Healthcare organizations “are in the crosshairs” of cyber attackers, suffering one hack per month over the last year, with about half experiencing an incident involving the loss or exposure of patient information and another third unsure whether or not data was exposed, according to a new report. Conducted by the Ponemon Institute for security software company ESET, the report questioned 535 IT security practitioners from a variety of healthcare organizations, including private and public providers as well as government agencies, and found an industry beset by security breaches of all kinds. “With cyber attacks against healthcare organizations growing increasingly frequent and complex, there is more pressure to refine cybersecurity strategies,” the report’s authors wrote. “The State of Cybersecurity in Healthcare Organizations” also found that organizations struggle to deal with a variety of threats, including system failures (79 percent), unsecure medical devices (77 percent), cyberattackers (77 percent), employee-owned mobile devices or BYOD (76 percent), identity thieves (73 percent) and unsecure mobile devices (72 percent). Despite citing unsecure medical devices as a top security threat, only 27 percent of respondents said their organization has guidelines for medical devices as part of its cybersecurity strategy. The most common security incident sited was the exploitation of existing software vulnerabilities greater than three months old, according to 78 percent of respondents. Web-borne malware attacks were named by 75 percent of respondents. Following next were exploits of existing software vulnerability less than three months old (70 percent), spear phishing (69 percent) and lost or stolen devices (61 percent), according to the study. What’s more, participating organizations were only partly effective at preventing attacks. Almost half (49 percent) said their organizations experienced situations when cyberattacks have evaded their intrusion prevention systems (IPS), but many respondents (27 percent) were unsure. Another 37 percent said their organizations have experienced cyber attacks that evaded their anti-virus (AV) solutions or traditional security controls but 25 percent were unsure. On average, organizations have an APT incident every three months. Only 26 percent of respondents say their organizations have systems and controls in place to detect and stop advanced persistent threats (APTs) and 21 percent are unsure. On average, over a 12-month period, organizations had an APT attack about every 3 months (3.46 APT-related incidents in one year), the survey said. As for the consequences of theses breaches, 63 percent of respondents said the primary consequences of APTs and zero day attacks were IT downtime, followed by the inability to provide services (46 percent), while 44 percent said these incidents resulted in the theft of personal information. In addition, DDoS attacks have cost organizations on average $1.32 million in the past 12 months, the survey said. Healthcare organizations in the report spend an average of $23 million on IT and approximately 12 percent is allocated to information security. “Since an average of $1.3 million is spent annually just to deal with DDoS attacks, the business case can be made to increase technology investments to reduce the frequency of successful attacks,” the report said. Source: http://www.govhealthit.com/news/ponemon-health-orgs-hit-cyberattacks-every-month
CryptoWall most prevalent nasty – survey File-encrypting ransomware has eclipsed botnets to become the main threat to enterprises, according to Trend Micro.…
A distributed denial of service (or DDoS) attack is an attempt to take a website offline by overwhelming it with internet traffic.
VIDEO: What is a DDoS attack?
Customers of a large New Zealand website design company have had their websites shut down due to a cyber attack believed to target one or more of the company’s customers. Customers of Zeald were informed on Thursday that some clients had experienced outages with their websites in recent weeks. The company, formed in 2001, with thousands of customers in New Zealand and Australia, has told clients the outages were caused by Distributed Denial of Service (DDoS) attacks. These attacks attempt to make an online service unavailable by overwhelming it with traffic from multiple sources. They present a major challenge to making sure people can publish and access important information. “Simply put, a DDoS attack simulates millions of computers trying to access a website at the same time. This puts tremendous stress on the online infrastructure, and can make access to a website difficult, or impossible,” the company said in its email. “We believe these attacks are targeted at one of our customers,” it said. It said the attacks were difficult to resolve and were a rapidly expanding class of security attack. They did not involve ‘hacking’ and did not lead to the loss of confidential information, but they made it impossible to access a site. “They can be created by attackers with limited technical skill but options for dealing with them are extremely limited”. “Working with our upstream providers, we have been able to stop these attacks temporarily by blocking international traffic. Unfortunately, these attacks keep resuming and are no longer isolated to international traffic alone. These attacks are also causing major issues for our upstream providers as well as the other websites and services that they provide,” it said. “If you have experienced any kind of extortion attempt or communication threatening an attack like this please let us know. Any feedback regarding recent threats will be treated in the strictest confidence. If we know the target of the attack there are measures we can put in place to eliminate the problem”. Source: http://www.stuff.co.nz/technology/77539929/customers-of-large-nz-website-company-zeald-have-been-hit-by-cyber-attack
Akamai Technologies has shared the latest DDoS and web application attacks numbers in its Q4 2015 State of the Internet report. DDoS attack activity at a glance During Q4, repeat DDoS attacks were the norm, with an average of 24 attacks per targeted customer in Q4. Three targets were subject to more than 100 attacks each and one customer suffered 188 attacks – an average of more than two per day. During Q4, Akamai mitigated … More ?
Just because your business doesn’t have a website, that doesn’t mean it can’t be a victim of a DDoS (distributed denial of service) attack. This sentence might not make much sense at this point, but keep reading. Security firm Kaspersky Lab and researchers B2B International looked at what cyber-crooks go for when attacking businesses and enterprises, and here’s what they came up with: Last year, 16 per cent of companies (globally), were victims of a DDoS attack. Among enterprises, the percentage jumps up to 24. For most, external activities, such as websites, were targeted. Among half, websites had been hit, logins and portals were attacked in 38 per cent of cases, while communications services were attacked 37 per cent of times. Transactional systems had been affected in 25 per cent of cases. But also, in 25 per cent of cases, file servers had been hit, and 15 per cent said their operational systems were targeted. Another 15 per cent said a DDoS attack hit their ISP network connectivity. “It’s important to take a DDoS attack seriously. It’s a relatively easy crime to perpetrate, but the effect on business continuity can be far-reaching. Our study found that alongside the well-publicised impact of an attack, such as website downtime, reputational damage and unhappy customers, DDoS hits can reach deep into a company’s internal systems. It doesn’t matter how small the company is, or whether or not it has a website; if you’re online, you’re a potential target. Unprotected operational systems are just as vulnerable to a DDoS attack as the external website, and any disruption can stop a business in its tracks,” said Evgeny Vigovsky, Head of Kaspersky DDoS Protection, Kaspersky Lab. Source: http://www.itproportal.com/2016/02/29/you-dont-need-a-website-to-get-hit-by-ddos/
See the original article here:
You don’t need a website to get hit by DDoS
On 24 February, Google and its parent company Alphabet opened the doors to Project Shield, a service designed to protect independent news websites with controversial geopolitical messages from distributed denial-of-service (DDoS) attacks. The project, which originates from the Google Ideas branch that was recently extended and rebranded as Jigsaw, has come out of an invite-only beta and is now freely available to any website not owned by a government or political party that passes through the application process. According to a Wired report, sites that have successful applications to the project will then be able to change their site’s domain name configuration which so that it redirects to a Google server. This server effectively creates a “reverse-proxy”, which then filters out malicious traffic. Google claims in an accompanying video (below) that decision to help independent websites from suffering the wrath of hackers is to reduce forced censorship, via online blackouts, for those sites that are delivering sensitive news in regions of political turmoil and/or upheaval. An example given for an early case of Project Shield’s use covers how Yahyanejad, the editor-in-chief of Balatarian.com , managed to take advantage of Google’s system to effectively null a swathe of DDoS digital strikes presumed to be intended to suppress the site’s coverage of the 2009 Iranian presidential election. “Just about anyone who’s published anything interesting has come under an attack at some point,” said Project Shield lead George Conard. “The smaller and more independent voices often don’t have the resources, whether technical or financial, to really put good protections in place…That’s where we come into the picture.” The catch, however, could be a deal breaker for some, despite the obvious positives of the service. While Alphabet executive director Eric Schmidt talks of using Jigsaw-produced schemes as being purpose-built to enable “technology to tackle the toughest geopolitical challenges,” any website making use of Project Shield is required to give Google access to its raw data logs on who is accessing the site itself. While this may cause privacy concerns, the company confirmed to Wired that the data logs will only be kept for a maximum of two weeks. Project Shield product manager CJ Adams said: “We’ve made it very explicit we don’t have the rights to commercialise anything that comes through.” Source: http://www.ibtimes.co.uk/project-shield-latest-google-product-could-protect-start-websites-hacker-ddos-attacks-1546036
Originally posted here:
Project Shield: Latest Google product could protect start-up websites from hacker DDoS attacks
Researcher who found the flaws will reveal crim-friendly details in three weeks Palo Alto Networks has revealed four new nasties, one of which can allow remote code execution and DDOS attacks on its boxen, and given users until March 16th to patch them.…
Originally posted here:
Palo Alto reveals critical bugs and March 16th patch deadline
Every day hackers attack Norway´s largest news site, VG. But not without risk. VG has both helped the police put hackers behind bars and alerted mothers about what their adventurous sons are up to. VG.no is one of the most successful news sites in the world. Every week 4 million Norwegians – out of a population of 5 million – visit the site for the latest news. But that also makes VG.no a target for hackers. “Whenever there is a new security hole discovered, someone want to try it on VG,” says Audun Ytterdal, head of IT operations in VG. During the Schibsted Tech Polska Winter Event 2016 he presented “War stories from the ops trenches”, describing how the media house protects itself from a continuous flow of DDoS attacks. Under attack every day VG is well prepared for hacker attacks – and is able to deal with lots of traffic without going down. According to Ytterdal the site can handle up to 30 GB per second. “Usually we see around 10.000 http-hits per second. But during the attacks we can experience up to 100.000 http-hits per second,” he explains. Called the hacker´s mum In the presentation he explains some of the technical measures taken to secure the news site from attack. But he also tells entertaining stories about how the IT staff used their technical skills to identify the hackers. And not always the hackers have everything planned out! Take for instance the young hacker who managed to take over the front page of the business site E24.no with photos of himself in a balaclava taken in his mum´s bathroom. However smart he had been breaking into the site, he had forgotten to remove the location info added to the image file when he took the photo with his mobile phone. “So we could see where he lived – and we called his mum informing her that her son was up to activities she may not approve of,” laughs Audun Ytterdal. Sent hackers to jail In another case the hackers bragged about their achievement on Twitter. That gave the IT operations department the opportunity to contact them directly. After a while they also managed to identify two of the hackers. When one of them posted a photo from a town in Southern Norway, VG was able to locate the exact house it had been taken from with use of Google Street View. The information was given to the police – and the two hackers later had to serve time in jail. Entertaining error page For a news room all alarms go off when the main site is down. And Audun Ytterdal believes it will be very hard to avoid never being shut down. So what to do when it happens? Of course identify and fix the problem. But VG also decided to give people a good laugh by designing an entertaining error page. The error page is a fun version of the normal front page of the site. “The last time we used this we had people tweeting that they would rather see the error page of VG than any other news site,” smiles Ytterdal. Source: http://www.schibsted.pl/2016/02/how-norways-biggest-news-site-protects-itself-from-ddos-attacks/
View the original here:
How Norway’s biggest news site protects itself from DDoS attacks
The contract between Department of Homeland Security (DHS) and Galois was signed in January. However, HackRead had a chance to discuss the contract with Galois. Galois and the Department of Homeland Security (DHS) Science and Technology Directorate (S&T) have formalized a contract to develop technology for preventing and combating extensive, sophisticated DDoS (Distributed Denial of Service) attacks . In fact, an official announcement was made by Galois in which the company informed media about signing up a $1.7million contract with the DHS S&T Cyber Security Division. The contract is part of the larger Distributed Denial of Service Defenses (DDoSD) program initiated by the DHS S&T Cyber Security Division. The problem with DDoS attacks is that these can cripple even the most established and largest organizations. These happen to be devastating for small and/or medium-sized businesses. The generated amount of traffic is adequate to drench their internet connections multiple times and it becomes challenging to get the ISP (internet service provider) to take the matter seriously and respond quickly. DHS Developing Technology to Thwart DDoS attacks Quicker than Ever Before The project that DHS is planning with Galois is dubbed as DDoS Defense for a Community of Peers (3DCoP) and it involves peer-to-peer collaboration mechanism with which the organizations detect and combat DDoS attacks by working in cooperation. According to Adam Wick, Galois’ Research Lead, Mobile & Security Systems Software: “Current DDoS defense systems are proving ineffective because they operate in isolation, which introduces delays in the detection, reporting, and response to a DDoS attack. This delay is critical. It provides positive feedback to the attacker, who will continue to send more and more traffic to the target network. Our solution advances the state of DDoS defense by providing new tools that allow multiple defenders to coordinate their response, resulting in earlier detection and faster DDoS mitigation.” It is not a hidden fact that DDoS attacks are a great threat for all kinds of industries and sectors alike such as news entities, financial institutions, critical infrastructure organizations and government agencies, etc. Under the contract with DHS, Galois aims to curb rising DDoS attack threats via the following measures: 1: Minimizing mitigation response duration by at least 50% and 75 to 90 percent reduction in peak traffic 2: 25% reduction in the duration between the launching of DDoS attack and its detection Resultantly, organizations and institutional entities will be able to thwart DDoS attacks prior to its completion. HackRead had a chance to have a conversation with Adam Wick and here’s what we asked and what he replied: Q: How would you like to explain the difference between your services and services provided by other companies? Answer: “Currently, DDoS defense systems fail to address large DDoS attacks that fully “clog” the internet connection. In those cases, locally responding to an attack is no longer possible. In general, most solutions work in isolation, which introduces delays in the detection, reporting, and response to a DDoS attack. To effectively mitigate a large attack, an organization must involve organizations “higher up”, like ISPs, that can stop the flow of malicious traffic. We’re developing a unique collaborative model, where multiple organizations automatically work together to detect DDoS attacks through automatic traffic analysis. They then generate traffic blocking rules for the malicious traffic and send that to ISPs further up the chain. The ISPs can, in turn, block the necessary traffic and mitigate the attacks. One can see the basis of this in the way people react to DDoS attacks now, but many of these steps are manual and require complicated conversations over the telephone. In many cases, the process is further complicated because the parties involved have never spoken before, and have to build trust. After all, the actions that one takes to mitigate a DDoS can also be used to perpetrate an attack, so upstream ISPs need to convince themselves that they’re talking to the right person. What we’re looking to do is speed up this process, dramatically, by automating the detection, analysis, and mitigation steps. At the moment, this mitigation can be automatic, or it can be manual. That way, even if an organization’s ISP isn’t hooked up to our system, network admins will be able to detect the problem early and trust our solution to have all the information (and all the evidence!) they need to convince their ISP to take early and effective action.” Q: How will your firm will defend its client against DDoS attack leading to ransom such as the ProtonMail DDoS attack? Answer: “Ransom in DDoS cases is one of those clear indicators that our current approaches to DDoS defense are failing. Attackers can only ask for ransom when an organization has no way to defend themselves. Ransom cases can be mitigated by having effective DDoS defense that doesn’t allow an attack to become a problem in first place. The most effective defenses in the coming years will take into account the bigger picture by connecting everyone involved, for a more timely response. If we can minimize the effect of large DDoS attacks, we effectively reduce cases where attackers demand ransom.” Galois is a renowned firm in the computer science research and development sector. It has been operating since 1999 and boasts of a world class team of computer science experts, mathematicians, programmers, and engineers. The firm has positioned itself as the world’s most reliable company and is ready to take on even the most challenging computer science related task of the world. It has also partnered with defense and intelligence agencies to develop cutting edge technologies to protect their systems and networks. Very often tech firms consult Galois to create reliable, safe and secure systems for their products and services’ security. Source: https://www.hackread.com/us-homeland-security-vows-to-tackle-ddos-attacks/
See the original article here:
US Department of Homeland SecuUS Department of Homeland Security Vows To Tackle DDoS Attacksrity Vows To Tackle DDoS Attacks