Tag Archives: security

DNSSEC: Don’t throw the baby out with the bath water

A recent report raiseed concerns about the abuse of DNSSEC to conduct DDoS attacks. The article reported that DNSSEC-signed domains can be used to conduct reflected DDoS attacks with large amplification factors (averaging 28.9x in their study) that could potentially cripple victim servers. The report went on to recommend that organizations deploying DNSSEC should configure their DNS servers to prevent this and other types of abuse. While this report presents some useful information about the … More ?

See more here:
DNSSEC: Don’t throw the baby out with the bath water

Attacks increase as a result of DDoS-for-hire services

DDoS attacks have increased in frequency, scale and complexity over the past year, driven by DDoS-for-hire services, according to a new report. DDoS-for-hire services have caused attacks to become more affordable by enabling unsophisticated threat actors to launch attacks, stated Imperva’s DDoS Threat Landscape Report 2015-2016. The proliferation of these services, also known as “stressers” and “booters,” accounted for an increase in the number of DDoS attacks from 63.8 percent in Q2 2015 to 93 percent in Q1 2016. The U.S. and U.K. are the most frequently targeted countries in DDoS attacks, the report said. In speaking to SCMagazine.com on Thursday, Tim Matthews, vice president of marketing at Imperva Incapsula, said it has become inexpensive to mount DDoS attacks as these kits become “readily available,” creating a “perverse economic ecosystem.” Other security pros have noticed a similar trend. Maxim Goncharov, security researcher at Shape, wrote in an email to SCMagazine.com on Thursday that in the underground community, there are “literally thousands of offers from DDoS professionals.” While a 100-plus GB DDoS attack was virtually unheard of just 18 months ago, attacks of that magnitude are no launched by large scale botnets, according to Tom Kellermann, CEO at Strategic Cyber Ventures. “Mitigation through content delivery and ISP is key here,” wrote Kellermann, formerly CISO of Trend Micro, in an email to SCMagazine.com. Allison Nixon, director of security research at Flashpoint, noted in an email to SCMagazine.com on Thursday that her firm has seen a rise in DDoS-as-a-service in recent years, both in number of services and the power of their attacks. “The problem is that these DDoS services are getting more powerful, and these attacks cause a lot of collateral damage,” she wrote. “Unfortunately, due to the widespread availability of DDoS power, many businesses are learning that purchasing DDoS protection is a requirement to engage in commerce.” Imperva’s Matthews said there has been an uptick in job postings that require technical skills and experience countering these attacks. The rise in DDoS-as-service attacks has become a significant concern for law enforcement, according to William MacArthur, threat intelligence analyst at RiskIQ. The adoption of IPv6 mixed with normal traffic protocol patterns is a method used by attackers that the “current hardware in use in most places of business is not ready to handle,” he wrote in an email to SCMagazine.com on Thursday. Michael Covington, VP product, Wandera, noted that the increase in sophisticated DDoS attacks causes secondary challenges for organizations. “In many situations, a DDoS attack is just a smokescreen for something else the malicious actor is trying to accomplish, whether it involves installing malware, exfiltrating sensitive data or attacking an associate of the target,” he wrote to this publication. Yogesh Amle, managing director and head of software at Union Square Advisors, agreed, noting that DDoS “is one of the most prevalent and common tactics used by cyberterrorists.” However, he also informed this publication that DDoS attacks are increasingly used to distract businesses. He called DDoS the “gateway” to a bigger prize. Amle noted that the rise of the DDoS-as-a-service model is an example of a “dark economy” emerging on the internet. “With money to be made, amateurs and sophisticated hackers are jumping into the fray,” he said. Source: http://www.scmagazine.com/attacks-increase-as-a-result-of-ddos-for-hire-services/article/518544/

Originally posted here:
Attacks increase as a result of DDoS-for-hire services

Global mobile deep packet inspection market explodes

The global mobile deep packet inspection (DPI) market will grow at an impressive CAGR of almost 22% until 2020, according to Technavio. Stateful packet inspection Stateful packet inspection (SPI), also known as shallow packet inspection technology, was widely used for detecting abnormal packets by inspecting the packet headers only. SPI was not able to detect many new network attacks such as network intrusion detection systems (NIDS) evasion and distributed denial of service. Thus, DPI became … More ?

Excerpt from:
Global mobile deep packet inspection market explodes

Subverting protection into DDoS attacks

On average, DNSSEC reflection can transform an 80-byte query into a 2,313-byte response, an amplification factor of nearly 30 times, which can easily cause a network service outage during a DDoS attack, resulting in lost revenue and data breaches, according to Neustar. DNSSEC was designed to provide integrity and authentication to DNS, which it accomplishes with complex digital signatures and key exchanges. As a result, when a DNS record is transferred to DNSSEC, an extraordinary … More ?

Originally posted here:
Subverting protection into DDoS attacks

Meet DDoSCoin, the cryptocurrency that pays when you p0wn

Proof-of-work turned to nefarious purposes, like taking down a Census A curious proof-of-work project built on cryptocurrency has emerged that offers a means to prove participation in distributed denial of service (DDoS) attacks.…

Read More:
Meet DDoSCoin, the cryptocurrency that pays when you p0wn

Census 2016 site falls to DDoS attack: ABS

As widely expected, the Census web site fell over last night — but the ABS has said it was with a little help from external players. The Australian Bureau of Statistics has continued its run of outs, scoring an own goal in the Census main event last night, after the agency claimed the site crashed thanks to four denial of service attacks. “The 2016 online Census form was subject to four Denial of Service attacks of varying nature & severity,” the ABS said on Twitterthis morning. “The first three caused minor disruption but more than 2 million Census forms were successfully submitted and safely stored. After the fourth attack, just after 7:30pm, the ABS took the precaution of closing down the system to ensure the integrity of the data.” “Steps have been taken during the night to remedy these issues, and we can reassure Australians that their data are secure at the ABS.” The agency said it would provide an update at 9am Wednesday. The ABS has launched a joint investigation with the nation’s defence intelligence agency into the assault, which ramped up on Tuesday evening as most of the population was going online to complete the survey. “It was an attack,” chief statistician David Kalisch told ABC radio on Wednesday. “It was quite clear it was malicious.” The source of the attacks is unknown but Kalisch said they came from overseas. On Tuesday, Opposition Leader Bill Shorten said that once the Census is completed, the Australian government needs to discuss with parliamentthe increasing retention of names and address data, and the reasons it is being kept. “I think we need to have a good, long look at the whole process to make sure we’re not asking for information we don’t need,” he said. “And to reassure ourselves that what information that is stored, is stored securely.” The Opposition Leader said politicians committed to boycotting the Census were grandstanding. The intrusions will put a spot light on the federal government’s AU$240 million cyber security strategy and the security of government resources online. The ABS confirmed last week that its IBM-developed online Census forms would not be able to handle names with accents or ligatures. The agency later removed a claim made by it that it was rated by the Australian National Audit Office as being in its “Cyber Secure Zone”. Source: http://www.zdnet.com/article/census-2016-site-falls-to-ddos-attack/

More:
Census 2016 site falls to DDoS attack: ABS

Cybersecurity: Financial Institutions Fret over DDoS Attacks

Financial institutions, especially the banks, are getting more worried about the increasing rate of a new cyber attack called Distributed Denial of Service (DDoS), that has caused huge financial losses running into billions of naira to banks. Financial institutions expressed worries about further loss of funds to DDoS attacks at a security forum organised by MainOne and Radware in Lagos this week and called for technology solutions that would address the threat. During a panel session, Head, Infrastructure Services at Skye Bank, Mr. Tagbo Nnoli, said banks suffered major attacks last year from DDoS attacks on banks and that since then, the banks started seeking solutions to address the issue. Aside DDoS attacks, Nnoli said banks also suffered attacks from phishing and social engineering last year, resulting to huge financial losses. Head, Industry Security Services, Nigeria Inter-Bank Settlement System (NIBBS), Mr. Olufemi Fadairo, who confirmed that banks suffered huge financial losses to cyber attacks last year, however said the rate of losses due to online attacks, were beginning to reduce in 2016, following proactive measures taken by the Central Bank of Nigeria (CBN) and the NIBSS to address financial losses to cyber attacks. According to Fadairo, “NIBSS tries to protect organisations and in the past five years, there has been improvement on financial security. We do benchmarking to find out any disruption of a normal pattern of an organisation. By January 2016, we discussed about DDoS attacks on banks where 63 per cent of banks said such attacks would increase, if not mitigated on time.” Following the threat, we decided to focus on data companies like MainOne that provides data solution for the financial sector, Fadairo said. The Chief Information Security Officer at MainOne, Mr. Chidi Iwe, however raised the hopes of financial institutions at the forum, when he revealed that MainOne had partnered RadWare, a global security company to mitigate DDoS attacks in the country’s financial sector, by redirecting organisation’s traffic to the MainOne DDoS mitigation platform, from where it keeps organisation data fully protected at all times and maintaining the normal operations of organisations on-premises infrastructure. He said the service could detect and mitigate zero-day attack within 18 seconds. According to Iwe, over 50 per cent of enterprise companies globally, suffered DDoS attacks at the end of 2015, and Nigerian businesses are growing in recent yeas and the focus of attacks is gradually shifting to the Nigerian space. Although he said most attacks were not reported publicly in the past, but that there has been over 600 per cent growth in reporting attacks in Nigeria in recent times, based on CBN regulation. Two weeks ago, there was DDoS Attacks in Nigeria. Attacks have caused organisations over $500 billion in recent years, and DDoS attacks are predicted to be on the rise, Iwe said. He however assured financial institutions that the security solution service agreement it signed with Radware in 2016, would address insecurity issues with DDoS attacks. MainOne solution therefore monitors DDoS attacks and create alert for the company using the solution, he said, while listing the benefits of the solution to include online reporting, which allows customers to log online to find out what the trends are. The MainOne solution also offers training for customers in partnership with Radware to boost customer experience. He said capital expenditure CAPEX and operational expenditure OPEX, are completely eliminated by the solution. The Security Solution Architect at Radware, Mr. Eran Danino, while explaining how DDoS operates, said it first attacks firewalls, destroys it before replicating itself into other components. He said most organisations are not ready to mitigate DDoS attack because they either have saturated internet pipes, or they lack the security skills to detect and mitigate attacks. “What we do at Radware is to mitigate the attacks, just as the attackers change their attacking plans regularly,” Danino said. He explained that there was need for organisations to choose the best protection and draw up a checklist to find out the assets that must be protected first. He said Radware uses two approaches to mitigate DDoS attacks, through hybrid solution and full cloud service solution by protecting data from the cloud. Source: http://www.thisdaylive.com/index.php/2016/08/04/cybersecurity-financial-institutions-fret-over-ddos-attacks/

Read the original:
Cybersecurity: Financial Institutions Fret over DDoS Attacks

Security testing platform for app-aware infrastructures

At Black Hat USA 2016, Spirent Communications will be presenting CyberFlood, a security and performance testing platform suitable for complex testing scenarios. With CyberFlood, users can ensure that their security and performance testing addresses their unique environments by emulating realistic traffic volume, threats, and attack scenarios including fuzzing, malware, and DDoS attacks. Designed with team testing in mind, CyberFlood’s intuitive web UI extends easy-to-use best practices for faster, repeatable, and more accurate testing. Users can … More ?

Read More:
Security testing platform for app-aware infrastructures

Bart ransomware victims get free decryptor

AVG malware analyst Jakub Kroustek has devised a decryptor for Bart ransomware, and the company has made it available for download (for free). Bart ransomware This particular piece of malware was first spotted in late June, being delivered via spam emails sent out by the Necurs botnet – the botnet that’s responsible for the onslaught of Locky ransomware and the Dridex Trojan. Bart is not your typical crypto ransomware as it doesn’t encrypt victims’ files. … More ?

See the original article here:
Bart ransomware victims get free decryptor