DDoS Attacks Up in Q1 After Months of Steady Decline

Sudden surge suggests that new actors have stepped up to the plate to replace the old operators.

Distributed denial-of-service attacks (DDoS) — particularly those lasting more than an hour — increased sharply in number during the first quarter of this year over the prior quarter after declining steadily for most of 2018.

The unexpected resurgence suggests that new suppliers of DDoS services have quietly emerged to replace operators that were disrupted in a series of law enforcement actions last year, Kaspersky Lab said in a report summarizing DDoS activity in Q1 2019.

The security vendor’s analysis shows the number of DDoS attacks in Q1 to be some 84% higher than the number recorded in the last three months of 2018.

One significant trend that Kaspersky Lab notes is an overall increase in the number of attacks lasting one hour or longer. Over one in 10 (10.13%) of the DDoS attacks in Kaspersky Lab’s dataset lasted between five hours and nine hours, and another 9.37% lasted between 10 hours and 49 hours — or more than two days. Some 2% of the attacks were longer than 50 hours, with the longest one lasting 289 hours, or just over 12 days.

In total, the proportion of sustained attacks, or those lasting more than an hour, nearly doubled from 11% of the overall number of DDoS attacks in the last quarter of 2018 to 21% of the total in the first three months this year. Correspondingly, the number of short-duration DDoS attacks lasting less than four hours declined — from 83.34% in Q4 2018 to 78.66% this year.

Alexander Gutnikov, an analyst with Kaspersky Lab DDoS prevention service, says attackers are increasingly moving away from volumetric, high-bandwidth attacks at the network (L3) and transport (L4) layers because of the mitigations available for such attacks. Instead, they are turning to smarter DDoS attacks such as those that target the application layer.

“The main driver of the growth of smart DDoS attacks is a decrease in the effectiveness of volumetric attacks,” Gutnikov says. “Volumetric attacks have to be very powerful to significantly affect the stability of resources,” For vendors that provide dedicated DDoS mitigation services, the trend is not particularly new. he adds.

As has been the case for several years, a majority of DDoS attacks last quarter were SYN flood attacks. However, the number of SYN attacks as a percentage of the overall total of DDoS attacks jumped sharply from 58.1% in the last quarter of 2018 to over 84% in this year’s first quarter. Meanwhile, other types of DDoS attacks, such as UDP flooding and TCP flooding, showed a corresponding decrease.

HTTP flooding attacks targeting the Web application layer are still relatively rare. However, the number of such attacks appears to be growing. Kaspersky Lab analysis shows HTTP flood attacks increasing in number from 2.2% of the overall total in Q4 to 3.3% last quarter. “In terms of the ratio of effectiveness and cost of organization, application-level attacks, L7, are an optimal option for malefactors,” Gutnikov notes.

A Persistent Threat
Kaspersky Lab’s new report is the latest to highlight the continuing threat that DDoS attacks present to organizations despite some major wins for law enforcement against those behind such attacks.

Last April, for instance, European law enforcement agencies, in cooperation with their counterparts in other regions of the world, dismantled Webstresser, one of the largest sites for buying and selling DDoS services at the time, and announced the arrests of the operators and several clients of the illegal outfit.

More recently the US Justice Department announced it had seized 15 websites offering similar DDoS-for-hire services and charged three individuals for their roles in the operation. In January, a Boston federal judge sentencedan individual convicted on charges of launching a DDoS attack on Boston Children’s Hospital to 10 years in prison.

The fact that the number of attacks increased last quarter are all the same suggests that new actors have stepped up to the plate to replace the old operators, according to Kaspersky Lab.

“We believe that the motives for DDoS services remain the same: politics, unfair competition, concealment of other cybercrime, or personal motives,” Gutnikov says. “And for people who conduct DDoS attacks, the main motive is money.”

Data from Verizon’s “2019 Data Breach Investigations Report” (DBIR) shows that public-sector organizations and those in the IT, finance, and professional services sectors are far more frequent targets of DDoS attacks than organizations in other industries. Verizon counted more than 990 DDoS incidents against public-sector organizations in 2018, 684 attacks against IT organizations, 575 targeting financial firms, and nearly 410 against professional services firms.

Financial services organizations and IT companies are also targets of some of the biggest DDoS attacks — from a bandwidth and packets-per-second standpoint. Verizon’s data shows that in 2018, the median size of DDoS attacks against financial services companies and IT organizations were 1.47 Gbps and 1.27 Gbps, respectively.

“Over time, DDoS attacks have been getting much more tightly clumped with regard to size,” with little difference in size between the largest and smallest attacks, Verizon said.

Ominously for enterprise organizations, while DDoS attacks, on average, have shrunk in size overall, there has been an increase in the number of really massive attacks.

According to security vendor Imperva, there has been a recent increase in DDoS attacks involving 500 million or more attack packets per second. During a one-week period earlier this year, Imperva’s researchers detected nine such DDoS attacks, with the largest one hitting an astounding 652 million packets per second.

Source:https://www.darkreading.com/attacks-breaches/ddos-attacks-up-in-q1-after-months-of-steady-decline/d/d-id/1334778

Preparing Your Mid-Market Business For Cyberattacks

Security headlines continue to focus on high-profile breaches of Fortune-ranked enterprises. But there is a second story being ignored. Cybercrime syndicates are also targeting, attacking and breaching small, medium and even micro organizations in greater and greater numbers. Multiple industry studies support this claim, including ones from Cisco and Ponemon.

Why exactly are these organizations being targeted, what are the attacks to defend against and how can these organizations start to defend themselves?

Fast Money With Lower Entry Barriers

Midsize organizations are relatively easy targets. Like enterprises, they are rapidly evolving. They have adopted the cloud and development and operations teams, and they have digitized all their valuable assets. But compared to enterprises, midsize organizations have smaller cybersecurity teams, lower organizational security awareness and fewer critical systems to infect —making them easier to breach and ransom. While cybercriminals still see larger enterprises as higher-value targets, midsize organizations have transformed themselves into low-hanging fruit that cybercrime syndicates are happy to snag. Midsize organizations keep the cash flow for cybercrime syndicates going while they try to earn high payoffs with large enterprise compromise.

 Supply Chains Are Vulnerable

Midsize organizations also offer easy entry points into the larger enterprises they service. In many high-profile, large-scale breaches — including the breaches of Target, OPM, Best Buy, Sears and UMG — cybercriminals first compromised their smaller third-party providers and used them to open backdoors into the real target. Large enterprises are taking notice and have begun to demand a high level of cybersecurity maturity from their third-party service providers.

The Evolution Of New Low-Cost Attacks

Attack technologies have evolved. In the past, cyberattacks were relatively resource-intensive, so criminals had to focus their limited resources on large, high-value organizations. However, cybercriminals can now use automated, scalable, on-demand attack infrastructures to quickly launch many sophisticated attacks against a high volume of targets. And smaller organizations are getting caught in this new spray-and-pray approach.

This will only get worse. Every year, cybercriminals will find it easier to launch attacks against many mid-size organizations, use their initial victims and deepen their compromise. And this problem is poised to explode due to artificial intelligence (AI). Cybercrime syndicates have already begun to experiment with AI-driven attack tools. These AI-driven hacking tools will continue to increase the speed and sophistication of cyber threats and only widen the asymmetry between attackers and defenders.

Compromised Machines: Artillery For Future Attacks

Cybercrime syndicates are harvesting small-to-midsize business (SMB) endpoints, converting them into weapons and using them to deploy larger attacks. Most endpoints — including PCs, laptops and mobile devices — are underutilized. Cybercriminals have learned how to compromise these endpoints, run backdoors on them to execute attacks and effectively create a large-scale distributed computing infrastructure to launch their campaigns. They are using thousands of compromised systems to launch smothering DDOS attacks on larger enterprises. They are compromising the email accounts of midsize organizations to bypass spam filters and produce short, effective bursts of phishing emails.

How Can Midsize Organizations Stay Safe?

Cybercrime syndicates will continue to innovate their techniques and scale their attack infrastructure. In fact, with the evolution of AI-driven attacks tools, compromising systems might be a simple voice command away for the attacker. Mid-market businesses will need to focus on the most-used threats because of their limited resources. Luckily, the 80-20 rule applies here, where the large majority of security problems stem from the following handful of threats.

Phishing Attacks

Most mid-size organizations have not implemented mature controls and robust user education programs to prevent phishing attacks, making them high-converting targets for phishing attacks. To get up to speed, midsize organizations need to focus on end-user awareness, strong email gateway security, two-factor authentication (2FA) for authentication and monitoring controls.

Malware Attacks

Malware attacks are more successful against midsize organizations, as they have smaller and simpler networks, and it takes attackers less time to reach organization crown jewels. In fact, according to a report from Verizon, 58% of malware victims are small organizations. As such, midsize organizations need to focus on detecting malware with good endpoint security, detecting lateral movement of attackers with analytics and rapidly containing successful breaches.

Cloud Console And Storage Attacks

As midsize organizations rush to get their cloud-based infrastructure into production, they often fail to realize that on-premise security mindset does not work in the cloud. Take, for example, storage security in the cloud. Small, inadvertent changes in the cloud can produce global high-impact data loss. Many organizations have suffered data exposure, due to Amazon Web Services S3 buckets being configured for public access.

Cybercrime syndicates are actively taking control of organizations by compromising their cloud consoles to steal data and demand ransom. These attacks are not new. Way back in 2014, Code Spaces completely shut downdue to console takeover. But today, automation is making these attacks faster and more common.

To protect against them, midsize organizations should tighten console access with 2FA, establish tighter role permissions and monitor different cloud components stringently. Simply put, a combination of weak console and storage permissions can prove fatal for any midsize organization.

Web Application Attacks

Web applications have been a weak link traditionally. With the current innovation wave incorporating microservices, containers and federated access — it has become more complex to secure.

Right now, the top web application attacks include SQL injection, cross-site scripting and parameter manipulation. This means mid-size organizations need to focus on building robust web application firewall (WAF) protection, continuously monitor all attack events on their web applications and, of course, ensure secure coding as part of their development, security and operations program.

Of course, it is not an asymmetric game in favor of cybercriminals. Artificial intelligence is part of many cybersecurity tools today, making it easier to detect and respond to these emerging scenarios.

Source: https://www.forbes.com/sites/forbestechcouncil/2019/04/24/preparing-your-mid-market-business-for-cyberattacks/#61cc791252ef

The correlation between DDoS attacks and cryptomining

There is a direct correlation between cryptocurrency and DDoS attacks. As the price of cryptocurrency dropped in 2018, leading to decreased profits from cryptomining, hackers on the black market began to divert prime botnet resources to DDoS attack activities, which increased month by month.

correlation DDoS attacks cryptomining

DDoS attacks in 2018

In NSFOCUS’ 2018 DDoS Attack Landscape report, NSFOCUS analyzed the threat landscape after a landmark year of technological growth related to cloud computing, big data, artificial intelligence (AI), Internet of Things (IoT), and Industry 4.0.

Key findings include:

  • Attackers were more inclined to launch DDoS attacks when the short-term benefits from cryptomining activities declined in 2018.
  • In 2018, DDoS attacks kept expanding in size as DDoS-as-a-Service experienced a fast growth.
  • Of all internet attack types, 25% of attackers were recidivists responsible for 40% of all attack events. The proportion of recidivists in DDoS attacks decreased in 2018, making up about 7% of DDoS attackers that launched 12% of attack events.
  • Cloud services/IDCs, gaming, and e-commerce were the top three industries targeted by attackers.
  • The total number of DDoS attacks in 2018 reached 148,000, down 28.4% from 2017, driven by effective protections against reflection attacks, which decreased considerably.
  • In 2018, the most frequently seen attacks were SYN flood, UDP flood, ACK flood, HTTP flood, and HTTPS flood attacks, which all together accounted for 96% of all DDoS attacks.
  • Of all DDoS attacks, 13% used a combination of multiple attack methods. The other 87% were single-vector attacks.

correlation DDoS attacks cryptomining

“The fluctuation of Bitcoin prices has a direct bearing on DDoS attack traffic,” said Richard Zhao, COO at NSFOCUS.

“This, along with other report findings, can help us better predict and prepare for DDoS attacks. Attackers are after profits and as we watch bitcoin fluctuate, we will continue to see this correlation pop up. DDoS attacks have never stopped since making their debut – analyzing trends in this report helps companies keep up with the fluid attack and threat landscape.”

Source: https://www.helpnetsecurity.com/2019/04/15/correlation-ddos-attacks-cryptomining/

DOSarrest Launches New Cloud Based Network Traffic Analyzer Service

VANCOUVER, British Columbia, March 19, 2019 /PRNewswire/ — DOSarrest Internet Security announced today that they have released a new service offering called DOSarrest Traffic Analyzer (DTA). This new service allows subscribers to send their Netflow, Sflow or Jflow network data from their routers and switches to DOSarrest’s Big Data cluster, then login to their portal and graphically see what types and volumes of traffic are flowing in and out of their networks in almost real-time. Using this traffic intelligence, network operators can pinpoint the cause of any congestion, create their own ACLs to white-list or black-list any malicious networks. It gives engineers the intelligence they need to understand how their network is being used and for what purpose.

Some of the real-time graphical and historical information available in the dashboard is

Top 10 Source Countries
Top 10 Source Networks
Top 10 Source ASNs
Top 10 Source Netblocks
Top 10 Destination IPs
Top 10 Destination IPs
Top 10 Protocols and Ports

DOSarrest CTO, Jag Bains states, “I have been running Internet backbones for over 20 years and having something that is this cost effective has always been a problem, most solutions require expensive hardware and licensing or extensive software development. Setup is easy with DTA, just add 1 line to the router config and you’re done.”

This new service can also be combined with DOSarrest’s existing DDoS protection for network infrastructure service, where customers, using the same dashboard can automatically stop any DDoS attack on a customer’s data center or corporate network.

CEO Mark Teolis adds, “This service is really in its infancy, we are already working on version 2 and we plan on releasing a new version every 90 days thereafter. Once the network flow information is in the big data platform, there’s so much that can be done to extract network intelligence, it’s almost impossible to predict today what and how it can help network operators going forward. We are starting to test with some machine learning models to see what it can do.”

About DOSarrest Internet Security:
DOSarrest founded in 2007 in Vancouver, B.C., Canada specializes in fully managed cloud based Internet security services including DDoS protection services, Data Center Defender (DCD), Web Application Firewall (WAF), DDoS Attack testing, as well as cloud based global load balancing.

More information at http://www.DOSarrest.com

Source: https://www.prnewswire.com/news-releases/dosarrest-launches-new-cloud-based-network-traffic-analyzer-service-300814472.html

DIY Botnet Detection: Techniques and Challenges

Botnets continue to spread to places never dreamed of a few years ago. But you can fight them off, and these tips can help.

Botnets have been around for over two decades, and with the rise of the Internet of Things (IoT), they have spread further to devices no one imagined they would: routers, mobile devices, and even toasters.

Some botnets are legions of bot-soldiers waiting for a command to attack a target server, generally to overwhelm the server with a distributed denial-of-service (DDoS) attack. Other botnets target specific devices by stealing passwords or mining cryptocurrency. Cryptocurrency mining, in particular, has been a dramatically growing threat for organizations recently, with botnets such as Coinhive and CryptoLoot enabling cybercriminals to make as much as $100 million a year at the expense of victims’ computing power. Smominru, among the largest cryptocurrency-mining botnets, has infected over half a million machines using the infamous EternalBlue exploit leaked from the NSA.

To prevent botnet infections, organizations must be able to detect them. But botnet detection isn’t easy. Let’s explore some of the top techniques and challenges in botnet detection.

Methods for Botnet Detection
So, what’s a botnet? Simply put, it’s a cluster of bots — compromised computers and devices — that perform commands given by the botnet owner. Usually, the botnet owner will dedicate a command and control server (C2), a compromised server for communicating with the bots, usually via Internet Relay Chat commands. The botnet owner uses the C2 server to order botnets to execute attacks, whether that’s DDoS attacks, data theft, identity theft, or another type of attack. Thus, the smoking gun that points to a botnet is its C2 server.

Unfortunately, finding the C2 isn’t usually a simple task. Many botnet commands emerge from multiple servers or take hidden forms, masking the malicious commands as harmless activity such as Tor network traffic, social media traffic, traffic between peer-to-peer services, or domain-generation algorithms. Further complicating matters, the commands are often very subtle, making it difficult to detect any anomalies.

One method for attempting to detect C2s is breaking down and analyzing the malware code. Organizations can try to disassemble the compiled code, from which they can sometimes identify the root source of the botnet’s commands. However, since botnet creators and administrators increasingly are using integrated encryption, this technique is less and less effective.

Generally, C2 detection requires visibility into the communication between a C2 server and its bots, but only security solutions that specifically protect C2 servers will have this kind of visibility. A more common approach for detecting botnets is tracking and analyzing the attacks themselves — into which standard security solutions provide visibility — and determining which attacks originated from botnets.

When looking at exploit attempts, there are a few possible indications for a botnet. For example, if the same IP addresses attack the same sites, at the same time, using the same payloads and attack patterns, there’s a good chance they’re part of a botnet. This is especially true if many IPs and sites are involved. One prominent example is a DDoS attempt by a botnet on a web service.

Source: Johnathan Azaria
Source: Johnathan Azaria

False Positives
The likelihood of false positives makes botnet detection particularly difficult. Some payloads are widely used, raising the probability of a randomly occurring pattern triggering a false positive. Additionally, attackers can change their IP addresses by using a virtual private network or a proxy, making it look like many attackers or bots are involved when there’s really only one.

Hacking tools and vulnerability scanners also behave similarly enough to botnets to often return false positives. This is because hacking tools generate the same payloads and attack patterns, and many hackers use them, regardless of the color of their hat. And, if different players happen to conduct a penetration test on the same sites at the same time, it may look like a botnet attack.

Organizations can often identify false positives by Googling the payload and referencing any documented information around it. Another technique involves simply gleaning any information readily available within the raw request in the security solution. For example, if a vulnerability scanner is to blame, most security solutions will reveal that by identifying it, especially if it’s one of the more common vulnerability scanners.

False positives are an unavoidable challenge in botnet detection given the enormous amount of potential incidents; recent research shows that 27% of IT professionals receive over 1 million security alerts every day, while 55% receive more than 10,000. But with the right techniques and diligence, organizations can discern the harmless traffic from the malicious, botnet-driven traffic.

Source: https://www.darkreading.com/cloud/diy-botnet-detection-techniques-and-challenges/a/d-id/1333949

When 911 Goes Down: Why Voice Network Security Must Be a Priority

When there’s a DDoS attack against your voice network, are you ready to fight against it?

An estimated 240 million calls are made to 911 in the US each year. With the US population estimated at more than 328 million people as of November 2018, this means each US resident makes, on average, more than one 911 call per year. 911 is a critical communications service that ensures the safety and individual welfare of our nation’s people.

So, what happens when the system goes down?

Unfortunately, answers can include delays in emergency responses, reputational damage to your brand or enterprise by being associated with an outage, and even loss of life or property. We have seen very recent examples of how disruption in 911 services can impact municipalities. For example, days after Atlanta was struck by a widespread ransomware attack, news broke of a hacking attack on Baltimore’s computer-assisted dispatch system, which is used to support and direct 911 and other emergency calls. For three days, dispatchers were forced to track emergency calls manually as the system was rebuilt — severely crippling their ability to handle life-and-death situations.

In 2017, cybersecurity firm SecuLore Solutions reported that there had been 184 cyberattacks on public safety agencies and local governments within the previous two years. 911 centers had been directly or indirectly attacked in almost a quarter of those cases, most of which involved distributed denial-of-service (DDoS) attacks.

Unfortunately, these kinds of DDoS attacks will continue unless we make it a priority to improve the security of voice systems, which remain dangerously vulnerable. This is true not just for America’s emergency response networks, but also for voice networks across a variety of organizations and industries.

The Evolving DDoS Landscape
In today’s business world, every industry sector now relies on Internet connectivity and 24/7 access to online services to successfully conduct sales, stay productive, and communicate with customers. With each DDoS incident costing $981,000 on average, no organization can afford to have its systems offline.

This is a far cry from the early days of DDoS, when a 13-year-old studentdiscovered he could force all 31 users of the University of Illinois Urbana-Champaign’s CERL instruction system to power off at once. DDoS was primarily used as a pranking tool until 2007, when Estonian banks, media outlets, and government bodies were taken down by unprecedented levels of Internet traffic, which sparked nationwide riots.

Today, DDoS techniques have evolved to use Internet of Things devices, botnets, self-learning algorithms, and multivector techniques to amplify attacks that can take down critical infrastructure or shut down an organization’s entire operations. Last year, GitHub experienced the largest-ever DDoS attack, which relied on UDP-based memcached traffic to boost its power. And just last month, GitHub experienced a DDoS attack that was four times larger.

As these attacks become bigger, more sophisticated, and more frequent, security measures have also evolved. Organizations have made dramatic improvements in implementing IP data-focused security strategies; however, IP voice and video haven’t received the same attention, despite being equally vulnerable. Regulated industries like financial services, insurance, education, and healthcare are particularly susceptible — in 2012, a string of DDoS attacksseverely disrupted the online and mobile banking services of several major US banks for extended periods of time. Similarly, consider financial trading — since some transactions are still done over the phone, those jobs would effectively grind to a halt if a DDoS attack successfully took down their voice network.

As more voice travels over IP networks and as more voice-activated technologies are adopted, the more DDoS poses a significant threat to critical infrastructure, businesses, and entire industries. According to a recent IDC survey, more than 50% of IT security decision-makers say their organization has been the victim of a DDoS attack as many as 10 times in the past year.

Say Goodbye to DDoS Attacks
For the best protection from DDoS attacks, organizations should consider implementing a comprehensive security strategy that includes multiple layers and technologies. Like any security strategy, there is no panacea, but by combining the following solutions with other security best practices, organizations will be able to better mitigate the damages of DDoS attacks:

  • Traditional firewalls: While traditional firewalls likely won’t protect against a large-scale DDoS attack, they are foundational in helping organizations protect data across enterprise networks and for protection against moderate DDoS attacks.
  • Session border controllers (SBCs): What traditional firewalls do for data, SBCs do for voice and video data, which is increasingly shared over IP networks and provided by online services. SBCs can also act as session managers, providing policy enforcement, load balancing and network/traffic analysis. (Note: Ribbon Communications is one of a number of companies that provide SBCs.)
  • Web application firewalls: As we’ve seen with many DDoS attacks, the target is often a particular website or online service. And for many companies these days, website uptime is mission-critical. Web application firewalls extend the power of traditional firewalls to corporate websites.

Further, when these technologies are paired with big data analytics and machine learning, organizations can better predict normative endpoint and network behavior. In turn, they can more easily identify suspicious and anomalous actions, like the repetitive calling patterns representative of telephony DoS attacks or toll fraud.

DDoS attacks will continue to be a threat for organizations to contend with. Cybercriminals will always look toward new attack vectors, such as voice networks, to find the one weak spot in even the most stalwart of defenses. If organizations don’t take the steps necessary to make voice systems more secure, critical infrastructure, contact centers, healthcare providers, financial services and educational institutions will certainly fall victim. After all, it only takes one overlooked vulnerability to let attackers in.

Source: https://www.darkreading.com/attacks-breaches/when-911-goes-down-why-voice-network-security-must-be-a-priority-/a/d-id/1333782

Hacktivist Gets 10-Year Prison Sentence for DDoS Attack on Hospitals

A 34-year-old man from Somerville, Massachusetts, has been sentenced to 10 years in prison for launching distributed denial-of-service (DDoS) attacks against two healthcare organizations in the United States.

Martin Gottesfeld, who identified himself as a member of the Anonymous movement, was accused of launching DDoS attacks against the Boston Children’s Hospital and the Wayside Youth and Family Support Network back in 2014.

The attacks on these organizations were part of a campaign related to Justina Pelletier, a teen who had been the subject of a high-profile custody battle between her parents and the state of Massachusetts.

Boston Children’s Hospital and Pelletier’s parents entered a dispute over a diagnosis and a judge awarded custody of the teen to the state. Pelletier was later moved to Wayside Youth and Family Support Network, a residential treatment facility.

Gottesfeld posted a video on YouTube in the name of Anonymous urging others to launch DDoS attacks on the Boston Children’s Hospital until Pelletier was released.

According to authorities, the DDoS attack aimed at the hospital was powered by tens of thousands of bots. The attack caused disruptions not only to the Boston Children’s Hospital, but also several other medical facilities in the Longwood Medical Area.

The Boston hospital claimed that the attack had cost it over $300,000 and led to the organization losing roughly $300,000 in donations due to the attack disabling its fundraising portal.

Gottesfeld became a suspect a few months after the attacks were launched. His home was searched and his devices were seized, but he was not charged at the time. In February 2016, he and his wife attempted to flee the country on a small boat, but they returned to the US on a Disney Cruise Ship that had rescued them off the coast of Cuba.

Gottesfeld was arrested upon his return. He was convicted by a jury on August 1, 2018, of one count of conspiracy to damage protected computers and one count of damaging protected computers.

He has now been sentenced to 121 months in prison and ordered to pay nearly $443,000 in restitution.

According to Reuters, Gottesfeld plans on appealing the sentence, but says he has no regrets.

Source: https://www.securityweek.com/hacktivist-gets-10-year-prison-sentence-ddos-attack-hospitals

In the DNI reported on DDoS-attack on the site of the national police

The website of the people’s militia department of the self-proclaimed Donetsk people’s republic was subjected to DDoS attacks, said the head of the people’s militia press service, Daniel Bezsonov.

According to him, this happened after the agency announced that Kiev was preparing a large-scale offensive in the Donbass.

“It has been established that the attack was carried out from the Ukrainian and Baltic IP addresses,” Betsonov quoted the Donetsk News Agency.

In October 2016, the DPR announced that hackers from Ukraine had hacked and blocked the database of the self-proclaimed Donetsk People’s Republic pension fund, as a result of which payments to DPR residents were suspended.

Source: http://www.tellerreport.com/news/–in-the-dni-reported-on-ddos-attack-on-the-site-of-the-national-police-.BkyHtk6JE.html

Small Businesses Lose $80K on Average to Cybercrime Annually, Better Business Bureau Says

The growth of cybercrime will cost the global economy more than $2 trillion by 2019, according to the Better Business Bureau’s 2017 State of Cybersecurity Among Small Businesses in North America report.

Cost of a Cyber Attack

When it comes to small businesses, the report said the overall annual loss was estimated at almost $80K or $79,841 on average. And as more small businesses become equal parts digital and brick-and-mortar, securing both aspects of their company is more important than ever.

The risks small business owners face in the digital world has increased their awareness of the dangers of this ecosystem. A survey conducted by GetApp in 2017 revealed security concerns ranked second as the challenges small businesses were facing.

In its report GetApp says, small businesses have to implement a multipronged approach with defense mechanism designed to “Ward off attacks from different fronts.”

However, the company doesn’t forget to address the challenges small business owners face when it comes to tackling cybersecurity with limited budgets and IT expertise while at the same time running their business.

Adopting a Small Business Cybersecurity Strategy

Why is adopting a cybersecurity strategy important for small businesses? Because according to eMarketer, in 2017 retail e-commerce sales globally reached $2.304 trillion, which was a 24.8% increase over the previous year.





Of this total, mCommerce accounted for 58.9% of digital sales and overall eCommerce made up 10.2% of total retail sales worldwide in 2017, an increase of 8.6% for the year.

What this means for small businesses is they can’t afford not to be part of this growing trend in digital commerce. They have to ensure the digital platform they have protects their organization and customers whether they are on a desktop, laptop or mobile device.

Have Clear Goals and Objectives

When it comes to cybersecurity, having clear goals and objectives will greatly determine the success of the tools, processes, and governance you put in place to combat cybercriminals.

According to GetApp, with the right cybersecurity solution in place, your small business will be able to detect and prevent a cyber-attack before it takes place.

It is important to note, there is no such thing as 100% security, whether it is in the digital or physical world. Given enough time and resources, bad actors may be able to find a vulnerability in any system. The data breaches at some of the largest organizations in the world are proof of this fact.

As a small business, your goal is to make it as difficult as possible for these bad actors to penetrate the security protocols you have in place.

Don’t Rely on a Single Solution

The GetApp report says small businesses have to fortify their organization against different threats emerging from multiple fronts.

The company says there is no single cybersecurity solution which offers complete defense against all the different types of threats that are out there. At any given time a small business can be under attack from a distributed denial of service or DDoS attack, ransomware attacks, cryptojacking, and others.

To address these challenges, GetApp recommends small businesses to implement a cybersecurity strategy with investments which include a combination of antivirus, firewall, spam filter, data encryption, data backup, and password management applications.

Last but not least, even if you have the best system in place, you have to stay vigilant at all times. Cybercriminals rely on complacency.

Source: https://smallbiztrends.com/2018/12/cost-of-a-cyber-attack-small-business.html

Man Ordered to Pay $8.6 Million for Launching DDoS Attacks against Rutgers University

A New Jersey man received a court order to pay $8.6 million for launching a series of distributed denial-of-service (DDoS) attacks against Rutgers University.

On October 26, the U.S. Attorney’s Office for the District of New Jersey announced the sentence handed down by U.S. District Judge Michael Shipp to Paras Jha, 22, of Fanwood, New Jersey.

According to court documents, Jha targeted Rutgers University with a series of DDoS attacks between November 2014 and September 2016. The attacks took down the education institution’s central authentication server that maintains the gateway portal used by staff, faculty and students. In so doing, the DDoS campaigns disrupted students’ and faculty members’ ability to exchange assignments and assessments.

The FBI assisted Rutgers in its investigation of the attacks. In August 2015, the university also hired three security firms to test its network for vulnerabilities.

Jha’s criminal efforts online didn’t stop at Rutgers. In the summer and fall of 2016, Jha created the Mirai botnet with Josiah White, 21, of Washington, Pennsylvania and Dalton Norman, 22, of Metairie, Louisiana. The trio spent the next few months infecting more than 100,000 web-connected devices. They then abused that botnet to commit advertising fraud.

In December 2017, the three individuals pleaded guilty in the District of Alaska for conspiring to violate the Computer Fraud & Abuse Act by operating the Mirai botnet. It was less than a year later that a federal court in Alaska ordered the men to serve five-year probation periods, complete 2,500 hours of community service, pay restitution in the amount of $127,000 and voluntarily relinquish cryptocurrency seized by law enforcement during an investigation of their crimes.

Judge Shipp passed down his sentence to Jha within a Trenton federal court. As part of that decision, Jha must serve six months of home incarceration, complete five years of supervised release and perform 2,500 hours of community service for violating the Computer Fraud & Abuse Act.

Source: https://www.tripwire.com/state-of-security/security-data-protection/man-ordered-to-pay-8-6-million-for-launching-ddos-attacks-against-rutgers-university/