down. While the majority do cause a service disruption, 90 percent of the time it does not mean a website is completely unavailable, but rather there is a performance degradation. As a result, organizations need to search for a DDoS solution that can optimize application performance and protect from DDoS attacks. The two functions are natural bedfellows.

The other thing we often forget is that most traditional DDoS solutions, whether they are on-premise or in the cloud, cannot protect us from an upstream event or a downstream event.

  1. If your carrier is hit with a DDoS attack upstream, your link may be fine but your ability to do anything would be limited. You would not receive any traffic from that pipe.
  2. If your infrastructure provider goes down due to a DDoS attack on its key infrastructure, your organization’s website will go down regardless of how well your DDoS solution is working.

Many DDoS providers will tell you these are not part of a DDoS strategy. I beg to differ.

Finding the Right DDoS Solution

DDoS protection was born out of the need to improve availability and guarantee performance.  Today, this is critical. We have become an application-driven world where digital interactions dominate. A bad experience using an app is worse for customer satisfaction and loyalty than an outage.  Most companies are moving into shared infrastructure environments—otherwise known as the “cloud”— where the performance of the underlying infrastructure is no longer controlled by the end user.

  1. Data center or host infrastructure rerouting capabilities gives organizations the ability to reroute traffic to secondary data centers or application servers if there is a performance problem caused by something that the traditional DDoS prevention solution cannot negate. This may or may not be caused by a traditional DDoS attack, but either way, it’s important to understand how to mitigate the risk from a denial of service caused by infrastructure failure.
  2. Simple-to-use link or host availability solutions offer a unified interface for conducting WAN failover in the event that the upstream provider is compromised. Companies can use BGP, but BGP is complex and rigid. The future needs to be simple and flexible.
  3. Infrastructure and application performance optimization is critical. If we can limit the amount of compute-per-application transactions, we can reduce the likelihood that a capacity problem with the underlying architecture can cause an outage. Instead of thinking about just avoiding performance degradation, what if we actually improve the performance SLA while also limiting risk? It’s similar to making the decision to invest your money as opposed to burying it in the ground.

Today you can look at buying separate products to accomplish these needs but you are then left with an age old problem: a disparate collection of poorly integrated best-of-breed solutions that don’t work well together.

These products should work together as part of a holistic solution where each solution can compensate and enhance the performance of the other and ultimately help improve and ensure application availability, performance and reliability. The goal should be to create a resilient architecture to prevent or limit the impact of DoS and DDoS attacks of any kind.

Source: https://securityboulevard.com/2018/09/ddos-protection-is-the-foundation-for-application-site-and-data-availability/

Digital connectivity continues apace – but brings with it increased cyber risks. These relatively new and complex risk profiles require approaches that go far beyond traditional insurance, argues Munich Re’s reinsurance boss Torsten Jeworrek.

Self-learning machines, cloud computing, digital ecosystems: in the steadily expanding Internet of Things, all objects communicate with others. In 2017, 27 billion devices around the world were online, but this number is set to increase five-fold to 125 billion by the year 2030. And many industries are profiting from the connectivity megatrend.

In virtually every sector, automated processes are delivering greater efficiency and therefore higher productivity. By analysing a wide range of data, businesses also hope to gain new insights into existing and prospective customers, their purchasing behaviour, or the risk that they might represent. This will facilitate a more targeted customer approach. At the same time, greater levels of interconnection are leading to new business models. Examples include successful sharing concepts and online platforms.

Growing risk of ransomware

But just as there are benefits to growing connectivity, there are also risks. Ensuring data security at all times is a serious challenge in this complex world. When setting up and developing digital infrastructure, companies must constantly invest in data-security expertise and in technical security systems, not least to protect themselves against cyber attacks. This became clear in 2017, when the WannaCry and NotPetya malware attacks caused business interruption and production stoppages around the world. T

he costs of WannaCry in the form of lost data and business interruption were many times greater than the losses from ransom demands. With other attacks, the objective was not even extortion – but rather to sabotage business operations or destroy data. Phishing, which is the attempted capture of sensitive personal and log-in data, and distributed denial of service (DDoS) attacks, which take down entire servers by systematically overloading them, also cause billions of dollars in damage each year. It is difficult to calculate the exact amounts involved, but business losses from cyber attacks are currently estimated at between $400bn and $1tn each year.

And the number of cyber attacks continues to rise – as do the resulting losses. According to estimates from market research institute Cybersecurity Ventures, companies around the world will fall victim to such attacks every 14 seconds on average in 2019. Europol also notes that there have been attacks on critical national infrastructure in the past, in which people could have died had the attacks succeeded.

Increasing demand for cyber covers from SMEs as well

As the risks increase, so too does the number of companies that attach importance to effective prevention measures and that seek insurance cover. The pressure to improve data protection has also increased as a result of legal requirements such as the EU’s General Data Protection Regulation, which came into force in May 2018 and provides for severe penalties in the event of violations. In a world of digital dependency, automated processes, and networked supply chains, small- and medium- sized companies in particular realise that it is no longer enough to focus on IT security within their own four walls.

For the insurance industry, cyber policies are gradually becoming an important field of business in their own right. According to estimates, further significant increases in premium volume are on their way. In 2017, premium volume was at between $3.5bn and $4bn. That figure is expected to increase to between $8bn and $9bn by 2020. So there will be good growth opportunities over the next few years, particularly in Europe.

Cyber risks difficult to assess

Cyber risks pose unique challenges for the insurance industry, above all in connection with accumulation risk: a single cyber event can impact many different companies at the same time, as well as leading to business interruption for other companies.

How can the market opportunities be exploited, while at the same time managing the new risks? Are cyber risks ultimately uninsurable, as many industry representatives have said? One thing is certain: there are a number of extreme risks that the insurance industry cannot bear alone. At present, these include network outages that interrupt the electricity supply, or internet and telecommunication connections. Scenarios like these, and the costs that come with them, should be borne jointly by governments and companies, for example in the form of pool solutions.

Cyber as a new type of risk

There are key differences between cyber risks and traditional risks. Historical data such as that applied to calculate future natural hazards, for example, cannot tell us much about future cyber events. Data from more than ten years ago, when there was no such thing as cloud computing and smartphones had not yet taken off, are of little use when assessing risks from today’s technologies. Insurers and reinsurers must be able to recognise and model the constantly evolving risks over the course of these rapid advances in technology. An approach that relies on insurance expertise alone will rapidly reach its limits. Instead, the objective of all participants should be to create as much transparency as possible with regard to cyber risks. IT specialists, authorities, and the scientific and research communities can all help to raise awareness of the risks and contribute their expertise for the development of appropriate cyber covers.

Working together to enhance security

Munich Re relies on collaboration with technology companies and IT security providers to develop solutions for cyber risks. This is because the requirements for comprehensive protection are complex, and safeguarding against financial losses is only one component of an overall concept. Accordingly, in consultation with our technology partners, we are developing highly effective, automated prevention services for our clients. These are designed to permanently monitor the client infrastructure, identify risks promptly, and prevent losses. And – importantly – a company needs to respond quickly to limit the loss from an event and allow it to resume normal operations without delay. In this context, we assist our clients with a network of experts.

But cyber risks remain a challenge, and one that the insurance industry needs to tackle. Insurers can only remain relevant for their clients if they constantly adapt their offerings to new or changed risks and requirements. Opportunities for new fields of business are arising.

Source: https://www.re-insurance.com/opinion/cyber-policies-more-than-just-risk-transfer/1687.article