President Obama’s mention of cyber-security in last night’s State of the Union Address came as no surprise. The Obama camp implemented a novel approach this year of “previewing” the President’s main agenda items through a series of speeches in the week preceding the SOTU. But even without the preview, the comments on cyber-security were rather predictable (and brief).
As consumers are getting their shopping lists ready for the biggest shopping days of the year, businesses should get ready as well. Cyber-attacks, and most notably DDoS attacks, are more likely to occur on high traffic days – in fact, according to a 2013 eCommerce Cyber Crime Report conducted by the Ponemon Institute, 64% of respondents say "their organizations have seen an increase in Internet fraud and/or website attacks on high traffic days such as Cyber Monday."
Advancements are continually being made to defend organizations from cyber-attacks. I wanted to take some time to share some powerful reminders of how diligence in approach is needed.
Organizations that used to rely on their service provider’s DDoS protection service (in-the-cloud) found that the attacks that hit their business could and would bypass the provider’s protection layer. This is because DDoS is a tactic, not the overall problem. Attacks borne from the Internet are the problem and solutions designed to handle a simple tactic, wind up falling short.
Over the past week Radware’s Emergency Response Team (ERT) detected a new type of SYN flood which is believed to be specially designed to overcome most of today’s security defenses with a TCP-based volume attack. Within a 48-hour period two different targets in two different continents were targeted with this new technique and have experienced very high attack volumes.
David Monahan is Research Director for Enterprise Management Associates (EMA) and is a featured guest blogger.
DDoS attacks have become commonplace these days. The offending attackers may be hacktivists, cyber-criminals, and nation states or just about anyone else with an Internet grudge and a PayPal or Bitcoin account. These attacks themselves often require no technical skill. Someone with a bone to pick can simply purchase the use of any number of nodes on one or more botnets for an hourly fee (long term rate discounts available); use a Graphical User Interface (GUI) to organize the attack and then launch it.
A few weeks ago, news agencies shared reports on the Energetic Bear attack. This cyber-attack, or rather virus, was reportedly introduced by a Russian hacking group and it targeted oil, gas, power, and energy investment companies. The threatening malware had the ability to shut down major power grids, oil pipelines, gas, and energy traders. Analysts speculate that the attack motive was to gain competitive advantage in state-sponsored espionage against global oil and energy producers.
With an estimated viewing audience of over 3.2 billion globally, the 2014 World Cup draws a large amount of viewers to television screens around the world and it brings a fair amount of advertisers as well.
Does mobile mean a handheld device in today’s world? Not necessarily. The term ‘mobile’ often applies to a phone or even a laptop computer, but in my opinion the definition is changing. Mobile is no longer something you carry, but rather somewhere. The place that you access your systems and the Internet (which is not from an internally managed LAN and doesn’t include a PC on the other end), this is mobile. And this broader category can extend to devices such as Internet accessible cars and the ‘things’ of the Internet-of-Things (IoT) – TVs, gaming consoles, fancy refrigerators.
Recently, independent researcher Chaman Thapa published a report on an attack scenario showing how someone could use Facebook Notes to DDoS any website. When Facebook and DDoS enter the conversation, news spreads quickly and questions emerge. What is the flaw? How serious is it? Who or what can be affected? The Radware Emergency Response Team (ERT) decided to take a look at the Facebook Notes attack type by testing it in our lab. First, here’s some background:
Lately, there has been a lot of buzz about reflection and amplification attacks extending DDoS harm. The new kid on this attack block is NTP. NTP, or Network Time Protocol, is an amplification attack that is an emerging form of DDoS. This attack relies on the use of publically accessible NTP servers to overwhelm a victim’s system. While DNS attacks are still an old favorite, recently there has been a new rash of HTTP-based amplification attacks having a more significant impact than the past standard network floods.