Inside the World of Hacker Reconnaissance

The inventor of the telephone, Alexander Graham Bell once stated, "Before anything else, preparation is the key to success." Unfortunately, it appears that attackers launching DoS/DDoS attacks have embraced this line of thought and invested their efforts in reconnaissance and meticulous preparation during the "pre-attack" phase. Drawing from attacks handled by our Emergency Response Team (ERT), Radware recently conducted research on the ways in which pre-attack planning and detailed preparation dramatically increases the potency and success rate of attacks.

New Attack Trends – Are You Bringing a Knife to the Gunfight?

Today, we launched our 2012 Global Application and Network Security report. It was prepared by our security experts – the Emergency Response Team (ERT) – who’ve seen their fair share of cyber attacks while actively monitoring and mitigating attacks in real-time. In this year’s annual report, our experts have uncovered several new trends in cyber-security worthy of a closer look.

The New Weekend Warriors – Information Security Pros

As a former military veteran, I fully understand that the term “weekend warriors” is typically used to refer to military personnel on reserve status. These folks are normally tasked with some routine activities throughout the year with their affiliated military ‘unit,’ which is generally fulfilled during a weekend or two as not to disrupt their ‘day’ jobs.

However, have you noticed how similar a private cyber warrior is to a military cyber warrior? In suggesting this, I’m not trying to take anything away from my military brethren. But the duties, tasks and efforts are eerily similar. The nature and persistency of modern day cyber-attacks has forged a new type of information security professional – someone who needs to sacrifice nights, weekends, sleep and a personal life to answer the call of cyber defense duty. Sounds a lot like what I knew when I was in the military.

Mitigating Attacks in 2013: The Year Companies Push Hackers Back

In 2012, DDoS attacks revealed a new cyber security trend: attack campaigns that last for days and sometimes even weeks. Unfortunately, many organizations that find themselves under attack don’t know how to change the attack dynamics. Instead of working to halt attacks, many just wait passively for them to conclude.

But what about stopping the attack? Why can’t organizations become more proactive and implement counter measures that can halt the attackers from sending additional malicious traffic? Why not push the hackers back as far as possible from critical applications?

read more

Recapping the Bloomberg Enterprise Risk Conference

On Nov 29th I had the good fortune to participate in a 45-minute panel discussion at the Bloomberg Enterprise Risk Conference on the following topic:

“WHEN STATE-BASED, STATE-SPONSORED ACTORS TARGET FINANCIAL SERVICES INSTITUTIONS”

The panel consisted of a number of esteemed industry thought leaders including Dimitri Alperovitch, Co-Founder and CTO, CrowdStrike Inc, John M. (Mike) McConnell, Vice Chairman, Booz | Allen | Hamilton; Former Director of National Intelligence (DNI) and Andy Ozment, Senior Director for Cybersecurity, National Security Staff, The White House. Michael Riley, an industry reporting veteran from Bloomberg News and a true gentleman, moderated the panel.