Banking on security in an environment of threats

The global financial crisis of 2008 was a piercing wake-up call for the financial industries of the world. It brought several regulatory and legislative changes in its wake, all aimed at preventing the recurrence of such an event. But the years since then have seen a different kind of threat emerging. The warning sirens are more frequent than before and more insistent.

Banks and financial institutions seek to stay relevant and competitive with providing convenient, personalized services to their customers. For this, they collect and analyze huge volumes of sensitive customer data. All this information is stored and accessed online. And this makes them prone to cyber attacks. Cybercriminals exploit vulnerabilities in digital systems to perpetrate attacks of different natures and complexities. Incidences of such attacks have been increasing over the years, and unless we take great care, cyber attacks could easily be the cause of the next global financial crisis.

Only recently, US credit reporting bureau Equifax suffered a huge data breach, resulting in significant loss of data, which included the personal details of over 145 million people across the US, UK, and Canada. This event triggered a rethink of data protection laws in the US. Earlier in 2017, the Llyods Banking Group was hit by a major DDoS (Distributed Denial of Service) attack over the course of 48 hours, as cybercriminals attempted to block access to 20 million UK accounts. Later in the year, several South Korean Banks were threatened with a DDoS attack if they did not pay a $315,000 bitcoin ransom.

Equally worrying, and just as dangerous, are attacks that gradually siphon off data over an extended period of time. Such attacks are generally perpetrated through malware, such as the TrickBot Trojan, which made an appearance in Latin America and targeted banks in over 40 countries.

Recent trends like P2P (peer-to-peer) banking, directives like PSD2 (Revised Payment Service Directive), and initiatives like the Open API Standards for banking in the UK, while they all have their positives, have also inadvertently made the threat landscape riskier by providing more channels through which hackers can target systems. National and global authorities have introduced regulations to ensure that the financial industry takes the cybersecurity aspect of their business very, very seriously.

Under the EU General Data Protection Regulation, which will be enforced from May 25, 2018, organizations that are breached could attract a penalty of up to 20 million Euros or 4 percent of their annual global turnover, whichever is higher. India is in the process of instituting a Computer Emergency Response Team in Financial Sector (CERT-Fin), which will work closely with all financial-sector regulators and stakeholders on issues of cybersecurity.

Cyber threats are evolving as fast as the counter-measures being adopted to combat them. It is therefore essential for banks and financial institutions to be armed with agile cybersecurity strategies that identify potential threats, prevent attacks, and enable fast recovery. The banking industry should continue to invest significantly in cybersecurity – as they traditionally have – because their business is heavily dependent on customer trust.

As the open banking phenomenon grows, and different sets of data become digitally interconnected, the industry needs to protect customer data more fiercely than ever. A security breach can damage not just the company’s revenues, but also its reputation. A recent consumer study revealed that 50 percent respondents would consider switching banks if they suffered a cyber attack, while 47 percent said they would “lose complete trust” in their bank if such an event occurred.

The BFSI industry needs to look at adaptive, round-the-clock methods of detection, defense, and counter-attacks against cyber threats. Help is readily available in the form of third-party security service providers, who have the requisite expertise to offer comprehensive, assured protection. It is also an encouraging sign that investments in security operation centers (SOCs) are on the rise.

The 2008 financial crisis taught the financial industry that it needed to adopt a more responsible approach towards risk management. The years since have delivered a recurring lesson – the pertinence of keeping abreast of the latest in security threats and solutions and investing in security applications that can adapt to the current and future changes in one of our most important and vulnerable industries. Let’s act as we learn.

Source: http://www.ciol.com/banking-security-environment-threats/

Stay vigilant — cyber threats not over yet

Local companies should remain alert and continue to constantly update their cyber security measures as more “innovative” hacking activities are expected this year.

LGMS Services Sdn Bhd CEO Fong Choong Fook said the public and local corporations should be vigilant, as new variants of ransomware could penetrate Malaysia, resulting in various attacks as ransomware services are becoming easier to be accessed.

“Users should always stay updated with system and anti-virus developments, as well as avoid downloading or installing pirated softwares,” he said.

As hacking of Internet of Things devices are also expected to increase, the cyber security analyst urged industry players to perform regular risk assessments to evaluate their risks of cyber threats.

“They should also perform penetration testing in a proactive way and fix any loopholes before hackers take advantage of it,” he said.

Preemptive measures are vital, Fong said, as hackers are more innovative and creative in upgrading their skills and knowledge each day.

In retrospect, Fong said 2017 was the year where Malaysians were “awakened” by the threats of cyber attacks, beginning with a ransomware pandemic of WannaCry in May.

Malaysia has also faced the highly coordinated Distributed Denial of Service (DDoS) attack, followed by what was described as the biggest data leak incident in October.

CyberSecurity Malaysia CEO Datuk Dr Amirudin Abdul Wahab (picture) was reported as saying that, as Malaysians are still unaware of the existence of ransomware, they are advised to equip themselves with cyber security knowledge, as well as to use technology prudently and ethically.

In the incident, over 200,000 systems from 150 countries all over the world were hit by hackers charging US$300 (RM1,221) for their files to be decrypted.

On DDoS attack, it was reported that three linked stock brokerages and one bank were involved in the incident.

In order to ensure the success of DDoS attacks, hackers just need to leverage on computer connections and flood any targeted system with high traffic, or sending information that triggers a crash to the victim’s system.

The attack is capable to shut down a machine or network, causing the user to be blocked from accessing it.

“Company should subscribe cloud traffic scrubbing services such as ‘Cloudflare’, as well as having alternative Internet line on standby (as back up, should the attack happen),” Fong said.

He said the incident should be treated as a learning curve to the public and industry.

“We will learn to be wiser and become more proactive to prepare ourselves for volumetric DDoS attacks,” he said.

On the case of data leaks, Fong said the silver lining of it would be that the consumers have begun to realise the importance of data protection.

“The public are now starting to question the data custodians’ accountability on data privacy, which can be considered as a positive note of the entire data leak chaos,” he noted.

Source: https://themalaysianreserve.com/2018/01/04/stay-vigilant-cyber-threats-not-yet/

UK businesses fear DDoS attacks hijacking their devices

Businesses are afraid wireless devices could be hacked and used as DDoS weapons, report finds.

Businesses are afraid their wireless devices can be hacked and used at weapons in DDoS attacks.

A new report from the Neustar International Security Council (NISC) found that many businesses are becoming increasingly concerned with the current international security landscape, with system compromises seen as the biggest threat, following by ransomware and financial data theft.

But unlike with other similar reports, this time businesses aren’t just sitting idly on this information – they’re actually taking action.

What they usually do is keep a close eye on outgoing traffic, installing buffer servers that help them keep malware out, replace vulnerable access points, and make sure all members of staff are on the same page when it comes to safety guidelines and rules.

Almost half of businesses polled (43 per cent) hire specialist companies to help them with DDoS mitigation.

“As the cybersecurity landscape continues to evolve, and with businesses unsure about where the next attack will come from and what form it will take, there are clear challenges focusing their prevention and protection efforts,” said Rodney Joffe, head of NISC and Neustar senior vice president and fellow.

“But DDoS has long been seen as a severe threat to companies, reaping tremendous impacts and steadily increasing in incidence. The sheer volume of traffic caused by DDoS attacks make them hard, but not impossible, to mitigate and for businesses to have the best chance of success in fighting against them, they need to make them a priority”.

Source: https://www.itproportal.com/news/uk-businesses-fear-ddos-attacks-hijacking-their-devices/

CISO Challenges in 2018

To stay ahead of threats, CISOs will need to enter 2018 in steep learning mode. Their priorities will include integrating artificial intelligence, protecting against increasingly advanced Distributed Denial-of-Service (DDoS) attacks, pressuring IoT vendors to build enterprise-class devices and deciding what blockchain technology may mean to them.

When it comes to leveraging IoT devices for DDoS attacks, the bad guys tipped their hand in 2016 with the Dyn DDoS attack, said Eric Cowperthwaite, managing principal at Citadel Services, a security and risk management consulting company. “There’s way more of that coming—way more,” he said. Broadly speaking, enterprises lack good plans to deal with these types of attacks, he said.

The Dyn attack illustrates two separate issues that CISOs must address. One is the order of magnitude: While the attack is the same type of threat businesses often face, the leveraging of IoT devices amplified the amount of malicious network traffic used in DDoS attacks.

The second challenge isn’t just the operational stability problems such an attack can cause, Cowperthwaite said; it’s also the damage to the company’s reputation when it becomes known that its inadequately secured IoT network enabled the attack.

CISOs need to pressure vendors to add instrumentation to IoT devices entering the enterprise, so that commercial devices are at least hardened from attack and defendable. “If CISOs don’t apply pressure on those vendors, who will?” he asked.

CISOs must be able to monitor their networks so that it’s possible to tell when trusted—or supposedly trusted—devices are behaving appropriately. “If it’s not acting correctly, you should take it off the network,” Cowperthwaite said.

Also high on the CISO’s priority list should be figuring out how to use artificial intelligence to automate event management. “If we don’t figure out how to use AI to deal with the masses of data that we have, we’ll never get ahead,” Cowperthwaite warned. He suggested automating basic security so people aren’t looking at first-level event data. “Why aren’t we taking all that event log data and running it through an AI that will look for anomalies before we do anything else?”

CISOs also can take a page from Agile to tackle other persistent cybersecurity challenges, and move away from security-event firefighting and into more of a business advisory role.

Finally, while blockchain technology may or may not be your friend, it most likely will be more than a passing acquaintance by year’s end. CISOs need to learn about distributed trust systems as well as the technologies and tools that help ensure transaction integrity, irrefutability and nonrepudiation. CISOs then can consider business risk when it’s time to establish governance for the new players on the block.

Source: https://securityboulevard.com/2018/01/ciso-challenges-2018/

Old Vulnerabilities still available to be exploited ROBOT

Old Vulnerabilities still available to be exploited
R.O.B.O.T:
Return Of Bleichenbacher’s Oracle Threat

A joint study by researchers from Ruhr-Universitat Bochum/Hackmanit GmbH and Tripwire VERT has revealed a re-tread of an old vulnerability from 1998 that allows an attacker to leverage RSA decryption and cryptographic operations. It does so by using the private key configured on the vulnerable TLS servers. This latest CVE, dubbed ROBOT (Return Of Bleichenbacher’s Oracle Threat) has a surprisingly large target area, affecting almost a third of the top 100 domains (according to ALEXA).

I won’t detail the history and specifics of the exploit; there is a pretty good overview over at The Hacker News and of course at the researchers own website, where they have provided an online and downloadable tool for testing for this exploit.

What I will bring to attentionare the hardware vendors that are identified as being susceptible to this exploit even today , as it contains some of the biggest names in the IT industry: Cisco, F5, Citrix, and the most surprising isRadware, who specialize in building cybersecurity products. Granted some of the listed platforms are older legacy platforms, but given that the RSA cipher has been deprecated for over a decade, one would assume that patches to remove it would have been offered and applied years ago. One may be led to believe that this type of negligence is one way to incentivize customers to continually spend on expensive hardware upgrades, but of course we all know better than that…..

With regards to DOSarrest and R.O.B.O.T, we’ve long known about the weakness of using RSA ciphers, and only use strong, hardened cipher suites in our operations.

If you are using one of the affected hardware vendors, we can help. With our DDoS Proxy Defense Network, we can take all HTTPS connections and ensure your origin server/s are protected from this CVE, as well as many other vulnerabilities.

Jag Bains, CTO

DOSarrest Internet Security

Source: https://www.dosarrest.com/ddos-blog/old-vulnerabilities-still-available-to-be-exploited-robot/

If you have satellite TV, hackers have access to your network

Imagine if every single gadget in your life was “smart.” Your self-driving car could let your house know you’re on the way home so it can adjust the thermostat and kick on the lights.

Your fridge could detect that you’re out of milk and order more online before you even wake up. A drone delivers the milk just in time for your morning bowl of cereal. These are all super helpful features, but they do come with some digital risks.

Now, something as simple as satellite television can be targeted by hackers.

Who’s at risk?

If you are one of the millions of people with AT&T’s DirecTV service, you could be at risk of attack by hackers. That’s due to a vulnerability recently discovered by security researcher Ricky Lawshae.

He said the flaw was found in DirecTV’s Genie digital video recorder (DVR) system. More specifically, Linksys WVBRo-25 model. The vulnerability is located in the wireless video bridge that lets DirecTV devices communicate with the DVR.

Lawshae said that he discovered the flaw when trying to browse to the web server on the Linksys WVBRo-25. He was expecting to find a login page, but instead found a wall of text. It contained output of diagnostic scripts dealing with information about the bridge, including the WPS pin, connected clients, processes that were running, and more.

That means anyone who accesses the device can obtain sensitive information about it. Not only that but the device is able to accept commands as the “root” user.

Lawshae said, “It literally took 30 seconds of looking at this device to find and verify an unauthenticated remote root command injection vulnerability. It was at this point that I became pretty frustrated. The vendors involved here should have had some form of secure development to prevent bugs like this from shipping.”

If a hacker has root access, they can steal data or even turn the device into a botnet. Cybercriminals are not always trying to steal personal and banking information. Sometimes they are trying to create havoc.

Cybercriminals can use an army of internet of things (IoT) gadgets to disrupt services or shut down websites. This is called a distributed denial of services (DDoS) attack.

DDoS attacks occur when servers are overwhelmed with more traffic than they can handle. These types of attacks are performed by a botnet.

A botnet is a group of gadgets that hackers have taken over without the owner’s knowledge. The hackers seize control of unwitting gadgets with a virus or malware and then use the network of infected computers to perform large-scale hacks or scams.

How to resolve this issue

A spokesperson for Linksys told “Forbes” earlier this week that it had “provided the firmware fix to DirecTV and they are working to expedite software updates to the affected equipment.”

The good news is, once the software is pushed out, the flaw should be fixed. The bad news is, we don’t know how long it will take for DirecTV to send the updates.

As a DirecTV customer, you don’t need to do anything to receive the updates. As long as your satellite receiver is connected to the internet updates that are automatically installed behind the scenes.

Source: https://www.komando.com/happening-now/434022/if-you-have-satellite-tv-hackers-have-access-to-your-networ

Mirai: Trio confesses to creating the world’s most powerful DDoS botnet

One of the hackers also open sourced the code, enabling criminals to launch their own attacks

Three men have admitted to being the authors of the devastating Mirai botnet, which was used to launch a DDoS attack that took large parts of the internet offline last year before being widely shared with cyber criminals.

Paras Jha, 21, of Fanwood, New Jersey; Josiah White, 20, of Washington, Pennsylvania; and Dalton Norman, 21, of Metairie, Louisiana, all pleaded guilty to operating Mirai last week, in a court case unsealed by the US Department of Justice yesterday.

The trio built the botnet over the summer and autumn of 2016, targeting IoT devices like routers and wireless cameras, and targeting device vulnerabilities that would let Mirai enslave connected gadgets.

Mirai was behind one of the most effective DDoS attacks ever, hammering DNS provider Dyn with access requests from tens of millions of different IP addresses to force it offline and thereby bring down Github, Reddit, Twitter, Spotify and other huge companies that rely on Dyn to route users to their sites.

Throwing Caution to the Cloud?

The Hidden Costs of Moving IT operations onto the Cloud

As the CTO of a Cloud DDoS Protection Service, it would seem that I would be shooting myself in the foot by raising alarms about hidden costs in moving onto the cloud. After all, shouldn’t everything IT (including Security) be moved to cloud, with it’s promises of low cost, high flexibility and immediate scalability? On the surface, this sounds like a great opportunity for CIO’s and CSO’s who are trying to deal with a volatile budget, but like anything else in life, it’s best to take a closer look before committing.

When I speak with our customers, many of whom have been transitioning their system and storage to a cloud provider, we’ll often have discussions about support of their new setups within Amazon, Azure, etc. These migrations pose no problems for the DOSarrest service, and the conversations will invariably pivot into a Q&A on ideal hosting setups within these popular platforms, as I have had experience working with cloud hosting in my past lives. What I have noticed in conversing with these customers is that the same mistakes of the past are still occurring with high frequency even now, which is the pursuit of short term saving without fully auditing their existing setups and requirements. IT managers are still often attempting to take a snapshot of their server inventory and attempt to replicate it in the cloud during a migration, without fully appreciating that they have excess server capacity. This results in buying extra capacity when it is not required. What’s even worse are when IT managers are blissfully ignorant of the resources and processes operating within their environment that typically have little cost, and have no idea what that will look like on the invoice sheet when those same processes get moved into the cloud. Some good examples of areas that get overlooked in the migration are:

  1. CPU & Memory – it’s a safe bet you could walk into any enterprise datacenter and the vast majority of the systems will be running idle with the occasional 10% CPU load and minimal RAM. Yet each system will have robust specs (eg. 8 core, 32 Gb/s of RAM). Do you really need to replicate those specs in the cloud, even if it is cheaper than buying the actual server yourself?
  2. Storage –Similar to point 1, you will see a lot of disk space being unused in a datacenter. We all have to deal with growing and shrinking volumes, but have you recorded peak disk usages on a system for 1 day, 1 month, 1 year? Doing so would help ensure you don’t simply get the 5 TB option when it’s not needed
  3. Data Transfer/Bandwidth – it’s surprising to me how bandwidth generated by a server farm is often ignored by IT managers. BW plans with their upstreams will allow them to be ignorant of that I suppose. However, when moving to the cloud, you could end up with a hefty bill if you are unsure how much traffic your systems can generate during peak loads. You should also be aware of charges for data transfer between regions and zones.

When it comes to Security in the cloud, there are again other considerations one should account for to avoid paying extra costs.

a) Service Level Agreements – Does the cloud service provider have triple 9’s, Quadruple 9’s? More importantly, does the SLA have a limit to the size of attacks it will support? Is there a different price for each tier of SLA’s?

b) Throughput – the Service provider may say that they have Tb/s of capacity, but is there extra charges if there is a sustained attack over 50 Gb/s? 100 Gb/s? 500 Gb/s?

c) Tiered Support – often you will see a different price schedule for the types of support. 30 minute response versus 15. Phone support being extra

d) Cost for features – Are their additional charges for CDN? How about Web Application Firewall? Machine Learning for identifying anomalous traffic patterns?

At DOSarrest we recognize the cost risk for IT managers, and put all services under one fixed price, simplifying their budgetary exercises and minimizing potential cost over runs in the face of an unknown threat landscape. I know that if a customer of ours is fully using the services we offer that have no extra cost to them they can save thousands of dollars a month on a cloud hosting platform invoice.

In summary, do your due diligence. The cloud can be incredibly powerful with significant savings, but understand what your requirements are.

Jag Bains

CTO, DOSarrest Internet Security

Source: https://www.dosarrest.com/ddos-blog/throwing-caution-to-the-cloud/

Bitfinex restored after DDoS attack

Bitcoin exchange Bitfinex says its systems have been restored after the company was hit by a second denial of service attack in just over a week.

Bitfinex, which claims to be the world’s largest and most advanced cryptocurrency exchange, says it has restored its systems after coming under a “heavy” distributed denial of service (DDoS) attack.

Despite claiming on its website that Bitfinex is “protected by automatic distributed denial of service” systems, the company has been affected twice in December 2017 and once in November by DDoS attacks.

According to Bitfinex, the attackers created “hundreds of thousands of new accounts,” causing stress on the Bitfinex’s infrastructure. The exchange said it took about 12 hours to restore normal operations and that new user signups had been suspended temporarily to reduce demand on its infrastructure.

The latest DDoS attack on Bitfinex comes just days after an Imperva report showed that the bitcoin industry was one of the top ten industries most targeted by DDoS attacks in the third quarter of 2017.

Cyber security industry analysts say the increased interest in Bitcoin as its value continues to surge is making it a prime target for cyber criminals either for extortion or theft.

Igal Zeifman, director at Imperva Incapsula, extortionists and other cyber criminals are commonly drawn to successful online industries, especially emerging ones that are less likely to be well protected.

“Specifically for bitcoin, the DDoS attacks we mitigated could also have been attempts to manipulate the price of bitcoin and other cryptocurrency, something we know offenders had tried in the past,” he said.

According to the Imperva report, organisations targeted by DDoS campaigns in the third quarter spent an average of 12 hours under attack.

This latest DDoS attack on Bitfinex underlines how increased prominence can make businesses more vulnerable to DDoS attacks, said Kirill Kasavchenko, principal security technologist for Europe at Arbor Networks.

“The bitcoin market has been a hot topic over the past week, which has led to a surge in buyers,” he said. “Hackers are notoriously opportunistic, so it makes sense that they’re seizing this opportunity to make it difficult for Bitfinex to maintain usual business activities.”

Businesses which rely on their website as a route to market, said Kasavchenko, must learn lessons from this, and evaluate whether their current DDoS protection could work harder for their business.

“In response to bitcoin’s growth, attackers might launch DDoS attacks against exchanges not only as extortion threat, but also as a way to manipulate cryptocurrency rates by making trading platforms unavailable.

“Last but not least, cryptocurrencies do not have any legal status in most countries,” he said. “This means prosecution of attackers is often problematic not only from technical, but also from a legal point of view.”

Targeting bitcoin exchanges

In line with the trend of targeting bitcoin exchanges, cyber criminals stole nearly $80m worth of bitcoin from bitcoin mining and exchange service NiceHash.

According to NiceHash, the attackers – believed to be from outside the EU – accessed the company’s systems at around 00:18 GMT on 7 December, and began stealing bitcoin three and a half hours later.

This is the latest in a string of cryptocurrency heists in 2017, and security researchers are predicting the trend will only intensify in 2018.

As the bitcoin value continues to soar, its attractiveness to attackers – both at a criminal and nation state level – will increase in proportion, according to Richard Ford, chief scientist at security firm Forcepoint.

Source: http://www.computerweekly.com/news/450431741/Bitfinex-restored-after-DDoS-attack

Be Sure To Ask Tough Questions Of Your DDoS Mitigation Solution

Every time I read another report about distributed denial of service (DDoS), I find myself either cringing or smiling. That’s the easiest way to boil down my reactions. Much in the same vein of “each data breach cost one bajillion dollars!” while making my best Dr. Evil face. The scoring, or the methodology used, in general usually causes me to pause if it isn’t immediately clear how the scores were arrived upon. Then there are reports where the ledes can get buried. The juicy pieces that might not seem immediately clear.

Last week the Forrester research team released their Forrester Wave report as it pertained to DDoS Mitigation Solutions. It made for an interesting read. Kudos to all of the companies that scored well in the report. Naturally, each company released their respective “we’re number one” press releases, my own company included. It makes perfect sense that they would all do this as they all have that to be proud of. Beyond that, what jumped out me as I read the report was that 1) appliances don’t scale, 2) the ability to react and respond is paramount and 3) the ability to scale is key.

I was at a conference earlier this year where I had some time to walk the vendor floor. There were two prevalent themes that I took away from this stroll. There were dozens of ransomware protection related startups that were vying for customers attention. But, more relevant to my interests was the swath of ‘DDoS mitigation’ companies that were there. One in particular, who was not on the Wave report, trumpeted that they could afford their customers 1.5 GB of protection from DDoS attacks…with their appliance.

Let that soak in for a moment. This was a company that was using the idea of holding up gauze in front of a semi-truck and hoping it would offer some sort of protection (Hat tip to the late great Robin Williams). When we take into account that there have been documented DDoS attacks in excess of 600 Gbps this seems cold comfort.

A couple years ago I was speaking with a customer that had an appliance-based solution in place. I asked them how they would deal with an attack that exceeded their stated capacity and the response was “we’d buy more boxes.” This ranks right up there with having a line in your disaster recovery report that says you will go to Best Buy to purchase laptops in the event of a calamity.

The Wave report had this passage, “Akamai received favorable feedback on its ability to detect new attack types while yielding few false positives. Reference customers remarked on the company’s responsiveness, expertise, and ability to immediately stop attacks.” A wonderful endorsement from Akamai’s customers. This is important when you have a company that is service based. You can’t just get a signed P.O., drop the product off, and ride off into the sunset. This happened to me back in the 90s when I deployed a security system and I made the naive inquiry as to how we could update the software and how often the updates would be made available. This was met with a slack jawed look from the sales representative. You need to live in the shoes of your customer.

As a customer, you need to be an advocate for your company. You need to be able to ask the tough questions. How will the product scale? How are updates handled? What sort of bench strength does your company have to support my organization? Does the vendor have an acceptable use policy? You don’t want to have the uncomfortable realization that you might be sharing a platform or service with criminal hackers.

A DDoS mitigation solution should be a partner. This isn’t a line item on a budgeting spreadsheet after staplers and coffee creamer. No matter what sort of industry report you might be reading be sure to peel back the layers. You need to advocate for your company and ensure you are getting the best of breed service and support – and are not playing the catcher position on the javelin team!

Source: https://www.forbes.com/sites/davelewis/2017/12/11/be-sure-to-ask-tough-questions-of-your-ddos-mitigation-solution/#377ee5d13f53