Connect with us

ZDNET

Citrix devices are being abused as DDoS attack vectors

Published

on

Citrix
Images: Citrix // Composition: ZDNet

Threat actors have discovered a way to bounce and amplify junk web traffic against Citrix ADC networking equipment to launch DDoS attacks.

While details about the attackers are still unknown, victims of these Citrix-based DDoS attacks have mostly included online gaming services, such as Steam and Xbox, sources have told ZDNet earlier today.

The first of these attacks have been detected last week and documented by German IT systems administrator Marco Hofmann.

Hofmann tracked the issue to the DTLS interface on Citrix ADC devices.

DTLS, or Datagram Transport Layer Security, is a more version of the TLS protocol implemented on the stream-friendly UDP transfer protocol, rather than the more reliable TCP.

Just like all UDP-based protocols, DTLS is spoofable and can be used as a DDoS amplification vector.

What this means is that attackers can send small DTLS packets to the DTLS-capable device and have the result returned in a many times larger packet to a spoofed IP address (the DDoS attack victim).

How many times the original packet is enlarged determines the amplification factor of a specific protocol. For past DTLS-based DDoS attacks, the amplification factor was usually 4 or 5 times the original packet.

But, on Monday, Hofmann reported that the DTLS implementation on Citrix ADC devices appears to be yielding a whopping 35, making it one of the most potent DDoS amplification vectors.

Citrix confirms issue

Earlier today, after several reports, Citrix has also confirmed the issue and promised to release a fix after the winter holidays, in mid-January 2021.

The company said it’s seen the DDoS attack vector being abused against “a small number of customers around the world.”

The issue is considered dangerous for IT administrators, for costs and uptime-related issues rather than the security of their devices.

As attackers abuse a Citrix ADC device, they might end up exhausting its upstream bandwidth, creating additional costs and blocking legitimate activity from the ADC.

Until Citrix readies officials mitigations, two temporary fixes have emerged.

The first is to disable the Citrix ADC DTLS interface if not used. 

If the DTLS interface is needed, forcing the device to authenticate incoming DTLS connections is recommended, although it may degrade the device’s performance as a result.

Source: https://www.zdnet.com/article/citrix-devices-are-being-abused-as-ddos-attack-vectors/#ftag=RSSbaffb68

ZDNET

Industry once again warns Australian government about falling behind in tech

Published

on

The Australian Academy of Science has published a policy primer calling for the federal government to place emerging digital technologies higher up the priority list.

“Australia risks falling behind as a technologically-driven nation unless we recognise emerging digital technologies as a central, independent sector in its own right, warranting investment in the core aspects of research, innovation, and workforce development,” the organisation wrote.

In the policy primer [PDF], the government-endorsed, not-for-profit organisation warned that Australia could potentially lag behind global peers, saying other nations such as Canada, France, the UK, and the US have placed more resources towards prioritising digital technologies as a strategy to bolster competitiveness.

Australia’s digital innovation earnings relative to its GDP was almost four percentage points lower than the OECD average of 11.2%, the organisation said.

To address this, the organisation put forward three recommendations that it believes would help Australia’s digital technology capability and innovation keep pace with other countries.

The recommendations are to elevate emerging digital technologies as a national science and innovation priority; include research and innovation in emerging digital technologies in the 2021 Research Infrastructure Roadmap; and recognise emerging digital technologies as an independent growth sector.

The Australian Academy of Science added that more investment is needed towards improving the digital literacy of Australians. Referring to RMIT University’s digital inclusion index, it said Australians with lower income, employment, and education have increasingly fallen behind in this area.

Kaspersky APAC managing director Chris Connell has also pushed for stronger promotion of security awareness and digital education saying that government needed to work more closely with industry to achieve this.

“We’re facing security challenges that put a strain on cybersecurity resources. Investing in cyber talent and promoting security awareness and digital education are the keys to success in building cyber resilient digital societies and economies,” Connell said.

“We need to move from the ‘needs’ to actually delivering on this — if we don’t, and the way the world is changing, there will be more and more risk moving forward.”

While the Australian Academy of Science did note the federal government’s recent digital economy strategy and modern manufacturing strategy were a “welcome signal”, it gave the caveat that government still needed to recognise the importance of building scientific capability behind the digital economy, both from an investment and narrative point of view.

“The national narrative and strategy for Australia’s digital economy needs to address the fundamental importance of building and maintaining scientific capabilities in emerging digital technologies to drive investment and build sovereign capability and capacity,” it wrote.

Following a similar theme, the Australian Information Industry Association (AIIA) a few weeks ago expressed concerns that the federal government was not placing enough resources into commercialising emerging technology, such as quantum computing.

“We are in a position of thought leadership and in some ways, we do lead the way. But our concern is that based on global trends, if we don’t take the steps necessary to maintain our position, and we’re not taking those steps, then we will in fact lose our leadership position, lose our resources, lose our IP, lose our skills, and our thought leaders,” AIIA CEO Ron Gauci said at the time. 

Related Coverage

PlatoAi. Web3 Reimagined. Data Intelligence Amplified.
Click here to access.

Source: https://www.zdnet.com/article/industry-once-again-warns-australian-government-about-falling-behind-in-tech/#ftag=RSSbaffb68

Continue Reading

ZDNET

Industry once again warns Australian government about falling behind in tech

Published

on

The Australian Academy of Science has published a policy primer calling for the federal government to place emerging digital technologies higher up the priority list.

“Australia risks falling behind as a technologically-driven nation unless we recognise emerging digital technologies as a central, independent sector in its own right, warranting investment in the core aspects of research, innovation, and workforce development,” the organisation wrote.

In the policy primer [PDF], the government-endorsed, not-for-profit organisation warned that Australia could potentially lag behind global peers, saying other nations such as Canada, France, the UK, and the US have placed more resources towards prioritising digital technologies as a strategy to bolster competitiveness.

Australia’s digital innovation earnings relative to its GDP was almost four percentage points lower than the OECD average of 11.2%, the organisation said.

To address this, the organisation put forward three recommendations that it believes would help Australia’s digital technology capability and innovation keep pace with other countries.

The recommendations are to elevate emerging digital technologies as a national science and innovation priority; include research and innovation in emerging digital technologies in the 2021 Research Infrastructure Roadmap; and recognise emerging digital technologies as an independent growth sector.

The Australian Academy of Science added that more investment is needed towards improving the digital literacy of Australians. Referring to RMIT University’s digital inclusion index, it said Australians with lower income, employment, and education have increasingly fallen behind in this area.

Kaspersky APAC managing director Chris Connell has also pushed for stronger promotion of security awareness and digital education saying that government needed to work more closely with industry to achieve this.

“We’re facing security challenges that put a strain on cybersecurity resources. Investing in cyber talent and promoting security awareness and digital education are the keys to success in building cyber resilient digital societies and economies,” Connell said.

“We need to move from the ‘needs’ to actually delivering on this — if we don’t, and the way the world is changing, there will be more and more risk moving forward.”

While the Australian Academy of Science did note the federal government’s recent digital economy strategy and modern manufacturing strategy were a “welcome signal”, it gave the caveat that government still needed to recognise the importance of building scientific capability behind the digital economy, both from an investment and narrative point of view.

“The national narrative and strategy for Australia’s digital economy needs to address the fundamental importance of building and maintaining scientific capabilities in emerging digital technologies to drive investment and build sovereign capability and capacity,” it wrote.

Following a similar theme, the Australian Information Industry Association (AIIA) a few weeks ago expressed concerns that the federal government was not placing enough resources into commercialising emerging technology, such as quantum computing.

“We are in a position of thought leadership and in some ways, we do lead the way. But our concern is that based on global trends, if we don’t take the steps necessary to maintain our position, and we’re not taking those steps, then we will in fact lose our leadership position, lose our resources, lose our IP, lose our skills, and our thought leaders,” AIIA CEO Ron Gauci said at the time. 

Related Coverage

PlatoAi. Web3 Reimagined. Data Intelligence Amplified.
Click here to access.

Source: https://www.zdnet.com/article/industry-once-again-warns-australian-government-about-falling-behind-in-tech/#ftag=RSSbaffb68

Continue Reading

ZDNET

Westpac has blocked 24,000 abusive messages in payments

Published

on

Westpac said it has managed to block some 24,000 transactions that were deemed as abusive payments.

In its environment, social, and governance strategy update, the bank also noted it required 19,000 customers to change the language they used in transaction descriptions before their payments could be accepted and processed.

The bank added it issued more than 800 warning letters and account suspensions and reported more than 70 customers to authorities for abusive payments.  

The bank announced earlier in the year it would not tolerate any messages containing abuse being sent in transaction descriptions. Terms considered inappropriate by the bank range from swear words through to domestic violence threats.

“We want to create a safer digital banking experience for our customers and send a clear signal that abusive messages in payment transactions will not be tolerated,” Westpac general manager of customer solutions Lisa Pogonoski previously said.

To contain such behaviour, the red and black bank rolled out a new tool enabling customers to report abuse and harassment received in the payment transaction description for inbound payments.

The bank also deployed technology to monitor outgoing payments sent through its online and mobile banking platforms, which blocks certain transactions containing inappropriate or offensive language in real-time.

In other updates, Westpac highlighted that in relation to its Customer Outcomes and Risk Excellence (CORE) program, it has completed 104 out of 327 planned activities designed to uplift the bank’s management and governance of risk. These included upgrading its transaction screen software and settings, identifying data points and establishing automated reconciliations and checks, using analytics to improve detection, and improving risk reporting through a new insights platform.

For the first half the 2022 financial year, Westpac highlighted tech expenses increased AU$40 million, attributing part of the rise was relating to the CORE program. This was off the back of a profit increase, posting AU$3.4 billion.  

IF YOU OR ANYONE YOU KNOW IN AUSTRALIA NEEDS HELP CONTACT ONE OF THESE SERVICES:

  • National Sexual Assault, Domestic Family Violence Counselling Service on 1800 737 732
  • MensLine Australia on 1300 789 978
  • Lifeline on 13 11 14
  • Kids Helpline on 1800 551 800
  • Beyond Blue on 1300 22 46 36
  • Headspace on 1800 650 890
  • In an emergency or if you’re not feeling safe, always call 000

MORE FROM WESTPAC

PlatoAi. Web3 Reimagined. Data Intelligence Amplified.
Click here to access.

Source: https://www.zdnet.com/article/westpac-has-blocked-24000-abusive-messages-in-payments/#ftag=RSSbaffb68

Continue Reading

ZDNET

Westpac has blocked 24,000 abusive messages in payments

Published

on

Westpac said it has managed to block some 24,000 transactions that were deemed as abusive payments.

In its environment, social, and governance strategy update, the bank also noted it required 19,000 customers to change the language they used in transaction descriptions before their payments could be accepted and processed.

The bank added it issued more than 800 warning letters and account suspensions and reported more than 70 customers to authorities for abusive payments.  

The bank announced earlier in the year it would not tolerate any messages containing abuse being sent in transaction descriptions. Terms considered inappropriate by the bank range from swear words through to domestic violence threats.

“We want to create a safer digital banking experience for our customers and send a clear signal that abusive messages in payment transactions will not be tolerated,” Westpac general manager of customer solutions Lisa Pogonoski previously said.

To contain such behaviour, the red and black bank rolled out a new tool enabling customers to report abuse and harassment received in the payment transaction description for inbound payments.

The bank also deployed technology to monitor outgoing payments sent through its online and mobile banking platforms, which blocks certain transactions containing inappropriate or offensive language in real-time.

In other updates, Westpac highlighted that in relation to its Customer Outcomes and Risk Excellence (CORE) program, it has completed 104 out of 327 planned activities designed to uplift the bank’s management and governance of risk. These included upgrading its transaction screen software and settings, identifying data points and establishing automated reconciliations and checks, using analytics to improve detection, and improving risk reporting through a new insights platform.

For the first half the 2022 financial year, Westpac highlighted tech expenses increased AU$40 million, attributing part of the rise was relating to the CORE program. This was off the back of a profit increase, posting AU$3.4 billion.  

IF YOU OR ANYONE YOU KNOW IN AUSTRALIA NEEDS HELP CONTACT ONE OF THESE SERVICES:

  • National Sexual Assault, Domestic Family Violence Counselling Service on 1800 737 732
  • MensLine Australia on 1300 789 978
  • Lifeline on 13 11 14
  • Kids Helpline on 1800 551 800
  • Beyond Blue on 1300 22 46 36
  • Headspace on 1800 650 890
  • In an emergency or if you’re not feeling safe, always call 000

MORE FROM WESTPAC

PlatoAi. Web3 Reimagined. Data Intelligence Amplified.
Click here to access.

Source: https://www.zdnet.com/article/westpac-has-blocked-24000-abusive-messages-in-payments/#ftag=RSSbaffb68

Continue Reading
Esports2 days ago

Here are all of CS:GO’s Operation Riptide skins

Esports5 days ago

NBA 2K22 Limitless Spot-Up and Chef Badges Explained

Esports2 days ago

Valve reveals CS:GO Operation Riptide, featuring private queue, short competitive games, new deathmatch modes, and more

Esports4 days ago

Clash Royale League World Finals 2021 will take place in December with a $1,020,000 prize pool

Esports5 days ago

What is The Old Gym in NBA 2K22 Next Gen?

Esports5 days ago

ArcSystemWorks announces ArcRevo 2021 schedule with Guilty Gear Strive as the only featured title

Esports1 day ago

How to complete all week one missions in Operation Riptide

Cyber Security5 days ago

KrebsonSecurity Reported That TTEC Hit With Ransomware Attack

Esports3 days ago

All Fashion Week Timed Research, Finding Your Voice Special Research, and event-exclusive Field Research tasks and rewards in Pokémon Go

Esports1 day ago

How to start a Private Queue in CS:GO

AR/VR4 days ago

The VR Job Hub: First Contact Entertainment, SyncVR Medical & University of Westminster

Esports4 days ago

Karmine Corp. avoid reverse sweep vs. Fnatic Rising, set record as first team to win back-to-back EU Masters championships

Esports5 days ago

Best Free Throw in NBA 2K22: Which to Use

Esports1 day ago

CS:GO Riptide Case: Full List of New Skins

Esports1 day ago

Pokémon UNITE APK and OBB download links for Android

Esports4 days ago

Gambit Esports defeat Envy 3-0 in VCT Masters Berlin Grand Finals

Esports3 days ago

nexa: “We worked really hard to get back into the shape we were in before the player break”

Esports1 day ago

Some players unable to claim Pokémon UNITE mobile pre-registration rewards due to new error

Esports5 days ago

All Oshawott Pokémon Go Community Day From Scalchops to Seamitars Research tasks and rewards

Esports3 days ago

Team Anarchy and STMN Esports qualify for CoD: Mobile World Championship Finals from Europe

Trending