Connect with us

Cyber Security

DDoS Attacks Nearly Double Between Q4 2018 and Q4 2019




Peer-to-peer botnets, TCP reflection attacks, and increased activity on Sundays are three DDoS attack trends from last quarter.

The number of distributed denial-of-service (DDoS) attacks nearly doubled between the fourth quarter of 2018 and fourth quarter of 2019, researchers found in a new study of DDoS trends.

Last quarter brought an increase in the number of attacks relative to the third quarter of 2019, Kaspersky Labs researchers report, and attacks also lasted longer. This was expected, they said, as the fourth quarter is often a period of “retail warfare,” driving cybercrime between October and December. The end of 2018 was “very calm” and set an expectation for a 2019 increase. However, researchers did not notice a spike in DDoS activity around Black Friday or Christmas.

DDoS attackers continued to leverage non-standard protocols for amplification attacks in the last quarter of 2019, researchers found. Adversaries have also adopted Apple Remote Management Service (ARMS), part of the Apple Remote Desktop (ARD) application for remote administration. This tactic was first spotted in June 2019; by October, attacks were widespread.

The fourth quarter of 2019 brought multiple high-profile DDoS attacks, including threats against financial organizations in South Africa, Singapore, and nations across Scandinavia. DDoS attacks aimed to cause disruption for the United Kingdom’s Labour party and also targeted Minecraft servers at the Vatican. In a more recent case, just last week the FBI warned of a potential DDoS attack targeting a state-level voter registration and information site.

“This demonstrates that DDoS is still a common attack method among cybercriminals driven by ideological motives or seeking financial gain, and organizations should be prepared for such attacks and have a deep understanding of how they evolve,” researchers said in a statement.

Other notable findings include a rise in “smart” DDoS attacks that focus on the application layer and are launched by skilled attackers. Researchers saw about 28% of DDoS attacks occurred on weekends. Sundays, in particular, proved popular, with 13% of attacks on this day of the week. While it may not seem significant, Sundays have historically been the quietest for DDoS activity and have been growing increasingly popular throughout 2019.

Researchers detected a growing number of peer-to-peer botnets in the past quarter; these operate independent of command-and-control servers and are more difficult to neutralize. One of these botnets, discovered by 360 Netlab researchers, is named Roboto and targets Linux servers. Another, Mozi, typically targets IoT devices and spreads using the DHT protocol.

Some adversaries continue to leverage proven tools and tactics in their DDoS attacks. In the fourth quarter of 2019, researchers saw a wave of TCP reflection attacks in which attackers send requests to legitimate services while appearing as the victim. The victim is overwhelmed with responses; as a result, the attackers’ IP addresses don’t show alerts.

While the duration of DDoS attacks may have slightly lengthened between the third and fourth quarters of 2019, Imperva data indicated a trend toward cheaper and shorter attacks overall. More than 51% of attacks lasted barely 15 minutes in 2019, and only 10% lasted between 15 to 30 minutes. Experts attribute the shift to more availability and use of DDoS-for-hire services, which let nearly anyone strike targets of their choosing with small attacks for as little as $5.

Researchers anticipate stability in DDoS attacks going forward. “Seems like the DDoS market have re-stabilized — we see no prerequisites for either a fall or further growth,” they wrote in a blog post on their findings. “There have been no high-profile arrests or closures of specialized websites for quite some time, and the cryptocurrency market is not showing explosive growth.”

Related Content:

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial … View Full Bio

More Insights


Cyber Security

Incident Of The Week: Garmin Pays $10 Million To Ransomware Hackers Who Rendered…




[Records Exposed: N/A  |  Industry: Technology  |  Type Of Attack: Ransomware]

On July 23, Garmin users went to Twitter to express their concern over inaccessible website features. Four days later, Garmin released an official statement confirming that a cyber attack had taken place. Garmin assured its users that no PII (personal identifying information) was compromised.

The Facts:

Garmin is most commonly known for its fitness tracking capabilities in the form of GPS wearables, but the corporation also operates in the aviation space. Consequently, some planes whose aviation infrastructure relies on Garmin technology were also affected by the hack.

Hackers deployed the ransomware tool WastedLocker, which encrypts key data on a company’s digital infrastructure. In the case of Garmin, website functions, customer support, and user applications were all affected. Unlike typical ransomware software, WastedLocker does not steal identifying information and hold it for ransom. Instead, it renders programs useless until decrypted. The hacking organization then demands a fee for the decryption key. In the case of Garmin, although not verified by the U.S. corporation, it is believed that Garmin paid the $10 million ransom.

In the world of cyber crime, however, nothing is cut and dry. Cyber security experts have linked this young ransomware tool with the Russian hacking group known as Evil Corp. If this is the case, assuming the WastedLocker attack occurred under Evil Corp’s authority and not as a ransomware-for-hire event, Garmin had a difficult choice to make. To return their systems to working order, they had to risk breaking U.S. sanctions against Evil Corp.

Related: Critical Communications For Enterprise Cyber Security Incident Response

Third-party negotiators can act as intermediaries between the hacked and the hackers. It appears that Garmin paid a cyber security firm in New Zealand to assist with the hack, meaning it is likely that they worked as the go-between to legally pay the $10 million ransom without breaking U.S. sanction laws. Garmin has declined to discuss the cyber event beyond its bare-bones press release on the 27th.

Lessons Learned:

While ransomware attacks are nothing new, they are rapidly growing in sophistication and scale. It is believed that organized cyber crime entities are investing their “earnings” back into their hacking infrastructure much the way a startup grows by investing its profits. They’re building out specialized teams in order to run their operation on a larger scale, target larger entities, and decrease their rate of detection.

Traditionally, government organizations, cities, hospitals, and universities are most commonly targets of ransomware attacks. Those ransoms averaged around $100,000. Now, however, it appears threat actors like Evil Corp has moved their sites to Fortune 500 companies with random demands in the millions. Garmin may be just the beginning of a new ransomware era that specifically targets large U.S. corporations. That isn’t to say SMBs are off the hook. As Evil Corp and the likes go after bigger fish, the pond opens up for young hackers to come in and take their place.

To pay or not to pay a ransomware ransom comes down to personal choice. A Tripwire article by Graham Cluley offers this perspective: “That ultimately is a decision that only you can make. Bear in mind that the more companies that pay a ransom, the more the criminals are likely to launch similar attacks in the future. At the same time, you may feel that your business needs to make the difficult but pragmatic decision to pay the criminals if you feel your company cannot survive any other way.”

Related: The Cost Of An Enterprise Ransomware Attack

Quick Tips:

At its core, preventing ransomware attacks is about deploying a holistic cyber security solution. A hacking organization has nothing to ransom if it can’t breach enterprise systems. Most enterprise breaches start as basic phishing schemes. That is why organizations of all sizes must invest the time and money into strong cyber security policies and best practices such as:

  • Making it easy to report suspicious emails by embedding a “report phishing” button into all incoming emails which triggers a cyber security incident response
  • Giving employees the least amount of access they need to do their job, i.e. implementing a zero-trust strategy
  • Practicing and testing anti-phishing awareness internally or with the assistance of a cyber security third party vendor
  • Reducing workplace stress and creating a slower-paced environment, as cyber criminals pray on psychological human responses such as carelessness and hurriedness 

Read More: Incident Of The Week


Continue Reading


AI in Cybersecurity Helping with Threat Hunting, Reducing Attack Vectors




Adding AI in the Security Operations Center can assist with threat hunting, reduce attack vectors and breach attempts, making the organization more proactive. (GETTY IMAGES)

By John P. Desmond, AI Trends Editor

The cybersecurity landscape is looking at higher than ever threat levels, data volumes quadrupling every 36 months, computing power and data transfer speeds increasing just as fast, and a diversity of IoT devices ushering in a new era of automation.

To get a grip on this, more organizations are exploring how AI can help. The Next-generation security operations center (SOC) incorporates automation and orchestration — automation applied to both defense operations and threat hunting incorporating AI and machine learning, and orchestration managing how multiple sets of tools and platforms work together.

“AI and ML are not only used in a next-generation SOC to enhance detection and prevention activities, but also, increasingly, to augment incident response actions such as containment actions, ticket creation, and user engagement to triage and/or validate a suspicious action,” stated John Harrison, Director, Cybersecurity Center of Excellence for Criterion, in an article he wrote for  Nextgov. “The applications of AI and ML reduce the time spent on each alert and improve the Mean Time to Detect as well as the Mean Time to Repair.” Criterion is a systems integrator focused on solutions for government agencies.

New challenges facing SOCs include: serving the needs of remote and teleworking employees, a dramatically increased number during the pandemic; managing multiple cloud platforms; and dealing with an exploding number of IoT devices that need to be configured.

“The structure of SOCs is already adapting and evolving to bring together defensive operations and the analysis of emerging threats with the strategic introduction of new technologies. The result is a mature, flexible, risk-based and cost-efficient approach to ensure the crown jewels of an enterprise remain secure,” Harrison stated.

Historical ways of doing things are being updated. Security information and event management (SIEM), a term coined in 2005, provides a real-time analysis of security alerts generated by applications and network hardware. Firewalls, malware protection and other signature-based options solve part of the problem. Successful threat hunting requires a preemptive search of large data sets, using AI and machine learning. The idea is to identify threats that may or may already have evaded the current detection capabilities.

“The application of automation to threat hunting enables faster response time and more agile and improved recommendations on responses. It reduces attack vectors, breaches, and breach attempts and enables organizations to move from a purely reactive response to operating ahead of threats,” Harrison stated.

AI Seen As Potentially Helping Extend Budgets by Delivering More Value

The push to incorporate AI into cybersecurity is also being seen as a way to extend corporate security budgets under pressure.

AI in cybersecurity until 2014 was a marketing term, stated Raef Meeuwisse, CISM, CISA, author of “Cybersecurity for Business,” in a recent account in infosecurity. He is not a fan of machine learning on its own applied to cybersecurity. “The problem with machine learning is that the AI is limited to the features that it has been taught to expect,” he states. “Fooling a machine learning security system is as simple as adding an unexpected/ unprogrammed feature into the exploit.”

Raef Meeuwisse, CISM, CISA, author of “Cybersecurity for Business”

Artificial neural networks, in contrast, effectively self-organize how the system reviews and manages the data it has access to. “It does not need to have seen the behavior before, it only has to recognize the outcome, or potential outcome,” he states.

Security programs using AI technologies, often running as local agents, can now understand and block rogue identity and access activities, identify and quarantine malware, prevent data loss, adapt the security configurations of devices, with few or no errors. “The progression and investment into artificial neural network technology means that some security software technologies have now reached a level of competency that was unthinkable 10 years ago,” Meeuwisse states.

In some SIEM environments, the AI applied to security can inspect, alert and block based on analysis that would be impossible to achieve manually. “The AI technologies are literally performing the equivalent of years of manual security work every minute,” he states.

As the AI technologies become more stable, the author sees the price point moving lower as well. The average AI anti-malware solution for home use is now priced at less than $1 per device per month. “My own experience using these technologies is that they are incredibly helpful,” he stated.

AI is a New Learning Requirement for Cybersecurity Professionals

Cybersecurity professionals working in enterprises now face a requirement to learn about how AI and machine learning can work within their systems. “AI/ML has a direct effect on cybersecurity teams and brings a whole new set of needs to the enterprise,” stated Bob Peterson, CTO architect at Sungard Availability Services, an IT service management company, in a recent account in .

The creation and maintenance of the AI/ML security system requires a joint effort from many contributors. “The team requires domain experts that understand the security data and how it is generated, data analysis and data science experts that understand data analysis techniques, and AI/ML experts that translate this information into the right models and algorithms,” Peterson stated.

When hiring, it’s good to be open-minded. Maybe a candidate has a needed skill but needs to come up the learning curve in cybersecurity. “It may be easier to educate them on cybersecurity versus the technology skill itself,” Peterson stated.

Cybersecurity also faces a challenge in diversity of staff. Only 20% of security professionals are women and only 26% in the US are from marginalized communities, according to Sivan Nir, a threat intelligence team leader at Skybox Security, a cybersecurity software supplier.

Sivan Nir, threat intelligence team leader, Skybox Security

“This is a big problem because cybersecurity, in particular, is a field that thrives on diversity,” Nir stated. “If you think about who we are up against, cybercriminals come from diverse backgrounds, so it is crucial our teams have different points of views and a variety of thought processes.”

Nir emphasized the importance of making people—especially girls and underrepresented groups—aware of tech and cybersecurity as a career path from a young age. “Working in technological fields should be seen as exciting, not intimidating,” she stated. “Cybersecurity, in particular, is never boring—it tackles real-world challenges at a fast pace every day.”

Read the source articles in Nextgov, infosecurity and ITPro Today.


Continue Reading

Cyber Security

Data Is The New Perimeter




Before the current millennium, enterprise talent would go to the office. It was so straightforward. Talent would all just sit at enterprise stations on prem and exist within a knowingly defined perimeter. The Firewall, VPN, LAN, Antivirus environment was within the gaze- and right under the nose- of the CISO.

CISO prioritization has always been on securing that perimeter. Managing technology vulnerabilities to ensure visibility over the complete threat landscape was the day-in-day out activity. The castle and moat strategy worked well when everything was inside the castle. But as cloud migration began and remote work continued, the perimeter expanded. The best CISOs in the business evolved with these changes and increased focus on nimble privilege-based access as opposed to a simple VPN on/off switch. Data at rest was always in view. Data in transit had been tougher to track. With global enterprise moving to a distributed structure reality, visibility over data in transit is truly an issue.

With the user consistently accessing data via non-enterprise endpoints an updated mindset and approach come into focus. In our Interactive Discussion on the CSHub Mid Year Report, Dennis Leber noted, “data is the new perimeter.”

Infinite Perimeter

We’ve been using the phrase infinite perimeter on CSHub to showcase what must be managed- access, endpoint, cloud and now IoT- as ever expansive. The distributed workforce, plus your 3rd party partners, plus their 3rd party partners thrusts access management and the concepts of least privilege and zero trust to the fore.  Those same distributed users bringing their own devices turns endpoint security into a game of cat and mouse. Your network now includes the home routers of your distributed workforce as well as their smart speakers.

The data breach can now occur via myriad means. And so, rather than focus on the perimeter point that has been breached, focus on the data.

Controls For The Data Breach

A breach has always been focused on the data. But with an easily defined perimeter, the focus of the information security officer was rightly on the breach. Gaining an ever-widening scope of focus on the exponential expanse of the perimeter is mandatory. An additional focus on data at rest and data in transit will assist in that infinite perimeter scope of focus achieving clarity.

The focus has been on knowing where the crown jewels sit and protecting that space. CSHub Executive Board Member and IEEE Public Visibility Initiative spokesperson Kayne McGladrey notes, “if you don’t know where your data live, you can’t apply any effective policies around access controls or do any meaningful incident response or do any meaningful security awareness.”

Focusing on the Data in the Data Breach

As data exfiltration abounds, getting a handle on data in transit is of course, key. McGladrey continues, “right now, for almost all businesses data is the most important thing they have, whether it’s PII, PHI, IP. The threat actors are not attacking because people have nice office spaces that are currently empty, and they’re not attacking because they have nice manufacturing capacity, that’s also operating at a lower rate. They’re attacking because they want to steal the data and do things with it, depending on their motivation. And if you can’t say empirically, ‘We know where all those data are,’ you can not apply controls.”

But having basic controls over data in transit is simply not good enough. McGladrey expounds, “Build both policies to require encryption of data in transit, as well as policies around approved services to use, and then implement telemetry. If you don’t have a policy that says, ‘We’re going to have a standards list of approved services for transmitting data across organizations, and we’re going to have enforcement of that in our technical control,’ – think like a CASB at the very simplest level- then ultimately you have no idea where your data are going at the end of the day.”


Knowing everything about that most-important data in transit leads you to a cogent understanding of your actual enterprise risk. Horizon Power CISO and CSHub Executive Board Member Jeff Campbell notes, “It’s all got to be based on risk. Tapping into the corporate risk framework at your organization and understanding what they consider to be important as a strategic enabler, and then understanding that security- particularly now in this digital future- plays a very, very important part in enabling those strategic initiatives.”

Prioritization and risk go hand-in-hand. If the wrong things are prioritized, your risk increases. McGladrey notes that’s all the more important in a distributed enterprise. “Some of the projects that get spun up aren’t really going to have a material reduction in risk- and they’re not going to have a significant benefit to the business and with a nomadic workforce- that becomes a challenge.”


The organization should of course be already running in line with an industry standard like Center for Internet Security’s critical security controls. That ensures that you know that the enterprise is secure with where the business is. Zeroing in on the larger long-term enterprise goals provides a context of where the business is going. Understanding the Board and C-Suite cyber security focus points denotes how you can connect cyber security to those business goals. And when that connection is made, so is the business case for your current and future budget. 

Campbell sums up, “So how do you prioritize? You develop metrics consistent with what your board likes to see around cyber security, as well as how that ties in into delivery of those initiatives. Those metrics need to be framed in a way that is a common language, and the common language at the board and executive layer. And that’s how you prioritize.”

The theme of business enablement has rifled through the industry over the past few years and the focus now has a fever pitch. A focus on business enablement has been about ensuring that the CISO can simply do what they know they need to do. We have now turned the corner in that business enablement can now help a CISO understand how to prioritize what they need to do.


Continue Reading
AR/VR12 hours ago

Gnomes & Goblins to be Wevr’s Biggest Production, 10x Larger Than the Preview

AI13 hours ago

Is It Worth Investing in a Website Builder?

AR/VR13 hours ago

How to Create a Cloud-connect AR Experience in 15 Minutes or Less

AR/VR13 hours ago

Mortal Blitz: Combat Arena’s PlayStation VR Open Beta Begins Next Week

Crowdfunding15 hours ago

AvidXchange Announces New “Tech Rising” Initiative to Remove Barriers to Technology Education

Blockchain15 hours ago

Swipe Is the Latest Project to Integrate Chainlink’s Price Oracles

Blockchain15 hours ago

Craig Wright Won’t Need to Pay Hodlnaut $60K Until Appeal Is Over, Says Counsel

Blockchain16 hours ago

Bitcoin a Hedge Against Elon Musk Mining Asteroid Gold, Say Winklevoss Twins

AR/VR16 hours ago

Solaris Offworld Combat has Been Delayed to September

Crowdfunding16 hours ago

Mastercard Announces Global Commercial Partnership With Pollinate

AR/VR16 hours ago

Oculus Social VR App ‘Venues’ to Get Overhaul in Preparation for ‘Facebook Horizon’

Blockchain16 hours ago

Thailand’s Central Bank Eyes DeFi Use Cases for Its Digital Baht

Blockchain17 hours ago

Bitcoin Proceeds of COVID-19 Business Support Scheme Fraud Seized

AR/VR18 hours ago

VR Giants’ Co-op Kickstarter Achieves Funding Success

Payments20 hours ago

Huntington Bancshares picks BillGo for faster payments

Payments21 hours ago

Banco Ripley goes live on Temenos Transact

Payments21 hours ago

OakNorth’s UK bank has approved £600m in loans since March

Payments21 hours ago

How a “Chad” minted Curve tokens early and briefly surpassed BTC’s market cap

Start Ups21 hours ago

Diplomatic ties Between Israel and UAE :Donald Trump

Publications22 hours ago

As the pandemic persists, New Zealand considers negative interest rates

Publications22 hours ago

Stock futures rise slightly after S&P 500 struggles to reach February record high

Payments22 hours ago

ABN Amro to slash size of investment bank after losses

Cannabis22 hours ago

Weed memes, explained

Publications22 hours ago

The $150 billion video game industry grapples with a murky track record on diversity

AR/VR22 hours ago

Cas & Chary Present: Top 10 ‘Half-Life: Alyx’ Mods So Far

Cleantech23 hours ago

J.B. Hunt’s 1st Delivery With Fully Electric Freightliner eCascadia

Science23 hours ago

Sabesp anuncia resultados do 2T20

Science23 hours ago Announces Pricing of Public Offering of Common Stock

Blockchain23 hours ago

Four of the Top Five South Korean Banks to Offer Crypto Services

Science23 hours ago

SABESP Announces 2Q20 Results

Payments23 hours ago

Alt Lending – week ending 14th August

Science23 hours ago

Brussels Airport Company has selected Ecolog to perform COVID-19 Tests at the Brussels Airport

Publications23 hours ago

Coronavirus live updates: Congress leaves without passing relief bill; Fauci concerned with U.S. outbreak

Blockchain24 hours ago

Is Chainlink Poised for a Sell Off After Reaching New ATH?

Publications24 hours ago

China may never catch up with its commitments to the U.S. in ‘phase one’ deal, expert says

Science24 hours ago

Danke Partners with Leading Chinese Media to Release 2020 College Graduate Housing Blue Book

Blockchain1 day ago

$12K Bitcoin Price in Sight as Retail, Institutional Traders Turn ‘Greedy’

Blockchain1 day ago

$99 Gas Fees on Ethereum Are Crippling DeFi’s Growth

Crowdfunding1 day ago

UK’s Federation of Small Businesses Says Next Budget Must be “Most Pro-Business Ever” to Combat Negative Effects of First Recession in 11 Years

Start Ups1 day ago

Former New York Times reporter Alex Berenson: I’m increasingly convinced that COVID-19 is a creation of the media/technology complex. (NO – I do not mean it’s not real or was bioengineered)