Russian telecom giant repels DDoS attacks on country’s 5 largest financial institutions

Russian telecom giant Rostelecom has thwarted DDoS-attacks on the five largest banks and financial institutions in the country, the company said in a statement.

All the attacks were recorded on December 5, 2016, the longest of them lasting for over two hours, Rostelecom said on Friday.

“The analysis of the attack sources carried out by Rostelecom specialists revealed that the traffic was generated from the home routers of users who are usually referred to IoT devices,” Muslim Medzhlumov, director of the Cybersecurity Center for Rostelecom, said in a statement, published on the company’s website.

“A distinctive feature of the attacks was that they were organized with the help of devices that support the CWMP Management Protocol (TR-069). A few weeks ago, a serious vulnerability was revealed in the implementation of this protocol on a number of devices from different manufacturers, which allows attackers [to] organize DDoS-attacks. At the beginning of last week, the largest German operator Deutsche Telecom was subjected to an attack on users’ home devices, as well as the Irish provider Eircom,” he explained.

The Russian Federal Security Service (FSB) reported on December 2 that it had received intelligence of foreign intelligence services preparing large-scale cyber-attacks in Russia in the period starting from December 5, 2016, aimed at destabilizing Russia’s financial system and the activities of a number of major Russian banks.

A RIA Novosti source close to the Central Bank reported that the Bank of Russia recorded several attacks on December 5 on the site of VTB Bank Group.

On Tuesday, Russian President Vladimir Putin signed into effect an updated doctrine on information security. It states that the limitless flow of information has a negative impact on international security, as it can be employed to pursue geopolitical and military goals, thus favoring organized crime, extremists and terrorists.

The doctrine notes that Russian government agencies, scientific centers, and military industries are being targeted by foreign intelligence services by means of electronic and cyber surveillance.

To counter threats and challenges in the information environment, Russia will build “strategic deterrents” and step up efforts to “prevent armed conflicts that stem from the use of IT.”

The doctrine also instructs government agencies to strengthen critical information infrastructure to protect against cyber and computer network attacks.

Source: https://www.rt.com/news/369738-ddos-attacks-russia-banks/

A Turkish hacker is giving out prizes for DDoS attacks

But the DDoS software comes with a hidden backdoor

A hacker in Turkey has been trying to encourage distributed denial-of-attacks by making it into a game, featuring points and prizes for attempting to shut down political websites.

The DDoS platform, translated as Surface Defense in English, has been prompting other hackers in Turkey to sign up and score points, according to security firm Forcepoint which uncovered it.

Users that participate will be given a tool known as Balyoz, the Turkish word for Sledgehammer, that can be used to launch DDoS attacks against a select number of websites.

For every ten minutes they attack a website, the users will be awarded a point, which can then be used to obtain rewards. These prizes include a more powerful DDoS attacking tool, access to bots designed to generate revenue from click fraud,  and a prank program that can infect a computerand scare the victim with sounds and images.

 The DDoS platform has been promoted on Turkish hacking forums, and the attack tool involved is designed to only harass 24 political sites related to the Kurds, the German Christian Democratic Party — which is led by Angela Merkel — and the Armenian Genocide, and others.
screen-shot-2016-12-08-at-11-09-27

The maker of the DDoS platform also tightly regulates the way users play. For example, the DDoS attack tool given to the participants is designed to run on only one machine, preventing it from being used on multiple computers. This is done to ensure fairness during the competition, according to Forcepoint.

However, it’s not exactly an efficient way to launch a DDoS attack, which are typically done with armies of infected computers that can number in thousands or more.

It’s unclear how many participants the DDoS platform managed to recruit or if it managed to take down any websites. But Forcepoint noticed that the DDoS attack tool given to the participants also contains a backdoor that will secretly install a Trojan on the computer.

The backdoor will only execute on a participant’s machine if they’ve been banned from the competition. Its goal is probably to enslave the computerand form a botnet to launch additional DDoS attacks, Forcepoint said.

The hacker behind the DDoS platform is believed to go by the handle “Mehmet” and is possibly based in the Turkish city of Eskisehir, according to evidence found in Forcepoint’s investigation.

Although the DDoS attacks are geared at political websites, the participants involved the competition might not be ideologically motivated, and instead could just want access to the hacking tools, Forcepoint said.

Source: http://www.pcworld.com/article/3148270/security/a-turkish-hacker-is-giving-out-prizes-for-ddos-attacks.html

Cloud infrastructure attacks to increase in 2017, predicts Forcepoint

The cloud offers organizations a number of benefits, from simple off-site storage to rent-a-server to complete services. But 2017 will also see cloud infrastructure increasingly the target of attacks, with criminals lured by the data stored there and the possibility of using it to launch distributed denial of service attacks.

That’s one of the predictions for the new year from security vendor Forcepoint.

Hacking a cloud provider’s hypervisor would give an attacker access to all of the customers using the service, Bob Hansmann, Forcepoint’s director of security technologies, told a Webinar last week. “They’re not targeting you, they may not even know you exist until they get into the infrastructure and get the data. Then they’re going to try to maximize the attack” by selling whatever data is gained.

Also tempting attackers is the bandwidth cloud providers have, to possibly be leveraged for DDoS attacks.

As attacks on cloud infrastructure increase it will be another reason why CISOs will be reluctant to put sensitive data in the cloud, he said, or to limit cloud use to processing but not storing sensitive data.

CIOs/CISOs have to realize “the cloud is a lie,” he said. “There is no cloud. Any cloud services means data is going to someone’s server somewhere. So you need to know are they securing that equipment the same way you’re securing data in your organization … are the personnel vetted, what kind of digital defences do they have?”

“You’re going to have to start pushing your cloud providers to meet compliance with the regulations you’re trying to be compliant with,” he added. That will be particularly important for organizations that do business in Europe with the coming into force next year of the European Union’s new General Data Protection Regulation (GDPR)

So answering questions such as now long does a cloud service hold the organization’s data, is it backed up securely, are employees vetted, is there third party certification of its use of encryption, how is it protected from DDoS attacks are more important than ever.

Other predictions for next year include:

–Don’t fear millennials. At present on average they are they second largest group (behind boomers) in most organizations. They do increase security risk because as a tech-savvy group they tend to over-share information – particularly through social media. So, Hansmann says, CISOs should use that to their advantage.

“Challenge them to become security-savvy. Put in contests where employees submit they think are spam or phishing attacks, put in quarterly award recognitions, or something like that. Challenge them, and they will step up to the challnge. They take pride in their digital awareness.”

Don’t try to make them feel what they do is wrong, but help them to become better. “They will be come a major force for change in the organiztion, and hopefully carry the rest of the organization with them.”

–the so-called Digital Battlefield is the world. That means attackers can be nation-states as well as criminals. But CISOs should be careful what they do about it.

Some infosec pros – and some politicians – advocate organizations and countries should be ready to launch attacks against a foe instead of being defensive. But, Forcepoint warns, pointing the finger is still difficult, with several hops between the victim and attacker. “The potential for mis-attribution and involving innocents is going to grow,” Hansmann said.

“Nations are going to struggle with how do they ensure confidence in businesses, that they are a safe and secure place to do business with or through — and yet not over-react in a way that could cause collateral damage.”

–Linked to this this the threat that will be posed in 2017 by automated attacks. The widespread weaponization of autonomous hacking machines by threat actors will emerge next year, Forcepoint says, creating an arms race to build autonomous patching. “Like nuclear weapons technology proliferation, weaponized autonomous hacking machines may greatly impact global stability by either preventing national defense protocols being engaged or by triggering them unnecessarily,” says the company.

–Get ready for the Euopean GDPR. It will come into effect in May, 2018 and therefore next year will drive compliance and data protection efforts. “We’ve learned compliance takes a long time to do right, and to do it without disrupting your business.” Organizations may have to not only change systems but redefine processes, including training employees.

CIOs need to tell business units, ‘We’re here to support you, but if you’re going to run operations through the EU this regulation is going to have impact. We need to understand it now because will require budgeting and changes to processes that IT doesn’t control,’ said Hansmann.

–There will be a rise in what Forcepoint calls “corporate-incentivized insider abuse.’ That’s shorthand for ‘employees are going to cheat to meet sales goals.’

The result is staff falsifying reports or signing up customers signed up for services they didn’t order. Think of U.S. bank Wells Fargo being fined $185 million this year because more than 2 million bank accounts or credit cards were opened or applied for without customers’ knowledge or permission between May 2011 and July 2015. Over 5,000 staff were fired over the incidents.

If organizations don’t get on top of this problem governments will regulate, Hansmann warned.

Source: http://www.itworldcanada.com/article/cloud-infrastructure-attacks-to-increase-in-2017-predicts-forcepoint/389001

New Botnet is Attacking the US West Coast with Huge DDoS Attacks

The developers of this new botnet are inspired by Mirai success.

In a blog post by CloudFlare, it has been revealed that the US West Coast is likely to become the target of yet another huge DDoS attack but this time it will be conducted with a different botnet than Mirai that was using during Dyn DNS attack which forced sites like Twitter, Amazon, PayPal etc to go offline for hours.

The content delivery network states in the blog post that the company has been observing the overflow of traffic from about two weeks. It seems to be coming from a single source. Seemingly, someone was firstly testing their abilities with a 9-to-5 attack schedule and then the attack pattern was shifted to 24 hours. This new botnet is either equal or superior to the Mirai botnet.

After observing the heavy attack traffic that literally peaked at 172MBPS, which means about a million data packets per second or 400 gigabits per second, CloudFlare concluded that the botnet was being turned on and off by some person who was busy with a 9-to-5 job.

In the blog post, CloudFare wrote:

“The attack started at 1830 UTC and lasted non-stop for almost exactly 8.5 hours, stopping at 0300 UTC. It felt as if an attacker ‘worked’ a day and then went home.”

For about a whole week, the same attacker was observed to be sending data packets in huge proportions every day. Then the schedule was abruptly changed since the attacker was working on a 24-hour basis. This hints at the fact that the attacking mechanism was taken over by another, much-organized group.

It is worth noting that the attack traffic wasn’t launched via Mirai botnet; the attackers are using a different kind of software with different methods like “”very large L3/L4 floods aimed at the TCP protocol.”

The company also noted that the attacks are now focused on locations that are smaller and fall within the jurisdiction of the US West Coast.

The revelation arrived soon after the special cyber-security commission of the White House issued recommendations and delivered the paper to the president. In the recommendations, it was urged that effective actions are required to mitigate and/or eliminate threats involving botnets.

The report issued by the White House’s Commission on Enhancing National Cyber-security basically highlights the vulnerable nature of cyber-security nowadays with the emergence of sophisticated DDoS attacks methods like Mirai botnet that has been causing havoc lately.

The 100-page long report contained recommendations regarding how the US government should tackle this issue. The bottom line was that the issue was much severe than it seems on paper and there is a lot needed to be done as soon as possible or else the situation will go out of hands.

The report has identified six imperatives and there are 16 recommendations along with 53 Action Items aimed at countering the threat. The crux of the report and the commission’s research is that the US government and the private sector must collaborate and work closely to devise ways for handling cyber-security related issues and vulnerabilities along with developing programs for handling such problems in future.

Source: https://www.hackread.com/new-mirai-like-botnet-ddos-attack/

Cybercriminals use DDoS as smokescreen for other attacks on business

Distributed Denial of Service (DDoS) attacks are sometimes used by cybercriminals to distract businesses while hackers sneak in through the back door, a survey from Kaspersky Lab and B2B International suggests.

Over half of businesses questioned (56%) are confident that DDoS has been used as a smokescreen for other kinds of cybercrime, and of those business respondents, a large majority (87%) reported that they had also been the victim of a targeted attack.

The Kaspersky Lab IT Security Risks 2016 study showed that when businesses have suffered from cybercrime, DDoS has often been part of the attack tactics (29%). For example, a worrying quarter (26%) of businesses that have suffered data loss as a result of a targeted attack, named DDoS as one of the contributing vectors. Overall, 56% of business representatives surveyed believed that the DDoS attacks their companies had experienced were a smokescreen or decoy for other criminal activities.

Kirill Ilganaev, Head of Kaspersky DDoS Protection, explained why DDoS attacks may appeal to cybercriminals as part of their tactics. He said, “DDoS prevents a company from carrying on its normal activities by putting either public or internal services on hold. This is obviously a real problem to businesses and it is often ‘all hands on deck’ in the IT team, to try and fix the problem quickly, so the business can carry on as before. DDoS can therefore be used not only as an easy way to stop the activity of a company, but also as a decoy to distract IT staff from another intrusion taking place through other channels.”

The study found that when DDoS attacks have been used by cybercriminals as a smokescreen, businesses also faced threats such as losses and exploits through mobile devices (81%), the actions of other organizations (78%), phishing scams (75%) and even the malicious activity of internal staff (75%). The majority (87%) were also victims of targeted attacks.

Ilganaev continued, “The research shows us that DDoS attacks are often aligned with other threats. Businesses therefore need to be aware of the full threat landscape, and prepared to deal with multiple types of criminal activity at any one time. Failure to do this could increase the collateral damage, on top of already significant losses caused by downtime and the resulting impact on reputation. Businesses need to use a reliable DDoS protection service to reduce the risk of DDoS and help staff concentrate their efforts on protecting the business from any threats that can be hidden as a result.”

Source: http://www.networksasia.net/article/cybercriminals-use-ddos-smokescreen-other-attacks-business.1480989900

New botnet launching daily massive DDoS attacks

CloudFlare spotted a new botnet in the wild which launched massive DDoS attacks aimed at the US West Coast for 10 days in a row.

A new monster botnet, which hasn’t been given a name yet, has been spotted in the wild launching massive DDoS attacks.

Security experts at CloudFlare said the emerging botnet is not related to Mirai, but it is capable of enormous distributed denial-of-service attacks. If this new botnet is just starting up, it could eventually be as powerful as Mirai.

The company has so far spent 10 days fending off DDoS attacks aimed at targets on the US West Coast; the strongest attacks peaked at over 480 gigabits per second (Gbps) and 200 million packets per second (Mpps).

CloudFlare first detected the new botnet on November 23; peaking at 400 Gbps and 172 Mpps, the DDoS attack hammered on targets “non-stop for almost exactly 8.5 hours” before the attack ended. CloudFlare’s John Graham-Cumming noted, “It felt as if an attacker ‘worked’ a day and then went home.”

The botnet DDoS attacks followed the same pattern the next day, like the attacker was “someone working at a desk job,” except the attacks began 30 minutes earlier. On the third day, the attacks reached over 480 Gbps and 200 Mpps before the attacker decided to knock off a bit early from ‘work.’

Once Thanksgiving, Black Friday and Cyber Monday were over, the attacker changed patterns and started working 24 hours a day.

The attacks continued for 10 days; each day the DDoS attacks “were peaking at 400 Gbps and hitting 320 Gbps for hours on end.” That’s not as powerful as the Mirai botnet made up of insecure IoT devices, but this botnet is presumably just getting started. It’s already plenty big enough to bring a site to its knees for hours on end unless it has some decent form of DDoS protection. If it were to be combined with other botnet strains, it might be capable of beating the unprecedented records set by the Mirai attacks.

Although CloudFlare never elaborated on what devices the new botnet was abusing for its attacks, the company said it uses different attack software then Mirai. The emerging botnet sends very large Layer 3 and Layer 4 floods aimed at the TCP protocol.

Hopefully it’s not using poorly secured internet of things devices as there seems to be an endless supply of IoT devices with pitiful-to-no security waiting to be added to botnets. That’s likely going to get worse, since IoT gadgets are expected to sell in record-breaking numbers this holiday season. It’s just a guess, but it does seem likely that the new botnet is aimed at such devices.

CloudFlare posted the new botnet information on Friday, so it is unknown if the attacks have continued since the article was published.

Last week, a modified version of the Mirai IoT malware was responsible for creating chaos in Germany and other worldwide locations; the hackers reportedly responsible for attempting to add routers to their botnet apologized for knocking Deutsche Telekom customers offline as it was allegedly not their intention.

DDoS attacks may give a blue Christmas to gamers

Regarding DDoS attacks, the most recent Akamai State of the Internet/Security Report suggested that gamers might not have the best holiday season. For the past several years, hackers have attacked and sometimes taken down Microsoft’s Xbox and Sony’s PlayStation networks, even Steam, making it impossible for seasoned gamers as well as those who received new gaming platforms for Christmas to enjoy new games and consoles.

“Thanksgiving, Christmas, and the holiday season in general have long been characterized by a rise in the threat of DDoS attacks,” the Akamai report stated. “Malicious actors have new tools – IoT botnets – that will almost certainly be used in the coming quarter.”

As first pointed out by Network World’s Tim Greene, Akamai added, “It is very likely that malicious actors are now working diligently to understand how they can capture their own huge botnet of IoT devices to create the next largest DDoS ever.”

Let’s hope the newly discovered botnet isn’t an example of Akamai’s prediction.

Source:http://www.computerworld.com/article/3147081/security/new-botnet-launching-daily-massive-ddos-attacks.html

Warcraft, Overwatch Down? Blizzard DDoS Attacks Affect Gaming Service

Miscreants have struck Blizzard servers again with multiple waves of DDoS attacks over the last 12 hours. Warcraft and Overwatch, two massively popular games, have been facing latency, login and disconnection issues even while Blizzard has been working on fixing the problem.

The company first acknowledged the problem in a tweet Sunday evening.

screen-shot-2016-12-05-at-12-31-17

Since then, Blizzard claimed to have regained control over matters at its end, only to announce twice the DDoS attacks had restarted. Its last update, at 11:42 p.m. EST Sunday, came three hours after the last wave of DDoS attacks.

screen-shot-2016-12-05-at-12-32-07

On Twitter, a group calling itself Phantom Squad claimed responsibility for the attack

screen-shot-2016-12-05-at-12-32-45

Blizzard also provided a link to a support page on its website that may help some users troubleshoot their connection problems.

As always, social media was abuzz with users venting their frustration at the gaming servers being affected. This is at least the fifth such instance in the last few months.

screen-shot-2016-12-05-at-12-34-16

screen-shot-2016-12-05-at-12-35-05

The company also has a scheduled maintenance coming up Tuesday.

screen-shot-2016-12-05-at-12-35-56

Source: http://www.ibtimes.com/warcraft-overwatch-down-blizzard-ddos-attacks-affect-gaming-service-2454782

New Mirai Worm Knocks 900K Germans Offline

More than 900,000 customers of German ISP Deutsche Telekom (DT) were knocked offline this week after their Internet routers got infected by a new variant of a computer worm known as Mirai. The malware wriggled inside the routers via a newly discovered vulnerability in a feature that allows ISPs to remotely upgrade the firmware on the devices. But the new Mirai malware turns that feature off once it infests a device, complicating DT’s cleanup and restoration efforts.

Security experts say the multi-day outage is a sign of things to come as cyber criminals continue to aggressively scour the Internet of Things (IoT) for vulnerable and poorly-secured routers, Internet-connected cameras and digital video recorders (DVRs). Once enslaved, the IoT devices can be used and rented out for a variety of purposes — from conducting massive denial-of-service attacks capable of knocking large Web sites offline to helping cybercriminals stay anonymous online.

screen-shot-2016-12-02-at-11-20-40

This new variant of Mirai builds on malware source code released at the end of September. That leak came a little more a week after a botnet based on Mirai was used in a record-sized attack that caused KrebsOnSecurity to go offline for several days. Since then, dozens of new Mirai botnets have emerged, all competing for a finite pool of vulnerable IoT systems that can be infected.

Until this week, all Mirai botnets scanned for the same 60+ factory default usernames and passwords used by millions of IoT devices. But the criminals behind one of the larger Mirai botnets apparently decided to add a new weapon to their arsenal, incorporating exploit code published earlier this month for a security flaw in specific routers made by Zyxel and Speedport.

These companies act as original equipment manufacturers (OEMs) that specialize in building DSL modems that ISPs then ship to customers. The vulnerability exists in communications protocols supported by the devices that ISPs can use to remotely manage all of the customer-premises routers on their network.

According to BadCyber.com, which first blogged about the emergence of the new Mirai variant, part of the problem is that Deutsche Telekom does not appear to have followed the best practice of blocking the rest of the world from remotely managing these devices as well.

“The malware itself is really friendly as it closes the vulnerability once the router is infected,” BadCyber noted. “It performs [a] command which should make the device ‘secure,’ until next reboot. The first one closes port 7547 and the second one kills the telnet service, making it really hard for the ISP to update the device remotely.” [For the Geek Factor 5 readership out there, the flaw stems from the way these routers parse incoming traffic destined for Port 7547using communications protocols known as TR-069].

DT has been urging customers who are having trouble to briefly disconnect and then reconnect the routers, a process which wipes the malware from the device’s memory. The devices should then be able to receive a new update from DT that plugs the vulnerability.

That is, unless the new Mirai strain gets to them first. Johannes Ullrich, dean of security research at The SANS Technology Institute, said this version of Mirai aggressively scans the Internet for new victims, and that SANS’s research has shown vulnerable devices are compromised by the new Mirai variant within five to ten minutes of being plugged into the Internet.

Ullrich said the scanning activity conducted by the new Mirai variant is so aggressive that it can create hangups and crashes even for routers that are are not vulnerable to this exploit.

“Some of these devices went down because of the sheer number of incoming connections” from the new Mirai variant, Ullrich said. “They were listening on Port 7547 but were not vulnerable to this exploit and were still overloaded with the number of connections to that port.”

screen-shot-2016-12-02-at-11-21-35

FEEDING THE CRIME MACHINE

Allison Nixon, director of security research at Flashpoint, said this latest Mirai variant appears to be an attempt to feed fresh victims into one of the larger and more established Mirai botnets out there today.

Nixon said she suspects this particular botnet is being rented out in discrete chunks to other cybercriminals. Her suspicions are based in part on the fact that the malware phones home to a range of some 256 Internet addresses that for months someone has purchased for the sole purpose of hosting nothing but servers used to control multiple Mirai botnets.

“The malware points to some [Internet addresses] that are in ranges which were purchased for the express purpose of running Mirai,” Nixon said. “That range does nothing but run Mirai control servers on it, and they’ve been doing it for a while now. I would say this is probably part of a commercial service because purchasing this much infrastructure is not cheap. And you generally don’t see people doing this for kicks, you see them doing it for money.”

Nixon said the criminals behind this new Mirai variant are busy subdividing their botnet — thought to be composed of several hundred thousand hacked IoT devices — among multiple, distinct control servers. This approach, she said, addresses two major concerns among cybercriminals who specialize in building botnets that are resold for use in huge distributed denial of service (DDoS) attacks.

The first is that extended DDoS attacks which leverage firepower from more bots than are necessary to take down a target host can cause the crime machine’s overall bot count to dwindle more quickly than the botnet can replenish itself with newly infected IoT devices — greatly diminishing the crime machine’s strength and earning power.

“I’ve been watching a lot of chatter in the DDoS community, and one of the topics that frequently comes up is that there are many botnets out there where the people running them don’t know each other, they’ve just purchased time on the botnet and have been assigned specific slots on it,” Nixon said. “Long attacks would end up causing the malware or infected machines to crash, and the attack and would end up killing the botnet if it was overused. Now it looks like someone has architected a response to that concern, knowing that you have to preserve bots as much as you can and not be excessive with the DDoS traffic you’re pushing.”

Nixon said dividing the Mirai botnet into smaller sections which each answer to multiple control servers also makes the overall crime machine more resistant to takedown efforts by security firms and researchers.

“This is an interesting development because a lot of the response to Mirai lately has been to find a Mirai controller and take it down,” Nixon said. “Right now, the amount of redundant infrastructure these Mirai actors have is pretty significant, and it suggests they’re trying to make their botnets more difficult to take down.”

Nixon said she worries that the aggressive Mirai takedown efforts by the security community may soon prompt the crooks to adopt far more sophisticated and resilient methods of keeping their crime machines online.

“We have to realize that the takedown option is not going to be there forever with these IoT botnets,” she said.

Source: https://krebsonsecurity.com/2016/11/new-mirai-worm-knocks-900k-germans-offline/

4 sectors vulnerable to IoT attacks in 2017

2017 is set to feature new attacks on internet infrastructure and advancements in Internet of Things security

One of 2016’s key events in the tech world was the massive distributed denial of service (DDoS) attack in October that brought many of the internet’s most heavily trafficked sites to their knees.

There were two main takeaways from the event. Firstly, DNS infrastructure is highly vulnerable. And secondly, the growing proliferation of cheap, connected Internet of Things (IoT) devices – webcams, Wi-Fi speakers, wearables etc. – is making it far easier for cybercriminals to launch massive DDoS attacks.

Why? Because many of these devices are shipped with default usernames and passwords, which are never changed by the enduser, and so are easily taken over. Earlier in October, the Mirai botnet malware was made public, and it evidently played a role in the attack.

In 2017 businesses are sure to suffer more DDoS attacks and internet shutdowns powered by cheap, insecure IoT devices. But while these attacks could become more common, they’re also likely to become less lethal as backbone providers harden their defenses and device manufacturers adopt identity-based security to close vulnerabilities.

However, the sheer number of cheap AND insecure IoT devices deployed globally will ensure DDoS attacks continue sporadically through 2017.

Catastrophic DDoS attacks might dominate tech media coverage, but the failure of IoT device, service and infrastructure to adopt and scale robust security and privacy tactics will play out in several ways.

Here are four sectors that will face the brunt of this as digital transformation takes hold in 2017.

1. Healthcare

In 2017, the distinction between in-home and clinical healthcare devices will continue to erode.

To date, smart wearables and exercise devices like Fitbits and Apple Watches have been perceived as a means to track exercise in order to further fitness goals – distinct from clinical medical devices like heart monitors, blood pressure cuffs or insulin pumps.

At the same time, it’s become common for patients with high blood pressure to monitor their levels at home by capturing them on a mobile app on their phone – exactly how fitness trackers work.

The wealth of data available to clinicians flowing from such devices is leading to expectations that individuals can and perhaps should play much more active roles in preventative care.

But the ease with which personal health data can now be gathered and shared will increase pressure on healthcare IT decision-makers to turn to identity management and authentication as the technology most effective for achieving security objectives.

The proliferation of digital systems and devices in healthcare settings creates more vulnerabilities where personal data can get exposed or stolen.

By adding contextual authentication and authorisation through strong digital identity, hacking these systems becomes more difficult. For example, adding presence, geo-location and or persistent authentication.

2. Financial services

In 2017, commercial banks and investment houses will continue the race to avoid having their business models disrupted by fintech innovation such as Bitcoin and emerging artificial intelligence technologies.

Banks are already co-opting these disruptive technologies and incorporating them into their own IT mix.

Somewhat ironically, having established relationships with their customers, many legacy banks could be very well positioned to not just weather the digital transformation storm, but emerge even more stable and profitable in the years ahead.

This is especially true for those that embrace omnichannel techniques and technologies to create seamless experiences that delight customers across devices.

Banks in 2017 will work on allaying customer privacy concerns as they cope with regulations regarding data protection and sharing. There will be a continued effort to eliminate internal data silos that create impersonal customer experiences across channels, and fragmented systems that can’t support digital customer demands and business requirements.

3. Retail

The race toward omnichannel will accelerate in 2017 as many retailers and B2C organisations find themselves doing more business via mobile than they’re doing on the conventional laptop and online channel.

Delivering convenience and seamless experiences will depend heavily on providing customers with experiences that are not just secure but also personalised to their needs and tastes.

In order to do this, they must securely connect the digital identities of people, devices and things. This requires solving complex identity challenges and creating solutions that enhance and improve customer experiences and at the same time maximise revenue opportunities.

4. Communications and media

AT&T’s proposed acquisition of Time Warner at the end of 2016 highlights exactly how vulnerable legacy media and telecommunications firms perceive themselves to be to disruptive forces like cord cutting.

‘Digital pipe’ companies feel like they need to lock in content providers in order to lock in audiences and preserve value. However, regulators may frown on such industry consolidation, and independent players like Netflix and semi-independent players like Hulu and independent cable TV producers continue to find ways to directly insert successful content into the entertainment bloodstream.

Here again, making content easily accessible through the full array of channels is key to locking in loyalty and preserving lifetime value (LTV).

Source: http://www.information-age.com/protect-internet-unsecured-everything-123463392/

WikiLeaks website suffers mysterious outage sparking Rule 41 hacking conspiracy

The website was offline for roughly four hours on 1 December.

Whistleblowing website WikiLeaks suffered a mysterious outage on the morning of 1 December for roughly four hours, two days after posting its release of a searchable database of 60,000 emails from US government contractor HBGary.

The website reportedly went down at around 4:00am (GMT), with some social media users quickly speculating it was the result of yet another distributed-denial-of-service (DDoS) assault – a form of cyberattack that sends waves of traffic at a web server in order to force it offline. By 9:00am (GMT) the website had fully resurfaced.

“WikiLeaks is offline. Page no longer exists?!” one user wrote. Another said: “@WikiLeaks is down right now. Could be DDoS attack.”

Meanwhile, a well-known account linked with Anonymous added: “Rule 41 happens and the first thing that goes down? WikiLeaks, of course, is currently unreachable.”

Rule 41 is the newly-passed law in the US that permits the FBI and other agencies to conduct hacking-based investigations on multiple computers with a single warrant. Despite the claims of Anonymous, there is nothing to suggest it was related to any problems with WikiLeaks’ website.

 IBTimes UK contacted WikiLeaks for comment however had received no response at the time of publication. The outage comes after a slew of politically-charged leaks from the Democratic National Committee (DNC) and the personal email inbox of John Podesta, a close aide to Hillary Clinton.

In October, Julian Assange, the founder of the organisation, claimed that unknown forces within the “DC establishment” had attempted to disrupt WikiLeaks’ operations via cyberattack after it released a collection of emails from the DNC.

“The US DC establishment – which believes that Hillary Clinton will be the winner of the election – tried to find different ways to distract from our publications,” he said at the time, adding: “They started attacking our servers with DDoS attacks and attempted hacking attacks.”

screen-shot-2016-12-01-at-15-15-10

Later, on the morning of 7 November, after publishing 8,000 more DNC emails, WikiLeaks issued a series of updates to its four million-strong follower base about yet another attack. It said: “WikiLeaks.org was down briefly. That’s rare. We’re investigating.”

Later, it added: “Our email publication servers are under a targeted DoS attack.”

Most recently, Assange renewed his effort to be allowed to exit the Ecuadorian embassy in London after a United Nations (UN) panel reinforced an earlier ruling that he was being arbitrarily detained. The decision came down after an appeal by the UK government.

“Now that all appeals are exhausted I expect that the UK and Sweden will comply with their international obligations and set me free,” Assange said in a statement. “It is an obvious and grotesque injustice to detain someone for six years who hasn’t even been charged with an offence.”

Source: http://www.ibtimes.co.uk/wikileaks-website-suffers-mysterious-outage-sparking-rule-41-hacking-conspiracy-1594392