The correlation between DDoS attacks and cryptomining

There is a direct correlation between cryptocurrency and DDoS attacks. As the price of cryptocurrency dropped in 2018, leading to decreased profits from cryptomining, hackers on the black market began to divert prime botnet resources to DDoS attack activities, which increased month by month.

correlation DDoS attacks cryptomining

DDoS attacks in 2018

In NSFOCUS’ 2018 DDoS Attack Landscape report, NSFOCUS analyzed the threat landscape after a landmark year of technological growth related to cloud computing, big data, artificial intelligence (AI), Internet of Things (IoT), and Industry 4.0.

Key findings include:

  • Attackers were more inclined to launch DDoS attacks when the short-term benefits from cryptomining activities declined in 2018.
  • In 2018, DDoS attacks kept expanding in size as DDoS-as-a-Service experienced a fast growth.
  • Of all internet attack types, 25% of attackers were recidivists responsible for 40% of all attack events. The proportion of recidivists in DDoS attacks decreased in 2018, making up about 7% of DDoS attackers that launched 12% of attack events.
  • Cloud services/IDCs, gaming, and e-commerce were the top three industries targeted by attackers.
  • The total number of DDoS attacks in 2018 reached 148,000, down 28.4% from 2017, driven by effective protections against reflection attacks, which decreased considerably.
  • In 2018, the most frequently seen attacks were SYN flood, UDP flood, ACK flood, HTTP flood, and HTTPS flood attacks, which all together accounted for 96% of all DDoS attacks.
  • Of all DDoS attacks, 13% used a combination of multiple attack methods. The other 87% were single-vector attacks.

correlation DDoS attacks cryptomining

“The fluctuation of Bitcoin prices has a direct bearing on DDoS attack traffic,” said Richard Zhao, COO at NSFOCUS.

“This, along with other report findings, can help us better predict and prepare for DDoS attacks. Attackers are after profits and as we watch bitcoin fluctuate, we will continue to see this correlation pop up. DDoS attacks have never stopped since making their debut – analyzing trends in this report helps companies keep up with the fluid attack and threat landscape.”

Source: https://www.helpnetsecurity.com/2019/04/15/correlation-ddos-attacks-cryptomining/

DOSarrest Launches New Cloud Based Network Traffic Analyzer Service

VANCOUVER, British Columbia, March 19, 2019 /PRNewswire/ — DOSarrest Internet Security announced today that they have released a new service offering called DOSarrest Traffic Analyzer (DTA). This new service allows subscribers to send their Netflow, Sflow or Jflow network data from their routers and switches to DOSarrest’s Big Data cluster, then login to their portal and graphically see what types and volumes of traffic are flowing in and out of their networks in almost real-time. Using this traffic intelligence, network operators can pinpoint the cause of any congestion, create their own ACLs to white-list or black-list any malicious networks. It gives engineers the intelligence they need to understand how their network is being used and for what purpose.

Some of the real-time graphical and historical information available in the dashboard is

Top 10 Source Countries
Top 10 Source Networks
Top 10 Source ASNs
Top 10 Source Netblocks
Top 10 Destination IPs
Top 10 Destination IPs
Top 10 Protocols and Ports

DOSarrest CTO, Jag Bains states, “I have been running Internet backbones for over 20 years and having something that is this cost effective has always been a problem, most solutions require expensive hardware and licensing or extensive software development. Setup is easy with DTA, just add 1 line to the router config and you’re done.”

This new service can also be combined with DOSarrest’s existing DDoS protection for network infrastructure service, where customers, using the same dashboard can automatically stop any DDoS attack on a customer’s data center or corporate network.

CEO Mark Teolis adds, “This service is really in its infancy, we are already working on version 2 and we plan on releasing a new version every 90 days thereafter. Once the network flow information is in the big data platform, there’s so much that can be done to extract network intelligence, it’s almost impossible to predict today what and how it can help network operators going forward. We are starting to test with some machine learning models to see what it can do.”

About DOSarrest Internet Security:
DOSarrest founded in 2007 in Vancouver, B.C., Canada specializes in fully managed cloud based Internet security services including DDoS protection services, Data Center Defender (DCD), Web Application Firewall (WAF), DDoS Attack testing, as well as cloud based global load balancing.

More information at http://www.DOSarrest.com

Source: https://www.prnewswire.com/news-releases/dosarrest-launches-new-cloud-based-network-traffic-analyzer-service-300814472.html

DIY Botnet Detection: Techniques and Challenges

Botnets continue to spread to places never dreamed of a few years ago. But you can fight them off, and these tips can help.

Botnets have been around for over two decades, and with the rise of the Internet of Things (IoT), they have spread further to devices no one imagined they would: routers, mobile devices, and even toasters.

Some botnets are legions of bot-soldiers waiting for a command to attack a target server, generally to overwhelm the server with a distributed denial-of-service (DDoS) attack. Other botnets target specific devices by stealing passwords or mining cryptocurrency. Cryptocurrency mining, in particular, has been a dramatically growing threat for organizations recently, with botnets such as Coinhive and CryptoLoot enabling cybercriminals to make as much as $100 million a year at the expense of victims’ computing power. Smominru, among the largest cryptocurrency-mining botnets, has infected over half a million machines using the infamous EternalBlue exploit leaked from the NSA.

To prevent botnet infections, organizations must be able to detect them. But botnet detection isn’t easy. Let’s explore some of the top techniques and challenges in botnet detection.

Methods for Botnet Detection
So, what’s a botnet? Simply put, it’s a cluster of bots — compromised computers and devices — that perform commands given by the botnet owner. Usually, the botnet owner will dedicate a command and control server (C2), a compromised server for communicating with the bots, usually via Internet Relay Chat commands. The botnet owner uses the C2 server to order botnets to execute attacks, whether that’s DDoS attacks, data theft, identity theft, or another type of attack. Thus, the smoking gun that points to a botnet is its C2 server.

Unfortunately, finding the C2 isn’t usually a simple task. Many botnet commands emerge from multiple servers or take hidden forms, masking the malicious commands as harmless activity such as Tor network traffic, social media traffic, traffic between peer-to-peer services, or domain-generation algorithms. Further complicating matters, the commands are often very subtle, making it difficult to detect any anomalies.

One method for attempting to detect C2s is breaking down and analyzing the malware code. Organizations can try to disassemble the compiled code, from which they can sometimes identify the root source of the botnet’s commands. However, since botnet creators and administrators increasingly are using integrated encryption, this technique is less and less effective.

Generally, C2 detection requires visibility into the communication between a C2 server and its bots, but only security solutions that specifically protect C2 servers will have this kind of visibility. A more common approach for detecting botnets is tracking and analyzing the attacks themselves — into which standard security solutions provide visibility — and determining which attacks originated from botnets.

When looking at exploit attempts, there are a few possible indications for a botnet. For example, if the same IP addresses attack the same sites, at the same time, using the same payloads and attack patterns, there’s a good chance they’re part of a botnet. This is especially true if many IPs and sites are involved. One prominent example is a DDoS attempt by a botnet on a web service.

Source: Johnathan Azaria
Source: Johnathan Azaria

False Positives
The likelihood of false positives makes botnet detection particularly difficult. Some payloads are widely used, raising the probability of a randomly occurring pattern triggering a false positive. Additionally, attackers can change their IP addresses by using a virtual private network or a proxy, making it look like many attackers or bots are involved when there’s really only one.

Hacking tools and vulnerability scanners also behave similarly enough to botnets to often return false positives. This is because hacking tools generate the same payloads and attack patterns, and many hackers use them, regardless of the color of their hat. And, if different players happen to conduct a penetration test on the same sites at the same time, it may look like a botnet attack.

Organizations can often identify false positives by Googling the payload and referencing any documented information around it. Another technique involves simply gleaning any information readily available within the raw request in the security solution. For example, if a vulnerability scanner is to blame, most security solutions will reveal that by identifying it, especially if it’s one of the more common vulnerability scanners.

False positives are an unavoidable challenge in botnet detection given the enormous amount of potential incidents; recent research shows that 27% of IT professionals receive over 1 million security alerts every day, while 55% receive more than 10,000. But with the right techniques and diligence, organizations can discern the harmless traffic from the malicious, botnet-driven traffic.

Source: https://www.darkreading.com/cloud/diy-botnet-detection-techniques-and-challenges/a/d-id/1333949

When 911 Goes Down: Why Voice Network Security Must Be a Priority

When there’s a DDoS attack against your voice network, are you ready to fight against it?

An estimated 240 million calls are made to 911 in the US each year. With the US population estimated at more than 328 million people as of November 2018, this means each US resident makes, on average, more than one 911 call per year. 911 is a critical communications service that ensures the safety and individual welfare of our nation’s people.

So, what happens when the system goes down?

Unfortunately, answers can include delays in emergency responses, reputational damage to your brand or enterprise by being associated with an outage, and even loss of life or property. We have seen very recent examples of how disruption in 911 services can impact municipalities. For example, days after Atlanta was struck by a widespread ransomware attack, news broke of a hacking attack on Baltimore’s computer-assisted dispatch system, which is used to support and direct 911 and other emergency calls. For three days, dispatchers were forced to track emergency calls manually as the system was rebuilt — severely crippling their ability to handle life-and-death situations.

In 2017, cybersecurity firm SecuLore Solutions reported that there had been 184 cyberattacks on public safety agencies and local governments within the previous two years. 911 centers had been directly or indirectly attacked in almost a quarter of those cases, most of which involved distributed denial-of-service (DDoS) attacks.

Unfortunately, these kinds of DDoS attacks will continue unless we make it a priority to improve the security of voice systems, which remain dangerously vulnerable. This is true not just for America’s emergency response networks, but also for voice networks across a variety of organizations and industries.

The Evolving DDoS Landscape
In today’s business world, every industry sector now relies on Internet connectivity and 24/7 access to online services to successfully conduct sales, stay productive, and communicate with customers. With each DDoS incident costing $981,000 on average, no organization can afford to have its systems offline.

This is a far cry from the early days of DDoS, when a 13-year-old studentdiscovered he could force all 31 users of the University of Illinois Urbana-Champaign’s CERL instruction system to power off at once. DDoS was primarily used as a pranking tool until 2007, when Estonian banks, media outlets, and government bodies were taken down by unprecedented levels of Internet traffic, which sparked nationwide riots.

Today, DDoS techniques have evolved to use Internet of Things devices, botnets, self-learning algorithms, and multivector techniques to amplify attacks that can take down critical infrastructure or shut down an organization’s entire operations. Last year, GitHub experienced the largest-ever DDoS attack, which relied on UDP-based memcached traffic to boost its power. And just last month, GitHub experienced a DDoS attack that was four times larger.

As these attacks become bigger, more sophisticated, and more frequent, security measures have also evolved. Organizations have made dramatic improvements in implementing IP data-focused security strategies; however, IP voice and video haven’t received the same attention, despite being equally vulnerable. Regulated industries like financial services, insurance, education, and healthcare are particularly susceptible — in 2012, a string of DDoS attacksseverely disrupted the online and mobile banking services of several major US banks for extended periods of time. Similarly, consider financial trading — since some transactions are still done over the phone, those jobs would effectively grind to a halt if a DDoS attack successfully took down their voice network.

As more voice travels over IP networks and as more voice-activated technologies are adopted, the more DDoS poses a significant threat to critical infrastructure, businesses, and entire industries. According to a recent IDC survey, more than 50% of IT security decision-makers say their organization has been the victim of a DDoS attack as many as 10 times in the past year.

Say Goodbye to DDoS Attacks
For the best protection from DDoS attacks, organizations should consider implementing a comprehensive security strategy that includes multiple layers and technologies. Like any security strategy, there is no panacea, but by combining the following solutions with other security best practices, organizations will be able to better mitigate the damages of DDoS attacks:

  • Traditional firewalls: While traditional firewalls likely won’t protect against a large-scale DDoS attack, they are foundational in helping organizations protect data across enterprise networks and for protection against moderate DDoS attacks.
  • Session border controllers (SBCs): What traditional firewalls do for data, SBCs do for voice and video data, which is increasingly shared over IP networks and provided by online services. SBCs can also act as session managers, providing policy enforcement, load balancing and network/traffic analysis. (Note: Ribbon Communications is one of a number of companies that provide SBCs.)
  • Web application firewalls: As we’ve seen with many DDoS attacks, the target is often a particular website or online service. And for many companies these days, website uptime is mission-critical. Web application firewalls extend the power of traditional firewalls to corporate websites.

Further, when these technologies are paired with big data analytics and machine learning, organizations can better predict normative endpoint and network behavior. In turn, they can more easily identify suspicious and anomalous actions, like the repetitive calling patterns representative of telephony DoS attacks or toll fraud.

DDoS attacks will continue to be a threat for organizations to contend with. Cybercriminals will always look toward new attack vectors, such as voice networks, to find the one weak spot in even the most stalwart of defenses. If organizations don’t take the steps necessary to make voice systems more secure, critical infrastructure, contact centers, healthcare providers, financial services and educational institutions will certainly fall victim. After all, it only takes one overlooked vulnerability to let attackers in.

Source: https://www.darkreading.com/attacks-breaches/when-911-goes-down-why-voice-network-security-must-be-a-priority-/a/d-id/1333782

Hacktivist Gets 10-Year Prison Sentence for DDoS Attack on Hospitals

A 34-year-old man from Somerville, Massachusetts, has been sentenced to 10 years in prison for launching distributed denial-of-service (DDoS) attacks against two healthcare organizations in the United States.

Martin Gottesfeld, who identified himself as a member of the Anonymous movement, was accused of launching DDoS attacks against the Boston Children’s Hospital and the Wayside Youth and Family Support Network back in 2014.

The attacks on these organizations were part of a campaign related to Justina Pelletier, a teen who had been the subject of a high-profile custody battle between her parents and the state of Massachusetts.

Boston Children’s Hospital and Pelletier’s parents entered a dispute over a diagnosis and a judge awarded custody of the teen to the state. Pelletier was later moved to Wayside Youth and Family Support Network, a residential treatment facility.

Gottesfeld posted a video on YouTube in the name of Anonymous urging others to launch DDoS attacks on the Boston Children’s Hospital until Pelletier was released.

According to authorities, the DDoS attack aimed at the hospital was powered by tens of thousands of bots. The attack caused disruptions not only to the Boston Children’s Hospital, but also several other medical facilities in the Longwood Medical Area.

The Boston hospital claimed that the attack had cost it over $300,000 and led to the organization losing roughly $300,000 in donations due to the attack disabling its fundraising portal.

Gottesfeld became a suspect a few months after the attacks were launched. His home was searched and his devices were seized, but he was not charged at the time. In February 2016, he and his wife attempted to flee the country on a small boat, but they returned to the US on a Disney Cruise Ship that had rescued them off the coast of Cuba.

Gottesfeld was arrested upon his return. He was convicted by a jury on August 1, 2018, of one count of conspiracy to damage protected computers and one count of damaging protected computers.

He has now been sentenced to 121 months in prison and ordered to pay nearly $443,000 in restitution.

According to Reuters, Gottesfeld plans on appealing the sentence, but says he has no regrets.

Source: https://www.securityweek.com/hacktivist-gets-10-year-prison-sentence-ddos-attack-hospitals

Blockchain Technology can be Critical to IoT Infrastructure Security

Over 45 billion IoT devices are expected to be connected by 2021, while the cumulative cost of data breaches between 2017 and 2022 is expected to touch $8 trillion

The era of Internet of things (IoT) is upon us and it is impacting our lives. Today, technology has pervaded into nearly all walks of life, and constant innovation has made it almost impossible to stay disconnected. However, with all the convenience that connected devices offer, there is also a growing risk of cyber threats that can cripple the IoT networks and infrastructure, and cause considerable economic and personal harm to users.

According to a report by Juniper Research, as much as 46 billion IoT devices are expected to be connected by 2021, while the cumulative cost of data breaches between 2017 and 2022 is expected to touch $8 trillion. Securing IoT would require adopting a future-ready, flexible and highly scalable cybersecurity strategy – a significant shift from current reactive approaches used by businesses that involve patching discovered vulnerabilities and adding new solutions without performing a comprehensive assessment.

IoT makes it possible to connect previously closed devices and appliances to the Internet and allow users to control their operations remotely. However, as more closed systems are made accessible online, they also become increasingly vulnerable to cyberattacks and hacks. From smart homes and offices to connected cars, unmanned aerial vehicles, autonomous trucks and even to critical infrastructure like industrial control systems as part of industrial Internet of things (IIoT) – all existing and emerging IoT networks face a very high risk of cyber threats.

Blockchain-powered cybersecurity  

An emerging technology alongside IoT which offers much promise in helping secure connected devices is blockchain technology. While blockchain technology gained prominence originally in the world of fintech by ushering in the revolution of digital payments, this underlying technology behind the success and rise of cryptocurrencies could play an important role in cybersecurity, especially in the IoT space.

A blockchain-based cybersecurity platform can secure connected devices using digital signatures to identify and authenticate them, adding them as authorized participants in the blockchain network and ring-fencing critical infrastructure by rendering them invisible to unauthorized access attempts. Each authenticated device joining the blockchain-based secure IoT network is treated as a participating entity, just like in a conventional blockchain network. All communication among these verified participants (IoT devices) are cryptographically secure and are stored in tamper-proof logs.

Every new device added to the network is registered by assigning a unique digital ID on the blockchain network, and the platform provides secure channels for inter-device communication and offers all connected devices secure access to core systems or infrastructure as well. A blockchain-based cybersecurity solution can additionally leverage Software-Defined Perimeter (SDP) architecture and utilize a Zero-Trust model to render all authenticated devices invisible to attackers. This means that only verified devices can “see” or know of the existence of other connected devices, adding an extra layer of security to the IoT infrastructure.

Benefits and the way forward

A blockchain powered platform uses a decentralized set-up, further denying cyber attackers a single point of failure to target to bring down such a network. Consensus-based control distributes the responsibility of security across nodes within a blockchain network, making it impossible for hackers to spoof their way into such a network, and also protecting IoT networks from being brought down via DDoS attacks. Decentralization also makes such a solution highly scalable – one of the biggest concerns of implementing cybersecurity on an ever-growing network such as in the case of connected devices. With every new device that gets added/removed, the change is immediately notified to all participants, letting the system be adaptable and flexible to expand and evolve over time without significant upgrades to the platform in entirety.

Such a system can be used to secure smart homes, connected autonomous vehicles, critical IIoT infrastructure and even entire smart cities. A cybersecurity solution based on blockchain technology enhanced using SDP architecture offers a next-generation, future-proof way to secure IoT devices, networks and communication, not just from present-day vulnerabilities and cyber risks, but remain just as robust in anticipating emerging vulnerabilities and offering protection against them.

Both blockchain and IoT are emerging technologies, with most innovations in these domains being at nascent, proof-of-concept stages. However, blending the strengths of blockchain technology with the potential of IoT can quickly and effectively propel entire industries, cities and nations into the “smart” space, by easing the burden of securing an ever-expanding perimeter of unconventional devices and critical infrastructure without impeding the rate of innovation.

Source: https://www.entrepreneur.com/article/325855

Ad Fraud 101: How Cybercriminals Profit from Clicks

Fraud is and always will be a cornerstone of the cybercrime community. The associated economic gains provide substantial motivation for today’s malicious actors, which is reflected in the rampant use of identity and financial theft, and ad fraud. Fraud is, without question, big business. You don’t have to look far to find websites, on both the clear and the darknet, that profit from the sale of your personal information.

Fraud-related cyber criminals are employing an evolving arsenal of tactics and malware designed to engage in these types of activities. What follows is an overview.

Digital Fraud

Digital fraud—the use of a computer for criminal deception or abuse of web enabled assets that results in financial gain—can be categorized and explained in three groups for the purpose of this blog: basic identity theft with the goal of collecting and selling identifiable information, targeted campaigns focused exclusively on obtaining financial credentials, and fraud that generates artificial traffic for profit.

Digital fraud is its own sub-community consistent with typical hacker profiles. You have consumers dependent on purchasing stolen information to commit additional fraudulent crime, such as making fake credit cards and cashing out accounts, and/or utilizing stolen data to obtain real world documents like identification cards and medical insurance. There are also general hackers, motivated by profit or disruption, who publicly post personally identifiable information that can be easily scraped and used by other criminals. And finally, there are pure vendors who are motivated solely by profit and have the skills to maintain, evade and disrupt at large scales.

  • Identity fraud harvests complete or partial user credentials and personal information for profit. This group mainly consists of cybercriminals who target databases with numerous attack vectors for the purposes of selling the obtained data for profit. Once the credentials reach their final destination, other criminals will use the data for additional fraudulent purposes, such as digital account takeover for financial gains.
  • Banking fraud harvests banking credentials, digital wallets and credit cards from targeted users. This group consists of highly talented and focused criminals who only care about obtaining financial information, access to cryptocurrency wallets or digitally skimming credit cards. These criminals’ tactics, techniques and procedures (TTP) are considered advanced, as they often involve the threat actor’s own created malware, which is updated consistently.
  • Ad fraud generates artificial impressions or clicks on a targeted website for profit. This is a highly skilled group of cybercriminals that is capable of building and maintaining a massive infrastructure of infected devices in a botnet. Different devices are leveraged for different types of ad fraud but generally, PC-based ad fraud campaigns are capable of silently opening an internet browser on the victim’s computer and clicking on an advertisement

Ad Fraud & Botnets

Typically, botnets—the collection of compromised devices that are often referred to as a bot and controlled by a malicious actor, a.k.a. a “bot herder—are associated with flooding networks and applications with large volumes of traffic. But they also send large volumes of malicious spam, which is leveraged to steal banking credentials or used to conduct ad fraud.

However, operating a botnet is not cheap and operators must weigh the risks and expense of operating and maintaining a profitable botnet. Generally, a bot herder has four campaign options (DDoS attacks, spam, banking and ad fraud) with variables consisting of research and vulnerability discovery, infection rate, reinfection rate, maintenance, and consumer demand.

With regards to ad fraud, botnets can produce millions of artificially generated clicks and impressions a day, resulting in a financial profit for the operators. Two recent ad fraud campaigns highlight the effectiveness of botnets:

  • 3ve, pronounced eve, was recently taken down by White Owl, Google and the FBI. This PC-based botnet infected over a million computers and utilized tens of thousands of websites for the purpose of click fraud activities. The infected users would never see the activity conducted by the bot, as it would open a hidden browser outside the view of the user’s screen to click on specific ads for profit.
  • Mirai, an IoT-based botnet, was used to launch some of the largest recorded DDoS attacks in history. When the co-creators of Mirai were arrested, their indictments indicated that they also engaged in ad fraud with this botnet. The actors were able to conduct what is known as an impression fraud by generating artificial traffic and directing it at targeted sites for profit. 

The Future of Ad Fraud

Ad fraud is a major threat to advertisers, costing them millions of dollars each year. And the threat is not going away, as cyber criminals look for more profitable vectors through various chaining attacks and alteration of the current TTPs at their disposal.

As more IoT devices continue to be connected to the Internet with weak security standards and vulnerable protocols, criminals will find ways to maximize the profit of each infected device. Currently, it appears that criminals are looking to maximize their new efforts and infection rate by targeting insecure or unmaintained IoT devices with a wide variety of payloads, including those designed to mine cryptocurrencies, redirect users’ sessions to phishing pages or conduct ad fraud.

Source: https://securityboulevard.com/2019/01/ad-fraud-101-how-cybercriminals-profit-from-clicks/

FragmentSmack: How is this denial-of-service exploited?

FragmentSmack, a DDoS vulnerability first discovered in Linux, affects Windows as well as nearly 90 Cisco products. Discover how it can be exploited with Judith Myerson.

A distributed denial-of-service vulnerability called FragmentSmack enables an unauthenticated remote attacker to disable servers with a stream of fragmented IP packets that activate the vulnerability on affected systems. First discovered in Linux, and now also found in Windows, FragmentSmack affects many products, including nearly 90 from Cisco. How can this vulnerability be exploited, and how big is the threat?
FragmentSmack is a vulnerability in the IP stack that can be used to execute a distributed denial-of-service attack. The vulnerability affects Linux kernel version 3.9 or later, and it was discovered in some Cisco products by the Vulnerability Coordination team of the National Cyber Security Centre of Finland and the CERT Coordination Center. The flaw is caused by inefficient algorithms used in IP implementations to reassemble fragmented IPv4 and IPv6 packets.

An attacker using the FragmentSmack vulnerability could exploit it remotely by continuously sending crafted packets — that appear to be fragments of larger packets that need to be reassembled — to cause the system to become unresponsive, as 100% of the CPU cores will be in use.

In one scenario, an attacker could send a stream of 8-byte sized IP fragments, each starting with randomly chosen offset values, to a server. The queue of malformed IP fragments waiting for reassembly — which will never happen because the fragments are not part of any legitimate packets — increases in size until all the CPU core resources are consumed, leaving no room for other tasks the system needs to perform.

The attacker doesn’t specify what core the malformed packets are sent to and the Linux kernel automatically distributes the reassembly to different cores. While such an attack could take a server down, once the flow of malicious fragments stops, the targeted server can resume its normal function.

Cisco’s vulnerable listed products include network and content security devices, voice and unified communications devices, and telepresence and transcending devices.

Likewise, this threat has extended to Microsoft and Red Hat, and the affected Microsoft’s Window systems include versions 7, 8.1 and 10, as well as all the Windows Server versions. Windows 10 — 64 bit — in particular, features an option for Windows Subsystem for Linux that is vulnerable. Turning off this option doesn’t prevent the attacker from exploiting the vulnerability, however.

Vulnerable Red Hat products include Virtualization 4, Enterprise MRG, Enterprise Linux Atomic Host and Enterprise Linux versions 6, 7, Real Time 7, 7 for ARM64 and 7 for Power.

Source: https://searchsecurity.techtarget.com/answer/FragmentSmack-How-is-this-denial-of-service-exploited

In the DNI reported on DDoS-attack on the site of the national police

The website of the people’s militia department of the self-proclaimed Donetsk people’s republic was subjected to DDoS attacks, said the head of the people’s militia press service, Daniel Bezsonov.

According to him, this happened after the agency announced that Kiev was preparing a large-scale offensive in the Donbass.

“It has been established that the attack was carried out from the Ukrainian and Baltic IP addresses,” Betsonov quoted the Donetsk News Agency.

In October 2016, the DPR announced that hackers from Ukraine had hacked and blocked the database of the self-proclaimed Donetsk People’s Republic pension fund, as a result of which payments to DPR residents were suspended.

Source: http://www.tellerreport.com/news/–in-the-dni-reported-on-ddos-attack-on-the-site-of-the-national-police-.BkyHtk6JE.html

Small Businesses Lose $80K on Average to Cybercrime Annually, Better Business Bureau Says

The growth of cybercrime will cost the global economy more than $2 trillion by 2019, according to the Better Business Bureau’s 2017 State of Cybersecurity Among Small Businesses in North America report.

Cost of a Cyber Attack

When it comes to small businesses, the report said the overall annual loss was estimated at almost $80K or $79,841 on average. And as more small businesses become equal parts digital and brick-and-mortar, securing both aspects of their company is more important than ever.

The risks small business owners face in the digital world has increased their awareness of the dangers of this ecosystem. A survey conducted by GetApp in 2017 revealed security concerns ranked second as the challenges small businesses were facing.

In its report GetApp says, small businesses have to implement a multipronged approach with defense mechanism designed to “Ward off attacks from different fronts.”

However, the company doesn’t forget to address the challenges small business owners face when it comes to tackling cybersecurity with limited budgets and IT expertise while at the same time running their business.

Adopting a Small Business Cybersecurity Strategy

Why is adopting a cybersecurity strategy important for small businesses? Because according to eMarketer, in 2017 retail e-commerce sales globally reached $2.304 trillion, which was a 24.8% increase over the previous year.





Of this total, mCommerce accounted for 58.9% of digital sales and overall eCommerce made up 10.2% of total retail sales worldwide in 2017, an increase of 8.6% for the year.

What this means for small businesses is they can’t afford not to be part of this growing trend in digital commerce. They have to ensure the digital platform they have protects their organization and customers whether they are on a desktop, laptop or mobile device.

Have Clear Goals and Objectives

When it comes to cybersecurity, having clear goals and objectives will greatly determine the success of the tools, processes, and governance you put in place to combat cybercriminals.

According to GetApp, with the right cybersecurity solution in place, your small business will be able to detect and prevent a cyber-attack before it takes place.

It is important to note, there is no such thing as 100% security, whether it is in the digital or physical world. Given enough time and resources, bad actors may be able to find a vulnerability in any system. The data breaches at some of the largest organizations in the world are proof of this fact.

As a small business, your goal is to make it as difficult as possible for these bad actors to penetrate the security protocols you have in place.

Don’t Rely on a Single Solution

The GetApp report says small businesses have to fortify their organization against different threats emerging from multiple fronts.

The company says there is no single cybersecurity solution which offers complete defense against all the different types of threats that are out there. At any given time a small business can be under attack from a distributed denial of service or DDoS attack, ransomware attacks, cryptojacking, and others.

To address these challenges, GetApp recommends small businesses to implement a cybersecurity strategy with investments which include a combination of antivirus, firewall, spam filter, data encryption, data backup, and password management applications.

Last but not least, even if you have the best system in place, you have to stay vigilant at all times. Cybercriminals rely on complacency.

Source: https://smallbiztrends.com/2018/12/cost-of-a-cyber-attack-small-business.html