Hadoop YARN is the attack vector, so lock it away Diligent hackers have decided routers and cameras aren’t enough, and have reportedly crafted Mirai variants targeting Linux servers.…
Continued here:
Malware scum want to build a Linux botnet using Mirai
They just take a battering ram to the gates The bots spewing out malicious login attempts by the bucketload appear to have cranked it up a notch.…
Follow this link:
Some credential-stuffing botnets don’t care about being noticed any more
Also: Belarus barely brushes botnet builder’s bankroll Another week has come and gone. This one included some Fortnite flaws , a nasty Intel bug , and a voting machine maker whining about hacking contests.…
Researchers infected devices and totted up all the ‘leccy and bandwidth they used Berkeley boffins reckon the Dyn-based Internet of Things attack that took down Brian Krebs’ Website in 2016 cost device owners over $US320,000.…
View post:
Mirai botnet cost you $13.50 per infected thing, say boffins
And just two thirds of IT pros say their current IT security budget is sufficient, a recent survey found. According to the results of a recent survey [PDF] of 250 IT professionals, 34 percent of companies in the U.S. were breached in the past year, and 74 percent of the victims don’t know how it happened. The survey, conducted by iSense Solutions for Bitdefender, also found that two thirds of companies would pay an average of $124,000 to avoid public shaming after a breach, while 14 percent would pay more than $500,000. One third of CIOs say their job has become more important in their company’s hierarchy, and another third say their job has been completely transformed in the past few years. And while nine in 10 IT decision makers see IT security as a top priority for their companies, only two thirds say their IT security budget is suifficient — the remainder say they would need an increase of 34 percent on average to deliver efficient security policies. Cloud security spending increased in the past year at 48 percent of companies, while the budget for other security activities remained the same. On average, respondents say only 64 percent of cyber attacks can be stopped, detected or prevented with their current resources. Separately, a survey of 403 IT security professionals in the U.S., U.K., Canada and Europe found that only three percent of organizations have the technology in place and only 10 percent have the skills in place to address today’s leading attack types. The survey, conducted by Dimensional Research and sponsored by Tripwire, also found that just 44 percent of organizations have the skills, and 43 percent have the technology, to address ransomware attacks effectively. “Most organizations can reasonably handle one or two key threats, but the reality is they need to be able to defend against them all,” Tripwire senior director of IT security and risk strategy Tim Erlin said in a statement. “As part of the study, we asked respondents which attack types have the potential to do the greatest amount of damage to their organization. While ransomware was cited as the top threat, all organizations were extremely concerned about phishing, insider threats, vulnerability exploitation and DDoS attacks.” Respondents felt most confident in their skills to handle phishing (68 percent) and DDoS attacks (60 percent), but less confident in their abilities to deal with insider threats (48 percent) and vulnerability exploitations (45 percent). Similarly, respondents felt more confident in the technology they have in place to address phishing (56 percent) and DDoS attacks (63 percent), but less confident in the technology to address insider threats (41 percent) and vulnerabilities (40 percent). A separate survey of 5,000 U.S. consumers by Kaspersky Lab and HackerOne found that 22 percent of respondents are more likely to make a purchase if they know a company hired hackers to help boost security. Knowing what they do about their own company’s cyber security practices, just 36 percent of respondents said they would choose to be a customer of their own employer. Almost two in five U.S. adults don’t expect companies to pay a ransom if hit by ransomware. When asked what types of data they would expect a company to pay a ransom for, 43 percent expect companies to do so for employee Social Security numbers, followed by customer banking details (40 percent) and employee banking details (39 percent). Source: http://www.esecurityplanet.com/network-security/74-percent-of-companies-that-suffer-a-data-breach-dont-know-how-it-happened.html
Read this article:
74 Percent of Companies that Suffer a Data Breach Don’t Know How It Happened
If your business hasn’t already faced a distributed denial-of-service (DDoS) attack, brace yourself: fake traffic is coming. Your DevOps team and IT service desk need an action plan to handle these threats. This article will take you step-by-step through the process of identifying, stopping, and responding to DDoS attacks. The Task at Hand Before we discuss how to stop DDoS attacks, we need to examine their nature. No matter who launches a DDoS assault, the functional objective is the same: to take down a web service so that it denies access to legitimate end users. Hackers launch DDoS attacks for sport. Competitors do it to hurt your business. Hacktivists use them to further a cause. Extortionists even use DDoS attacks to hold web services for ransom. Whether attackers bombard your network with traffic, target a protocol, or overload application resources, the mechanics of DDoS attacks change little. Year after year though, DDoS attacks increased in size, complexity, and frequency according to research published by Arbor Networks in July 2016. The security firm recorded an average of 124,000 DDoS events per week over the prior 18 months. At 579 Gbps, the largest known attack of 2016 was 73 percent larger than the 2015 record holder. Mind you, 1 Gbps is enough to take down most networks. In theory, the task at hand is simple: create a system that can absorb DDoS attacks. In practice, DDoS defense is difficult because you have to distinguish between legitimate and illegitimate sources of traffic — and cybersecurity budgets don’t grow on trees. With these considerations in mind: Set Traffic Thresholds You probably track how many users visit your site per day, per hour, and per minute. Thus, you understand your average traffic levels and, hopefully, you’ve recorded how special events (sales, big news releases, etc.) affect visits. Based on these numbers, set thresholds that automatically flag abnormal traffic for your security team. If you expect 1,000 visitors per 10 minutes, an influx of 5,000 visitors over one minute should trigger your alert. Blacklist and Whitelist Control who can access your network and APIs with whitelists and blacklists. However, do not automatically blacklist IP addresses that trigger alerts. You will see false positives, and overreacting is a sure way to infuriate good customers. Temporarily block traffic and see how it responds. Legitimate users usually try again after a few minutes. Illegitimate traffic tends to switch IP addresses. CDNs The best defense against DDoS attacks is a content delivery network (CDN) like Prolexic (acquired by Akamai), Incapsula, Arbor Networks, or CloudFlare. They can identify illegitimate traffic and divert it to their cloud infrastructure. The problem is that CDNs are not cheap. A typical plan costs five figures per month. Or, if you pay per incident, you might get a six-figure bill for one attack. If you run a bank, a massive ecommerce company, or a social platform that makes thousands of dollars per second, that’s a small price to pay. Most companies either can’t afford a CDN or don’t have a platform that warrants such high security. If, for instance, your company has an informational website where no one makes transactions or uses services, you don’t need a CDN. You’re not a prime target. An application or network firewall might be enough to prevent abnormal traffic. If a DDoS attack takes you down, it won’t harm customers or your reputation. The cheapest way to defend against DDoS attacks is to deploy more servers when you detect suspicious activity. That is the least reliable method but still better than nothing. Remember, there is no end to the amount of money you can throw at security. Depending on your budget and risk tolerance, choose the right option for your service desk. Automate Communication with Customers When a DDoS attack succeeds, you don’t want your service desk buried in emails, phone calls, social media posts, and instant messages. Create a status page that automatically displays whether your service is up or down. Also, create DDoS communications templates that you can auto-send to end users who contact you. These templates should cover any interruption to service, not just DDoS attacks. Keep it vague with something like: “Thank you for contacting [your company name]. Our platform is currently down. We are working as quickly as possible to restore service. We will post updates on our status page [hyperlinked] as soon as we have more information”. Incident Report and Root Cause Analysis After you suffer an attack, you need to reestablish credibility. Draft an incident report explaining what happened, why, and how you responded. Then, discuss how you will prevent future attacks. If you contracted a CDN, for instance, discuss how it works and how it will deter future attacks. Open the report with simple, non -technical language. You can add a technical section for CIOs, CTOs, and others who would appreciate the details. Practice for Attacks Simulate DDoS attacks to gauge how your action plan works. You could give DevOps and the service desk warning or take them by surprise to make the simulation realistic. Companies often run simulations in a planned maintenance window to spare end users further inconvenience. If you have a CDN, you can warn the provider, or not. Obviously if you pay per incident, coordinate tests with the CDN provider. Expect the Worst DDoS attacks are inevitable. Although they range from acts of digital vandalism to full-blown cyberterrorism, all DDoS attacks follow the same principles. Your action plan should address all types of DDoS attacks, no matter who perpetrates them. Whatever you do though, do not sacrifice your end users to cybersecurity paranoia. Better to suffer an attack than throttle the business you sought to defend. Source: http://betanews.com/2016/09/15/6-steps-for-defending-against-ddos-attacks/
Visit site:
6 steps for defending against DDoS attacks
Contrary to conventional thinking that large bandwidth cyber attacks wreak the most damage on enterprises, security experts at Radware instead found that bigger problems usually come in small packages…
View article:
Smaller DDoS attacks can be deadlier than big ones