The State of DDoS Attacks: The Best Offense is a Strong Defense

| February 19, 2019

article image
While DDoS attacks are becoming more frequent, severe and advanced than ever before, attackers are still leveraging the same weapons to launch them. This means that organizations have the unique opportunity to focus less on playing catch-up with criminals and more on strengthening their defenses and locating the weapons being used against them. In our Q4 2018 The State of DDoS Weapons report, we examine the types of weapons being used, where they’re coming from and what DDoS attacks will look like in the near future. Here, we’ll go over the report’s findings so you can learn more about the weapons attackers are using and how you can effectively protect your organization against them. Weapons Used in DDoS Attacks. To overwhelm their targets with massive amounts of data, DDoS attackers will often use reflected amplification weapons.

Spotlight

Security BSides Athens

Security BSides is a community-driven framework for building events for and by Information Security community members. The goal is to expand the spectrum of conversation beyond the traditional confines of space and time. It creates opportunities for individuals to both present and participate in an intimate atmosphere that encourages collaboration. It is an intense event with discussions, demos, and interaction from participants. It is where conversations for the next-big-thing are happening.

OTHER ARTICLES

CISOS PARTICIPATE IN CYBER WARGAMES TO HONE RANSOMWARE RESPONSE PLANS WITH EC-COUNCIL

Article | March 2, 2020

EC-Council, leading global information security certification body, conducted a table-top, cyber wargame among top cybersecurity executives in Tampa, Florida. The sold-out session, “CISO wargame,” included 27 senior executives from the largest managed IT service providers in the United States. The event presented the security experts with a simulated incident where an organization is hit by a ransomware attack. Participants had to work to contain the damage of the attack, which grew more complicated as the 4-hour exercise unfolded. Participants were tasked with deciding whether to pay a ransom and use ransom negotiators as well as to communicate with employees, stockholders, and the media about the breach.

Read More

How Organizations can prepare for Cybersecurity

Article | April 22, 2020

According to a Gartner study in 2018, the global Cybersecurity market is estimated to be as big as US$170.4 billion by 2022. The rapid growth in cybersecurity market is boosted by new technological initiatives like cloud-based applications and workloads that require security beyond the traditional data centres, the internet of things devices, and data protection mandates like EU’s GDPR. Cybersecurity, at its core, is protecting information and systems from cyberthreats that come in many forms like ransomware, malware, phishing attacks and exploit kits. Technological advancements have unfortunately opened as many opportunities to cybercriminals as it has for the authorities. These negative elements are now capable of launching sophisticated cyberattacks at a reduced cost. Therefore, it becomes imperative for organizations across all industries to incorporate latest technologies to stay ahead of the cybercriminals. Table of Contents: - What is the cybersecurity scenario around the world? - Driving Management Awareness towards Cybersecurity - Preparing Cybersecurity Workforce - Cybersecurity Awareness for Other Employees - Conclusion What is the cybersecurity scenario around the world? Even as there has been a steady increase in cyberattacks, according to the 2018 Global State of Information Security Survey from PwC: 44% companies across the world do not have an overall information security strategy, 48% executives said they do not have an employee security awareness training program, and 54% said they do not have an incident response process. So, where does the problem lie? Many boards still see it as an IT problem. Matt Olsen, Co-Founder and President of Business Development and Strategy, IronNet Cybersecurity. Cybersecurity The greater responsibility of building a resilient cybersecurity of an organization lies with its leaders. There is a need to eliminate the stigma of ‘risk of doing business lies solely with the technology leaders of an organization. Oversight and proactive risk management must come under CEO focus. According to the National Association of Corporate Directors' 2016-2017 surveys of public and private company directors, very few leaders felt confident about their security against cyberattacks, perhaps due to their lack of involvement into the subject. Driving Management Awareness towards Cybersecurity • Gain buy-in by mapping security initiatives back to business objectives and explaining security in ways that speak to the business • Update management about your current activities pertaining to the security initiatives taken, recent news about breaches and resolve any doubts. • Illustrate the security maturity of your organization by using audit findings along with industry benchmarks such as BSIMM to show management how your organization fares and how you plan to improve, given their support. • Running awareness program for your management regarding spear-phishing, ransomware and other hacking campaigns that aim for executives and teach how to avoid them. The bottom line is that leaders can seize the opportunity now to take meaningful actions designed to bolster the resilience of their organizations, withstand disruptive cyber threats and build a secure digital society. The bottom line is that leaders can seize the opportunity now to take meaningful actions designed to bolster the resilience of their organizations, withstand disruptive cyber threats and build a secure digital society.. Pwc READ MORE: WEBROOT: WIDESPREAD LACK OF CYBERSECURITY BEST PRACTICES /11029 Preparing Cybersecurity Workforce Hackers are able to find 75% of the vulnerabilities within the application layer. Thus, developers have an important role to play in the cybersecurity of an organization and are responsible for the security of their systems. Training insecure codingis the best way to raise their cybersecurity awareness levels. Raising Cybersecurity Awareness in Developers: • Training developers to code from the attackers’ point of view, using specific snippets from your own apps. • Explain in-depth about vulnerabilities found by calling remedial sessions. • Find ways to make secure coding easier on developers, like integrating security testing and resources into their workflow and early in the SDLC/ • Seek feedback from developers on how your security policies fit into their workflow and find ways to improve. Cybersecurity Awareness for Other Employees According to the Online Trust Alliance’s2016 Data Protection and Breach Readiness Guide, employees cause about 30% of data breaches. Employees are the weakest link in the cybersecurity chain. But that can be changed by creating awareness and educating them on the risks surrounding equipment, passwords, social media, the latest social engineering ploys, and communications and collaboration tools.Make standard security tasks part of their everyday routine, including updating antivirus software and privacy settings, and taking steps as simple as covering cameras when they end a video conference call. Conclusion: The technological advancements are moving faster than anF-16, so the measure are by no means exhaustive. The important thing is to keep pace with numerous cybersecurity measures to not fall prey to a cyberattack. Every organizational level plays an important role in achieving a matured security infrastructure, thus making awareness and participation mandatory. Organizations should consider a natively integrated, automated security platform specifically designed to provide consistent, prevention-based protection for endpoints, data centers, networks, public and private clouds, and software-as-a-service environments READ MORE: A 4 STEP GUIDE TO STRONGER OT CYBERSECURITY

Read More

Security by Sector: Medical IoT Gets Much Needed Dose of Cybersecurity

Article | February 20, 2020

The subject of how information security impacts different industry sectors is an intriguing one. For example, how does the finance industry fare in terms of information security compared to the health sector, or the entertainment business? Are there some sectors that face greater cyber-threats and risks than others? Do some do a better job of keeping data secure, and if so, how and why? Information security risks and challenges in the healthcare industry are well documented and much maligned. There are several reasons why the healthcare sector is particularly vulnerable, but one of the chief causations is the high amount of connected yet insecure devices commonly used within hospitals, clinics and medical centers. For example, a report from researchers at healthcare cybersecurity company CyberMDX discovered that connected medical devices are twice as likely to be vulnerable to the BlueKeep exploit compared to other devices on hospital networks.

Read More

Top Three Cybersecurity Threats You Should Mitigate Before It Is Too Late

Article | December 15, 2020

There are three significant and disruptive cybersecurity threats that are catching organizations of all types and sizes by surprise: Ransomware; Cloud misconfigurations; and Supply chain backdoors. Let me explain with recent examples and guide you on what you can do to avoid making other’s mistakes and falling victim to the threats. Let’s start with ransomware. It is one of the most disruptive risks facing your organization today. Why? Because it can literally bring your operations, no matter who you are, to a standstill and inflict significant cost, pain and suffering. Just look at the recent example of one organization. It was infected with ransomware, and IT systems were shut down for several weeks, bringing operations to a standstill. It had to gradually re-start systems over several more weeks. It estimates it will cost around $95 million from lost sales, recovery and remediation, impacting profitability. Also, it announced it will not be able to attain its growth plans for the year. Take another recent example. A three-hospital system was infected and IT systems were shut down and it could not accept any incoming patients for several days. It had to operate using paper, until gradually the IT systems were re-started over several days. Fortunately, in this case, the incoming patients turned away did not suffer any loss of life and were able to be diverted to other hospitals timely, but it could have been tragic. No organization is immune to ransomware and it can rear its ugly head anytime and inflict severe pain. There are many variants and each can be tweaked easily by the attackers to evade the defense. The Ryuk ransomware is an example of one that has already inflicted significant pain to hundreds of organizations this year in the U.S. and across the globe. Previously, the SamSam ransomware attacked a variety of organizations in the U.S. and Canada, and provided over $6 million in ransom payments and inflicted over $30 million in losses. Prior to that, NotPetya ransomware rapidly inflicted hundreds of organizations in various parts of the world, and caused over $10 billion in damages. The attackers are seeing that with ransomware it is quicker and easier to make the intrusion, and encrypt some of the data than try to exfiltrate all of it. They are asking themselves, why take all the time and trouble to look for all of the data and try to steal it, when only some critical systems and data can be locked up, until a ransom is paid? They are seeing that with ransomware there will be immediate adverse impact since the victim will not be able to access critical data and systems, and will not be able to operate. So, there is high probability the ransom will be paid to stop the pain and suffering, especially if the victim has cyber insurance in place. The organization is likely to use the insurance policy to pay the ransom, rather than continue to have its operations disrupted or shut down. They are also seeing that while most organizations have put in place various controls to prevent and detect data theft, they have not placed an equal weight to preventing and detecting ransomware. Most organizations have a lot of data and given all of the data thefts that have occurred and continue to occur and reported in the press, the bias has been to focus on data theft. But ransomware risk cannot be ignored or approached less seriously. Imagine that you are infected with ransomware and your people cannot access documents, files or systems, and operate. All critical files and systems are locked out from the ransomware encryption, and a ransom payment is demanded by the hacker for the keys to unlock the encryption. What if, it will take you days, weeks or months to recover? What impact would it have on your organization? You may think that you will be able to recover quickly from back up files and systems, but are you sure? The new ransomware variants are devised to hunt down and delete or encrypt backup files and systems also, and in some cases, first, before encrypting rest of the files and systems. The organization that was recently infected that estimates $95 million in financial impact from the ransomware thought it had the risk under control, until it was hit with the ransomware and realized it was not prepared to manage the risk. Now, let’s move to the threat from cloud misconfigurations. You are most probably in the cloud completely or partially. Whether you have completely outsourced your infrastructure and services to a cloud provider or are utilizing one partially, remember, ultimately, you own the cybersecurity and that you are responsible for security in the cloud, while the cloud provider is responsible for security of the cloud. While the cloud provider will provide perimeter security, you are responsible for security of your data, IP and other assets in the cloud, and are equally susceptible to attackers in the cloud as you are on the premises. Even if any of the “big six” cloud providers, such as Amazon Web Services or Microsoft Azure or others, provide the cybersecurity, attackers can exploit weak links in the chain, break in and steal data or cause other harm. A common weak link in the chain are misconfigurations of the various systems that the cloud provider makes available as part of its service. You are responsible for all of the configurations, not the cloud provider. So, if your team does not take the time to fully understand all of the configurations that are necessary and complete them timely, security holes will arise and remain open for the attackers to exploit. Just look at the recent example of an organization that fell victim where the data of over 100 million customers was stolen. This organization was using one of the “big six” cloud providers, but missed making all of the necessary configurations. A former employee of the cloud provider, who was familiar with the systems and configurations, discovered a misconfiguration in a web application firewall and exploited it to break in. The attacker then was able to query a metadata service to obtain keys and tokens, which allowed the attacker to query and copy storage object data and eventually exfiltrate it. This was a case where configuration errors in a web application firewall coupled with unrestricted metadata service access and other errors handed the attacker the keys to the kingdom for the theft of 100 million customers data. Other common cloud misconfigurations that create opportunities for attackers to exploit include: Unrestricted in bound access on uncommon ports Unrestricted outbound access Unrestricted access to non-http/https ports Unrestricted metadata service requests Inactivate monitoring of keys and tokens You may think that you do not have any misconfigurations in your cloud environment, but how do you know? The organization that recently lost 100 million customers data thought it had strong security in its cloud infrastructure, until it was hit with the data theft and realized it was not prepared to manage the risk. Now, let’s move to the threat from supply chain backdoors. No matter what type of organization you are or your size, you most probably have a supply chain, comprised of independent contractors, vendors or partners. Each of these could be the weakest link in the chain. In other words, the attackers may find that one of your suppliers may be easier to break into first because of weaker cybersecurity and may have privileged access to your organization, given their role and responsibilities. So why not first attack the weaker supplier, steal their privileged user credentials and use it to break into your organization and eventually attain the ultimate objective, steal data or commit other harm? Or they may find that one of your suppliers has part of your data in order to provide the outsourced service, so they can steal the data simply by breaking into the supplier with the weaker cybersecurity, so no need to attack you directly. There are many examples of supply chain risk, such as with a government agency, where the credentials of a background check vendor were first stolen to access the agency’s systems, then to move laterally and find other unprotected privileged users credentials to access databases and steal data of 21.5 million individuals, including fingerprints data of 5.6 million individuals. But just look at the recent example of an organization that had outsourced billing and collections to a supplier. This is a case where the attackers did not have to attack directly. In this case, attackers broke into the supplier and injected malicious code into the payments webpages managed by the supplier and stole credit card, banking, medical and other personal information, such as social security numbers, of 11.9 million consumers. The attackers had access to the supplier’s system for eight months, during which it skimmed the data being input by consumers on the payments webpages. So, while your cybersecurity may be in good shape, the weakest link in the chain may be one of your suppliers, who may unwittingly provide the attackers the backdoor into your organization or to your data or IP. So, ransomware, cloud misconfigurations and supply chain backdoors are three significant and disruptive threats facing your organization today that you should mitigate. What c

Read More

Spotlight

Security BSides Athens

Security BSides is a community-driven framework for building events for and by Information Security community members. The goal is to expand the spectrum of conversation beyond the traditional confines of space and time. It creates opportunities for individuals to both present and participate in an intimate atmosphere that encourages collaboration. It is an intense event with discussions, demos, and interaction from participants. It is where conversations for the next-big-thing are happening.

Events