It’s Beginning to Look a Lot Like Cyber-Attack Season

November 9, 2016 — by Ben Desjardins0


This year’s door buster deal might just be a DDoS attack

The luring presence of large bowls of excess Halloween candy laying around my house can only mean one thing: It’s that time of year when retailers are preparing stores (both physical and virtual) for a crush of holiday shoppers on Black Friday.

As the story goes, the term originates from an incident in the late 19th century in Philadelphia. The retailer Wanamaker’s Department Store decided on a deep discount of calico, the most common fabric used for dressmaking at the time. The throngs of shoppers that showed up for the penny-a-yard fabric sale ended up breaking through the glass windows of the front door, forcing the store to close. The closure no doubt cost Wanamaker’s dozens of dollars.


Are you ready for the new age of attacks?

October 13, 2016 — by Ben Desjardins0


The unprecedented attacks launched recently against Brian Krebs’ blog (Krebs on Security) and the hosting provider OVH highlight the immense damage from IoT-driven botnets, and really signal a new age of attacks.

For years, security evangelists have been talking about the potential for IoT-driven attacks, a message that has often been met with a combination of eye rolls and skepticism. That’s likely no longer the case after these latest attacks. It’s a shift I experienced first-hand at the SecureWorld event in Denver where I participated in a panel on the current threat landscape. Suddenly, the IoT threat has more attention in such a setting, whereas in the past it held more merit in the future threats panels and discussions. This week’s panel elicited a palpable degree of anxiety from the audience about what these attacks mean for security professionals.


From Underestimating to Unplugging: Government Attitudes and Strategies on Cyber Security

September 8, 2016 — by Ben Desjardins0


Many years ago when Distributed Denial of Service (DDoS) attacks were becoming a more common problem, I had a meeting with a government agency (not to be named here). The discussion was broad in terms of challenges they faced around cyber security, but it was their response to how they handled DDoS attacks that stuck out more than any part of the meeting. “Oh, we just shut down the servers that are being attacked until the attack subsides,” was their input on DDoS defense strategy. Now, to be fair, this was in the early days of advanced thinking on DDoS defense, and also in the context of a broader climate where the view was if there’s a DDoS attack going on, it might signal an attempt to breach data from the server so best to lose availability than lose data confidentiality.

Times have changed since then and most any government agency now has to more evenly balance the availability threats with those targeting data confidentiality or integrity. Indeed, a few recent situations have highlighted the impacts of a loss of availability and the constituent reaction to security strategies that don’t effectively balance staying connected with staying secure.

Attack Types & VectorsSecurity

Why Online Retailers Should Be On High Alert for Cyber-Attacks

August 18, 2016 — by Ben Desjardins0


The close of summer in the United States brings with it one of the most important online selling seasons for Internet retailers: Back-to-School (BTS) shopping. This critical shopping season trails Cyber Monday closely as the most important for online generated revenue for many retailers. According to a recent study by Field Agent, a research firm specializing in retail, nearly two-thirds of U.S. consumers plan to purchase at least some of their BTS goods online. So, naturally this is a time of year that the security teams for major online retailers need to be on high alert, keeping an eye out for any attacks that can disrupt operations or breach sensitive data. It’s also a time they need to worry about malicious actors targeting customers with phishing attacks, even if there’s little they can do directly to prevent them. With average consumers in U.S. planning to spend between $500-$1,000 on BTS shopping, any impediment to consumer sentiment and quality of experience can have dramatically bad effects.

Given the timeliness of the topic, let’s explore some of what we, at Radware, are seeing as significant trends both in the threat landscape targeting online retailers, but also changes they are making in their IT and business that play into the cyber threats.


Buy Me Some Peanuts and Database Hacks

August 2, 2016 — by Ben Desjardins0


It’s late July and the ‘boys of summer’ are in full swing, if you’ll pardon the pun. I’m a huge baseball fan and love most everything about the sport, including the mystique surrounding many of its unwritten rules. These rules, as their name suggests, cannot be found in any official rule book issued by Major League Baseball or other governing bodies. Nonetheless, they are firmly planted in players’ and coaches’ minds, and have their own system of self-policing administered mostly on the field. Typically penalties come in the form of a high-inside fastball for those that break them. Among the most established of these unwritten rules is the stealing of signs, a practice with many infamous examples throughout the game’s history. My personal favorite sign-stealing story surrounds the Chicago White Sox, who reportedly used a single light bulb in the centerfield scoreboard, turning it on-or-off to signal pitches to the home team batter.

Currently, the game and Major League Baseball is dealing with an entirely different type of stealing, with the recent case and sentencing of Chris Correa, a former executive with the St. Louis Cardinals. Last week, Correa received some ‘chin music’ of his own, being sentenced to nearly four years in prison by a U.S. District Court in Texas for masterminding a hack of the Houston Astros personnel database in search of insights into their player scouting. What’s particularly interesting here is that Correa wasn’t after any pitching or base-running signs, future lineups or other form of in-game strategic insight. Rather, he was after a pool of data that most every Major League Baseball team (and indeed professional teams in other sports) has come to view as highly valuable intellectual property, player analytics.


The Digitization of Baseball

In much the same way businesses in all industries have undergone a digital transformation over the past twenty years, baseball too has undergone its own transformation. This isn’t about Major League Baseball teams selling tickets or memorabilia through a website. The digitization of baseball has to do with the current fascination around in-depth player statistical performance as an indicator of future success. Baseball has always been big on statistics, of course. Few if any games lend themselves to an analysis of numbers the way baseball does. However, in recent years this has taken on a whole new level through the work of what’s often referred to as Sabermetrics, popularized by the book Moneyball by Michael Lewis. In the same way the hyper-statistically driven online advertising industry transformed marketing, Sabermetrics and its followers have turned the long-standing ideas of player scouting on their head. The creation of new statistics found to hold strong correlation to individual and team success have a wave of young math nerds turning their attention to our national pastime. Heck, there’s even an annual conference hosted by MIT Sloan School of Business on the topic of advanced sports analytics.

[You might also like: Cover Your Bases to Protect Your Organization from Advanced Threats]

No one is immune

Perhaps the biggest takeaway beyond the implications of baseball is how this hack reinforces the fact that ‘no one is immune’ from today’s cyber-security threats. As with any business, as more value gets put around proprietary data, more and more attackers will seek to steal that data and/or disrupt operations by tying that data up. The competitively motivated attack is another interesting and important dynamic for organizations to consider. We’ve seen situations with customers where attacks against applications seemed primarily focused on interrupting ecommerce and other transactions, potentially to the benefit of other competing companies more immediately able to satisfy demand. In one particularly unique case, a major U.S.-based airline became the target of cyber-attacks that used bots programmed to “scrape” their site, looking for certain flights, routes and classes of tickets. With the bots acting as faux buyers—continuously creating but never completing reservations on those tickets—the airline was unable to sell the seats to real customers. In essence, the airline’s inventory was held hostage, and a growing number of flights were taking off with empty seats that could have been sold. Additionally, the bots could have been gathering valuable competitive pricing information, including information on the complex formulas that adjust pricing based on current demand.

What should by now be obvious to all is that any business has a wealth of valuable data within its systems. Baseball, just as any ecommerce or financial services organization, has a responsibility to protect that data in order to maintain its value. So the next time you watch a baseball game, consider all the data behind the moves you see on the field. And appreciate the importance to its owners of keeping that data as secure as consumer credit cards or personal health records.


Download Radware’s DDoS Handbook to get expert advice, actionable tools and tips to help detect and stop DDoS attacks.

Download Now

Attack Types & VectorsDDoSSecurity

Early Attack Activity Forcing New Thinking in Healthcare IT/Security

July 7, 2016 — by Ben Desjardins0


Every year when we conduct our survey for the Global Application & Network Security Report, one of the more interesting things to observe is how different industries are viewing the threat landscape. Changes such as technology adoption within industry tend to create new points of vulnerability, which quickly become the targets of malicious actors looking to exploit these new-found points of access. This year has been a particularly eye-opening year for the healthcare industry, which has seen a rash of recent attacks targeting their increased reliance on technology and networked data, often through the tactic of ransom attacks.

The increase in ransom attacks was one of the many interesting angles we saw within the inputs of the healthcare industry through our survey. Others provide additional insight into areas IT and security practitioners in the space have more or less concern, or feel either exposed or more or less secure.

Attack Types & VectorsSecurity

A View from the Corner Offices: New Research on C-Suite Security Mindset

June 28, 2016 — by Ben Desjardins0


The role of the modern information security executive is, in many ways, an unenviable position. The continuous pressure to protect increasingly sensitive data and systems that are decreasingly under direct control from a rapidly advancing threat landscape is enough to keep any CIO/CISO up at night. The challenges and intensities of this role make the input and perspective of those executives that fill it of particular interest and relevance as a factor of the evolving security landscape. Recognizing the weight of this audience’s perspective, we recently conducted a survey of more than 200 C-level security executives from the U.S. and United Kingdom to probe on recent and forthcoming trends and their likely impacts. The findings reveal some consistencies and some variance across geographies and when compared to the inputs of security practitioners deeper within their organizations.


The Not-So Odd Couple of DDoS and WAF

June 21, 2016 — by Ben Desjardins0


As the saying goes in the real world, “necessity is the mother of invention.” However, those of us that work in the technology sector know that this isn’t always the starting point or source in our arena. There are volumes of cautionary tales and vast, virtual graveyards of “products looking for a problem to solve.” Often, these come about when vendors look across their technology portfolio and identify logical interactions that only they can see. Other times they occur through overzealous business development efforts, a sort of unfortunate “you got your chocolate in my peanut butter” scenario where the result tastes anything but sweet.

Cloud SecuritySecurity

“POP” Goes the Vendor that Doesn’t Separate Scrubbing Centers from Always-On Platforms

June 1, 2016 — by Ben Desjardins0


It seems hardly a week can pass without some cloud-based security service provider announcing the latest expansion of their cloud infrastructure. The cadence has turned into something of an arms race mentality on the part of these providers, perhaps in response to a sense that’s what the market wants to see in a service provider. After all, X+1 number of Points of Presence (POPs) is better than X, right?

Well, the real answer is that most confounding of answers: it depends. In this case, the dependency is a question of what specific problem you’re trying to solve.