Rutgers suffers “data breach,” of 1,700 students’ info

NEW BRUNSWICK, NJ – The ​academic information of 1,700 Rutgers students was exposed during a “data security incident” on November 8 and 9, university officials confirmed.

No one’s Social Security number, address or financial information was leaked, according to university spokesperson Neal Buccino.

Instead, the affected students, all in the Department of Computer Science, had their academic data leaked, including Rutgers ID numbers, cumulative GPA’s and Spring 2018 class schedules, Buccino said.

University officials notified those students affected that their data was exposed, but that it hadn’t been altered, according to Buccino.

Officials determined that 18 students accessed the data “in error,’ and notified those students th​a​t​ information they viewed was confidential.

The leak was the result of an “administrative error,” according to Buccino, who added that the university was updating its relevant security policies to ensure such an error doesn’t happen again.

Internet issues are nothing new to Rutgers. Over the course of 2015, Rutgers suffered half a dozen distributed denial of service (DDOS) attacks which crippled the internet on campus for days at a time.

The attacks were perpetrated by the so-called “exfocus” hacker, who during the course of the attacks posted a series of taunting messages on various Twitter pages.

Two of the major attacks took place in the Spring 2015 semester; one during midterms and the other during finals period, preventing many students from working on projects and papers, or preparing for exams.

Source: https://www.tapinto.net/towns/nutley/articles/rutgers-suffers-data-breach-of-1-700-students-5

Securing your APIs

Covering your APIs

Web APIs are not exactly a new technology. You can find an API for almost any service offered online. The reason for the popularity is not surprising, APIs easily and efficiently facilitate integration between applications. This inter-application communication allows partnerships to efficiently share data and resources, allowing the automation of many tasks that would otherwise require human interaction.

This inter-application access is a double-edged sword. By design these APIs allow external systems to access, and often manipulate, data and processes within your application. This exposes far more of your internal systems and operations than a webserver ever could. Yet despite this risk it is surprising how many companies fail to adequately protect their APIs.

Web APIs, at their heart, are just web requests.

They are transmitted via the HTTP protocol just like web pages. They are stateless transactions, just like web pages. It shouldn’t be any surprise then that web APIs need all the same protection that your webapplication does.

Use SSL Encryption:

I can’t think of a single web API use case where encryption is a bad idea. If we were talking about the same access to data, or functional ability on a website form you wouldn’t hesitate to secure the webpage with HTTPS; it shouldn’t be any less for APIs that carry that same data / functionality plus any authentication credentials that are submitted along with every request. Just because there is no browser warning to the user is no reason to skip an essential security step.

Validate parameters

Just like above, if this was a web form, you wouldn’t skip this right? Just like a web form data validation protects you from malicious code, errors and just plain nonsensical results. Unlike the web form the direct submitter isn’t a rational thinking person, any gaps or errors in data on their side can cause an automated process to submit all kinds of interesting requests.

Web APIs are so much more than web requests.

APIs also grant an elevated level of access to your internal systems, above and beyond what is available in a typical webpage. Furthermore,most API calls happen within applications internal mechanisms, which aren’t going to read error messages or apply common sense to their inputs. This means, compared to websites, APIs are an increased risk and need to be protected as such.

Use Strong Authentication / Authorization

Unlike web pages, which are generally published for public consumption, APIs are designed to share information with specifically authorized partners.There is an important distinction to be made between Authentication and Authorization. Typically, APIs will use the same token for both and use the term authentication token and authorization token interchangeably. Authentication proves the identity of the requestor, and authorization deals with the permissions of the requestor. OAuth and Authentication Tokens are two common ways to implement strong authentication.Forauthorization implementations consider using access control protocols like XACML to define what a user or role may access.

Restrict Methods

Web requests typically use GET or POST requests to retrieve or send data respectively. HTTP allows for many other lesser known methods like PUT, DELETE, or TRACE. These methods can have unexpected consequences on APIs if they are not properly handled. Restrict request methods to only those explicitly required by the API.

Lastly your APIs are publicly available, and you need to be aware of what information is being leaked through them.

Provide Error Handling Routines

Mistakes happen, sooner or later your application will have to deal with unexpected inputs or events, some of which can cause errors in your application. The default error messages often contain sensitive information about the internal workings of your system.

Warning: mysql_connect() [function.mysql-connect]: Can’t connect to MySQL server on ‘localhost’ (10013) in /var/local/www/include/dbconfig.php on line 23

Failure to handle and censor these errors delivers sensitive information to the end user.

Employ Anti-fusking

Sequential or predictable IDs allow visitors to easily guess IDs of resources they shouldn’t have access to. Hash IDs or UUIDs obscure this information. By itself this might not seem like much of a risk, but combined with any other misconfiguration it makes an attacker’s job an order of magnitude easier.

How DOSarrest can help protect your API:

Use DOSarrest VIP as API gateway

Most secure systems recommend separating your internal / sensitive systems from public systems via an intermediary perimeter system, sometimes known as DMZ. The DMZ, often protected by firewalls, serves as control point restricting what is exposed from the internal zones.

The core design of DOSarrest VIP services function exactly like API gateways, restricting access only to what is explicitly permitted.

Protect APIs with Threat Detection / Removal

Web APIs by and large are far more computationally expensive than websites. Consequently, application DoS attacks are far more effective when targeting APIs.

DOSarrest is able to deal with DoS attacks and other threats like SQL injection at a scale much greater than any appliance could ever manage.

Use Proven Solutions

If its’s not tested, it’s not secure. One of the basic principles of security is to only use proven, tested solutions. At DOSarrest we have been providing internet security solutions for over 10 years. We are not an add-on service to another existing business. We are not generalists. Since our inception DOSarrest was created to stop attacks.

Sean Power

Security Solutions Architect

DOSarrest Internet Security

Source: https://www.dosarrest.com/ddos-blog/securing-your-apis/

DDoS attacks on UK businesses double in six months

Vulnerable IoT devices and DDoS-as-a-service drive surge in attacks

British businesses are under siege from a growing wave of DDoS attacks, as new figures reveal the number of incidents has almost doubled over the past six months.

UK organisations suffered an average of 237 DDoS attacks per month during Q3 2017, equivalent to eight attacks every single day. This figure is up by 35% from the previous quarter, and more than 90% compared to Q1 2017, according to a new report from DDoS mitigation firm Corero, based on data gathered from attack attempts against its customers.

DDoS attacks work by flooding a target server with so much traffic that it falls over, disrupting normal operations and knocking any related systems or services offline. The tactic is a perennial favourite of cyber criminals and malicious pranksters, as it is cheap and easy to execute.

This has become even more true in recent years. The leaking of the Mirai source code, used to take down a DNS firm providing access to high profile sites like Twitter, has led to an explosion in botnets populated by thousands of unsecured IoT devices, and dark web marketplaces now allow non-technical users to cheaply hire DDoS services that can be directed against whomever they choose.

“The growing availability of DDoS-for-hire services is causing an explosion of attacks,” said Corero CEO Ashley Stephenson, “and puts anyone and everyone into the crosshairs. These services have lowered the barriers to entry in terms of both technical competence and price, allowing anyone to systematically attack and attempt to take down a company for less than $100.”

Cyber criminals are also getting smarter about how they deploy DDoS attacks, the research reveals. Rather than simply using sustained, high-volume attacks, criminals are instead targeting multiple layers of a company’s security simultaneously with short bursts of traffic.

“Despite the industry fascination with large scale, internet-crippling DDoS attacks,” said Stephenson, “the reality is that they don’t represent the biggest threat posed by DDoS attacks today.”

“Often lasting just a few minutes, these quick-fire attacks evade security teams and can sometimes be accompanied by malware and other data exfiltration threats. We believe they are often used in conjunction with other cyber attacks, and organisations that miss them do so at their peril.”

Source: http://www.itpro.co.uk/security/29989/ddos-attacks-on-uk-businesses-double-in-six-months

33% of businesses hit by DDoS attack in 2017, double that of 2016

Distributed Denial of Service attacks are on the rise this year, and used to gain access to corporate data and harm a victim’s services, according to a Kaspersky Lab report.

Cybercriminals are increasingly turning to Distributed Denial of Service (DDoS) this year, as 33% of organizations faced such an attack in 2017—up from just 17% in 2016, according to a new report from Kaspersky Lab.

These cyber attacks are hitting businesses of all sizes: Of those affected, 20% were very small businesses, 33% were SMBs, and 41% were enterprises.

Half of all businesses reported that the frequency and complexity of DDoS attacks targeting organizations like theirs is growing every year, highlighting the need for more awareness and protection against them, according to Kaspersky Lab.

Of the companies that were hit in 2016, 82% said that they faced more than one DDoS attack. At this point in 2017, 76% of those hit said they had faced at least one attack.

Cybercriminals use DDoS attacks to gain access to valuable corporate data, as well as to cripple a victim’s services, Kaspersky Lab noted. These attacks often result in serious disruption of business: Of the organizations hit by DDoS attacks this year, 26% reported a significant decrease in performance of services, and 14% reported a failure of transactions and processes in affected services.

Additionally, some 53% of companies reported that DDoS attacks against them were used as a smokescreen to cover up other types of cybercrime. Half (50%) of these respondents said that the attack hid a malware infection, 49% said that it masked a data leak or theft, 42% said that it was used to cover up a network intrusion or hacking, and 26% said that it was hiding financial theft, Kaspersky Lab found.

These results are part of Kaspersky Lab’s annual IT Security Risks survey, which included responses from more than 5,200 representatives of small, medium, and large businesses from 29 countries.

“The threat of being hit by a DDoS attack – either standalone or as part of a greater attack arsenal – is showing no signs of diminishing,” said Kirill Ilganaev, head of Kaspersky DDoS protection at Kaspersky Lab, in a press release. “It’s not a case of if an organization will be hit, but when. With the problem growing and affecting every type and size of company, it is important for organizations to protect their IT infrastructure from being infiltrated and keep their data safe from attack.”

Want to use this data in your next business presentation? Feel free to copy and paste these top takeaways into your next slideshow.

  • 33% of organizations experienced a DDoS attack in 2017, compared to 17% in 2016. -Kaspersky Lab, 2017
  • Of organizations hit by DDoS attacks, 20% were very small businesses, 33% were SMBs, and 41% were enterprises. -Kaspersky Lab, 2017
  • 53% of companies reported that DDoS attacks against them were used as a smokescreen to cover up other types of cybercrime, including malware, data leaks, and financial theft. -Kaspersky Lab, 2017

Source: http://www.techrepublic.com/article/33-of-businesses-hit-by-ddos-attack-in-2017-double-that-of-2016/

DDoS attacks double as corporate data becomes new target

While more organisations are being hit by a DDoS attacks in 2017 compared to last year, less are being hit by more than one.

DDoS attacks have increased in frequency in 2017, with 33 per cent of organisations having faced one this year compared to just 17 per cent in 2016.

While DDoS attacks have been previously used to disable the operations of a target, the driving motivation to use it now is the theft of corporate data.

Over a third of organisations having been hit by a DDoS attack this year, 20 per cent have been small businesses, 33 per cent medium, and 41 per cent have been in the enterprise category. Security provider Kaspersky is behind this data, with findings from its Global IT Security Risks Survey 2017.

The damage inflicted by a DDoS attack may prove more long lasting than some might expect, with 26 per cent of businesses hit reporting a lasting impact on the performance of services.

Russ Madley, Head of VSMB & channel at Kaspersky Lab UK, said: “While DDoS attacks have been a threat for many years, it’s still important that businesses take DDoS attacks seriously as they are one of the most popular weapons in a cybercriminal’s arsenal. They can be just as damaging to a business as any other cybercrime, especially if used as part of a bigger targeted attack.”

It important to remember that DDoS attack can leave an organisation lame as it returns to regular activity, but an attack can also have a direct and immediate impact on reputation and the financial standing of a business.

“The ramifications caused by these types of attacks can be far-reaching as they’re able to reach deep into a company’s internal systems. Organisations must understand that protection of the IT infrastructure requires a comprehensive approach and continuous monitoring, regardless of the company’s size or sphere of activity,” said Madley.

While more organisations are facing DDoS attacks, the percentage of businesses hit by more than one has dropped this year to 76 per cent, a reduction from the 82 per cent that experienced more than one last year.

Source: http://www.cbronline.com/news/cybersecurity/ddos-attacks-double-corporate-data-becomes-new-target/

US SEC Corporate Filing System Said to Be Vulnerable to DDoS Attacks

The US Securities and Exchange Commission (SEC), Wall Street’s top regulator, has discovered a vulnerability in its corporate filing database that could cause the system to collapse, according to an internal document seen by Reuters.

The SEC’s September 22 memo reveals that its EDGAR database, containing financial reports from US public companies and mutual funds, could be at risk of “denial of service” attacks, a type of cyber intrusion that floods a network, overwhelming it and forcing it to close.

The discovery came when the SEC was testing EDGAR’s ability to absorb monthly and annual financial filings that will be required under new rules adopted last year for the $18 trillion mutual fund industry.

The memo shows that even an unintentional error by a company, and not just hackers with malicious intentions, could bring the system down. Even the submission of a large “invalid” form could overwhelm the system’s memory.

The defect comes after the SEC’s admission last month that hackers breached the EDGAR database in 2016.

The discovery will likely add to concerns about the vulnerability of the SEC’s network and whether the agency has been adequately addressing cyber threats.

The mutual fund industry has long had concerns that market-sensitive data required in the new rules could be exploited if it got into the wrong hands.

The industry has since redoubled its calls for SEC Chairman Jay Clayton to delay the data-reporting rules, set to go into effect in June next year, until it is reassured the information will be secure.

“Clearly, the SEC should postpone implementation of its data reporting rule until the security of those systems is thoroughly tested and assessed by independent third parties,” said Mike McNamee, chief public communications officer of The Investment Company Institute (ICI), whose members manage $20 trillion worth of assets in the United States.

“We are confident Chairman Clayton will live up to his pledge that the SEC will take whatever steps are necessary to ensure the security of its systems and the data it collects.”

An SEC spokesman declined to comment.

The rules adopted last year requiring asset managers to file monthly and annual reports about their portfolio holdings were designed to protect them in the event of a market crisis by showing the SEC and investors that they have enough liquidity to cover a rush of redemptions.

During a Congressional hearing on Wednesday, Clayton testified that the agency was considering whether to delay the rules in light of the cyber concerns. He did not, however, mention anything about the denial of service attack vulnerability.

Virtual vomit
EDGAR is the repository for corporate America, housing millions of filings ranging from quarterly earnings to statements on acquisitions.

It is a virtual treasure trove for cyber criminals who could trade on any information gleaned before it is publicly released.

In the hack disclosed last month involving EDGAR, the SEC has said it now believes the criminals may have stolen non-public data for illicit trading.

The vulnerability revealed in the September memo shows that even an invalid form could jam up EDGAR.

The system did not immediately reject the form, the memo says. Rather, “it was being validated for hours before failing due to an invalid form type.”

That conclusion could spell trouble for the SEC’s EDGAR database because it means that if hackers wanted to, they could “basically take down the whole EDGAR system” by submitting a malicious data file, said one cyber security expert with experience securing networks of financial regulators who reviewed the letter for Reuters.

“The system would consume the data and essentially throw up on itself,” the person added.

 

Source: http://gadgets.ndtv.com/internet/news/us-sec-corporate-filing-system-said-to-be-vulnerable-to-ddos-attacks-1759392

DDoS trends, DNS survey signal warnings to infosec pros

Two vendor reports out this week may be of interest to CISOs in planning their defensive strategies.

—Imperva, a supplier of DDoS protection services, said it found a new attack tactic, nicknamed “pulse wave DDoS”, due to the traffic pattern it generates: A rapid succession of attack bursts that split a botnet’s attack output, enabling an offender to go after multiple targets. One such attack was also the largest network layer assault it mitigated in the second quarter peaked at 350 Gbps.

–Meanwhile Infoblox Inc., which makes IP address management solutions, released a global survey finding that DNS security is often overlooked when it comes to cybersecurity strategy, with most companies inadequately prepared to defend against DNS attacks.

Imperva’s announcement is included in its Q2 Global DDoS Threat Landscape report, on data from 2,618 network layer and 12,825 application layer DDoS attacks on customers’ Websites that use its services.

The pulse wave DDoS tactic was described in an August blog , and researchers think it is designed to double a botnet’s output and exploit soft spots in “appliance first cloud second” hybrid mitigation solutions.  “It wasn’t the first time we’ve seen attacks ramp up quickly. However, never before have we seen attacks of this magnitude peak with such immediacy, then be repeated with such precision.

“Whoever was on the other end of these assaults, they were able to mobilize a 300Gbps botnet within a matter of seconds. This, coupled with the accurate persistence in which the pulses reoccurred, painted a picture of very skilled bad actors exhibiting a high measure of control over their attack resources.”

Researchers suspect the tactic allows the threat actors behind it to switch targets on the fly.

One suggested defence for organizations that have a DDoS mitigation provider is to double checking the ‘time to mitigation’ clause in the service level agreement.

The report also notes two trends: First, the continued decline in network level attacks (at least for Imperva customers) and the continued increase (although in Q2 there was a slight dip) in application level attacks. Second, that the second quarter 75.9 percent of targets were subjected to multiple attacks—the highest percentage the company has seen.

Number of targets subjected to repeat DDoS attacks. Imperva graphic

The Infoblox global survey of over 1,000 security and IT professionals found  respondents indicating that 86 per cent of those whose firms have DNS solutions said they failed to first alert teams of an occurring DNS attack, and nearly one-third of professionals doubted their company could defend against the next DNS attack. Twenty per cent of companies were first alerted to DNS attacks by customer complaints.

In a release summarizing the survey (available here. Registration required), three out of 10 companies said they have already been victims of DNS attacks. Of those, 93 per cent have suffered downtime as a result of their most recent DNS attack. 40 percent were down for an hour or more, substantially impacting their business.

Only 37 per cent of respondents said their companies were able to defend against all types of DNS attacks (hijacking, exploits, cache poisoning, protocol anomalies, reflection, NXDomain, amplification).

Twenty-four per cent of respondents said their companies lost US $100,000 or more from their last DNS attack.

“Most organizations regard DNS as simply plumbing rather than critical infrastructure that requires active defense,”  Cricket Liu, chief DNS architect at Infoblox, said in the release. “Unfortunately, this survey confirms that, even on the anniversary of the enormous DDoS attack against Dyn—a dramatic object lesson in the effects of attacks on DNS infrastructure—most companies still neglect DNS security. Our approach to cybersecurity needs a fundamental shift: If we don’t start giving DNS security the attention it deserves, DNS will remain one of our most vulnerable Internet systems, and we’ll continue to see events like last year’s attack.”

Source: https://www.itworldcanada.com/article/ddos-trends-dns-survey-signal-warnings-to-infosec-pros/397309

US pressured North Korea by overwhelming hackers with data traffic

The US is no stranger to hacking North Korea, but it’s usually in a bid to directly thwart the country’s military ambitions. Now, however, those attacks are being used as a diplomatic strategy. The Washington Post has learned that President Trump ordered a broad pressure campaign against North Korea that led to the US conducting a denial of service attack against North Korea’s spying office, the Reconnaissance General Bureau. The move flooded the RGB’s servers with traffic that effectively strangled their internet access, including the Bureau 121 group responsible for the North’s hacking campaigns. And while it clearly didn’t change Kim Jong Un’s mind, it does appear to have had a practical effect.

Reportedly, the initiative was designed to be temporary and only lasted for half a year — Trump signed the order in March, and it ended on September 30th. It wasn’t destructive, either. According to the Post‘s sources, however, North Korean hackers were complaining about the ability to do their jobs during that period.

North Korea certainly isn’t going to get much sympathy. With that said, it raises questions about the use of cyberattacks as a pressure tactic. It no doubt sends the message that the US can cripple a hostile country’s digital warfare capabilities if it wants, but there is the concern that it could escalate an already tense situation. After all, North Korea is the sort of country that claims you can declare war with a tweet — while that’s hyperbolic, it might interpret a denial of service attack as an act of aggression that merits revenge.

Source: https://www.engadget.com/2017/10/01/us-launched-dos-attack-against-north-korea-hackers/

Australian companies face an increasing threat from domestic DDoS instigators

Mobile botnets, targeted DDoS attacks pose growing threat to Australian targets.

Australian organisations are being hit by over 450 distributed denial of service (DDoS) attacks every day and fully a quarter of them are coming from domestic sources, analysts have warned as figures show DDoS attacks making a resurgence after nearly a year of decline.

New figures from the Arbor Networks ATLAS service – which collects data on DDoS attacks and malware from 400 service providers – suggested that Australian targets suffered 14,000 attacks of various intensity in August alone.

The largest of the attacks, in early August, measured 51.9 Gbps in intensity while the heaviest volume of packets – 15.8 million packets per second – came in an attack later in the month.

While the United States was the largest source of the attacks – comprising 30 percent of the overall total – the lion’s share of the remainder came from Chinese (24 percent), Australian (24 percent), and UK (23 percent) sources.

The August figures reinforce the resurgent threat from DDoS attacks, which flood targets with data in an effort to interrupt their operation for even a short period. They also reflect the continuing flexibility of attackers that were able to build a botnet out of mobile devices to instigate a high-impact DDoS extortion campaign against numerous travel and hospitality organisations.

hat botnet, called WireX, was embedded in around 300 Google Play Store applications and had spread to estimated 130,000 to 160,000 bots that produced over 20,000 HTTP/HTTPS requests per second. On August 17 WireX was taken down through a concerted effort involving Google, Akamai, Cloudflare, Flashpoint, Oracle Dyn, RiskIQ, Team Cymru, and other organisations.

Instigated by devices from over 100 countries, WireX changed quickly as the attacker “learned rapidly to try different techniques to try to thwart the defenders,” Arbor Security Engineering & Response Team (ASERT) principal engineer Roland Dobbins wrote in his analysis of the attack.

WireX reflects the ingenuity being applied to the creation of DDoS attacks as identified in Akamai’s recent Q2 2017 State of the Internet Security Report.

Analysing attacks remediated over Akamai’s core content distribution network, that report noted a 28 percent quarter-on-quarter increase in the total number of DDoS attacks as well as increases in infrastructure layer (by 27 percent), reflection-based (21 percent), and average number of attacks (28 percent) per target.

Changing geographic distribution showed that “geographic profiling is a real and potentially imminent threat to Australia,” Akamai Asia-Pacific senior security specialist Nick Rieniets said in a statement. “When there are changes like this in the threat landscape and when new threats are released, companies need to recognise, acknowledge and assess that volatility, and change their security controls accordingly, and in a timely manner.”

Akamai’s DDoS analysis suggested that the PBot botnet had been tapped once again to generate the biggest DDoS attacks observed in the second quarter. PBot – which Rieniets called “proof that the minute threat actors get access to a new vulnerability they can work out how to weaponise it” – appeared to have primarily infected around 400 Web servers, boosting the volume of data produced per device compared with previous infections such as last year’s Internet of Things-focused Mirai botnet.

The range and efficacy of DDoS attack tactics have highlighted the need for businesses to remain disciplined about their protections, security experts have warned.

“It’s important that organizations implement best current practices (BCPs) for their network infrastructure, application/service delivery stacks, and ancillary supporting services,” Arbor’s Dobbins writes. “This will allow the organization to maintain availability and ensure continuous service delivery even in the face of attack.”

With many organisations found to not have a formal DDoS defense plan in place – and many that do, never rehearsing it – Dobbins said testing needed to become a habit: “It is critical that organizations devise and rehearse their DDoS defense plans in order to ensure that they have the requisite personnel, skills, operational processes, communications plans, and support services in place to defend their Internet properties in a timely and effective manner.”

Source: https://www.cso.com.au/article/627915/australian-companies-face-an-increasing-threat-from-domestic-ddos-instigators/

How Big is Your DDoS Mitigation Gap?

The DDoS mitigation industry is scaling up capacity following a consistent increase in the number of DDoS attacks and recent indications that IoT-based DDoS attacks are expected to grow significantly.

The DDoS attack vector continues to wreak havoc in 2017, with a reported 380% spike in the number of DDoS attacks identified in Q1, compared to the same period last year. A recent study shows a year on year increase of 220% in the number of different types of malware designed to hijack IoT devices.

DDoS Mitigation providers are taking heed, with Arbor dedicated to quadrupling their capacity to 8Tbps by the end of 2017, and both Neustar and OVH committing to capacities of over 10Tbps.

A DDoS mitigation Gap occurs whenever DDoS traffic bypasses a company’s DDoS mitigation defenses, and penetrates the target network.

The reasons for such gaps vary from some types of DDoS attacks that are completely unnoticed by DDoS mitigation, to a range of configuration issues that let through traffic that should be mitigated.

However the problem is that visibility of DDoS mitigation gaps is currently nonexistent to those cybersecurity practitioners who are responsible for production uptime.

Companies do not know how well their mitigation is performing, or where their configuration problems are, leaving them and their vendors to troubleshoot issues at the very worst possible time, that is, when systems are down at the height of a DDoS attack.

Results from over 500 DDoS tests run by MazeBolt on companies from a wide range of industries, shows that on their first test, companies failed 41% (on average) of DDoS tests – simulations of real DDoS attacks conducted in a highly controlled manner to help companies understand their mitigation gap so they can strengthen their mitigation proactively.

This means that after a company has deployed their DDoS mitigation strategy, on average it will stop only six out of ten attacks.

To solve this, with insight about where their DDoS mitigation posture was leaking, companies could go back to vendors to reconfigure settings and harden their DDoS mitigation posture.

As depicted in the bar chart below, by repeating the testing cycle only three times, companies were able to reduce their mitigation gap from an average of 41% in the first test to an average of 25% in the second and only 15% in the third – reflecting a 65% strengthening of their DDoS mitigation.

Paraphrasing Heraclitus one might say you can never test the same DDoS mitigation twice, but our data clearly shows that testing it three times will strengthen it considerably.

Source: https://www.infosecurity-magazine.com/opinions/big-ddos-mitigation-gap/