74 Percent of Companies that Suffer a Data Breach Don’t Know How It Happened

And just two thirds of IT pros say their current IT security budget is sufficient, a recent survey found. According to the results of a recent survey [PDF] of 250 IT professionals, 34 percent of companies in the U.S. were breached in the past year, and 74 percent of the victims don’t know how it happened. The survey, conducted by iSense Solutions for Bitdefender, also found that two thirds of companies would pay an average of $124,000 to avoid public shaming after a breach, while 14 percent would pay more than $500,000. One third of CIOs say their job has become more important in their company’s hierarchy, and another third say their job has been completely transformed in the past few years. And while nine in 10 IT decision makers see IT security as a top priority for their companies, only two thirds say their IT security budget is suifficient — the remainder say they would need an increase of 34 percent on average to deliver efficient security policies. Cloud security spending increased in the past year at 48 percent of companies, while the budget for other security activities remained the same. On average, respondents say only 64 percent of cyber attacks can be stopped, detected or prevented with their current resources. Separately, a survey of 403 IT security professionals in the U.S., U.K., Canada and Europe found that only three percent of organizations have the technology in place and only 10 percent have the skills in place to address today’s leading attack types. The survey, conducted by Dimensional Research and sponsored by Tripwire, also found that just 44 percent of organizations have the skills, and 43 percent have the technology, to address ransomware attacks effectively. “Most organizations can reasonably handle one or two key threats, but the reality is they need to be able to defend against them all,” Tripwire senior director of IT security and risk strategy Tim Erlin said in a statement. “As part of the study, we asked respondents which attack types have the potential to do the greatest amount of damage to their organization. While ransomware was cited as the top threat, all organizations were extremely concerned about phishing, insider threats, vulnerability exploitation and DDoS attacks.” Respondents felt most confident in their skills to handle phishing (68 percent) and DDoS attacks (60 percent), but less confident in their abilities to deal with insider threats (48 percent) and vulnerability exploitations (45 percent). Similarly, respondents felt more confident in the technology they have in place to address phishing (56 percent) and DDoS attacks (63 percent), but less confident in the technology to address insider threats (41 percent) and vulnerabilities (40 percent). A separate survey of 5,000 U.S. consumers by Kaspersky Lab and HackerOne found that 22 percent of respondents are more likely to make a purchase if they know a company hired hackers to help boost security. Knowing what they do about their own company’s cyber security practices, just 36 percent of respondents said they would choose to be a customer of their own employer. Almost two in five U.S. adults don’t expect companies to pay a ransom if hit by ransomware. When asked what types of data they would expect a company to pay a ransom for, 43 percent expect companies to do so for employee Social Security numbers, followed by customer banking details (40 percent) and employee banking details (39 percent). Source: http://www.esecurityplanet.com/network-security/74-percent-of-companies-that-suffer-a-data-breach-dont-know-how-it-happened.html

Read this article:
74 Percent of Companies that Suffer a Data Breach Don’t Know How It Happened

Blame the US, not China, for the recent surge in massive cyberattacks

The internet’s new scourge is hugely damaging global attacks that harness armies of routers, cameras, and other connected gadgets—the so-called Internet of Things (IoT)—to direct floods of traffic that can take down swaths of the network. The blame so far has largely fallen on the Chinese manufacturers who churn out devices with shoddy security on the cheap. But all those devices have to be plugged in somewhere for them to used maliciously. And American consumers are increasingly the ones plugging them in. Nearly a quarter of the internet addresses behind these distributed denial-of-service, or DDoS, attacks are located in the United States, newresearch from network services firm Akamai has found. Some 180,000 US IP addresses took part in DDoS attacks in the last quarter of 2016, it found—more than four times as many as addresses originating in China. Akamai’s findings are particularly notable because the armies of hacked devices that carry out DDoS attacks—such as those controlled by the Mirai malware—don’t bother covering their tracks. That means the IP addresses are far more likely to genuinely correspond to a location within a certain country, the report’s authors write. The findings also end an era of Chinese dominance in DDoS attacks. Over the previous year, China has accounted for the highest proportion of IP addresses taking part in such attacks globally. Now the US is the clear leader, accounting for 24% of such addresses. The UK and Germany are a distant second and third. (To be clear, though, wherever the attacking devices’ IP addresses are, the person controlling them could be located anywhere.) The huge number of devices taking part in DDoS attacks in the US means regulation there, and in Europe, could stem the flood of damaging traffic. Of course, IoT regulation is a thorny issue—essentially, no US federal agency really wants to take the problem on—and there remain technical questions over how to actually go about blocking the attacks. Still, it’s a lot clearer now that simply pointing the finger at China isn’t enough. Source: https://qz.com/912419/akamai-akam-report-a-quarter-of-ddos-ip-addresses-are-now-from-the-us/

View article:
Blame the US, not China, for the recent surge in massive cyberattacks

Majority of DDoS Attacks in October-December 2016 Conducted From Germany, UK, US

According to reports, United States, the United Kingdom and Germany became the top three source countries for DDoS attacks in October-December 2016. MOSCOW (Sputnik) – The United States, the United Kingdom and Germany became the top three source countries for DDoS attacks in October-December 2016, an Internet company dubbed Akamai said in report Wednesday, adding that the overall number of attacks in 2016 increased by 4 percent compared to previous year. “The top three source countries for DDoS attacks were the U.S. (24%), the U.K. (10%), and Germany (7%). In the past year, China dominated the top 10 list of source countries. In Q4 2016, China dropped to the fourth position overall, with 6% of traffic,” the State of the Internet / Security Report said. Russia became the fifth country in the list, with 4.4 percent of attacks. “The average number of DDoS attacks remained steady this quarter [October-December 2016] at 30 per target, indicating that after the first attack, an organization has a high likelihood of experiencing another,” the report said. The study notes that the number of IP addresses, used for DDoS attacks, significantly increased in the last quarter of 2016. The report also provides data regarding attacks in January- September 2016, with China, the United States, Turkey and the United Kingdom being the top source countries for attacks. Source: https://sputniknews.com/world/201702151050711562-ddos-atacks-internet/

Visit link:
Majority of DDoS Attacks in October-December 2016 Conducted From Germany, UK, US

University suffers DDoS attack after it’s schooled by own IoT devices

Infected vending machines and light bulbs teach establishment a lesson. A PLACE WHERE late stage teenagers go to drink and make arses of themselves has fallen victim to a denial of service (DDoS) attack of, essentially, it’s own making. Yeah, we are talking about a university. We do not know what university it is, but Verizon’s breach report for 2016 tells us that the mysterious educational establishment, probably in the US, was taken to its knees by a DDoS attack that was brought about by its own bloody Internet of Things (IoT) devices. It’s kinda like that Mirai thing, but on a much smaller, and more personally embarrassingly scale. We like to imagine that a connected toaster and a connected fridge had a fallout and that everything when bits up. According to Bleeping Computer, which has had a cheeky look at the Verizon report, it was a bit more pedestrian than that. “The DDoS attack was caused by an unnamed IoT malware strain that connected to the university’s smart devices, changed their default password, and then launched brute-force attacks to guess the admin credentials of nearby devices,” Verizon says as it explained that something fishy went down. “Hacked devices would start an abnormally high level of DNS lookups that flooded the university’s DNS server, which in turn resulted in the server dropping many DNS requests, including legitimate student traffic. The university’s IT team said that many of these rogue DNS requests were related to seafood-related domains.” The university has placed all IoT devices, such as light bulbs and vending machines, on its separate subnet, or perhaps in a bin. The security industry reckons that this is a signal of the kind of unprotected troubles to come. Naturally. “On the surface this appears to be more of a prank than a sophisticated denial of service attack. However, proving that largescale IoT takeovers are possible should be a wakeup call to those who manage networks rife with unsecure IoT devices,” said Stephen Gates, chief research intelligence analyst at NSFOCUS by way of introduction. “Municipal, Industrial, Commercial, and now Educational infrastructures are becoming more and more vulnerable, because organisations often carelessly deploy IoT without understanding the ramifications of weak IoT security. “In this case the damage appears to be limited, and only inconvenienced users on a campus network. Do the same to a transportation system, a chemical plant, a hospital complex, an E911 system, or an ISP, and the damage could be much, much greater.” Source: http://www.theinquirer.net/inquirer/news/3004579/university-suffers-ddos-attack-after-its-schooled-by-own-iot-devices#

Link:
University suffers DDoS attack after it’s schooled by own IoT devices

Battle of the botnets: My zombie horde’s bigger than yours

DDoSing over 100Gbps up 140%. Mirai worst but Spike peaks at 517Gbps DDoS attacks more than doubled in the last quarter of 2016 compared to the same period the year before.…

Read More:
Battle of the botnets: My zombie horde’s bigger than yours

What retailers need to know about cybersecurity

Annual global costs tied to destruction of data, intellectual property theft, lost productivity and fraud are on pace to reach $6 trillion by 2021. Here’s how retailers can avoid becoming a statistic. Cybercrime is big business — and retailers are squarely in the crosshairs. Cybercrime — the catch-all term applied to an ever-expanding range of digital assaults from malware to theft of personal data to distributed denial-of-service attacks (DDoS, i.e. coordinated traffic onslaughts on servers, systems or networks designed to make the target difficult or impossible for legitimate users to access) — is rapidly growing more common, more dangerous and more complex. Service interruptions from DDoS attacks alone surged 162% in 2016. Cybercrime is also growing more lucrative: Nearly 90% of all cyberattacks now involve financial or espionage motivations, according to the Verizon 2016 Data Breach Investigations Report. Corresponding annual global costs related to damage and destruction of data, intellectual property theft, lost productivity and fraud are on pace to grow from $3 trillion in 2015 to $6 trillion by 2021. While the second half of 2016 brought to light three of the largest data breaches ever recorded (two raids on web platform Yahoo that impacted at least 1.5 billion accounts combined; the other affecting about 412 million accounts across social network Adult Friend Finder), retailers in fact experience the most cyberattacks of any industry sector — about three times as many as the previous top target, the financial industry — information and communications technology firm NPD Group reports. The list of victims is long and ignominious, and includes Target, Home Depot, Eddie Bauer and Vera Bradley. The question isn’t if and when yet another retailer will fall victim in the weeks and months ahead, experts say, but simply where the wheel of misfortune will land next. “You’ll never be able to put up perimeters and defenses to stop the behavior of malicious attackers. Organizations need to accept the fact that if they’re not breached today, they likely will be breached at some point in the point in the future,” Paul Truitt, vice president of cybersecurity services at managed network solutions firm SageNet, told Retail Dive. “Getting ahead of the criminal and stopping them before they do what they’re going to do is a losing battle. But acting quickly and having the processes in place to respond what it does happen is achievable, and if every organization had that in place, we could significantly shorten the average data breach notification and identification, and also create much less juicy targets for the bad guys.” Threat assessment Retailers are like catnip to cybercriminals because of the wealth of customer data stored on their networks. While hijacking credit card account data has long been the primary objective — about 42 million Target shoppers had their credit or debit information stolen when the retailer was breached in late 2013 — thieves are also keen to acquire personal data like names, mailing addresses, phone numbers and email addresses. “There’s a lot of data around shopping habits and purchasing patterns now being stored by retailers — information they never had before,” Truitt said. “If you’re tying a loyalty program to a mobile payment program, those payment programs are bringing more sensitive data into the retail organization than in the past, and that’s what criminals are looking for.” The threat isn’t lost on retailers. Fully 100% of retail executives surveyed for the 2016 BDO Retail RiskFactor Report cited data privacy and security breaches as major business risks, up from 55% in 2011 and 26% in 2007. But according to Truitt, relatively few retailers have advanced their cybersecurity efforts beyond implementing the basic safeguards necessary to meet payment card industry (PCI) security standards. “[Cybersecurity] varies by retailer,” he said. “We still see a lot of retail organizations putting their eggs into the PCI basket. The feeling is that they’ve secured their organizations by meeting PCI compliance requirements, but in reality, the vectors of attack are outside what PCI mandates needs to be done. When you think about security programs focusing only on PCI at best, we’re going to see a lot of data continue to be exposed.” The media fallout and brand damage associated with past merchant data breaches (not to mention the legal costs and governmental penalties, which can run into the millions) are driving retailer cybersecurity awareness and investment, says Robert Horn, associate director at insurance and risk management solutions provider Crystal & Co. “Retailers have been forced to increase their cybersecurity because of the breaches we’ve had in the last several years. Your public perception takes a hit, there’s customer churn, and the fines and penalties are increasing,” Horn told Retail Dive. “Cybersecurity is getting much more attention from the C-suite. Before, just the IT director was involved. Now you’ve got legal, you’ve got corporate governance, you’ve got the CFOs and the CEOs wanting to know what’s going on.” But knowing what’s going on is easier said than done, because cybercrime evolves with mind-boggling speed. What began two decades ago with relatively simple viruses and website attacks hatched by malcontents seeking internet notoriety has rapidly mutated into discrete, laser-targeted and highly sophisticated offensives masterminded by thieves, hackers and extortionists motivated by financial gain. “There isn’t a single organization that can say they’re 100% secure,” Maarten Van Horenbeeck, vice president of security engineering at content delivery network Fastly, told Retail Dive. “But there are organizations that have the maturity and the smart people to say, ‘We understand what is happening, and we believe we know how to defend against it and how to protect our customer data.’” Personnel and protection Understanding what’s happening begins with identifying potential cracks in your armor. Verizon found that most attacks exploit known vulnerabilities that businesses failed to patch, despite software providers making patches available months or even years prior to the breach taking place. In fact, the top 10 known vulnerabilities account for about 85% of all successful exploits each year. Avoiding disaster also depends on recognizing the warning signs and criminal patterns: 95% of breaches and 86% of security incidents fall into nine established exploit patterns. Building a more secure retail business begins with smart personnel decisions. “The single biggest thing an organization can do today is hire the right people. There are so many technologies out there,” Van Horenbeeck said. “It’s like putting together a puzzle of the correct pieces to make sure you’re defending yourself against attack. You need to hire the right people who understand that puzzle, and who know how to make the organization as safe as possible.” Perhaps no retail security solution has generated more headlines and discussion than the fall 2015 shift from traditional “swipe-and-signature” credit and debit cards to chip-enabled EMV cards, a move designed in part to better protect consumers from escalating transaction fraud. While EMV (which takes its name from Europay, MasterCard and Visa, the three companies that created its chip-integrated standard) effectively blocks card cloning and other commonplace criminal tactics, its security innovations are limited to transactions where the physical card is present, meaning many cyberthieves are shifting their focus from brick-and-mortar stores to the web. That means retailers dependent on e-commerce must embrace software solutions including end-to-end software encryption, a method of secure communication that prevents hackers, internet service providers or any other third party from accessing, stealing or damaging cardholder data or other information during its transfer from one system or device to another. “Organizations that have made investments in EMV but did not invest in end-to-end encryption have a risk misperception,” said SageNet’s Truitt. “They believe they are secure, but they’ve only accomplished authentication of credit cards. They’ve accomplished nothing related to the security of the actual transaction. Many retailers that don’t have security teams internally, or that outsource their security fully and don’t have anyone with that knowledge in-house, has misinformed themselves about what EMV is doing. We’re going to see more organizations put fewer security controls in place and reduce some spend, because they think they have put the right security in place. But they’ve left themselves more exposed than they used to be.” Beyond the basics, retailers should also consider adopting data loss prevention solutions to help monitor, manage and protect confidential data wherever it’s stored or used, as well as emerging tools like advanced behavioral authentication (methodologies that monitor headquarters and store employees’ attributes and behaviors to prevent imposters from accessing infrastructure and data), data-mining and visualization techniques, and security response automation. There’s no time to waste. Experts anticipate cybercrime to continue to increase in the months to come, and warn that emerging technologies like the Internet of Things and advances in artificial intelligence present a multitude of new opportunities for attack. Only the strong will survive. “It’s hard to predict what new threats will come about,” said Horn. “[Security] all comes down to putting resources into cybersecurity teams. A bad breach can put you out of business.” Source: http://www.retaildive.com/news/what-retailers-need-to-know-about-cybersecurity/435567/

Original post:
What retailers need to know about cybersecurity

The next generation of cyber attacks — PDoS, TDoS, and others

2016 was a landmark year in cyber security. The cyber landscape was rocked as Internet of Things (IoT) threats became a reality and unleashed the first 1TB DDoS attacks — the largest in history. Security experts had long warned of the potential of IoT attacks, and a number of other predictions also came true; Advanced Persistent Denial of Service (APDoS) attacks became standard, ransom attacks continued to grow and evolve and data protection agreements dominated privacy debates. So what’s coming in 2017? Well, for years there have been theories about how a cyber attack could cripple society in some way. So what would this look like, and how could it come to fruition in 2017? An attack type that has been largely ignored that could prove to be key in a major cyber attack is the Permanent Denial of Service (PDoS) attack. This attack type is unique as rather than collecting data or providing some on-going nefarious function its only aim is to completely prevent its target’s device from functioning. PDoS, or Phlashing PDoS, also known as “phlashing”, often damages its target to such an extent that replacement or reinstallation of hardware is usually required. Although the attack type itself has been around for some time now, but it’s easy to imagine how much damage they could do it today’s connected world, and therefore it could quickly gain momentum in 2017. For example, one method PDoS leverages to accomplish its damage is remote or physical administration on the management interface of the victim’s hardware, such as routers, printers, or other networking hardware. In the case of firmware attacks, the attacker may use vulnerabilities to replace a device’s basic software with a modified, corrupt, or defective firmware image. This “bricks” the device, rendering it unusable for its original purpose until it can be repaired or replaced. Other attacks include overloading the battery or power systems. We’ve already seen the potential harm that a PDoS attack could cause, when in November last year an attack on residential apartments in Finland targeted the building management system. The attack took the system offline by blocking its Internet connection, causing it to keep rebooting itself in order to reconnect. As a result, the system was unable to supply heating at a time when temperatures were below freezing. Fortunately, the facilities service company were able to relocate residents while the system was brought back online. You only have to consider devices like Samsung’s Note 7 to see the safety hazards that the devices we all carry around with us can potentially harbor. There have been numerous test cases of malware and bots overheating devices, causing them to physically distort or worse. These attacks, bundled into a cyber attack, could have devastating and lasting effects beyond what we commonly think about in the world of the “nuisance” DDoS attack. Another attack type that has flown under the radar is Telephony Denial of Service (TDoS). This attack type will likely rise in sophistication and become a key tool in cyber attackers’ arsenals, particularly those who are more interested in wreaking havoc than having financial gain as a motivator. The rise of the Darknet Just imagine an attacker with the ability to cut off communications during a crisis period. This would hinder first responders, exacerbate suffering and in some situations it could potentially increase loss of life. A physical attack, such as a terror attack, followed by a targeted TDoS attack on communication systems could be devastating. Like PDoS, TDoS has been around for some time but again, as we depend more and more on these connected systems the impact of a targeted attack becomes magnified. One prediction that has come true in the past few years is the rise of the Darknet. However, in 2017 it could go a step further and become a mainstream tool that almost anyone can use to launch attacks or manipulate data. The Darknet offers easy and affordable access to attacks that can terrorize or otherwise alter someone’s personal details for financial or other benefits. The scope of the Darknet is also reaching further than ever thanks to the huge increase in connected devices that the general public has at their disposal. Examples include the ability to rent compromised surveillance systems, access to legal information including lawyers’ emails and the ability to view and manipulate medical or educational records. 2017 could see a frightening scenario develop where the definitive source of who we are and how our details are recorded and accessed is unknown. Just imagine being in a job interview and your CV doesn’t match your online school records. Who will the potential employer trust? This analogy can be extended to numerous scenarios, but the common thread is that your online records require high security and fidelity in order for you to function properly in society. In light of that, one of the single most personalized acts of terror that can occur is a wide-scale loss, alteration or deletion of records — with no reconstitution capability. This should strike fear in us all. Source: https://betanews.com/2017/02/09/the-next-generation-of-cyber-attacks-pdos-tdos-and-others/

View article:
The next generation of cyber attacks — PDoS, TDoS, and others

DDoS attacks increasingly form blended attacks of more vulnerabilities

DDoS attacks increasingly formed blended attacks of four or more vulnerabilities over the course of the fourth quarter of 2016, with an intent to overload targeted monitoring, detection and logging systems, according to Nexusguard. Hybrid attacks were a common attack pattern against financial and government institutions. DDoS botnet activity: Top attacking countries The supersized Mirai attack from Q3 set the stage for Q4 challenges, resulting in a ripple of botnets from connected devices and the … More ?

View article:
DDoS attacks increasingly form blended attacks of more vulnerabilities

Five Taiwan brokerages report cyber attack threats, regulator says

Taiwan is investigating an unprecedented case of threats made to five brokerages by an alleged cyber-group seeking payment to avert an attack that could crash their websites, an investigator and the securities regulator said on Monday. Rick Wang, an official with Taiwan’s Financial Supervisory Commission (FSC), said each brokerage had received an email setting a deadline for the transfer of funds to avoid a distributed denial of service (DDoS) attack. Such attacks, among the most common kind on the internet, overload a website until it is forced to inhibit access or go offline. They have become common tools for cyber criminals trying to cripple businesses and organizations with significant online activities. “We have never seen this on such a scale – five companies hit at one time with the same threat,” said Wang, adding that the regulator usually sees single instances of cyber-crime. FireEye, a cybersecurity consultancy, said the attacks were similar to a wave of threatened denial of service attacks by a previously unidentified group that first appeared in Europe last month. The Taiwan attacks do not pose a threat to the island’s broader trading and financial system, Wang said, but he added that the regulator had asked all securities firms to step up defensive measures. One threat recipient, Masterlink Securities Corp, said its website had come under attack, but it had recovered and operations were normal. “The emails were sent under the name of the ‘Armada Collective’,” said Chiu Shao-chou, an official of the internet cybercrime division of Taiwan’s Criminal Investigation Bureau, the government’s top investigation body. The Armada Collective, a hacking extortion group, has been linked to financial blackmail heists elsewhere. But Chiu said the group has been put under watch and Taiwan investigators were still looking into the original source of the emails. The email demanded payment in web-based digital currency bitcoin equivalent to about T$300,000 ($9,731.41), Taiwan media said. None of the securities companies made any payments, Chiu said. Another brokerage firm, Capital Securities Corp, was hit on Monday by a DDoS attack lasting 20 minutes before its system recovered, the regulator said, but it did not link the latest case to the threatening emails. (This version of the story corrects sixth paragraph to show the attacks were similar to, not necessarily part of, a wave of attacks in Europe last month) Source: http://www.reuters.com/article/us-taiwan-cyber-idUSKBN15L128

More:
Five Taiwan brokerages report cyber attack threats, regulator says

Everything old is new again: Experts predict a flood of denial-of-service attacks

As IoT goes mainstream Mirai-style denial-of-service botnet attacks are escalating, and hackers are targeting health care companies, financial services, and the government. The hottest trend in cyberattacks is an archaic and simplistic hacker tool. Propelled by the rise of IoT, the popularity of denial-of-service attacks rebounded in late 2016 and early 2017. Accompanying the rapid acceleration of the IoT and connected device market, warn cybersecurity experts, will be a zombie botnet swarm of network-crippling attacks. Denial-of-service attacks are simple but effective weapons that bring down websites and services by flooding networks with junk traffic from commandeered botnets. Digital fallout will often cripple the target and ripple across the web to knock out unaffiliated but connected services and sites. “After an attack [clients] often feel angry and violated,” said Matthew Prince, CEO of denial-of-service mitigation service CloudFlare in an interview with TechRepublic. “A distributed denial-of-service (DDoS) attack is not a sophisticated attack. It’s the functional equivalent of a caveman with a club. But a caveman with a club can do a lot of damage.” “DDoS outages are causing companies to completely rethink their cybersecurity strategies,” said cyber-defence strategist Terrence Gareau in a report by threat identification firm Nexusguard. Nexusguard examines network data to identify threat vector trends like duration, source, and variation of denial-of-service attacks.”Hackers’ preferences for botnets over reflection attacks are typical of cyclical behavior, where attackers will switch to methods that have fallen out of popularity to test security teams with unexpected vectors.” Denial-of-service attacks are a broad umbrella used to describe a number of technological sub-tactics. Denial-of-service attacks are common and relatively easy to pull off because these attacks simply crowdsource web IP addresses. The hacker group Anonymous made DDoS attacks famous by championing a tool nicknamed the “Low Orbit Ion Cannon” that made denial-of-service accessible and easy. The downside, of course, is that all cyberattacks are illegal, and unsophisticated DDoS attacks are easy for law enforcement to pursue. The Nexusguard report shows that hackers are switching from DDoS to IoT botnet-based attacks like last year’s devastating Mirai hack. “Distributed denial-of-service attacks fell more than 40 percent to 97,700 attacks in the second quarter of the year,” Gareau said. IoT attacks targeted at French data provider OVH broke records for speed and size, the report said, and were so severe that France broke into Nexusguard’s Top 3 [cyberattack] victim countries. “The preferred programming language for the Mirai botnet helped to better handle a massive number of nodes compared to other typical languages for DDoS attacks,” Gareau said. “Researchers attribute the [DDoS] attack dip and these massive attacks to hackers favoring Mirai-style botnets of hijacked connected devices, demonstrating the power IoT has to threaten major organizations.” Hackers are also diversifying attacks against large organizations in financial services, healthcare, and government sectors, Gareau said in the Nexusguard report. “Hackers favored blended attacks, which target four or more vectors, in attempts to overload targeted monitoring, detection, and logging systems.” To fend off attacks, experts like Prince, Gareau, and Cyberbit’s chief technology officer Oren Aspir agree enterprise companies need to develop a response plan. “Attacks on an endpoint device will always leave some sort of trail or evidence to analyze,” Aspir said. “Since the speed of detection is vital, analysts need tools that will allow them to quickly detect behavior at the endpoint, validate the threat, and perform an automated forensic investigation in real time on that endpoint.” Aspir also suggested companies prepare for DDoS and other hacks by reviewing previous attack metrics, conduct vulnerability assessment and penetration testing exercises, and simulate attacks to help evaluate team preparedness. “It’s important for organizations to build a baseline that consists of what ‘good behavior’ should look like on an endpoint. This allows for organizations to take unknown threats and validate them quickly.” Though IoT botnet denial-of-service attacks are relatively new enterprise organizations have learned from previous attacks and already shifted defense tactics. “Researchers predict the attention from recent botnet attacks will cause companies to strengthen their cybersecurity… and ensure business continuity despite supersized attacks,” Gareau said. Source: http://www.techrepublic.com/article/everything-old-is-new-again-experts-predict-a-flood-of-denial-of-service-attacks/

Original post:
Everything old is new again: Experts predict a flood of denial-of-service attacks