main

Cloud SecurityDDoSSecurity

Automated Attacks Are Here to Stay

October 18, 2016 — by Dennis Usle0

automated-attacks-2-960x720.jpg

It seems the future is upon us. Some of you may have heard about the attacks on Brian Krebs’ security researcher and journalist, as well as the attacks on OVH French hosting company. The attacks are accounting for the world’s largest DDoS attacks ever on record, 620Gbps and 1+Tbps respectively. If you’ve read up on these attacks, you’ll also be familiar with the fact that automated bot armies are being leveraged by booter or stresser services. These services are offered by “entrepreneurs” for a nominal fee to their paying clientele. Booter services are not new to the realm of DDoS. What’s changed over the years is the scale and scope these automation engines are achieving. The services command and control networks have grown in number of pwn’d bots and increased capabilities of advanced and effective attack tactics. The exponential population growth of insecure internet-connected devices has enabled this. The Internet of Things (IoT) aka IP-enabled cameras, printers, TVs, refrigerators, etc. have certainly contributed in part because these devices were not developed with security in mind.

DDoSSecurity

The “State” of DDoS Mitigation Products and Vendors

December 3, 2015 — by Dennis Usle0

state-of-ddos-960x540.jpg

DDoS attacks have become a mainstream topic frequently in the news with coverage in major news outlets around the globe from ABC News to ZDNet and most in between.  Attack campaigns by groups like Anonymous, DD4BC, Lizard Squad and Lulzsec have become dinner conversations in many homes and online businesses have been struggling to keep pace with the evolving threat landscape.

Application SecurityAttack MitigationSecurity

The Three Myths of the Availability Threat

June 13, 2012 — by Dennis Usle2

Availability – aka the big “A” – is often the overlooked leg of the CIA triad (the others being Confidentiality and Integrity). Perhaps one contributing factor is the common belief among security professionals that if data is not available it is secure. Corporate executives, on the other hand, have a different opinion as downtime carries with it a hefty price tag.

Attack MitigationDDoS AttacksSecurity

Batten Down The Hatches: Anonymous – Coming Soon to Your Network

March 30, 2012 — by Dennis Usle0

As security professionals facing the rising tide of threats, many of us find ourselves researching and implementing next-generation perimeter defenses to mitigate risks.  Through analysis of threat vs. protection we quickly realize that no single protection will suffice; current risks require multiple protection layers to secure the business.

Typical intrusion prevention services (IPS) and next generation firewall (NGFW) devices claim coverage, but beware – they fall short.  In fact recent studies from Radware’s 2011 Global Application & Network Security Report show combined IPS and FW account for 32% of the common DDoS bottleneck.

Attack MitigationDDoS AttacksSecurity

Has Anonymous Really Developed an Ubuntu-based Operating System?

March 15, 2012 — by Dennis Usle0

Here’s an interesting, new twist to the Anonymous saga:  Someone apparently has developed an Ubuntu distribution with Anonymous iconography and preloaded tools such as HOIC, JTR, Pyloris, SQL Poison, etc.

With 4500+ downloads already it’s still unclear as to who actually authored the O/S.  However, with the reported overhead of supporting the novice followers using BackTrack and other DDoS attack tools it wouldn’t surprise me if this is an attempt to ease the technical support burden of Anonymous.