On Tuesday, September 20th around 8:00PM, KrebsOnSecurity.com was the target of a record-breaking 620Gbps volumetric DDoS attack designed to take the site offline. A few days later, the same type of botnet was used in a 1Tbps attack targeting the French webhoster OVH. What’s interesting about these attacks was that compared to previous record-holding attacks, which were less than half the traffic volume, they were not using amplification or reflection. In the case of KrebsOnSecurity, the biggest chunk of the attack traffic came in the form of GRE, which is very unusual. In the OVH attack, more than 140,000 unique IPs were reported in what seemed to be a SYN and ACK flood attack.
You might be surprised at who is behind the most recent cases of cyber-attacks on schools. Would you guess that in many cases, it’s the students themselves? Whether because they want to change their grades or attendance, because they feel it’s fun or they want to test the limits of how much they can get away with, it’s becoming a larger problem across the globe. Part of the issue is the ease in which kids can now access the Darknet, and the increasingly low costs to hire someone to hack the system for them.
Australia’s Prime Minister Malcolm Turnbull recently raised the issue of cyber security education during a Washington D.C. speech. The intention behind such a sentiment is a good one. Teaching cyber security to the public, and making it a part of the education curriculum is essentially a public safety lesson akin to ‘Don’t Do Drugs,’ ‘Don’t Talk To Strangers’, and ‘Be Alert And Aware Of Your Surroundings.’
However, as a society we are at a crossroads where our children have vastly more knowledge of the cyber landscape than adults. Teachers still struggle with computer basics while students are hacking the schools’ computer systems to change their grades, create DDoS attacks on the day of critical testing, and worse.
Summertime is almost over, and back-to-school season is upon us. Beginning now, students all across the globe are beginning to register for their classes, purchase their school supplies, and start working on assignments for the upcoming year. But among these students, there are some who will get up to no good – hacking into the school systems to alter records, to disrupt the school’s normal operations, and to see just how much damage they can do. Let’s take a closer look at some of the reasons why kids are hacking their schools:
Hackers all over the internet today are slowly adapting to the changes in the attack marketplace. Many notorious DDoS groups like Lizard Squad, New World Hackers and others have already entered the DDoS as a Service business, monetizing their capabilities in peace-time by renting out their powerful stresser services. But it’s not just DDoS. It’s all attack services including application-based attacks. These marketed services are now allowing novice hackers with little know-how to launch attacks via affordable tools that are available on the Clearnet. This growth is healthy for any market but has forced vendors to take on more of a traditional marketing strategy.
It’s late July and the ‘boys of summer’ are in full swing, if you’ll pardon the pun. I’m a huge baseball fan and love most everything about the sport, including the mystique surrounding many of its unwritten rules. These rules, as their name suggests, cannot be found in any official rule book issued by Major League Baseball or other governing bodies. Nonetheless, they are firmly planted in players’ and coaches’ minds, and have their own system of self-policing administered mostly on the field. Typically penalties come in the form of a high-inside fastball for those that break them. Among the most established of these unwritten rules is the stealing of signs, a practice with many infamous examples throughout the game’s history. My personal favorite sign-stealing story surrounds the Chicago White Sox, who reportedly used a single light bulb in the centerfield scoreboard, turning it on-or-off to signal pitches to the home team batter.
Currently, the game and Major League Baseball is dealing with an entirely different type of stealing, with the recent case and sentencing of Chris Correa, a former executive with the St. Louis Cardinals. Last week, Correa received some ‘chin music’ of his own, being sentenced to nearly four years in prison by a U.S. District Court in Texas for masterminding a hack of the Houston Astros personnel database in search of insights into their player scouting. What’s particularly interesting here is that Correa wasn’t after any pitching or base-running signs, future lineups or other form of in-game strategic insight. Rather, he was after a pool of data that most every Major League Baseball team (and indeed professional teams in other sports) has come to view as highly valuable intellectual property, player analytics.
You might also like: A View from the Corner Offices: New Research on C-Suite Security Mindset
The Digitization of Baseball
In much the same way businesses in all industries have undergone a digital transformation over the past twenty years, baseball too has undergone its own transformation. This isn’t about Major League Baseball teams selling tickets or memorabilia through a website. The digitization of baseball has to do with the current fascination around in-depth player statistical performance as an indicator of future success. Baseball has always been big on statistics, of course. Few if any games lend themselves to an analysis of numbers the way baseball does. However, in recent years this has taken on a whole new level through the work of what’s often referred to as Sabermetrics, popularized by the book Moneyball by Michael Lewis. In the same way the hyper-statistically driven online advertising industry transformed marketing, Sabermetrics and its followers have turned the long-standing ideas of player scouting on their head. The creation of new statistics found to hold strong correlation to individual and team success have a wave of young math nerds turning their attention to our national pastime. Heck, there’s even an annual conference hosted by MIT Sloan School of Business on the topic of advanced sports analytics.
No one is immune
Perhaps the biggest takeaway beyond the implications of baseball is how this hack reinforces the fact that ‘no one is immune’ from today’s cyber-security threats. As with any business, as more value gets put around proprietary data, more and more attackers will seek to steal that data and/or disrupt operations by tying that data up. The competitively motivated attack is another interesting and important dynamic for organizations to consider. We’ve seen situations with customers where attacks against applications seemed primarily focused on interrupting ecommerce and other transactions, potentially to the benefit of other competing companies more immediately able to satisfy demand. In one particularly unique case, a major U.S.-based airline became the target of cyber-attacks that used bots programmed to “scrape” their site, looking for certain flights, routes and classes of tickets. With the bots acting as faux buyers—continuously creating but never completing reservations on those tickets—the airline was unable to sell the seats to real customers. In essence, the airline’s inventory was held hostage, and a growing number of flights were taking off with empty seats that could have been sold. Additionally, the bots could have been gathering valuable competitive pricing information, including information on the complex formulas that adjust pricing based on current demand.
What should by now be obvious to all is that any business has a wealth of valuable data within its systems. Baseball, just as any ecommerce or financial services organization, has a responsibility to protect that data in order to maintain its value. So the next time you watch a baseball game, consider all the data behind the moves you see on the field. And appreciate the importance to its owners of keeping that data as secure as consumer credit cards or personal health records.
Download Radware’s DDoS Handbook to get expert advice, actionable tools and tips to help detect and stop DDoS attacks.
School networks are increasingly becoming victims of cyber-attacks. They are presented with unique threats and challenges that most organizations do not have to deal with. Every year schools see thousands of new students that bring with them an arsenal of potentially vulnerable devices. To add to this growing complexity, most college campuses have migrated to digital platforms like Blackboard and Moodle. These online web portals are prime targets for denial of service attacks.
Over the last several weeks, we have all become conditioned to mega leaks. 117 million from LinkedIn, 360 million from MySpace, 68 million from Tumblr and 127 million from Badoo. That’s over a half a billion emails and usernames up for grabs! This is a gold mine for hackers. Researchers are not the only ones that obtain and analyze leaked databases. Often times, hackers will keep databases for themselves so they can conduct malicious activity with the credentials.
There once was a big, big, company who had many powerful subsidiary companies, some of which were acquired and some of which were part of the big, big company’s heritage product lines.
This big, big company made many meaningful products and services which were both adored and deeply needed by their many customers, and whose name was known to nearly all in the land.
It didn’t take long for a big name celebrity to be compromised in one of the recent data dumps due to password reuse. I never thought it would be the man that runs the biggest online social network in the world. Mark Zuckerberg had his personal accounts compromised via the LinkedIn leak that was sold on the Darknet marketplace, The Real Deal, by a vendor named Peace of Mind.