Whether motivated by an extreme form of free expression or criminal intent, distributed denial-of-service attacks (DDoS attacks) are increasingly commonplace worldwide. Yet there remains a universal m…
Original post:
Most Americans uninformed about DDoS attacks
Despite the increasing sophistication and severity of cyber attacks, a survey of more than 700 senior IT professionals reveals that organizations are surprisingly unarmed to deal with today’s threat landscape. In a new report titled “Cyber Security on the Offense: A Study of IT Security Experts,” the Ponemon Institute and Radware®, (NASDAQ: RDWR), a leading provider of application delivery and application security solutions for virtual and cloud data centers, found that while 65% of organizations experienced an average of three distributed denial-of-service (DDoS) attacks in the past 12 months, less than half reported being vigilant in monitoring for attacks – much less putting into practice proactive and preventative measures to protect their organizations. “The reality is that cyber threats are outpacing security professionals, leaving most organizations vulnerable and unprepared,” said Avi Chesla, chief technology officer, Radware. “From hacktivists to cyber criminals, companies live under the constant threat of assaults that contribute to lost revenue and serious reputational damage. It’s critical that organizations take immediate action after reading this report. IT managers have to advocate for a multi-layered approach that also takes in account countermeasures to prevent threats before they inflict significant damage.” Key findings from the report include: Availability is the top cyber security priority for organizations today. Gone are the days where companies could solely concern themselves with data leakage and integrity based attacks. Unlike the past few years, where many organizations focused on confidentiality and integrity-based attacks, respondents noted a major shift in their security objectives, ranking denial-of-service (DoS) and DDoS as two of the top three threats their organizations face today. DDoS attacks cost companies 3.5 million dollars every year. Although respondents cited a lack of budget as one of the major impediments to shoring up cyber security, it’s clear that organizations will pay a much higher price for their lack of preparedness. 65% reported experiencing an average of three DDoS attacks in the past 12 months, with an average downtime of 54 minutes per attack. With the cost for each minute of downtime amounting to as much as $100,000 per minute – including lost traffic, diminished end-user productivity and lost revenues – it is no surprise that respondents ranked availability as their top cyber security priority. 63% rate their organization’s offensive countermeasure capabilities as below average. While 60% say they want technology that slows down or even halts an attacker’s computer, the majority of respondents give their organizations an average or below average rating when it comes to their ability to launch counter measures. With 75% of organizations still relying on anti-virus and anti-malware to protect themselves from attacks, it’s clear that the old adage, “the best defense is a good offense” is not being practiced by most firms. Organizations are more vulnerable than ever before. With respondents ranking lack of system visibility (34 percent), mobile/remote employees (32 percent) and negligent insiders (31 percent) as their top three areas of greatest cyber security risk, it’s clear that threats can come from a number of new sources including the Bring Your Own Device (BYOD) movement. Even more frightening, today’s threats are multi-layered, targeting not only networks but the data and application levels as well. “There is a frightening gap that exists between the increasing severity of cyber attacks and the level of preparedness that exists in the industry,” said Larry Ponemon, chairman and founder of the Ponemon Institute. “The report’s findings make clear that now is the time for organizations to begin making critical changes to their security approaches in order to stave off the potentially devastating costs associated with a lack of preparedness and adequate defenses.” To access a complete version of the report, please visit www.ddoswarriors.com, Radware’s in-depth resource for information security professionals. In addition, Radware will host a webinar on November 14 to discuss the report’s findings and provide actionable insights to help any organization properly mitigate attacks in an increasingly hostile threat landscape. Sign up here. About Cyber Security on the Offense: A Study of IT Security Experts The research for Cyber Security on the Offense: A Study of IT Security Experts was co-authored by the Ponemon Institute and Radware. The report surveyed 705 U.S. based IT and IT security practitioners responsible for managing their organization’s cyber security activities. 62% of the respondents surveyed were at the supervisor level or higher with an average of more than 11 years of experience. 65% of respondents were from organizations with a global headcount of more than one thousand and the primary industry segments for the report included financial services and the public sector as well as healthcare and pharmaceuticals. The survey consisted of 35 questions on respondents’ perceptions of and experiences with their organization’s cyber security infrastructure and the types of threats they now face. In addition to the report’s key findings, Cyber Security on the Offense includes: The top ranked negative consequences of cyber attacks Barriers to achieving a strong cyber security posture The technologies most favored by IT security professionals Top methods for performing counter techniques A comparison of attacks across the financial services, healthcare and public sectors About the Ponemon Institute The Ponemon Institute is dedicated to advancing responsible information and privacy management practices in business and government. To achieve this objective, the Institute conducts independent research, educates leaders from the private and public sectors and verifies the privacy and data protection practices of organizations in a variety of industries. Source: http://www.darkreading.com/insider-threat/167801100/security/news/240124966/65-of-organizations-experience-three-ddos-attacks-a-year.html
Follow this link:
65% Of Organizations Experience Three Distributed Denial of Service ‘DDoS’ Attacks A Year
A MAN HAS BEEN ARRESTED on suspicion of launching and promoting a denial of service attack on the website of UK Home Secretary Theresa May. The man is unnamed, but is said to be 41 years old and from Stoke on Trent, He is accused of mounting an attack on May’s website and others, and of inciting other people to participate. “The activity this morning demonstrates the commitment of the PCeU (Police Central e-Crime Unit) and our colleagues to combat cyber criminality anywhere within the UK and take action against those responsible,” said detective inspector Jason Tunn of the Metropolitan Police. “Assisting and encouraging cyber crime is a serious matter and I would advise all persons to consider their actions and any possible future consequences prior to posting any material online.” May’s website was attacked earlier this year as part of Operation Trial At Home, an Anonymous backed effort to raise awareness about ongoing extradition controversies, including those affecting Richard O’Dwyer and Gary McKinnon. Optrial At Home, as it was called on Twitter, was announced by an account called AnonopUK. “#OpTrialAtHome We will be firing our Laz0rs at GCHQ.gov.uk 8pm GMT 14th April, We invite all #Anons again to join,” it said in a tweeted message that has now apparently been deleted. That account was still sending out messages late last night. Whoever was arrested was nicked on suspicion of assisting or encouraging crime contrary to the Serious Crime Act 2007. The man has been bailed until mid-December. Source: http://www.theinquirer.net/inquirer/news/2222942/man-arrested-for-denial-of-service-attack-on-theresa-may
Follow this link:
Man arrested for Distributed Denial of Service ‘DDoS’ attack on Theresa May
As the process of owning systems and dragging them into botnets becomes ever more commercialized, exploit kits have emerged as a favorite of attackers. Their point-click-own nature means even non-tech…
See the original article here:
Life cycle and detection of an exploit kit
Here is a great post from Joey Muniz at www.thesecurityblogger.com Press around the DDoS attack Operation Ababil has caught the attention of many of our customers. This sophisticated cyber strike used a combination of three separate rootkits targeting webservers, which produced a very high upstream attack method on multiple companies simultaneously. The scary part about Operation Ababil was it was designed to bypass standard DDoS defense methods. This clearly demonstrates there isn’t a silver bullet for addressing advanced DDoS attacks. Distributed Denial of Service DDoS, web application and DNS infrastructure attacks represent some of the most critical threats to enterprises today. Here is some suggestions for a reference architecture to defend against these an other advanced threats. The best approach for defending against advanced DDoS as well as other cyber attacks is having multiple security solutions using different methods to detect malicious activity for both internal and external threats. For internal threats, it’s critical to have a well-designed and mature security infrastructure that includes components such as firewalls, IPS/IDS, email and content / application security solutions. Similar security standards need to be applied to endpoints as well as in the datacenter such as proper patch management, anti-virus and anti-malware. It’s important to enable DDoS defense features for these tools. For example, some best practices are leveraging ACLs for ingress and egress filtering, rate limiting ICMP and SYN packets as well as verifying if the source IP of packets have a route from where they arrived. Standard internal security solutions are important however will not completely protect you from advanced DDoS and other cyber threats. Security administrators need full network visibility to quickly identify anomalies regardless of their location or form of communication. Best practice to identify malicious activity inside your network is monitoring the wire using a Netflow or Packet capture approach (more can be found HERE and HERE). It’s also important to match identity to devices found. An example is how Cisco offers integration with its flagship access control solution, Identity Services Engine ISE, to network forensic tools such as LanCope, NetWitness and most major SIEMs. Having a tuned monitoring solution will dramatically improve reaction time to internal cyber threats. Most administrators associate DDoS as an outsider attack. We hear customers claim their service provider is responsible for providing DDoS defense however a service providers mission of delivering service will always outweigh concerns for security. For this reason, it’s critical to invest in an external DDoS defense solution as well as verify what security tools are included with your service provider contract. The two large players for external DDoS defense are Akamai and Arbor networks. Akamai’s Kona Site Defender provides DDoS mitigation and Application Layer Protection for most service providers. If your service provider uses Akamai, verify if they invested in the additional Kona suite. The leader for enterprise DDoS defense is Arbor (more can be found HERE). Arbor’s Peakflow, Prevail and cloud subscription services are the defacto standard for DDoS defense at the vast majority of our Tier-1 and Tier 2 ISPs as well as enterprise customers. Online DDoS monitoring services are also an option offered by companies such as Prolexic which are an alternative to purchasing equipment. To summarize the DDoS defense architecture, an enterprise should focus on both internal and external defense. The internal network should have a solid security foundation, monitor the wire for devices that access the network and match identity to those devices to distinguish what is permitted from rouge devices. Investments should be made in external defenses that offer the ability deflect DDoS traffic such as SYN Floods or UDP Floods as well as authenticating valid traffic at the network edge. Best practice is using DDoS solutions that leverage a large customer base via cloud services to improve reaction time as a community. Its also wise to question your service provider for what security solutions are included with your service package. Having this blend of internal and external security solutions will dramatically improve your chances against todays advanced persistent threats such as Operation Ababil. For DDoS protection for your eCommerce site click here to learn more. Source: http://www.cloudcentrics.com/?p=2293
Read the original:
Defending Against The Next Generation Distributed Denial of Service DDoS Attacks
Tensions between Japan and China are mounting following the Noda government’s decision to buy and nationalize the Senkaku Islands, and the repercussions have spilled over into cyberspace. Japan must urgently address its cybersecurity vulnerabilities and prepare for cyberthreats. Vandalism in cyberspace quickly followed the Japanese government’s announcement. China’s largest “hacktivist” group, the Honker Union of China, denounced Tokyo’s nationalization of the Senkaku Islands, calling it a declaration of war, and listed more than 100 Japanese entities as targets of a malicious campaign. For two weeks, Japanese central and local governments, banks, universities and companies experienced cyber vandalism, including the defacing of websites and distributed denial of service (DDoS) attacks. According to the National Police Agency, at least eight major Japanese websites were hit with cyber-vandalism and 11 more temporarily suffered access difficulties. Websites were altered to display Chinese flags and messages stating that the Senkaku Islands belong to China. Some of the cyberattacks used Chinese IP addresses and servers, but it remains unknown who the malicious actors are or who may be supporting them. Website defacement is a comparatively unsophisticated hacking technique that makes Japan’s vulnerability to more serious and latent cyberattacks a worrying concern. Tokyo must immediately strengthen cybersecurity to decrease the gravity and impact of these threats. Most security experts believe that the chances of the Senkaku Islands dispute erupting into a military conflict are slim, given the devastating economic and political impact such an event would have. But future conflicts will most certainly involve sophisticated cyberattacks. The precedent is already well established. Three weeks prior to the outbreak of the Russia-Georgia war of 2008, Georgian websites, including those belonging to the government, financial organizations, and the media, experienced DDoS attacks, defacement and infiltration by malware designed to disrupt communications and disable servers. If such an attack took place in connection to the Senkaku dispute, it would affect both Japan and the United States. Cyberattack and espionage techniques have rapidly developed over the last four years. Malicious actors may target critical infrastructures such as power grids as well as defense networks and satellite communications. Defensive abilities would be seriously disrupted if GPS and command and control systems become unreliable. It is extremely difficult to assure timely and accurate attribution for cyberattacks. The inability to immediately retaliate after an attack and the anonymity of aggression seriously undermine any possibility of deterrence. Moreover, international cooperation is not guaranteed even where responsibility is attributable, and even where malicious actors are identified, no adequate international law prescribes the appropriate response to cyberattacks either as countries or individuals. The Ministry of Defense recently released its first cybersecurity guideline for the use of cyberspace. This document declared that under the right of self defense, the ministry is responsible for countering cyberattacks if they are launched as part of armed attacks. This interpretation of the ministry’s mission constitutes a major expansion of its previous remit, given that previously it was responsible only for the protection of internal networks and computers. Nonetheless, the document does not specify what falls under the definition of “armed attacks” and this will be determined on a case-by-case basis. This vagueness provides flexibility to deal with cyberattacks, but may also cause confusion in the government and the international community about the justification and proportionality of responses. Moreover, uncertainty exists between Tokyo and Washington as to which cyberattacks are to be regarded as “armed” for the purposes of invoking the security treaty. As long as this lack of clarity persists, the only realistic option is for Japan to reinforce its cyber defense to detect any threat, prevent or resist cyberattacks, and rapidly recover from any damage that may be incurred. To do that, Japan will also need to study cyber offenses. Joint military exercises using cyber elements would be necessary as well. Although the aforementioned guideline refers to the necessity to continue to conduct such exercises, there is no bilateral declaration about cyber exercises in the public domain. At the press conference after the U.S.-South Korea 2 + 2 meeting this year, U.S. Defense Secretary Leon Panetta suggested conducting such joint exercises to make them “more realistic.” Even if governments cannot reveal the specifics of the exercises, a joint declaration demonstrating the strong will of Tokyo and Washington would increase deterrence. Another nightmare scenario for Japan would be the spread of disinformation about the Japanese territorial claim over the Senkakus before or during a crisis situation. This could be done by hacking broadcasters, social media and other online platforms to manipulate Japanese and international audiences. An example of this occurred in the ongoing Syrian civil war. News outlets were penetrated in order to disseminate false information about the Syrian opposition and bolster support for progovernment forces. The rapid growth of social and online media leverages the proliferation of disinformation as such information is disseminated by innocent users. For example, false information could belittle the authenticity of Japanese sovereignty over the Senkakus. Disinformation could convince people that nuclear disasters are being caused by physical or cyberattacks. In a worst case scenario for Japan and the U.S., cyberattacks could cause disruption slowly or quickly, precipitating cascading shock waves through their economic, political and security systems. To counter this threat, it is essential to enhance both the intelligence capability of the government and the level of cybersecurity nationwide. The government has to establish an information-warfare strategy to build resilience to likely scenarios. It is crucial to quickly identify when and what kind of disinformation is produced. Japan also must develop methods of emergency communication for distributing accurate information to minimize manipulation as much as possible. While these grave scenarios have yet to unfold in Japan, this does not mean they will not happen as cyberthreats spread and regional uncertainty deepens. Japan must develop its cybersecurity capability now as it can ill afford the costs of further delay. Source: http://www.japantimes.co.jp/text/eo20121026a1.html
Read More:
Cyber attacks on of which is Distributed Denial of Service ‘DDoS’ attack on Japanese sites
Anonymous is mostly known for their real-life and online protests, DDoS attacks, and shaming of businesses and government organizations by publicly releasing confidential data stolen from their server…
See more here:
Anonymous hacks police forum, sends emails to police officers
A string of cyber attacks on U.S. financial institutions has created headaches this fall by slowing down or preventing online banking access for millions of Americans. But imagine the real economic damage that similar-style attacks would cause if they struck U.S. retailers this holiday-shopping season, potentially eating into projected online sales of $54 billion. While retailers deserve credit for bolstering their defenses against credit-card-hungry organized crime rings, security professionals believe the industry is vulnerable to this different kind of onslaught aimed at crippling online sales. “The gloves are off in cyber space. The reality is if they want it to get worse, it can get worse,” said Dave Aitel, a former computer scientist at the National Security Agency. “I don’t think people are really prepared mentally to what happens if Amazon goes down.” Unlike the ongoing cyber attacks against U.S. banks, there doesn’t appear to be a specific cyber threat against retailers. Yet there are concerns that retailers aren’t ready for denial-of-service (DDoS) attacks from a powerful state actor like Iran, which many in the U.S. government suspect had a hand in the recent attacks on financial institutions like Bank of America (BAC) and J.P. Morgan Chase (JPM). “The Iranians are in the business of making a point and the bank attacks are not likely to have the impact they need, hence retailers are the next most likely target, especially in the holiday season,” said Aitel, CEO of Immunity, a cyber security firm that works with Fortune 500 companies. Online Sales Exceed $160B It’s hard to overstate the importance of e-commerce in today’s smartphone and social network dominated world. According to comScore (CSOR), annual U.S. retail e-commerce spending has surged 143% since 2004 to $161.52 billion last year. Despite the sluggish domestic economy and tepid retail sales growth, e-commerce spending jumped 13% between 2010 and 2011. Online shopping is crucial during the all-important holiday-shopping season. E-commerce spending rose 14% last holiday season to $37.2 billion, comScore said. In the face of continued economic uncertainty, online spending is projected to climb 17% this season to $54.47 billion, according to MarketLive. “It’s very important for any retailer to have a web presence or you risk being left out in the cold,” said Andrew Lipsman, vice president of industry analysis at comScore, who noted that even in-person purchases typically originate online. Adapting to Shifting Threat Security professionals believe retailers’ cyber defenses are more porous than those of financial institutions — and even some banks succumbed to relentless DDoS attacks this fall. Given their prior experience combating thieves in Russia and elsewhere trying to siphon funds or snatch credit-card numbers, retailers aren’t really positioned to halt massive DDoS attacks from powerful state actors like Iran. “That’s a very different threat and in many ways is more severe,” said Aitel. “They’re not thinking: What if it’s not about the money? What if someone wants to take me out just to take me out?” Cedric Leighton, a former NSA official, said he agrees that retailers are not as well prepared as their financial peers. “I don’t think they’ve gotten to the point where they can truly say their whole cyber supply chain is as well secured as they need to be in this day and age,” said Leighton, CEO of a Washington, D.C.-based risk-management consultancy. Leighton said hackers could also disrupt companies’ supply chains by messing with order quantities and locations, creating costly problems for retailers. Just this week Barnes & Noble (BKS) fell victim to a very sophisticated criminal attack that may have resulted in stolen credit and debit card information at 63 of its stores. Amazon Atop Target List The importance of a robust cyber defense is even more important for online retailers like Amazon.com and Overstock (OSTK). “If they aren’t available online, there is no business. They don’t exist,” said Ronen Kenig, director of security product marketing at Tel Aviv-based security firm Radware (RDWR). In a potential cyber attack on U.S. retailers, Amazon.com would clearly be the biggest prize. The Seattle company generated $17.4 billion in revenue last holiday quarter. “When you attack the United States you don’t attack Topeka, Kansas,” said Aitel. “Amazon is the big boy on the block. They are of course also the best protected.” Amazon.com and Wal-Mart (WMT) declined to comment for this story, while Target (TGT) didn’t respond to a request for comment. “Every company is going to look at what its exposure is. The greater the company is placed at risk, then the more they are going to invest in trying to protect themselves,” said Mallory Duncan, general counsel at the National Retail Federation. Noting that some companies “rely extremely heavily on the Internet,” Duncan said, “When you have a bet-the-company type of situation, they’re going to take extraordinary steps to protect that channel.” Cyber Monday in Focus Aitel suggested the days around Cyber Monday — the first work day after Black Friday — as a time when retailers need to be particularly vigilant about the cyber threat. According to comScore, U.S. e-commerce spending on Cyber Monday rose 22% last year to $1.25 billion, making it the highest online spending day in history. “The attackers always like to choose the worst time for the victim,” said Kenig. Bolstering Cyber Defenses So what specifically should retailers be doing to prevent or mitigate the impact of DDoS attacks this holiday season? Leighton said it’s crucial for companies to implement redundant systems with backups that allow switching from one system to the other when necessary. From a bigger picture standpoint, retailers should strive to install security programs that go above and beyond industry security standards, which Aitel said “are really the bottom bar.” Security professionals have been particularly alarmed by some recent cyber attacks that inflicted damage on physical assets, including a devastating attack unleashed on Saudi Arabia’s state run oil company Saudi Aramco Some believe Iran may have been behind this attack, which destroyed an estimated 30,000 computers. Aitel said, “Companies have to look at what happened to Saudi Aramco and say: What would we do if that happened to us? Until they have a good answer for that, they shouldn’t be sleeping that well.” For advanced DDoS protection against your eCommerce site click here . Source: http://www.foxbusiness.com/industries/2012/10/24/would-cyber-attacks-ruin-christmas-for-retailers/
Taken from:
Could Cyber Attacks (Distributed Denial of Service ‘DDoS’ attack) Ruin Christmas for Retailers?
Employing cloud computing services could help organizations defend against the type of distributed denial of service attacks that have temporarily crippled the online service of major American banks, says NIST’s Matthew Scholl. By using cloud computing services, Scholl says in an interview with Information Security Media Group, enterprises no longer are completely dependent on their own physical infrastructure because they can add processing capabilities from the cloud to keep up with DDoS attacks. “You have an entire cloud infrastructure that you can spin up and provision to keep pace with the scale of the attack. And when the attack subsides, then you can drop an infrastructure back down again and just pay for that service that you needed when the attack occurs,” says Scholl, deputy chief of the National Institute of Standards and Technology’s computer security division. “We’ve seen use of cloud and the elasticity and the dynamic nature of cloud technology to be something that is kind of changing the economics of a DDoS attack.” In the interview, Scholl explains: Why he believes the recent DDoS attacks against banks may not be as dire as they appear [see Bank Attacks: What Have We Learned? ]; How the migration to IPv6 could help organizations can defend against DDoS attacks; Types of guidance NIST offers that could help organizations develop plans to handle DDoS attacks. Scholl says DDoS attacks won’t vanish anytime soon, but believes a government-industry partnerships could help diminish the impact of these digital assaults. “That’s going to be the solution to try to both enable us to defend against it on the organizational side and remove the capability of it at the threat side,” he says. Source: http://www.bankinfosecurity.com/interviews/nist-use-cloud-to-repel-ddos-attacks-i-1698
See more here:
Use Cloud to Repel Distributed Denial of Service ‘DDoS’ attack
Prolexic has released a DDoS downtime cost calculator (registration required) which takes into consideration the many DDoS attack variables that can affect revenue. Using this calculator, businesse…
See more here:
Online DDoS downtime calculator