Attacking Democracy: Should DDoS Be Considered a Legitimate Form of Protest?

It used to be that news about DDoS attacks was largely limited to tech websites and other specialized information sources, where the focus was on attack vectors, attack sizes, how exactly the perpetrators pulled it off and how websites could protect themselves going forward. These still have their place, especially with the ever-increasing size, complexity and frequency of attacks, but over the last few years DDoS has gone mainstream and gotten political.

With DDoS attacks appearing in headlines regarding the U.S. election, Brexit and the push for democracy in Hong Kong, the question has to be asked: should these attacks be considered a legitimate form of protest?

Denying services

DDoS stands for distributed denial of service, a form of cyberattack that takes aim at websites or online services with the intent of taking them offline or slowing them downso much that they can’t be used. This is accomplished through the use of a botnet – a network of devices that have been infected with malware, allowing attackers to control them remotely and direct the botnet’s considerable traffic at the target, overwhelming the server or network infrastructure.

DDoS attacks have been in the mainstream news for the last couple of years. This is because of how pervasive they’ve become, with nearly every website on the Internet now a potential target thanks to DDoS for hire services and DDoS ransom notes, and also because of the high-profile sites that have fallen victim to attacks, including Netflix, PayPal, Twitter and Reddit. Now DDoS attacks stand accused of involvement in some of the biggest political events in recent history.

Recent political incidents

Distributed denial of service attacks hit the political headlines in 2014 when the people of Hong Kong were in the midst of a major push for democracy, asking for genuine universal suffrage instead of the newly-reformed system that allows citizens to vote for candidates selected by an exclusive nominating committee – a system that seemed overly restrictive as well as too similar to the previous system in which the Chinese Communist Party selected the candidates.

When the democratic movement’s official website launched, it logged 680,000 votes in an unofficial poll on candidates in the site’s first weekend despite the fact that it was being battered by DDoS attacks weighing in at over 300 Gbps. Though a perpetrator was not definitively named, it was widely speculated the Chinese government was behind the attacks.

In a recent report, the Chinese government has come up alongside the Russian government in rumors surrounding the Brexit vote. In the hours before the deadline to register to vote in the Brexit referendum, the registration site crashed, reportedly due to a DDoS attack. The outage left tens of thousands of voters unable to register to vote, and the referendum ended with 51.9 percent voting to leave the European Union.

Though the Russian government has been suspected of meddling via hacking in both the U.S. and French elections, reportedly in favor of Donald Trump and Marine Le Pen, it’s unknown if the Kremlin was involved in DDoS attack attempts on either Hillary Clinton or Donald Trump’s website; it seems more likely these Mirai botnet-powered attempts were instead the work of hackers from underground forums.

The argument for recognizing DDoS as legitimate (and legal) protest

The history of distributed denial of service attacks go all the way back to 1995 when an Italian collective brought down the French government’s website in protest of France’s nuclear policy. Soon after, a group by the name of the Electronic Disturbance Theater built a tool that enabled anyone to join their virtual sit-ins that targeted the White House website as well as the websites of politicians.

Current hacktivist group Anonymous has taken the idea of the virtual sit-in and turned it into a voluntary botnet that allows anyone to donate the use of their device for attacks against targets like the Brazilian government in protest of the FIFA World Cup.

These actions would seem to fit the criteria of legal protest, allowing citizens to peacefully albeit virtually demonstrate and rendering a website unavailable in much the same way a sit-in would render an office or institution unavailable. However, in the United States this kind of online activism can be considered a felony.

The argument against

Not only are DDoS attacks illegal, regardless of whether or not the attack is intended as a form of protest, but legitimizing or legalizing these attacks may cause more problems than it solves. For instance, while an opt-in botnet does seem to be a form of voluntary political activism, almost all botnets are populated by devices that have decidedly not opted in, which means politically-motivated DDoS attacks would be largely perpetrated using the property of people who have not consented. Like signing someone else’s name to a petition, this cannot be permitted.

Furthermore, any legislation attempting to legalize DDoS protests would have to find a way to differentiate between attacks coming from voluntary botnets and attacks coming from nation states. A murky area, at best.

With so many other forms of protest available to motivated citizens, it’s hard to imagine legalizing or legitimizing any form of DDoS attack. It’s just too easy for these attacks to be used for altogether nefarious and malicious purposes by groups that decidedly do not represent the will or wishes of the people.


Organizations Must Adapt to Evolving DDoS Attacks

Distributed Denial-of-Service (DDoS) attacks are becoming larger, more frequent, and more complex than ever before. According to Arbor Networks’ 12th Annual Worldwide Infrastructure Security Report (WISR), attack size has grown 7,900% since its initial report – a compound annual growth rate (CAGR) of 44%.

The most recent attacks are significantly larger than anything previously seen, and can now disrupt even the largest internet service providers. This data shows that DDoS attacks have become more than just a nuisance: they are rapidly increasing in size and now threaten to disrupt core Internet infrastructure.

Within the broader spectrum of risks for corporate security and IT decision makers, DDoS attacks present a nettlesome and growing challenge for several reasons. First, while the underlying technology behind DDoS attacks hasn’t changed much, the number of internet-connected devices in the world that can be compromised has dramatically increased.

In addition, the level to which DDoS attacks have become automated and commoditized has also increased. The Mirai-enabled attacks showed off the former; they used an army of internet-connected IoT devices to generate unprecedented levels of traffic.

In the past, a connection to the internet required significant hardware and expense. These days, even light bulbs can be connected to a network, which provides a lot more sources for traffic.

Second, the amount of skill required to successfully run a DDoS attack has been lowered over the last twenty years. While large attacks such as Mirai take some amount of coordination and planning, in many cases a connection to the right forum and a small amount of money ($50-100) can buy you a short attack that can take down unprotected web services.

Why DDoS attacks are hard to prevent

The best way to think about the DDoS problem is to imagine a river system, like the Mississippi or Columbia. At the end of those systems, where they meet the ocean, it’s very obvious that there’s a lot of water moving through those rivers: but at the source of all that water — at the little tiny creeks and streams and rivulets where the water first gathers — those sources don’t necessarily look like that much.

Volumetric-style DDoS attacks, whereby attackers simply flood a target with more data than their connection can handle, use a similar effect: each network only cares about sending IP packets to the “next hop”, without a holistic view or awareness of what the total, internet-wide traffic picture looks like.

So, at the source of a DDoS attack, it can be difficult to differentiate between someone uploading a file and someone perpetrating an attack. What actually matters is whether that one traffic flow joins together with a bunch of other traffic to form a giant river, or if the traffic flow is bounced off a server in such a way that it magnifies the size of the traffic many-fold. In either case, by the time you notice that you’ve got a really huge river of traffic coming at you, it may already be too late.

Emerging approaches to combat DDoS attacks

A promising approach to DDoS can be found with the DDoS Defense for a Community of Peers (3DCoP) project, which uses peer-to-peer collaboration so that like-minded organizations (such as a group of universities, government agencies, banks, or ISPs) act together to rapidly and effectively detect and mitigate DDoS attacks.

With a peer-to-peer collaborative approach, the target of a DDoS attack can send out distress calls to the origin of any traffic it sees. The receivers of these distress calls can then take a look at the traffic they’re seeing, and either pass that message on appropriately or take local action.

Universities, for example, might learn that what looks like normal traffic coming out from one of their student labs looks like a big attack to a target, and use this information to shut off or rate-limit that lab.

Other approaches involve technologies like BGP FlowSpec, an improvement over conventional IP blacklisting. FlowSpec allows a victim of a DDoS to ask its upstream service providers and intermediate networks to block specific kinds of traffic, with a good level of granularity.

Organizations can also relocate services into the cloud, as some cloud operators deploy sensors that can detect and mitigate attacks earlier. Unfortunately, today’s largest attacks are too large for cloud operators to handle, and the attacks may impact geographic regions or critical internet infrastructure.

In the end, there are a variety of methods to filter and redirect traffic, especially for those systems housed in the cloud. However, for the biggest attacks, and for institutions that cannot create replicated versions of their systems in the cloud, techniques such as 3DCoP are key in mitigating DDoS risk.

Specifically, we believe that it is only through rapid, real-time collaboration that DDoS attacks can be correctly identified, sourced, and addressed; without such collaboration, institutions must rely on phone calls and manual router updates, while a river crashes down around them.


Two Iranians Charged With Hacking US Defense Contractor

The US Department of Justice (DOJ) unsealed an indictment on Monday against two Iranian nationals accused of hacking a US company and stealing software used in ammunition design.

The two suspects are Mohammed Reza Rezakhah, 39 and Mohammed Saeed Ajily, 35, both Iranian businessmen.

According to the indictment, Ajily ran a company named Andisheh VesaJ Middle East Company, which he used as a front to obtain and sell software in contravention of Western sanctions against Iran. Ajily’s customers included Iranian private companies, but also Iranian military and government entities.

Rezakhah ran his own company called Dongle Labs, which provided DRM and license cracking services. Rezakhah was one of the many hackers Ajily hired to steal software from Western companies.

The two orchestrated the 2012 hack of Arrow Tech

DOJ officials claim that in 2012, Ajily hired Rezakhah to hack and steal software from a US company called Arrow Tech. The indictment says that Rezakhah, together with another accomplice named Nima Golestaneh, rented a server that they used on October 22, 2016, to hack into the Arrow Tech website and adjacent network.

Officials say the two hackers stole a software application named Projectile Rocket Ordnance Design and Analysis System (PRODAS), created by Arrow Tech to aid in the design of bullets, missiles, and other military projectiles.

Rezakhah cracked the program, which he later supplied to Ajily to market in the Iranian market, but also elsewhere outside the US.

Group worked together for at least six years

While officials brought charges only for hacking Arrow Tech, the indictment also claims that Ajily and Rezakhah worked together for years, between 2007 and 2013, hacking several targets and stealing software.

The FBI also claims that Ajily had many other partners and hackers that he used to obtain his software, along with a network of companies that he used to sell the stolen goods.

US officials charged the two suspects with criminal conspiracy relating to computer fraud and abuse, unauthorized access to, and theft of information from, computers, wire fraud, exporting a defense article without a license, and violating sanctions against Iran.

A US judge has issued a warrant in their names. Their partner, Nima Golestaneh pleaded guilty to hacking Arrow Tech back in December 2015.

In March 2016, the US also charged seven Iranian nationals on accusations of launching repeated DDoS attacks and orchestrating hacks of industrial SCADA equipment on the behest of the Iranian government.


Can Cloud Storage save you from Ransomware Attacks?

Step by step, our personal and work lives are being transferred online and instantaneous connections, real-time cooperation, and free flowing information come at a price. Yes, cybercrime is hardly something new but the recent rise in global ransomware attacks are putting the question of online security into the spotlight and under scrutiny.

The hackers are getting more and more inventive, and it’s becoming harder for the individual as well as companies to protect themselves. What can be done? Can cloud storage save us from ransomware?

Cloud Storage vs. Ransomware

Cloud created a revolution in data storage. It’s cost-effective, easy to access and typically very well guarded. The convenience is reflected in its widespread use. A report by RightScale found that 82% of companies were already using multi-cloud storage strategies. According to a report by Intuit, 78% of small businesses will fully rely on cloud services by 2020. This mass migration of business of all sizes to cloud space rendered it an extremely attractive target.

Sadly, the NotPetya ransomware made it clear that ransomware has gone beyond local and physical storage, and can hit everywhere. Although being publicized as on one of the safest storage options, the cloud is not an exception to the threat.

Let’s Be Realistic

The best way to stay protected is to be realistic and keep informed about the capacity and power of the services on which you are relying. As such, cloud storage is not a magical bulletproof solution that will graciously save you from the ransomware.

To be able to withstand ransomware and other types of attacks, cloud and collaboration services need to start implementing or strengthening solutions that allow for real-time visibility, greater control, data loss prevention, and so forth. If hackers are getting more creative, the levels of security need to follow and surpass them.

How to Leverage Cloud Storage

Despite the cold splash of reality, not all is lost. Cloud storage can be a valuable partner in crime or – better said – your partner in preventing crime.

Scalability - Regardless of shortcomings, cloud services are still best equipped to act as a failsafe and protect you from ransomware today and in the future. Being flexible and scalable in essence, cloud services enable us to keep up with the changes and developments in the malware landscape. In other words, while the nature of the attack is unlikely to change, the delivery method will and cloud services have the agility to adjust aptly.

Security Layers - In most cases, the layers of security over cloud are considerably better than of any other private server. Typically, clouds are a sophisticated combination of elaborate access controls and encrypted technology with the capacity to expand. Plus, many of them provide protection against DDoS attacks which makes them all the more useful.

Backups - Due to reliability and resiliency, backing up your data with a cloud storage is far more efficient. When stored on local storage, frequent backups consume a lot of storage resources and negatively affect computer performance. With the cloud, backups of your information, data and documents can be frequent, and the streamlined failover process provides you with the comfortable safety of backup recovery. A recommended approach is to rely on several clouds simultaneously which provides a much more expansive protections without excessively high costs or unbearable complexity.

How do you know cloud is worth your time?

According to MarketsAndMarkets, the cloud security market will be valued at impressive $8.71 billion by 2019, so companies are ready to invest more and more to improve and strengthen the safety of the cloud environments from malicious attacks.

Cloud storage, although not the ultimate weapon against ransomware attacks, is by far one of the most efficient ways to protect your information without excessive spending or applying overly complicated scenarios. It’s also most likely to scale and thus continue withstanding cybercrime in the future. Nonetheless, it is crucial you select your cloud service carefully as not all are equal.


So your company is on social media, are you practicing safe tweeting?

Social media has evolved from a mere millennial fad into a preferred marketing tool used by businesses across Asia Pacific. With Asia Pacific accounting for 54% of global social media users, and Asia Pacific social media users spending an average of two to four hours on social media daily, it makes sense for businesses to use social media to reach their audiences in this digital age.

Companies are posting product reviews, photos, client testimonials and videos on their social media pages, in hopes of driving engagement through likes and positive comments and eventually whipping up a viral storm. Brands are even creating social media contests to engage consumers playfully while growing their brand identity, or engaging key influencers to get more people talking. Aside from driving engagement, social media serves as an avenue for companies to solicit customer feedback: Customers’ comments can provide insights on common customer complaints and companies’ points for improvement.

But while integrating social media into the marketing mix can bring many benefits, it also has a dark side.  Opening the company to more cyber risks. After all, social media is fast becoming an attractive channel for cybercrime perpetrators.

Today, cybercriminals target viral posts to reach a diverse range of people. Through basic spamming techniques such as creating short posts with links to freebies and job posts, cybercriminals lure unsuspecting social media users into clicking malicious links, which transmit malware after they are clicked on. Based on CyberInt’s research, 1.92% of all posts, comments and tweets found on a company’s social media feed are malicious or attempted attacks. Last year, 13% of large organizations experienced a security or data breach associated with social media networking sites.

There is no denying that social media sites are now a hotbed for cybercrimes: In 2015, cybercriminals leveraged LinkedIn in health insurance provider Anthem’s hack, exposing sensitive data such as names, Social Security numbers, birth dates, addresses, email addresses, employment information and the salary of as many as 80 million current and former customers.

Social phishing, which attempts to obtain an individual’s personal information through a corrupted link or other form of electronic communication, has become a common social media security threat. In the past, phishing attacks typically came in the form of emails; now, they are also perpetrated through social media private messages and wall posts.

Links to malware can be disguised as ‘click-bait’ articles or videos posted on a company’s Facebook wall, Twitter or Instagram handles. Malicious links can cause devices to be infected with malware, which grants easy access to personal information and allows hackers to use the infected device as a platform to jump into other networks such as the home or office.

Today, cybercriminals are using a wide range of social engineering techniques to spread malware and obtain sensitive data through social messaging channels such as Facebook chat. Cybercriminals are also leveraging social media Distributed Denial of Service (DDoS) attacks, which render social media sites inaccessible for long periods of time, to draw attention away from nefarious schemes usually involving stealthy data siphons. Some social media DDoS attacks also involve comment flooding, which causes a company’s Facebook page or Twitter to be flooded with millions of automated comments in a minute, paralyzing the company’s page feed. Automated programs or social bots are now being increasingly used for such schemes.

Cybercriminals today even use illegitimate social media profiles or hijack existing social media profiles to disseminate malicious links and malware to a company’s employees, usually with the goal of extracting an organization’s sensitive data. Some resort to “false flag” scams, which involve impersonating social media platforms to trick users into revealing personal data that will allow them to access a company’s systems. Others go as far as putting up scam e-shops and coming up with fake advertisements on social media to impersonate brands. Aside from weakening a company’s immunity to future cyberattacks, these scams also translate to the loss of consumer trust in compromised brands.

Social Media Teams Need to be in the Know

Companies utilizing social media have the duty to protect their consumers and employees from cybersecurity risks. They need to take a closer look at what they are posting to prevent socially engineered attacks on employees while simultaneously ensuring that social media comments from the public do not contain links to malicious links that other community members might click on.

As social media threats occur outside their network perimeter, organizations cannot easily detect these risks from the onset. They need to focus on prevention and the elimination of potential threats instead through the constant vigilance of cyber-activities. Organizations also need to identify the crown jewels and dedicate more resources to protect them and be aware how cyber criminals might leverage social media to gain access to their crown jewels.

One way is to invest in targeted threat intelligence, which allows companies to gain insight on potential or current attacks that can harm their employees, brand reputation and customers. Cyber security organizations, like CyberInt, have cyber tools available that scan social media accounts and purge malicious comments in real time, to provide companies with better peace of mind.

Leveraging social media as a marketing tool entails dealing with a sheer number of cybersecurity threats. Awareness is still the best safeguard to these threats: Social media teams should be aware of the risks associated with what they are posting and how cybercriminals are manipulating information in social media sites to advance their own selfish interests.  But awareness should be coupled with concrete action: Companies using social media in their marketing mix should also implement solid security policies to mitigate risks and vulnerabilities.

One security measure companies can adopt is ensuring a close coordination between the social media team and the IT team— this arrangement will allow the social media team to stay updated on the latest cybersecurity threats and better monitor risks on their social media feeds.  Employees should also undergo training to improve their cyber hygiene and cyber posture so they can be fully aware of the threats and have a better appreciation of the security policies in place.

Good security policies, however, would amount to nothing without the proper security tools. After all, it takes the right combination of people, processes and technology guardrails to address security challenges in today’s rapidly evolving digital workplace.


Cloud is adding to network complexity, report says

A third of respondents indicated that the cloud adds the greatest network complexity to their organisation.

Cloud adoption is still the ‘most vexing factor’ in increased network complexity, according to a new report by Kentik.

The report, based on a poll of 203 IT professionals attending the Cisco Live 2017 annual conference, says cloud adoption is followed by IoT, SDN, and networks functions virtualisation (NFV).

It also says that most organisations still aren’t ready for network automation, even though machine learning is seen as ‘important technology for network management’.

More than a third (36 per cent) of respondents said cloud adds the greatest network complexity to their organisations. They can still improve operational visibility for cloud and digital business networking, it was added.

According to the report, organisations need to be able to spot DDoS attacks better. A third (32 per cent) said they’re using DDoS detection technology.

The majority of organisations (70 per cent) says using the same stack of tools to manage both network performance and security hinders operational efficiency. More than half (59 per cent), however, added that their organisation is not yet using the same stack of tools.

“There is a lot of noise in our industry right now about intuitive systems and new-age machine learning that can monitor, identify and react to network conditions before issues occur. However, dozens of our largest customers have been telling us, and our survey results from Cisco Live support, that the key 2016 and 2017 enterprise efforts have focused on getting complete visibility into increasingly hybrid network complexity; detecting and preventing DDoS; and integrating tools that can provide operational and business value from network analytics,” said Avi Freedman, co-founder and CEO of Kentik. “Full automation outside of constrained data centre and cloud topologies is still a vision that customers are tracking, but network operators say that they need deeper and comprehensive visibility into their network’s performance and security before they can let their networks run autonomously.”

“Real-time network traffic intelligence is a critical component for network operators supporting their organizations with digital transformation,” he added.


The Five Biggest Security Concerns After Petya And WannaCry

With many organisations still reeling in the aftermath of the Petya and WannaCry ransomware attacks, it’s not only sensible, but crucial, that they analyse what other dangers they face in the digital age. When TalkTalk was hacked in 2015, the company lost up to £60m and approximately 101,000 customers, and the damage to the organisation’s reputation was huge. CIOs must avoid this fate, by proactively looking at today’s big security concerns in order to protect their company tomorrow.

Security vectors evolve rapidly because the malicious parties responsible are constantly innovating. Many cybercrime operations have organisational charts similar to legitimate businesses and use best practices for management, marketing, pricing and operations etc. To combat this cybercrime wave, companies are ploughing money into efforts to protect themselves. So much so that IDC expects spending on security technology to reach $81.7bn in 2017.  In light of this, what are the biggest security concerns organisations face today?

   1. Data Obfuscation and Ransomware

Firstly, ransomware, as illustrated by the Petya, WannaCry and CryptoLocker attacks, are set to continue. These attacks affect the real-time information that underpins business transactions creating chaos in the process. Unfortunately, intelligence agencies believe that this is not only a real and present danger, but also an inevitability. As such, it’s crucial that companies not only encrypt their sensitive information, but also regularly back up this data to hard drives that aren’t connected to the wider network.

  1. Leaking Intellectual Property

As we have already witnessed, with the threat of release of the latest Disney movie or the theft of the NetFlix series, ‘Orange is the New Black’, one new form of cyberattack concerns the unauthorised release of Intellectual Property (IP). Many companies across the globe still do not have systems secured adequately and regularly fail to patch against known vulnerabilities. This is the equivalent of leaving the keys in front door and all your valuables stacked neatly in the hallway. It is vital that companies have full visibility across their technology portfolio and regularly update their security software and patches.

  1. The Internet of Things (IoT)

Intel estimates that by 2020, the number of devices connected to the Internet of Things (IoT) will increase from 15 billion to 200 billion. This includes everything from pacemakers to refrigerators to connected cars to our clothing. The platforms these devices are built on often have little or no security. Most operate a self-regulation model; and as a result they are very vulnerable to hacking. This was evidenced during the 2016 Dyn attack, which consisted of multiple distributed denial-of-service (DDoS) attacks using a network of hacked internet connected devices. Companies must carefully review the security of devices before connecting them to the network, as they often serve as vulnerable gateways for hackers to exploit.

  1. Artificial Intelligence and Machine Learning

Artificial Intelligence (AI) and machine learning are increasingly being used to combat cyber threats. However, access to such tools and platforms is still expensive and beyond the reach of many organisations. This is both a blessing and a curse as when the cost of these technologies falls, hackers will invest in these solutions to further their own criminal exploits. As a result, attacks will be automated and have the ability to morph and change on their own, to continue to spread and create widespread destruction in short periods of time. In comparison, the spread of WannaCry will look like the work of children. These exploits will be more lethal, faster and much more dangerous. This means that not only will companies need to invest in new security technologies as soon as they become available and affordable, but must ensure they follow all best practices religiously – such as encrypting and backing up sensitive data.

  1. Quantum Computing 

This may be the single biggest threat to cybersecurity that no one is paying attention to. Using quantum computers, which can compute vast quantities of information and massively accelerate computing processes, criminals could crack virtually any encryption mechanism currently used for our most sensitive online tasks – such as online banking and sharing electronic health records. While this threat might yet seem unrealistic, technology is advancing at a rapid rate and this may well become a future factor.

While ransomware attacks have grabbed the headlines due to the widespread ramifications of Petya and WannaCry, there are other cyber-threats that organisations need to be concerned about. However, they needn’t lose too much sleep as long as they are following security best practices – such as encrypting data, backing up all sensitive information, and automating the renewal of security patches and licenses – which can mitigate vulnerability to an attack.


5 Ways To Profit From The $24 Trillion Cyber War

Business is under attack to the point of all out cyber war, and there is nowhere more lucrative right now than cyberspace, where a $200-billion-plus market is ripe for investors looking to turn profits that make the pre-bubble era look like chump change.

There are plenty of catalysts, thanks to hackers who most recently managed to hijack the systems of one of the biggest shipping companies in the world, one of the biggest pharmaceutical companies in the world and thousands of others—forcing them to pay ransom in bitcoins to get their data back.

There will be no slowdown in cyber-attacks. On the contrary, by 2019, IDC research estimates that 70 percent of major multinational corporations will “face significant cybersecurity attacks aimed at disrupting the distribution of commodities.”

Cybersecurity stocks were soaring already—especially since hackers in May managed to take control of tens of thousands of computers. But the late June perfection of cyber kidnapping for ransom has caused stocks to spike by 4 percent or more.

According to giant Cisco, there was a 172 percent jump in DDoS (distributed denial-of-service) attacks in 2016, and we’ll be looking at a near tripling of that by 2021. Just in the first quarter of this year there was a reported 380 percent increase in DDoS attacks, according to Nexusguard.

Data breaches cost businesses $5.85 million EACH in 2014. This year, that bill will be in the neighborhood of $7.35 million. In total, last year, cybercrime cost the global economy over $450 billion. The cyber-attack on global business in May this year alone could end up costing $4 billion.

So, giant multinational corporations are willing to pay a lot for better cybersecurity—and cyber insurance.

Global spending on cybersecurity will hit $1 trillion over the next five years, and cybercrime damages will exceed $24 trillion over the same period, according to the Steven Morgan Cybersecurity Industry Outlook: 2017 to 2021.

And this is where the big profits are available for the taking. For the foreseeable future, nothing is more lucrative than data security.

Here are our top 5 picks as cybersecurity becomes THE most critical industry of our time:

#1 FireEye, Inc. (NASDAQ:FEYE)

This is one of the most impressive cybersecurity barnstormers out there. It only went public in September 2013, and by December that same year it was spending $1 billion on a major acquisition, Mandiant, which was one of the top data breach and response companies in the space.

This is now a massive and fast-growing company of highly sought-after cyber experts and products, all rolled into a cloud-based platform that is a favorite among key Fortune 500 companies, not to mention Global 2000 companies.

There was a very aggressive acquisition spree here—and last year the company moved into the black. FireEye peaked in mid-2015 at $55 a share, and then slid to under $11 in mid-March this year. But since then, it’s gained 42 percent and the trajectory looks fantastic, especially in the current cyber warfare climate.

#2 Identillect Technologies Corp. (TSXV:ID; IDTLF:US)

This is a little-known company sitting in pole position in a $64-billion market that is up for grabs. It’s come up with a two-minute email security solution that could revolutionize encryption, and could corner the lion’s share of the profits in this segment.

Half of all email is unencrypted—and it’s at the mercy of pretty much anyone with decent hacking skills. Existing encryption programs are expensive and can take a month to install, but this company is breaking onto the scene with a simple, 2-minute email install solution.

It works with Outlook, Office 365, Hotmail, Gmail…PLUS a phone “app” that works on iPhone, Android, Windows and more.

There are only 250 professional cryptographers in the U.S… and two of them work at Identillect – a major selling point for this company coming right out of the gates.

Customers are lining up because it’s the first solution to a long-time problem that’s now reaching a climax, with companies being fined for NOT encrypting email. They’re already paying an average of $7 million for every data breach.

This company is on its way to Silicon Valley, and its patent on the first easy solution to a massive problem is likely to get it a lot of attention in the form of M&A rumblings that dot this cybersecurity landscape. Even more so right now.

Since it went commercial in the first quarter of 2015, subscribers have grown over 663 percent, and 19 out of 20 of them stay. They’re compounding monthly, and the breakeven point is almost there. That’s why we’re looking at a 70 percent profit margin in this one.

With 5 million Yahoo accounts breached in just one of many huge-scale incidents, encryption is the Holy Grail of our day, and this company has figured out how to make it cheap and easy.

#3 Palo Alto Networks (NYSE:PANW)

For expansion, this $12.7-billion market-cap company is a top pick with its sales of next-generation firewall solutions. It covers 150 countries and it protects data infrastructure of at least 85 Fortune 100 companies and—even better—more than half of the Global 2000. That’s some major market share at a time when there is nothing short of corporate panic over data infrastructure protection.

It even beat its own outlook. We’re looking at mind-blowing record earnings ($431.8 million in fiscal Q3). This is the clear advantage in the cybersecurity space right now—and it’s all about continual, relentless expansion.

#4 Intel Corporation (NASDAQ:INTC)

Nothing dominates the semiconductor industry like INTC. We’re looking at over seven divisions here, but the Client Computing Group (CCG) and the Data Center Group (DCG) are the big ones in terms of financial performance, accounting for 87 percent of the company’s total sales last year. INTC dominates the PC market and the server microprocessor market, and its PC chip market share can be as high as an unbelievable 99 percent.

Still, some might say this pick is the counter-intuitive one, but…not really. INTC stock has taken a major beating, but with this sector on fire like no other, this is your way in with the giants in this field. INTC had an official correction this year and April earnings caused Wall Street to beat it down. But INTC is still 10 percent higher than last year, regardless. It’s cheaper than its competitors right now, so this may be a buying opportunity.

What investors are afraid of, though, is one competitor in particular…our next pick…

#5 Advanced Micro Devices, Inc. (NASDAQ:AMD)

This stock has seen some unbelievable performance over the past year, and that’s why INTC investors are shying away. But while AMD has been impressing beyond belief, we list it as #5 because it’s largely thanks to enthusiasm and future expectations—so there may be a pullback soon. This is the time to keep a close eye on AMD, but also to be very careful about watching whether the company is now going to actually achieve its goals—because the expectations are quite high and now much more is at stake. It’s the right industry to be doing this in, certainly…

While AMD had a truly dynamic growth spurt that began in March last year, since February this year, it hasn’t reached any new highs, and the launch of its Ryzen line of products wasn’t embraced by the market with as much excitement as expected. Now things are getting a bit more volatile, which is why INTC might be a better pick right now.

Honorable Mentions in the Cybersecurity Space

BlackBerry Ltd. (TSE:BB): Forget about the BlackBerry as something you hold—an electronic gadget. This company is back better than ever with software for industrial customers, including security software and services to stop hackers. Quarterly earnings at the end of March were impressive, and April news of a $1-billion cash win from arbitration with Qualcomm can fund more growth. This is the NEW BlackBerry.

Absolute Software Corporation (ABT.TO): Absolute Software Corp provides endpoint security and data risk management solutions for commercial, healthcare, education and government customers, tablets and smartphones. Absolute has seen a strong 21% stock growth year to date and is expected to see strong growth as the cyber security market grows at a rampant pace.

Avigilon (TSX.AVO): Avigilon develops, manufactures, markets and sells HD and megapixel network-based video surveillance systems, video analytics and access to control equipment. We expect strong continuous growth in the video analytics business and a company such as Avigilon is well positioned to capture market share in the Canadian markets.

Sandvine Corporation (TSE:SVC): Ontario is seeing some a vibrant cybersecurity as well, Sandvine corp. is engaged in the development and marketing of network policy control situations for high-speed fixed and mobile Internet service providers. Products include Business Intelligence, Revenue Generation, Traffic Optimization and Network Security. The company has grown 52% year-to-date and we expect strong growth throughout 2017.

Pivot Technology Solutions Inc. (TSX:PTG): Pivot focuses on the strategy to acquire and integrate technology solution providers, primarily in North America. It sells and supports integrated computer hardware, software and networking products for business database, network and network security systems. Pivot has seen explosive growth so far this year and we expect the current cyber threats to add to the already strong sentiment in cyber security stocks.


Short, low-volume DDoS attacks pose greatest security and availability threat to businesses

How can your organisation defend against constant DDoS attacks?

Think what you can’t see can’t hurt you? A new report from Corero Network Security has shown that, when it comes to DDoS attacks, this is definitely not the case. The report suggests that the barrage of short, low volume DDoS attacks – which often go undetected by IT security staff and many DDoS protection systems – are in fact, the greatest DDoS risk for organisations, because they frequently go undetected and often mask more serious network intrusions.

According to the DDoS Trends and Analysis Report, these short, stealth DDoS attacks are often used to disrupt and distract network operators. Typically less than 10Gbps in volume and less than 10 minutes in duration, these sub-saturating attacks are capable of knocking a firewall or intrusion prevention system (IPS) offline so that hackers can target, map and infiltrate a network to install malware and engage data exfiltration activity. These hidden motives have led Corero to describe this type of attack as “Trojan Horse” DDoS.

Stephanie Weagle, VP at Corero Network Security discusses the key findings from the report below, and what the increased frequency and sophistication of DDoS attacks means for organisations trying to defend against today’s evolving cyber threat landscape.

What were the findings from your latest DDoS Trends report?

“The research shows that short, frequent, low-volume DDoS attacks continue to be the norm. Despite several headline-dominating, high-volume DDoS attacks over the past year, the majority (80%) of the DDoS attack attempts against Corero customers during Q1 2017 were less than 1Gbps per second in volume. In addition, almost three quarters (71%) of the attacks mitigated by Corero lasted 10 minutes or less.

In total, Corero customers experienced an average of 124 DDoS attack attempts per month, equivalent to 4.1 attacks per day during Q1 of 2017. This is a 9 percent increase in attacks over Q4 2016.”

Since last year’s attacks on Krebs on Security and Dyn, have we entered a quiet phase in terms of DDoS attacks?

“As the research shows, DDoS attacks are by no means slowing down. The DDoS incidents that are experienced on a daily basis are the short, low volume attacks—just because these attacks aren’t making the evening news, does not mean that they don’t occur. “

Why are these short, sub-saturating denial-of-service attacks so dangerous?

“The Internet of Things (IoT) introduced a host of opportunities for DDoS hackers as these devices hold the potential for extremely large botnets. Corero has identified a 55% increase in large DDoS attacks of more than 10Gb per second, in the first quarter of 2017, compared to the previous quarter. However, low-volume, short duration DDoS attacks can also be dangerous. Our report discovered that 73% of attacks in Q4 2016 and 71% of Q1 2017 lasted 10 minutes or less. These attacks can be a smokescreen, designed not to outright deny service but to distract from an alternative motive, usually data theft and network infiltration. This allows hackers to perfect their attack techniques while remaining under the radar. In addition to service outages, latency and downtime, short attacks allow cyber criminals to test for vulnerabilities within a network.”

Why would hackers choose to inflict these short attacks, rather than to cause large-scale outages?

“These smaller, shorter attacks typically evade detection by most legacy and homegrown DDoS mitigation tools, which are generally configured with detection thresholds that ignore this level of activity. This allows hackers to perfect their attack techniques while remaining under the radar, leaving security teams blindsided by subsequent attacks.”

Can you give any examples of these kind of attacks inflicting serious damage?

“Luckily for Corero customers, dealing with the repercussions of DDoS is a non-issue. Attacks are mitigated instantaneously, and good user traffic continues to flow and reach its destination as intended. Outside of the Corero customer base, some widely publicized attacks that led to data breach activity include TalkTalk and Carphone Warehouse.”

Which are the sectors or organisations that are most at risk of attacks?

“The reality is that any business that relies on the Internet to conduct business is at risk of a DDoS attack. But service providers in particular will find themselves at an important crossroads in the near future, as pressure builds from both customers’ and governments’ sides regarding their responsibilities when it comes to protecting their customers. That said, ISP’s and hosting providers can take advantage of the DDoS opportunity to not only protect existing infrastructure and assets, but also roll out profitable and effective DDoS protection services.”

Do these kinds of attacks represent an additional risk for organisations preparing for GDPR?

“GDPR is the hot buzz word heard around the cyber security industry lately. The risk of data theft resulting from sub-saturating DDoS attacks is extremely serious, and claiming to be ignorant of malicious activity on your network will not substitute a defence. To keep up with the growing sophistication and organization of well-equipped and well-funded threat actors, it’s essential that organizations maintain a comprehensive visibility across their networks to detect and block any potential DDoS incursions as they arise.”

How can businesses best defend themselves against the latest DDoS attacks?

“The combination of the size, frequency and duration of modern attacks represent a serious security and availability challenge for victims. Minutes or even tens of minutes of downtime or latency significantly impacts brand reputation and, ultimately, revenue generation. When you combine the size, frequency and duration of attacks, and the low volume sub-saturating nature of the threats; victims are faced with a significant security and availability challenge.

“Today’s DDoS attacks are almost unrecognizable from the early days of attacks, when most were simple, volumetric attacks intended to cause embarrassment and brief disruption. Nowadays, the motives behind attacks are increasingly unclear and the techniques are becoming ever-more complex. This is particularly true in light of automated attacks, which allow attackers to switch attack vectors faster than any human can respond.

“To keep up with the growing sophistication and organization of well-equipped and well-funded threat actors, it’s essential that organizations maintain a comprehensive visibility across their networks to detect and block any potential DDoS incursions as they arise. Automated, real-time mitigation techniques must be in place to eliminate the repercussions of the full spectrum of today’s DDoS attacks.”


Are massive cyberattacks the new normal?

When domain name system services supplier Dyn got hit with a distributed denial of service (DDoS) attack last October, waves of traffic overwhelmed the company’s network and disrupted access to the internet for large swathes of the United States and Europe. The Dyn perpetrators had successfully orchestrated one of the biggest-ever DDoS attacks, powered by a botnet of Internet of Things devices.

Whoever was responsible for the Dyn attack showed how easy it was to deploy the Mirai source code, which is publicly available and easy to obtain. Many botnets have since incorporated the code, raising concerns that even worse is yet to come.

The Mirai botnet also serves as the basis of an ongoing DDoS-for-hire service. With the number of IoT devices in business now in the billions, the specter of crippling attacks targeting IoT installations found in industrial control systems or critical national infrastructure becomes a possibility.

The security world got another reminder of the growing magnitude of the threat when attackers carried out the biggest ransomware attack in history in May, infecting computers operated by more than 200,000 people in 150 countries with the so-called WannaCry virus.

Size doesn’t matter

The proliferation of these more powerful tools and technologies used to launch cyberattacks means that anyone can get access to a cyberweapon and potentially wreak wide-scale havoc.

The irony is that many organizations still fail to enforce basic measures that would otherwise protect themselves from attack. Too many remain unprepared and fail to take simple steps, such as patching software on a routine basis.

In theory, attacks like WannaCry should be preventable. Indeed, there was no shortage of warnings that organizations were leaving themselves vulnerable by failing to update aging computer operating systems with the latest software patches.

It’s up to IT to be on top of updates for patches issued for any open source software used by the organization, particularly when it comes to their IoT deployments. They also need to be mindful of the lack of security in the IoT ecosystem. According to an AT&T Cybersecurity Insights report, the world of IoT has become a digital Petri dish for hackers and other cybercriminals eager to probe for weak spots.

Other IoT must-do’s: Many devices get shipped from the manufacturer preconfigured with usernames and passwords that hackers can locate using search engines. Change them immediately.

As DDoS attacks grow ever larger, there’s obvious incentive to take measures that will block as many potential threats as possible at the edge of your network. Along with identifying your vulnerabilities, make sure there are multiple layers of security in place and configure your applications to make them better resistant to exploitation. Make sure there’s a good firewall in place along with rules to drop junk packets or reject unnecessary external protocols. An ISP can help by stopping unnecessary traffic upstream.

Also, run constant network scans of the corporate network to locate any security holes before the bad guys find them first.

A fail-safe defense may not exist but you can mitigate a threat that, unfortunately, is becoming the new normal in the security world.