Tag Archives: stop ddos attacks

Attacking Democracy: Should DDoS Be Considered a Legitimate Form of Protest?

It used to be that news about DDoS attacks was largely limited to tech websites and other specialized information sources, where the focus was on attack vectors, attack sizes, how exactly the perpetrators pulled it off and how websites could protect themselves going forward. These still have their place, especially with the ever-increasing size, complexity and frequency of attacks, but over the last few years DDoS has gone mainstream and gotten political. With DDoS attacks appearing in headlines regarding the U.S. election, Brexit and the push for democracy in Hong Kong, the question has to be asked: should these attacks be considered a legitimate form of protest? Denying services DDoS stands for distributed denial of service, a form of cyberattack that takes aim at websites or online services with the intent of taking them offline or slowing them downso much that they can’t be used. This is accomplished through the use of a botnet – a network of devices that have been infected with malware, allowing attackers to control them remotely and direct the botnet’s considerable traffic at the target, overwhelming the server or network infrastructure. DDoS attacks have been in the mainstream news for the last couple of years. This is because of how pervasive they’ve become, with nearly every website on the Internet now a potential target thanks to DDoS for hire services and DDoS ransom notes, and also because of the high-profile sites that have fallen victim to attacks, including Netflix, PayPal, Twitter and Reddit. Now DDoS attacks stand accused of involvement in some of the biggest political events in recent history. Recent political incidents Distributed denial of service attacks hit the political headlines in 2014 when the people of Hong Kong were in the midst of a major push for democracy, asking for genuine universal suffrage instead of the newly-reformed system that allows citizens to vote for candidates selected by an exclusive nominating committee – a system that seemed overly restrictive as well as too similar to the previous system in which the Chinese Communist Party selected the candidates. When the democratic movement’s official website launched, it logged 680,000 votes in an unofficial poll on candidates in the site’s first weekend despite the fact that it was being battered by DDoS attacks weighing in at over 300 Gbps. Though a perpetrator was not definitively named, it was widely speculated the Chinese government was behind the attacks. In a recent report, the Chinese government has come up alongside the Russian government in rumors surrounding the Brexit vote. In the hours before the deadline to register to vote in the Brexit referendum, the registration site crashed, reportedly due to a DDoS attack. The outage left tens of thousands of voters unable to register to vote, and the referendum ended with 51.9 percent voting to leave the European Union. Though the Russian government has been suspected of meddling via hacking in both the U.S. and French elections, reportedly in favor of Donald Trump and Marine Le Pen, it’s unknown if the Kremlin was involved in DDoS attack attempts on either Hillary Clinton or Donald Trump’s website; it seems more likely these Mirai botnet-powered attempts were instead the work of hackers from underground forums. The argument for recognizing DDoS as legitimate (and legal) protest The history of distributed denial of service attacks go all the way back to 1995 when an Italian collective brought down the French government’s website in protest of France’s nuclear policy. Soon after, a group by the name of the Electronic Disturbance Theater built a tool that enabled anyone to join their virtual sit-ins that targeted the White House website as well as the websites of politicians. Current hacktivist group Anonymous has taken the idea of the virtual sit-in and turned it into a voluntary botnet that allows anyone to donate the use of their device for attacks against targets like the Brazilian government in protest of the FIFA World Cup. These actions would seem to fit the criteria of legal protest, allowing citizens to peacefully albeit virtually demonstrate and rendering a website unavailable in much the same way a sit-in would render an office or institution unavailable. However, in the United States this kind of online activism can be considered a felony. The argument against Not only are DDoS attacks illegal, regardless of whether or not the attack is intended as a form of protest, but legitimizing or legalizing these attacks may cause more problems than it solves. For instance, while an opt-in botnet does seem to be a form of voluntary political activism, almost all botnets are populated by devices that have decidedly not opted in, which means politically-motivated DDoS attacks would be largely perpetrated using the property of people who have not consented. Like signing someone else’s name to a petition, this cannot be permitted. Furthermore, any legislation attempting to legalize DDoS protests would have to find a way to differentiate between attacks coming from voluntary botnets and attacks coming from nation states. A murky area, at best. With so many other forms of protest available to motivated citizens, it’s hard to imagine legalizing or legitimizing any form of DDoS attack. It’s just too easy for these attacks to be used for altogether nefarious and malicious purposes by groups that decidedly do not represent the will or wishes of the people. Source: http://www.techzone360.com/topics/techzone/articles/2017/07/19/433542-attacking-democracy-should-ddos-be-considered-legitimate-form.htm

More here:
Attacking Democracy: Should DDoS Be Considered a Legitimate Form of Protest?

Two Iranians Charged With Hacking US Defense Contractor

The US Department of Justice (DOJ) unsealed an indictment on Monday against two Iranian nationals accused of hacking a US company and stealing software used in ammunition design. The two suspects are Mohammed Reza Rezakhah, 39 and Mohammed Saeed Ajily, 35, both Iranian businessmen. According to the indictment, Ajily ran a company named Andisheh VesaJ Middle East Company, which he used as a front to obtain and sell software in contravention of Western sanctions against Iran. Ajily’s customers included Iranian private companies, but also Iranian military and government entities. Rezakhah ran his own company called Dongle Labs, which provided DRM and license cracking services. Rezakhah was one of the many hackers Ajily hired to steal software from Western companies. The two orchestrated the 2012 hack of Arrow Tech DOJ officials claim that in 2012, Ajily hired Rezakhah to hack and steal software from a US company called Arrow Tech. The indictment says that Rezakhah, together with another accomplice named Nima Golestaneh, rented a server that they used on October 22, 2016, to hack into the Arrow Tech website and adjacent network. Officials say the two hackers stole a software application named Projectile Rocket Ordnance Design and Analysis System (PRODAS), created by Arrow Tech to aid in the design of bullets, missiles, and other military projectiles. Rezakhah cracked the program, which he later supplied to Ajily to market in the Iranian market, but also elsewhere outside the US. Group worked together for at least six years While officials brought charges only for hacking Arrow Tech, the indictment also claims that Ajily and Rezakhah worked together for years, between 2007 and 2013, hacking several targets and stealing software. The FBI also claims that Ajily had many other partners and hackers that he used to obtain his software, along with a network of companies that he used to sell the stolen goods. US officials charged the two suspects with criminal conspiracy relating to computer fraud and abuse, unauthorized access to, and theft of information from, computers, wire fraud, exporting a defense article without a license, and violating sanctions against Iran. A US judge has issued a warrant in their names. Their partner, Nima Golestaneh pleaded guilty to hacking Arrow Tech back in December 2015. In March 2016, the US also charged seven Iranian nationals on accusations of launching repeated DDoS attacks and orchestrating hacks of industrial SCADA equipment on the behest of the Iranian government. Source: https://www.bleepingcomputer.com/news/security/two-iranians-charged-with-hacking-us-defense-contractor/

Read the original:
Two Iranians Charged With Hacking US Defense Contractor

So your company is on social media, are you practicing safe tweeting?

Social media has evolved from a mere millennial fad into a preferred marketing tool used by businesses across Asia Pacific. With Asia Pacific accounting for 54% of global social media users, and Asia Pacific social media users spending an average of two to four hours on social media daily, it makes sense for businesses to use social media to reach their audiences in this digital age. Companies are posting product reviews, photos, client testimonials and videos on their social media pages, in hopes of driving engagement through likes and positive comments and eventually whipping up a viral storm. Brands are even creating social media contests to engage consumers playfully while growing their brand identity, or engaging key influencers to get more people talking. Aside from driving engagement, social media serves as an avenue for companies to solicit customer feedback: Customers’ comments can provide insights on common customer complaints and companies’ points for improvement. But while integrating social media into the marketing mix can bring many benefits, it also has a dark side.  Opening the company to more cyber risks. After all, social media is fast becoming an attractive channel for cybercrime perpetrators. Today, cybercriminals target viral posts to reach a diverse range of people. Through basic spamming techniques such as creating short posts with links to freebies and job posts, cybercriminals lure unsuspecting social media users into clicking malicious links, which transmit malware after they are clicked on. Based on CyberInt’s research, 1.92% of all posts, comments and tweets found on a company’s social media feed are malicious or attempted attacks. Last year, 13% of large organizations experienced a security or data breach associated with social media networking sites. There is no denying that social media sites are now a hotbed for cybercrimes: In 2015, cybercriminals leveraged LinkedIn in health insurance provider Anthem’s hack, exposing sensitive data such as names, Social Security numbers, birth dates, addresses, email addresses, employment information and the salary of as many as 80 million current and former customers. Social phishing, which attempts to obtain an individual’s personal information through a corrupted link or other form of electronic communication, has become a common social media security threat. In the past, phishing attacks typically came in the form of emails; now, they are also perpetrated through social media private messages and wall posts. Links to malware can be disguised as ‘click-bait’ articles or videos posted on a company’s Facebook wall, Twitter or Instagram handles. Malicious links can cause devices to be infected with malware, which grants easy access to personal information and allows hackers to use the infected device as a platform to jump into other networks such as the home or office. Today, cybercriminals are using a wide range of social engineering techniques to spread malware and obtain sensitive data through social messaging channels such as Facebook chat. Cybercriminals are also leveraging social media Distributed Denial of Service (DDoS) attacks, which render social media sites inaccessible for long periods of time, to draw attention away from nefarious schemes usually involving stealthy data siphons. Some social media DDoS attacks also involve comment flooding, which causes a company’s Facebook page or Twitter to be flooded with millions of automated comments in a minute, paralyzing the company’s page feed. Automated programs or social bots are now being increasingly used for such schemes. Cybercriminals today even use illegitimate social media profiles or hijack existing social media profiles to disseminate malicious links and malware to a company’s employees, usually with the goal of extracting an organization’s sensitive data. Some resort to “false flag” scams, which involve impersonating social media platforms to trick users into revealing personal data that will allow them to access a company’s systems. Others go as far as putting up scam e-shops and coming up with fake advertisements on social media to impersonate brands. Aside from weakening a company’s immunity to future cyberattacks, these scams also translate to the loss of consumer trust in compromised brands. Social Media Teams Need to be in the Know Companies utilizing social media have the duty to protect their consumers and employees from cybersecurity risks. They need to take a closer look at what they are posting to prevent socially engineered attacks on employees while simultaneously ensuring that social media comments from the public do not contain links to malicious links that other community members might click on. As social media threats occur outside their network perimeter, organizations cannot easily detect these risks from the onset. They need to focus on prevention and the elimination of potential threats instead through the constant vigilance of cyber-activities. Organizations also need to identify the crown jewels and dedicate more resources to protect them and be aware how cyber criminals might leverage social media to gain access to their crown jewels. One way is to invest in targeted threat intelligence, which allows companies to gain insight on potential or current attacks that can harm their employees, brand reputation and customers. Cyber security organizations, like CyberInt, have cyber tools available that scan social media accounts and purge malicious comments in real time, to provide companies with better peace of mind. Leveraging social media as a marketing tool entails dealing with a sheer number of cybersecurity threats. Awareness is still the best safeguard to these threats: Social media teams should be aware of the risks associated with what they are posting and how cybercriminals are manipulating information in social media sites to advance their own selfish interests.  But awareness should be coupled with concrete action: Companies using social media in their marketing mix should also implement solid security policies to mitigate risks and vulnerabilities. One security measure companies can adopt is ensuring a close coordination between the social media team and the IT team— this arrangement will allow the social media team to stay updated on the latest cybersecurity threats and better monitor risks on their social media feeds.  Employees should also undergo training to improve their cyber hygiene and cyber posture so they can be fully aware of the threats and have a better appreciation of the security policies in place. Good security policies, however, would amount to nothing without the proper security tools. After all, it takes the right combination of people, processes and technology guardrails to address security challenges in today’s rapidly evolving digital workplace. Source: https://www.networksasia.net/article/so-your-company-social-media-are-you-practicing-safe-tweeting.1500001860

Read the original post:
So your company is on social media, are you practicing safe tweeting?

Cloud is adding to network complexity, report says

A third of respondents indicated that the cloud adds the greatest network complexity to their organisation. Cloud adoption is still the ‘most vexing factor’ in increased network complexity, according to a new report by Kentik. The report, based on a poll of 203 IT professionals attending the Cisco Live 2017 annual conference, says cloud adoption is followed by IoT, SDN, and networks functions virtualisation (NFV). It also says that most organisations still aren’t ready for network automation, even though machine learning is seen as ‘important technology for network management’. More than a third (36 per cent) of respondents said cloud adds the greatest network complexity to their organisations. They can still improve operational visibility for cloud and digital business networking, it was added. According to the report, organisations need to be able to spot DDoS attacks better. A third (32 per cent) said they’re using DDoS detection technology. The majority of organisations (70 per cent) says using the same stack of tools to manage both network performance and security hinders operational efficiency. More than half (59 per cent), however, added that their organisation is not yet using the same stack of tools. “There is a lot of noise in our industry right now about intuitive systems and new-age machine learning that can monitor, identify and react to network conditions before issues occur. However, dozens of our largest customers have been telling us, and our survey results from Cisco Live support, that the key 2016 and 2017 enterprise efforts have focused on getting complete visibility into increasingly hybrid network complexity; detecting and preventing DDoS; and integrating tools that can provide operational and business value from network analytics,” said Avi Freedman, co-founder and CEO of Kentik. “Full automation outside of constrained data centre and cloud topologies is still a vision that customers are tracking, but network operators say that they need deeper and comprehensive visibility into their network’s performance and security before they can let their networks run autonomously.” “Real-time network traffic intelligence is a critical component for network operators supporting their organizations with digital transformation,” he added. Source: http://www.dos-mitigation.com/wp-admin/post-new.php

Visit site:
Cloud is adding to network complexity, report says

The Five Biggest Security Concerns After Petya And WannaCry

With many organisations still reeling in the aftermath of the Petya and WannaCry ransomware attacks, it’s not only sensible, but crucial, that they analyse what other dangers they face in the digital age. When TalkTalk was hacked in 2015, the company lost up to £60m and approximately 101,000 customers, and the damage to the organisation’s reputation was huge. CIOs must avoid this fate, by proactively looking at today’s big security concerns in order to protect their company tomorrow. Security vectors evolve rapidly because the malicious parties responsible are constantly innovating. Many cybercrime operations have organisational charts similar to legitimate businesses and use best practices for management, marketing, pricing and operations etc. To combat this cybercrime wave, companies are ploughing money into efforts to protect themselves. So much so that IDC expects spending on security technology to reach $81.7bn in 2017.  In light of this, what are the biggest security concerns organisations face today?     1.  Data Obfuscation and Ransomware Firstly, ransomware, as illustrated by the Petya, WannaCry and CryptoLocker attacks, are set to continue. These attacks affect the real-time information that underpins business transactions creating chaos in the process. Unfortunately, intelligence agencies believe that this is not only a real and present danger, but also an inevitability. As such, it’s crucial that companies not only encrypt their sensitive information, but also regularly back up this data to hard drives that aren’t connected to the wider network. Leaking Intellectual Property As we have already witnessed, with the threat of release of the latest Disney movie or the theft of the NetFlix series, ‘ Orange is the New Black’ , one new form of cyberattack concerns the unauthorised release of Intellectual Property (IP). Many companies across the globe still do not have systems secured adequately and regularly fail to patch against known vulnerabilities. This is the equivalent of leaving the keys in front door and all your valuables stacked neatly in the hallway. It is vital that companies have full visibility across their technology portfolio and regularly update their security software and patches. The Internet of Things (IoT) Intel estimates that by 2020, the number of devices connected to the Internet of Things   (IoT) will increase from 15 billion to 200 billion. This includes everything from pacemakers to refrigerators to connected cars to our clothing. The platforms these devices are built on often have little or no security. Most operate a self-regulation model; and as a result they are very vulnerable to hacking. This was evidenced during the 2016 Dyn attack, which consisted of multiple distributed denial-of-service (DDoS) attacks using a network of hacked internet connected devices. Companies must carefully review the security of devices before connecting them to the network, as they often serve as vulnerable gateways for hackers to exploit. Artificial Intelligence and Machine Learning Artificial Intelligence (AI) and machine learning are increasingly being used to combat cyber threats. However, access to such tools and platforms is still expensive and beyond the reach of many organisations. This is both a blessing and a curse as when the cost of these technologies falls, hackers will invest in these solutions to further their own criminal exploits. As a result, attacks will be automated and have the ability to morph and change on their own, to continue to spread and create widespread destruction in short periods of time. In comparison, the spread of WannaCry will look like the work of children. These exploits will be more lethal, faster and much more dangerous. This means that not only will companies need to invest in new security technologies as soon as they become available and affordable, but must ensure they follow all best practices religiously – such as encrypting and backing up sensitive data. Quantum Computing  This may be the single biggest threat to cybersecurity that no one is paying attention to. Using quantum computers, which can compute vast quantities of information and massively accelerate computing processes, criminals could crack virtually any encryption mechanism currently used for our most sensitive online tasks – such as online banking and sharing electronic health records. While this threat might yet seem unrealistic, technology is advancing at a rapid rate and this may well become a future factor. While ransomware attacks have grabbed the headlines due to the widespread ramifications of Petya and WannaCry, there are other cyber-threats that organisations need to be concerned about. However, they needn’t lose too much sleep as long as they are following security best practices – such as encrypting data, backing up all sensitive information, and automating the renewal of security patches and licenses – which can mitigate vulnerability to an attack. Source: http://www.informationsecuritybuzz.com/articles/five-biggest-security-concerns-petya-wannacry/

Read this article:
The Five Biggest Security Concerns After Petya And WannaCry

5 Ways To Profit From The $24 Trillion Cyber War

Business is under attack to the point of all out cyber war, and there is nowhere more lucrative right now than cyberspace, where a $200-billion-plus market is ripe for investors looking to turn profits that make the pre-bubble dot.com era look like chump change. There are plenty of catalysts, thanks to hackers who most recently managed to hijack the systems of one of the biggest shipping companies in the world, one of the biggest pharmaceutical companies in the world and thousands of others—forcing them to pay ransom in bitcoins to get their data back. There will be no slowdown in cyber-attacks. On the contrary, by 2019, IDC research estimates that 70 percent of major multinational corporations will “face significant cybersecurity attacks aimed at disrupting the distribution of commodities.” Cybersecurity stocks were soaring already—especially since hackers in May managed to take control of tens of thousands of computers. But the late June perfection of cyber kidnapping for ransom has caused stocks to spike by 4 percent or more. According to giant Cisco, there was a 172 percent jump in DDoS (distributed denial-of-service) attacks in 2016, and we’ll be looking at a near tripling of that by 2021. Just in the first quarter of this year there was a reported 380 percent increase in DDoS attacks, according to Nexusguard. Data breaches cost businesses $5.85 million EACH in 2014. This year, that bill will be in the neighborhood of $7.35 million. In total, last year, cybercrime cost the global economy over $450 billion. The cyber-attack on global business in May this year alone could end up costing $4 billion. So, giant multinational corporations are willing to pay a lot for better cybersecurity—and cyber insurance. Global spending on cybersecurity will hit $1 trillion over the next five years, and cybercrime damages will exceed $24 trillion over the same period, according to the Steven Morgan Cybersecurity Industry Outlook: 2017 to 2021. And this is where the big profits are available for the taking. For the foreseeable future, nothing is more lucrative than data security. Here are our top 5 picks as cybersecurity becomes THE most critical industry of our time: #1 FireEye, Inc. (NASDAQ:FEYE) This is one of the most impressive cybersecurity barnstormers out there. It only went public in September 2013, and by December that same year it was spending $1 billion on a major acquisition, Mandiant, which was one of the top data breach and response companies in the space. This is now a massive and fast-growing company of highly sought-after cyber experts and products, all rolled into a cloud-based platform that is a favorite among key Fortune 500 companies, not to mention Global 2000 companies. There was a very aggressive acquisition spree here—and last year the company moved into the black. FireEye peaked in mid-2015 at $55 a share, and then slid to under $11 in mid-March this year. But since then, it’s gained 42 percent and the trajectory looks fantastic, especially in the current cyber warfare climate. #2 Identillect Technologies Corp. ( TSXV:ID ; IDTLF:US ) This is a little-known company sitting in pole position in a $64-billion market that is up for grabs. It’s come up with a two-minute email security solution that could revolutionize encryption, and could corner the lion’s share of the profits in this segment. Half of all email is unencrypted—and it’s at the mercy of pretty much anyone with decent hacking skills. Existing encryption programs are expensive and can take a month to install, but this company is breaking onto the scene with a simple, 2-minute email install solution. It works with Outlook, Office 365, Hotmail, Gmail…PLUS a phone “app” that works on iPhone, Android, Windows and more. There are only 250 professional cryptographers in the U.S… and two of them work at Identillect – a major selling point for this company coming right out of the gates. Customers are lining up because it’s the first solution to a long-time problem that’s now reaching a climax, with companies being fined for NOT encrypting email. They’re already paying an average of $7 million for every data breach. This company is on its way to Silicon Valley, and its patent on the first easy solution to a massive problem is likely to get it a lot of attention in the form of M&A rumblings that dot this cybersecurity landscape. Even more so right now. Since it went commercial in the first quarter of 2015, subscribers have grown over 663 percent, and 19 out of 20 of them stay. They’re compounding monthly, and the breakeven point is almost there. That’s why we’re looking at a 70 percent profit margin in this one. With 5 million Yahoo accounts breached in just one of many huge-scale incidents, encryption is the Holy Grail of our day, and this company has figured out how to make it cheap and easy. #3 Palo Alto Networks  (NYSE:PANW) For expansion, this $12.7-billion market-cap company is a top pick with its sales of next-generation firewall solutions. It covers 150 countries and it protects data infrastructure of at least 85 Fortune 100 companies and—even better—more than half of the Global 2000. That’s some major market share at a time when there is nothing short of corporate panic over data infrastructure protection. It even beat its own outlook. We’re looking at mind-blowing record earnings ($431.8 million in fiscal Q3). This is the clear advantage in the cybersecurity space right now—and it’s all about continual, relentless expansion. #4 Intel Corporation (NASDAQ:INTC) Nothing dominates the semiconductor industry like INTC. We’re looking at over seven divisions here, but the Client Computing Group (CCG) and the Data Center Group (DCG) are the big ones in terms of financial performance, accounting for 87 percent of the company’s total sales last year. INTC dominates the PC market and the server microprocessor market, and its PC chip market share can be as high as an unbelievable 99 percent. Still, some might say this pick is the counter-intuitive one, but…not really. INTC stock has taken a major beating, but with this sector on fire like no other, this is your way in with the giants in this field. INTC had an official correction this year and April earnings caused Wall Street to beat it down. But INTC is still 10 percent higher than last year, regardless. It’s cheaper than its competitors right now, so this may be a buying opportunity. What investors are afraid of, though, is one competitor in particular…our next pick… #5 Advanced Micro Devices, Inc.   (NASDAQ: AMD ) This stock has seen some unbelievable performance over the past year, and that’s why INTC investors are shying away. But while AMD has been impressing beyond belief, we list it as #5 because it’s largely thanks to enthusiasm and future expectations—so there may be a pullback soon. This is the time to keep a close eye on AMD, but also to be very careful about watching whether the company is now going to actually achieve its goals—because the expectations are quite high and now much more is at stake. It’s the right industry to be doing this in, certainly… While AMD had a truly dynamic growth spurt that began in March last year, since February this year, it hasn’t reached any new highs, and the launch of its Ryzen line of products wasn’t embraced by the market with as much excitement as expected. Now things are getting a bit more volatile, which is why INTC might be a better pick right now. Honorable Mentions in the Cybersecurity Space BlackBerry Ltd. (TSE:BB): Forget about the BlackBerry as something you hold—an electronic gadget. This company is back better than ever with software for industrial customers, including security software and services to stop hackers. Quarterly earnings at the end of March were impressive, and April news of a $1-billion cash win from arbitration with Qualcomm can fund more growth. This is the NEW BlackBerry. Absolute Software Corporation (ABT.TO): Absolute Software Corp provides endpoint security and data risk management solutions for commercial, healthcare, education and government customers, tablets and smartphones. Absolute has seen a strong 21% stock growth year to date and is expected to see strong growth as the cyber security market grows at a rampant pace. Avigilon (TSX.AVO): Avigilon develops, manufactures, markets and sells HD and megapixel network-based video surveillance systems, video analytics and access to control equipment. We expect strong continuous growth in the video analytics business and a company such as Avigilon is well positioned to capture market share in the Canadian markets. Sandvine Corporation (TSE:SVC): Ontario is seeing some a vibrant cybersecurity as well, Sandvine corp. is engaged in the development and marketing of network policy control situations for high-speed fixed and mobile Internet service providers. Products include Business Intelligence, Revenue Generation, Traffic Optimization and Network Security. The company has grown 52% year-to-date and we expect strong growth throughout 2017. Pivot Technology Solutions Inc. (TSX:PTG): Pivot focuses on the strategy to acquire and integrate technology solution providers, primarily in North America. It sells and supports integrated computer hardware, software and networking products for business database, network and network security systems. Pivot has seen explosive growth so far this year and we expect the current cyber threats to add to the already strong sentiment in cyber security stocks. Source: http://www.baystreet.ca/articles/stockstowatch.aspx?articleid=31275

More:
5 Ways To Profit From The $24 Trillion Cyber War

Building the right defences before the IoT botnets catch you

PayPal, Spotify, Twitter, Airbnb, the Sony PlayStation Network – what is the connection? These were some of the sites and services that were disrupted as a result of the DDoS attack on Dyn, the cloud DNS provider, last October. The attack is believed to have been caused by the Mirai botnet, which takes advantage of unprotected IoT devices such as CCTV cameras, routers, DVRs and even baby monitors. It can rapidly overwhelm DNS servers with requests, cutting off users from connecting to services they want to use. The botnet seized hundreds of thousands of IoT devices from all over the world. Now, with the source code released to the public, hackers have been given the tools to attack millions of smart devices quickly and easily. Experts thus predict a surge in large-scale attacks that could take almost any company offline. Moreover, considering nearly one quarter of consumers today have an Internet-connected device in their home, the number of victims to these attacks could reach unprecedented levels. How to defend your networks and users against IoT botnets Multiple users relying on one DNS provider means an attack on one is an attack on all, as was the case with the DDoS attack on Dyn. Adopting a hybrid DNS architecture, in which your DNS servers are active all the time, is a strong solution. In this hybrid architecture, the protocol service is spread across a number of DNS servers. If one server is attacked, the service will automatically switch to another unaffected server and customers will have uninterrupted access. Using an alternate cloud DNS together with local DNS-based services ensures you are covered in the event of an attack. It is also a good idea to use advanced DNS hardware that can handle very high traffic, as well as identify and block attacks. Defending your own systems is important, but is there any way of cutting the problem at its root? Using the DNS protocol as a defence Consumer internet services are hard to protect against IoT botnets like Mirai because they are open by design. In addition, most users give little thought to their hardware and use solely a basic firewall already built into a router. Users cannot be expected to keep their networks secure or their hardware up to date, especially with vendors who do not always provide appropriate patches and regular bug fixes. This all creates an increasingly vulnerable and hard to manage environment. How can the wider internet be protected from this growing risk? ISPs can take a stronger stance on securing their networks with tighter controls for customer premises equipment (CPE) and for user networks. Their network hardware can be used to identify common attack patterns, especially from known botnets like Mirai. Once jeopardised networks have been detected, DNS security tools can be used to switch the customer’s CPE from an open network to a more restricted one. It can filter both botnet command as well as control packets. Users are also armed with quick access to tools and techniques to fix their networks and update compromised hardware, while disrupting the botnet structure. However, this approach presents itself with a risk, as it changes the relationship between the ISP and the customer (and could be seen as undue interference). It must be handled together with other ISPs at a regional level, and will need to become part of the contract between user and service provider. Services and ISPs join forces to defend the Internet If service and ISP solutions like these are brought together, along with an industry-wide approach to IoT updates and servicing, we might just have a solution. Key elements would be: Advanced DNS services that can handle DDoS traffic Using multiple DNS services to avoid interruption of key services Using a DNS security layer for CPE, linked to attack pattern detection Consumer ISP quarantine services linked to easy update services for IoT hardware Large-scale DDoS attacks via DNS like those on Dyn cannot be prevented by a single action. Providers, consumers, hardware vendors, and ISPs will need to collaborate in order to deliver a functional solution. Source: https://www.iottechnews.com/news/2017/jul/04/building-right-defences-iot-botnets-catch-you/

See the original article here:
Building the right defences before the IoT botnets catch you

Ubisoft Servers Hit with DDoS Attack – All Online Titles Affected

It’s been a rough morning for Ubisoft servers, as folks trying to login to Rainbow Six Siege , Ghost Recon Wildlands , For Honor and other popular online titles haven’t had a very high success rate. After initially announcing some general server issues close to 10 a.m., Ubisoft announced officially via Twitter that they are monitoring a DDoS attack. It doesn’t appear that this is related to last night’s Ubisoft server issues, but it appears this DDoS attack has no clear end in sight. The official Ubisoft forums state that they are “taking steps to mitigate this issue,” but that people will experience problems connecting to their games and server latency when they do connect. The forums also confirmt hat this is impacting Rainbow Six siege , Steep , For Honor , Ghost Recon Wildlands and the Uplay PC client as a whole. GameRevolution will update this story as more details become available. Source: http://www.gamerevolution.com/news/338483-ubisoft-servers-hit-ddos-attack-online-titles-affected

Read more here:
Ubisoft Servers Hit with DDoS Attack – All Online Titles Affected

$1 Million Ransomware Payment Has Spurred New DDoS-for-Bitcoin Attacks

The $1 million ransom payment paid last week by South Korean web hosting company Nayana has sparked new extortion attempts on South Korean companies. According to local media, seven banks have received emails that asked the organizations to pay ransoms of nearly $315,000 or suffer downtime via DDoS attacks. Only five of the seven targets are publicly known, which are also the country’s biggest financial institutions: KB Kookmin Bank, Shinhan Bank, Woori Bank, KEB Hana Bank, and NH Bank. Ransom demands made by Armada Collective The ransom demands were signed by a group of “Armada Collective,” a name that has a long history behind it. The group first appeared in 2015, and they are considered one of the hacker groups that popularized ransom DDoS (RDoS) attacks alongside another group known as DD4BC (DDoS-for-Bitcoin). While Europol apprehended suspects behind the DD4BC group, the people behind Armada Collective were never caught, and their tactics seem to have evolved across time. Armada Collective and RDoS attacks over time Radware, a cyber-security company that tracks RDoS attacks on a consistent basis, says the group has gone through two main stages. In the beginning, the group targeted a small number of targets, all from the same industry, and launched demo DDoS attacks to prove their claims and force the hand of victims into paying the ransom. After a successful extortion of the ProtonMail secure email service in late 2015 that got a lot of media attention, the group appeared to have gone into hiding, but then returned in 2016. This time around, the group’s tactics changed, and Armada Collective — or impostors posing as the group — only made empty threats, targeting a large number of companies, all at the same time, from different sectors, and rarely launched any DDoS attacks to prove their claims. Armada Collective’s RDoS attacks in 2016 were hardly noticed. Because of the group and DD4BC’s success, numerous other actors entered the DDoS ransom market niche, such as New World Hackers, Lizard Squad (copycats), Kadyrovtsy, RedDoor, ezBTC, Borya Collective, and others. Most of these groups issued empty threats, a common theme with RDoS groups in 2016, also continued in 2017, with new groups such as Stealth Ravens, XMR Squad, ZZb00t, Meridian Collective, Xball Team, and Collective Amadeus. Furthermore, empty DDoS threats from groups posing as Anonymous have been the norm for the past two years, with the most recent wave being detected just last week. Nayana’s payment may lead to more attacks on South Korea Last week, Armada Collective’s name resurfaced after a long period of silence. The ransom demands were sent — not surprisingly — just two days after news broke in the international press that a South Korean web hosting company paid over $1 million in a ransomware demand. Nayana’s payment was the largest ransomware payment ever made and may have involuntarily put a giant bullseye on the backs of all South Korean businesses, now considered more willing to pay outrageous ransom demands to be left alone. The Armada Collective ransom letters sent last week to South Korean banks said the group would launch DDoS attacks on the targeted banks today, June 26, and double their ransom demand. At the time of writing, the attacks didn’t take place, based on evidence available in the public domain. Nonetheless, the attackers won’t be discouraged by this initial refusal, and if they truly have the ability to launch crippling DDoS attacks like the ones that targeted ProtonMail, then South Korean banks and other businesses are in for a long summer. Source: https://www.bleepingcomputer.com/news/security/-1-million-ransomware-payment-has-spurred-new-ddos-for-bitcoin-attacks/

See the original post:
$1 Million Ransomware Payment Has Spurred New DDoS-for-Bitcoin Attacks

Dems: FCC DDoS Attack Raises Cybersecurity Questions

Looking for lots more answers on net neutrality docket. If the FCC was subject to multiple DDoS attacks that affected input in the Open Internet comment docket, leading House Democrats say that raises questions about the FCC’s cybersecurity preparedness that need answers. That came in letters to the FCC and National Cybersecurity and Communications Integration Center. “We ask you to examine these serious problems and irregularities that raise doubts about the fairness, and perhaps even the legitimacy, of the FCC’s process in its net neutrality proceeding,” the Democratic legislators said. “Giving the public an opportunity to comment in an open proceeding such as this one is crucial – so that the FCC can consider the full impact of its proposals, and treat everyone who would be affected fairly.” Democratic Sens. Ron Wyden of Oregon and Brian Schatz of Hawaii had asked FCC Chairnman Ajit Pai for an explanation of the attacks. But the response—that they were “non-traditional” attaocks–only created new questions, the letters to the FCC and NCCIC said. That includes: •”What ‘additional solutions’ is the FCC pursuing to ‘further protect the system,’ as was mentioned in the FCC’s response? •”According to the FCC, the alleged cyberattacks blocked ‘new human visitors … from visiting the comment filing system.’ Yet, the FCC, consulting with the FBI, determined that ‘the attack did not rise to the level of a major incident that would trigger further FBI involvement.’ What analysis did the FCC and the FBI conduct to determine that this was not a ‘major incident?’ •”What specific ‘hardware resources’ will the FCC commit to accommodate people attempting to file comments during high-profile proceedings? Does the FCC have sufficient resources for that purpose? •”Is the FCC making alternative ways available for members of the public to file comments in the net neutrality proceeding?” Signing on to the letters were Energy and Commerce Ranking Member Frank Pallone, Jr. (N.J.), Oversight and Government Reform (OGR) ranking member Elijah Cummings (Md.), E&C Communications and Technology Subcommittee Ranking Member Mike Doyle (Pa.), Oversight and Investigations Subcommittee ranking member Diana DeGette (Colo.), OGR Information Technology Subcommittee ranking member Robin Kelly (Ill.), and Government Operations Subcommittee ranking member Gerald Connolly (Va.) Some of the same Dems have asked Republican leadership of the House E&C to hold a hearing on the FCC Web issues. And last month, another group of Democrats called on the FBI to investigate the multiple DDoS attacks the FCC said it had suffered related to the docket. http://www.multichannel.com/news/congress/dems-fcc-ddos-attack-raises-cybersecurity-questions/413693

See original article:
Dems: FCC DDoS Attack Raises Cybersecurity Questions