Tag Archives: organisation

DDOS attacks: An old nemesis returns to cripple your network

Once considered a cybersecurity threat of the past, Distributed Denial of Service (DDoS) attacks have re-emerged with a vengeance. DDoS attacks are wreaking havoc on enterprises and end users with alarming frequency. Distributed Denial of Service is a cyberattack where multiple systems are compromised, often joined with a Trojan, and used to target a single system to exhaust resources so that legitimate users are denied access to resources. Websites or other online resources become so overloaded with bogus traffic that they become unusable. A well-orchestrated DDoS carried out by automated bots or programs has the power to knock a website offline. These attacks can cripple even the most established and largest organisations. An e-commerce business can no longer conduct online transactions, jeopardising sales. Emergency response services can no longer respond, putting lives in danger. According to the VeriSign Distributed Denial of Service Trends Report, DDoS activity increased by 85 percent in one year. The report also suggested that cyber attackers are beginning to hit targets repeatedly, with some organisations the target of DDoS attacks up to 16 times in just three months. If you think your organisation is obscure and can fly under the cyber attacker radar – forget it. Every industry is vulnerable. If an increase in attacks isn’t troubling enough, the size and the amount of damage DDoS attacks can do is also disturbing. The fastest flood attack detected by Verisign occurred during the fourth quarter of 2015, targeting a telecommunications company by sending 125 million packets per second (Mpps), and driving a volumetric DDoS attack of 65 gigabits per second (Gbps). The end result – the site imploded and was temporarily knocked out of service. Why DDos attacks are back in vogue The reason why DDoS attacks are back is simple – it is relatively easy to launch a sustained attack and cripple any organisation connected to the Internet. Botnets, a group of computers connected for malicious purposes, can actually be acquired as a DDoS for hire service. The ability to acquire destructive assets demonstrates how easy it is for someone with little technical knowledge to attack any organisation. DDoS attacks typically hit in three ways – Application Order, Volumetric, and Hybrid. Application orders cripple networks by potentially creating hundreds of thousands of connections at a time; volumetric attacks seek to overload a site with traffic; hybrid attacks can deliver the double whammy of knocking a business offline. The real danger of DDoS attacks is that they are often an end around. While technicians are pre-occupied with trying to get the website back up, attackers can often plant a backdoor in others areas of the network to eventually steal information. How to prevent DDoS attacks Prevention is nearly impossible, since there is no effective control of hackers in the outside world. A DDoS appliance protecting the Internet connection is the first line of defence. This will help to mitigate an attack. Appliances from vendors such as Fortinet or Radware are placed on customer premise as close to their Internet edge as possible. These devices can help to identify and block most DDoS traffic. However, this solution falls short with a DDoS attack that is attempting to flood Internet circuits. The only way to protect against this type of attack is to have a device at the service provider or in the cloud. A managed security services provider (MSSP) can offer on-demand services that are both cost effective and architected with a cloud focus in mind, in order to effectively protect against each type of attack. A number of companies offer tools to analyse network traffic for signs of malicious activity, which can often weed out unwanted network connections. Infrastructure Access Control Lists (IACLs) can also be installed in routers and switches to detect suspicious traffic patterns and keep unwanted traffic off servers. Many companies believe they can thwart attacks by hiding behind a firewall, but these general purpose tools are typically the first to fall. Firewalls offer some protection, but they can be easily hacked. Organisations expose themselves to attack when they use technology as a crutch. Winning the DDoS war requires organisations to look at their operations as a critical network and seek ways to defend it with talented individuals and technology that stay one step ahead of the attackers. A firewall is important but not a panacea. The major drawback to do-it-yourself solutions is that they are reactive. Attackers can easily modify their methods and come at a business from disparate sources using different vectors. This keeps an organisation always in a defensive position, having to repeatedly deploy additional configurations, while simultaneously attempting to recover from any downtime events. Many organisations have limited expertise and resource bandwidth to deal with the complexities of security and compliance. Managed security services providers with the ability to monitor, manage and protect control systems fill that cybersecurity gap. Detecting a DDoS attack requires specialised hardware capable of sending alerts via email or text. The goal is to report and respond to the incident before the attacker makes resources unavailable. An MSSP who employs both technology and on-site personnel can monitor and act as a full operations team. If a DDoS attack is suspected, it is probably affecting the ISP as well. The security team should immediately contact the ISP to see if they can detect a DDoS attack and re-route traffic. Inquire whether any DDoS protective services are available, and consider a backup ISP as a contingency. DDoS attacks will continue in the future due to the ease of execution. Companies must ensure they are prepared, constantly monitor the network, and have a game plan if an attack is under way. The daily headlines prove that no organisation is immune. With a little foresight it is possible to both thwart an attack and defend against future ones. Source: http://www.itproportal.com/features/ddos-attacks-an-old-nemesis-returns-to-cripple-your-network/

Visit site:
DDOS attacks: An old nemesis returns to cripple your network

The Hidden Role of DDoS in Ransomware Attacks

Dave Larson offers advice for organisations wishing to protect themselves from the latest types of cyber-extortion Ransom demands and DDoS attacks are now, more than ever, being used together in inventive new techniques to extract money from victims. This ranges from hackers threatening to launch a DDoS attack unless a ransom is paid, to the recent reports of a multi-layered cyber-attack combining ransomware and DDoS attacks in one. But what is often less understood is the way that sub-saturating DDoS attacks are regularly being used as a precursor to ransomware incursion.  Because these attacks are so short – typically less than five minutes in duration – these low-bandwidth DDoS attacks allow hackers to test for vulnerabilities within a network, which can later be exploited through ransomware. Here we outline some of the typical methods of cyber-extortion involving DDoS attacks, and explain why automatic DDoS mitigation is such a key defence in the ongoing battle against ransomware. Extortion is one of the oldest tricks in the criminal’s book, and one of the easiest ways for today’s cyber-criminals to turn a profit.  As a result, there are a significant number of techniques that hackers will utilise to try and extract money from victims. One of the most common is DDoS ransom attacks, where attackers threaten to launch a DDoS attack against a victim unless a ransom is paid. These attacks can affect any internet-facing organisation and are often indiscriminate in nature. In May, the City of London Police warned of a new wave of ransom-driven DDoS attacks orchestrated by Lizard Squad, in which UK businesses were told that they would be targeted by a DDoS attack if they refused to pay five bitcoins, equivalent to just over £1,500.  According to the results of a recent survey, 80 percent of IT security professionals believe that their organisation will be threatened with a DDoS attack in the next 12 months – and almost half (43 percent) believe their organisation might pay such a demand. But despite the prevalence of DDoS ransom attacks, and its longevity as a technique, nothing elicits the same degree of alarm among security teams as the current threat of ransomware. This type of malware is estimated to have cost US businesses as much as US$ 18 million (£13.7 million) in a single year, and has already claimed a string of high-profile victims including hospitals and public bodies. Earlier this month, European police agency Europol launched a new ransomware advice service aimed at slowing down its exponential rise. But when it comes to protecting your organisation’s data from being encrypted and lost, most advice focuses on recovery, rather than prevention. This includes having a good backup policy, which ideally involves serialising data so that multiple versions of the files are available, in case newer versions have been encrypted. But what about taking a more proactive stance? We know that ransomware is usually delivered via email, inviting respondents to click on a link to download malware. Typically the themes of these emails include shipping notices from delivery companies or an invitation to open other documents that the recipient supposedly needs to review.  It’s true that many of these emails are sent opportunistically and on a blanket basis to a wide number of potential victims. But we are also seeing an increase in more targeted attacks, designed to gain access to a specific organisation’s networks.  After all, attacking a larger, more high-profile organisation would normally command a higher potential ransom reward, so hackers are investing an increasing amount of time researching specific victims and locating their vulnerabilities – usually through a variety of automated scanning or penetration techniques, many of which are increasingly incorporating the use of sub-saturating, low-bandwidth DDoS vectors. Most people associate the term ‘DDoS’ with system downtime, because the acronym stands for “Distributed Denial of Service”. But DDoS threats are constantly evolving, and many hackers now use them as a sophisticated means of targeting, profiling, and infiltrating networks. Short, sub-saturating DDoS attacks are typically less than five minutes in duration, meaning that they can easily slip under the radar without being detected by some DDoS mitigation systems. Five minutes may seem like an insignificant amount of time – but an appropriately crafted attack may only need a few seconds to take critical security infrastructure, like firewalls and intrusion prevention systems (IPS) offline. While IT teams are distracted by investigating what might be causing these momentary outages on the network, hackers can map the floor plan of their target’s environment, and determine any weak points and vulnerabilities that can later be exploited through other methods, such as ransomware. It is only by deploying an in-line DDoS mitigation system that is always-on, and can detect and mitigate all DDoS attacks as they occur, that security teams can protect themselves from hackers fully understanding all possible vulnerabilities in their networks. While these short DDoS attacks might sound harmless – in that they don’t cause extended periods of downtime – IT teams who choose to ignore them are effectively leaving their doors wide open for ransomware attacks or other more serious intrusions. To keep up with the growing sophistication and organisation of well-equipped and well-funded threat actors, it’s essential that organisations maintain a comprehensive visibility across their networks to spot and resolve any potential incursions as they arise. Source: http://www.scmagazineuk.com/the-hidden-role-of-ddos-in-ransomware-attacks/article/514229/

Read more here:
The Hidden Role of DDoS in Ransomware Attacks