Throwing Caution to the Cloud?

The Hidden Costs of Moving IT operations onto the Cloud

As the CTO of a Cloud DDoS Protection Service, it would seem that I would be shooting myself in the foot by raising alarms about hidden costs in moving onto the cloud. After all, shouldn’t everything IT (including Security) be moved to cloud, with it’s promises of low cost, high flexibility and immediate scalability? On the surface, this sounds like a great opportunity for CIO’s and CSO’s who are trying to deal with a volatile budget, but like anything else in life, it’s best to take a closer look before committing.

When I speak with our customers, many of whom have been transitioning their system and storage to a cloud provider, we’ll often have discussions about support of their new setups within Amazon, Azure, etc. These migrations pose no problems for the DOSarrest service, and the conversations will invariably pivot into a Q&A on ideal hosting setups within these popular platforms, as I have had experience working with cloud hosting in my past lives. What I have noticed in conversing with these customers is that the same mistakes of the past are still occurring with high frequency even now, which is the pursuit of short term saving without fully auditing their existing setups and requirements. IT managers are still often attempting to take a snapshot of their server inventory and attempt to replicate it in the cloud during a migration, without fully appreciating that they have excess server capacity. This results in buying extra capacity when it is not required. What’s even worse are when IT managers are blissfully ignorant of the resources and processes operating within their environment that typically have little cost, and have no idea what that will look like on the invoice sheet when those same processes get moved into the cloud. Some good examples of areas that get overlooked in the migration are:

  1. CPU & Memory – it’s a safe bet you could walk into any enterprise datacenter and the vast majority of the systems will be running idle with the occasional 10% CPU load and minimal RAM. Yet each system will have robust specs (eg. 8 core, 32 Gb/s of RAM). Do you really need to replicate those specs in the cloud, even if it is cheaper than buying the actual server yourself?
  2. Storage –Similar to point 1, you will see a lot of disk space being unused in a datacenter. We all have to deal with growing and shrinking volumes, but have you recorded peak disk usages on a system for 1 day, 1 month, 1 year? Doing so would help ensure you don’t simply get the 5 TB option when it’s not needed
  3. Data Transfer/Bandwidth – it’s surprising to me how bandwidth generated by a server farm is often ignored by IT managers. BW plans with their upstreams will allow them to be ignorant of that I suppose. However, when moving to the cloud, you could end up hefty bill if you are unsure how much traffic your systems can generate during peak loads. You should also be aware of charges for data transfer between regions and zones.

When it comes to Security in the cloud, there are again other considerations one should account for to avoid paying extra costs.

a) Service Level Agreements – Does the cloud service provider have triple 9’s, Quadruple 9’s? More importantly, does the SLA have a limit to the size of attacks it will support? Is there a different price for each tier of SLA’s?

b) Throughput – the Service provider may say that they have Tb/s of capacity, but is there extra charges if there is a sustained attack over 50 Gb/s? 100 Gb/s? 500 Gb/s?

c) Tiered Support – often you will see a different price schedule for the types of support. 30 minute response versus 15. Phone support being extra

d) Cost for features – Are their additional charges for CDN? How about Web Application Firewall? Machine Learning for identifying anomalous traffic patterns?

At DOSarrest we recognize the cost risk for IT managers, and put all services under one fixed price, simplifying their budgetary exercises and minimizing potential cost over runs in the face of an unknown threat landscape. I know that if a customer of ours is fully using the services we offer that have no extra cost to them they can save thousands of dollars a month on a cloud hosting platform invoice.

In summary, do your due diligence. The cloud can be incredibly powerful with significant savings, but understand what your requirements are.

Jag Bains

CTO, DOSarrest Internet Security


Bitfinex restored after DDoS attack

Bitcoin exchange Bitfinex says its systems have been restored after the company was hit by a second denial of service attack in just over a week.

Bitfinex, which claims to be the world’s largest and most advanced cryptocurrency exchange, says it has restored its systems after coming under a “heavy” distributed denial of service (DDoS) attack.

Despite claiming on its website that Bitfinex is “protected by automatic distributed denial of service” systems, the company has been affected twice in December 2017 and once in November by DDoS attacks.

According to Bitfinex, the attackers created “hundreds of thousands of new accounts,” causing stress on the Bitfinex’s infrastructure. The exchange said it took about 12 hours to restore normal operations and that new user signups had been suspended temporarily to reduce demand on its infrastructure.

The latest DDoS attack on Bitfinex comes just days after an Imperva report showed that the bitcoin industry was one of the top ten industries most targeted by DDoS attacks in the third quarter of 2017.

Cyber security industry analysts say the increased interest in Bitcoin as its value continues to surge is making it a prime target for cyber criminals either for extortion or theft.

Igal Zeifman, director at Imperva Incapsula, extortionists and other cyber criminals are commonly drawn to successful online industries, especially emerging ones that are less likely to be well protected.

“Specifically for bitcoin, the DDoS attacks we mitigated could also have been attempts to manipulate the price of bitcoin and other cryptocurrency, something we know offenders had tried in the past,” he said.

According to the Imperva report, organisations targeted by DDoS campaigns in the third quarter spent an average of 12 hours under attack.

This latest DDoS attack on Bitfinex underlines how increased prominence can make businesses more vulnerable to DDoS attacks, said Kirill Kasavchenko, principal security technologist for Europe at Arbor Networks.

“The bitcoin market has been a hot topic over the past week, which has led to a surge in buyers,” he said. “Hackers are notoriously opportunistic, so it makes sense that they’re seizing this opportunity to make it difficult for Bitfinex to maintain usual business activities.”

Businesses which rely on their website as a route to market, said Kasavchenko, must learn lessons from this, and evaluate whether their current DDoS protection could work harder for their business.

“In response to bitcoin’s growth, attackers might launch DDoS attacks against exchanges not only as extortion threat, but also as a way to manipulate cryptocurrency rates by making trading platforms unavailable.

“Last but not least, cryptocurrencies do not have any legal status in most countries,” he said. “This means prosecution of attackers is often problematic not only from technical, but also from a legal point of view.”

Targeting bitcoin exchanges

In line with the trend of targeting bitcoin exchanges, cyber criminals stole nearly $80m worth of bitcoin from bitcoin mining and exchange service NiceHash.

According to NiceHash, the attackers – believed to be from outside the EU – accessed the company’s systems at around 00:18 GMT on 7 December, and began stealing bitcoin three and a half hours later.

This is the latest in a string of cryptocurrency heists in 2017, and security researchers are predicting the trend will only intensify in 2018.

As the bitcoin value continues to soar, its attractiveness to attackers – both at a criminal and nation state level – will increase in proportion, according to Richard Ford, chief scientist at security firm Forcepoint.


Be Sure To Ask Tough Questions Of Your DDoS Mitigation Solution

Every time I read another report about distributed denial of service (DDoS), I find myself either cringing or smiling. That’s the easiest way to boil down my reactions. Much in the same vein of “each data breach cost one bajillion dollars!” while making my best Dr. Evil face. The scoring, or the methodology used, in general usually causes me to pause if it isn’t immediately clear how the scores were arrived upon. Then there are reports where the ledes can get buried. The juicy pieces that might not seem immediately clear.

Last week the Forrester research team released their Forrester Wave report as it pertained to DDoS Mitigation Solutions. It made for an interesting read. Kudos to all of the companies that scored well in the report. Naturally, each company released their respective “we’re number one” press releases, my own company included. It makes perfect sense that they would all do this as they all have that to be proud of. Beyond that, what jumped out me as I read the report was that 1) appliances don’t scale, 2) the ability to react and respond is paramount and 3) the ability to scale is key.

I was at a conference earlier this year where I had some time to walk the vendor floor. There were two prevalent themes that I took away from this stroll. There were dozens of ransomware protection related startups that were vying for customers attention. But, more relevant to my interests was the swath of ‘DDoS mitigation’ companies that were there. One in particular, who was not on the Wave report, trumpeted that they could afford their customers 1.5 GB of protection from DDoS attacks…with their appliance.

Let that soak in for a moment. This was a company that was using the idea of holding up gauze in front of a semi-truck and hoping it would offer some sort of protection (Hat tip to the late great Robin Williams). When we take into account that there have been documented DDoS attacks in excess of 600 Gbps this seems cold comfort.

A couple years ago I was speaking with a customer that had an appliance-based solution in place. I asked them how they would deal with an attack that exceeded their stated capacity and the response was “we’d buy more boxes.” This ranks right up there with having a line in your disaster recovery report that says you will go to Best Buy to purchase laptops in the event of a calamity.

The Wave report had this passage, “Akamai received favorable feedback on its ability to detect new attack types while yielding few false positives. Reference customers remarked on the company’s responsiveness, expertise, and ability to immediately stop attacks.” A wonderful endorsement from Akamai’s customers. This is important when you have a company that is service based. You can’t just get a signed P.O., drop the product off, and ride off into the sunset. This happened to me back in the 90s when I deployed a security system and I made the naive inquiry as to how we could update the software and how often the updates would be made available. This was met with a slack jawed look from the sales representative. You need to live in the shoes of your customer.

As a customer, you need to be an advocate for your company. You need to be able to ask the tough questions. How will the product scale? How are updates handled? What sort of bench strength does your company have to support my organization? Does the vendor have an acceptable use policy? You don’t want to have the uncomfortable realization that you might be sharing a platform or service with criminal hackers.

A DDoS mitigation solution should be a partner. This isn’t a line item on a budgeting spreadsheet after staplers and coffee creamer. No matter what sort of industry report you might be reading be sure to peel back the layers. You need to advocate for your company and ensure you are getting the best of breed service and support – and are not playing the catcher position on the javelin team!


Christmas revenues at risk from DDoS and POS-vulnerabilities

An increase in attacks where DDoS and POS systems were the main vectors is making the situation even worse.

According to the Kaspersky Lab IT Security Economics Report, over 77 per cent of companies have suffered from some kind of attack during the last 12 months. An increase in attacks where DDoS and POS systems were the main vectors is making the situation even worse – especially during the Christmas sale season, when there are more shoppers in store than usual, and the boost in sales is making retailer revenues an attractive target for cybercriminals.

The research shows that over the past year there has been an explosion (up to 16 per cent) in both attacks involving DDoS attacks, and attacks in which vulnerabilities in point-of- sale systems (POS-terminals) have been used. These figures indicate that whatever heists cybercriminals are planning this season, they are likely to start with, or include, DDoS or the exploitation of vulnerabilities in retailer POS systems.

In particular, 2017 has seen a series of high-profile cybersecurity breaches reported in the payment systems of major brands: from Chipotle to Hyatt Hotels and recently, Forever 21. Kaspersky Lab also registered a considerable increase and geographic spread in botnet DDoS attacks in the third quarter of 2017, with targets in 98 countries (compared to 82 in Q2), according to the latest DDoS Intelligence Report.

This situation is going to be extremely relevant to retail and e-commerce organizations during the intense period of sales around Christmas. As shoppers look to bag their bargains, retailers can expect increased revenues. This in turn makes retailers a lucrative prize, if cybercriminals can stage successful DDoS attacks against them for a ransom, or for dirty competition, use POS systems as an entry point for targeted attacks, or steal customer credentials and money.

“Given this year’s apparent increase in these types of attacks, we recommend businesses – retailers in particular – to stay alert during the Christmas season, when there are more risks of cybercriminals cashing-out, through the exploitation of payment systems or attacks that use DDoS. These can involve cybercriminals demanding a ransom, or simply preventing an organization from trading, making them lose income and clients as a result. But apart from the obvious risks, this is also a good opportunity for businesses to think about their protection in general, by developing their cybersecurity culture and investing in the right technologies.” – said Alessio Aceti, Head of Enterprise Business Division, Kaspersky Lab.

To avoid ruining their revenues in the upcoming high sales season, retailers and e-commerce organizations can protect themselves with a range of solutions dedicated to meeting their specific requirements. Kaspersky Lab strongly recommends that retailers:

– Keep e-commerce platforms up-to- date because every new update may contain critical patches to make the system less vulnerable to cybercriminals.

– If possible, make sure that the POS terminals in use run the latest version of software and change the default passwords.

– Use a tailored security solution, like Kaspersky Embedded Systems Security, to protect point of sales terminals from malware attacks.

– Prepare for DDoS attacks by choosing a reliable service provider that is a cybersecurity expert and can protect against powerful and sophisticated DDoS attacks. This is not always possible using in-house resources or Internet providers. To learn about the specialist Kaspersky DDoS Protection offering for SMBs and enterprises, please visit our website.

– Educate customers about the possible cyberthreats they may encounter while shopping online and offline, as well as steps about how to minimize the risks.


Increased dark web interest in hacking the leisure and gaming industries.

Given the volumes of cash swashing around, it’s no surprise that leisure and gaming industries have become a target for cyber-crime; new reports suggest there is growing interest on the Dark Web in attacks on the gaming industry.

Given the volumes of cash swashing around, it’s not a surprise that leisure and gaming industries have become a particular target for cyber-crime and a new report suggests there is growing interest on the Dark Web when it comes to attacks on the gaming industry.

The extent and methods used are described by security provider IntSights in its Gaming and Leisure Cyber Security Benchmarking Report, which outlines the results of a six-month research project anonymously searching the clear and dark webs for threat intelligence on 30 leading gambling resorts.

Attacks include the usual DDoS and phishing, to sector specific hacks on slot machines and casino chips.

Threats from the Dark Web over the last six months specifically targeting the gaming and leisure sector  have included 19 DDoS attacks on resorts, 29 on gambling affiliates, 30 on free coins generators, 52 validates’ accounts for sale, 55 casino chips for sale, 61 scam guides on gambling resorts, 63 POS hacking tools, 69 VPN scams, 70 Stolen CC for cashout, 86 hacking slot machines, 90 hacking tools, 95 hacking tutorials, 141 logins with money balance for sale, 289 cash out methods, 345 carding.

An example of attacks include detailing how a hacker suggests an affiliation partnership to scam gambling companies: “I need someone who is in New Jersey and who wants to help me out and make some money at the same time. Here is the skinny…

I have found a way to use some of the bank logs that I manage to accrue using the personal information I have on various people with both …. poker and ….. I am able to use the instant bank transfer ACH to deposit funds onto my accounts and have two different accounts with pretty large balances in the wallet. Unfortunately, these sites do not let you play if you are not in the state of New Jersey. They are pretty damn good about it too and I have tried a multitude of proxy services and virtual machines to no avail. The only thing left I can think of and have heard from two others that it is successful, is to remote into a computer of someone who lives in New Jersey, and run the client from their computer with my account.

I would need you to get Teamviewer or some other remote access software, and let me remote in and do some gambling. I can then cash out and pay you, or better yet, give you login info of one of my accounts and let you have your own fun. Please let me know if you are interested and available to do this because if it actually does function, we are looking at a fucking GOLDMINE!”

There were some 29 affiliation suggestions for scams found in the past six months.  This includes people using free coin generators and sharing them on hacking forums as a way to access and hack into other accounts and computers. In the past six months 30 free coin generators have been offered. Branded poker chips are being sold on the black market and in the past six months 55 have been offered for sale on the black market.

In its research IntSights conducted scanning via the IntSights cloud infrastructure looking for indicators of compromise such as: Stolen credentials that may be used to infiltrate a company’s systems; Company employees on target lists posted by malicious actors. These lists can be used by the threat actor or others to launch a phishing or spam attack against the company; Dark Web attack indicators that suggest the intentions of malicious actors to hack, scam or damage company assets, employees or customers. Also, where a company’s internal login page has been exposed and can be used by threat actors to infiltrate the company’s network and harvest sensitive data, plus where a suspicious fake or phishing domain has been detected which can be used for malicious activity against a company or
its employees.


Bitcoin industry enters top 10 DDoS targets

The bitcoin industry has become one of the top 10 industries most targeted by distributed denial of service attacks, a report has revealed

A spike in the number of bitcoin-related sites targeted by distributed denial of service (DDoS) attacks coincided with a spike in the value of the cryptocurrency of $4,672 in the third quarter, according to Imperva’s latest global DDoS report.

The report is based on data from 3,920 network layer and 1,755 application layer DDoS attacks on websites using Imperva Incapsula services between 1 July and 30 September 2017.

The data shows that 73.9% of all bitcoin exchanges and related sites on the Imperva Incapsula service were attacked during the quarter, ahead of the cryptocurrency’s meteoric rise to more than $11,600 in the first week of December.

As a result of the third-quarter spike, the relatively small and young bitcoin industry made it into the top 10 most attacked industries during the three-month period, taking eighth spot above the transport and telecoms sectors.

The most-attacked sector was gambling (34.5%), followed by gaming (14.4%) and internet services (10.8%).

Igal Zeifman, director at Imperva Incapsula, said the large number of attacks on bitcoin exchange sites is a clear example of DDoS attackers following the money.

“As a rule, extortionists and other cyber criminals are commonly drawn to successful online industries, especially emerging ones that are less likely to be well-protected,” he said.

“Specifically for bitcoin, the DDoS attacks we mitigated could also have been attempts to manipulate the price of bitcoin and other cryptocurrency, something we know offenders have tried in the past.”

According to the report, organisations targeted by DDoS campaigns in the third quarter spent an average of 12 hours under attack, half of network layer targets were hit at least twice, and almost 30% were attacked more than 10 times.

Nearly one-third of DDoS targets in the third quarter were attacked 10 or more times, with an interval of at least an hour between assaults.

Hong Kong topped Imperva’s list of the most targeted countries for network layer assaults during the quarter, mainly because of a persistent attack on a local hosting service that was hit hundreds of times in the quarter.

The largest application layer assault targeted a financial services company headquartered in Europe, which was hit multiple times with attacks above 100,000 requests per second.

The quarter also saw high packet rate attacks, in which the packet forwarding rate escalates above 50 million packets per second (Mpps), becomes more common, with 5% of all network layer assaults above 50 Mpps, and the largest attack peaking at 238 Mpps.

This is a cause for concern, the report said, because many mitigation systems are ill-equipped to process packets at such a high rate.

In November 2017, Harshil Parikh, director of security at software-as-a-service platform firm Medallia, told the IsacaCSX Europe 2017 conference in London that any business dependent on the internet should use tried and tested ways of detecting and mitigating DDoS.

He said it is important that such organisations take time and effort to build their DDoS defence capabilities because DDoS attacks are fairly easy and cheap for attackers to carry out.

“With the advent of botnet-based DDoS attack services that will be effective against most companies, anyone can target an organisation for just a few bitcoins,” said Parikh.


Rutgers suffers “data breach,” of 1,700 students’ info

NEW BRUNSWICK, NJ – The ​academic information of 1,700 Rutgers students was exposed during a “data security incident” on November 8 and 9, university officials confirmed.

No one’s Social Security number, address or financial information was leaked, according to university spokesperson Neal Buccino.

Instead, the affected students, all in the Department of Computer Science, had their academic data leaked, including Rutgers ID numbers, cumulative GPA’s and Spring 2018 class schedules, Buccino said.

University officials notified those students affected that their data was exposed, but that it hadn’t been altered, according to Buccino.

Officials determined that 18 students accessed the data “in error,’ and notified those students th​a​t​ information they viewed was confidential.

The leak was the result of an “administrative error,” according to Buccino, who added that the university was updating its relevant security policies to ensure such an error doesn’t happen again.

Internet issues are nothing new to Rutgers. Over the course of 2015, Rutgers suffered half a dozen distributed denial of service (DDOS) attacks which crippled the internet on campus for days at a time.

The attacks were perpetrated by the so-called “exfocus” hacker, who during the course of the attacks posted a series of taunting messages on various Twitter pages.

Two of the major attacks took place in the Spring 2015 semester; one during midterms and the other during finals period, preventing many students from working on projects and papers, or preparing for exams.


Cybersecurity and Privacy Predictions for 2018

The past year in cybersecurity has been one of combating ransomware extortion attacks, bracing systems against DDoS attacks and securing internet of things (IoT) systems. Looking to next year, cybersecurity experts at McAfee Labs laid out their predictions for the industry’s top concerns in 2018.

Among the top concerns for next year are hackers using machine learning to create an arms race of development, newer ways that hackers will target businesses with ransomware and potential exploits in serverless applications. Privacy is also a growing concern as consumer data collection through our devices shows no signs of slowing.

The McAfee Labs 2018 Threats Predictions Report explains five of the top cybercrime trends to be aware of and prepare for.

Machine learning has been put to use in dozens of industries, including cybersecurity, but cyber criminals are adapting it to automate the process of discovering exploits, responding to defenses and disrupting systems. While machine learning can help automate our defenses by checking defenses and using data to predict attacks, attackers will likely use it as a response, creating an arms war of machine versus machine.

Attackers can use machine learning for a number of purposes, such as machine-driven searches for vulnerabilities, more sophisticated and data-driven phishing attacks, and successfully using weak or stolen credentials over services and devices. Machine-driven attacks can scan for vulnerabilities much faster than humans, allowing them to exploit systems faster than they can be patched.

“We must recognize that although technologies like machine learning, deep learning and artificial intelligence will be cornerstones of tomorrow’s cyber defenses, our adversaries are working just as furiously to implement and innovate around them,” said Steve Grobman, senior vice president and chief technology officer for McAfee.

According to McAfee, machine learning is only as good as the humans who feed it data. Therefore, human and machine partnerships will be essential for combating cyber criminals and their machine learning techniques. It will be up to human defenders to work with machines to find vulnerabilities first and patch them.

Ransomware has already been a problem for businesses everywhere, costing them millions of dollars. According to McAfee, ransomware attacks have risen 56 percent over the last year; however, payments toward the extortions have declined. This can be attributed to more companies improving their data backups, decryption technology and overall awareness of the attacks.

Cyber criminals adapt and are changing their strategies with ransomware. Traditional ransomware is targeted toward computers and databases, blocking users with encryption and demanding a fee (usually in nondetectable cryptocurrency) to return access. Experts, however, see an even greater potential for damage as more of our devices become part of our networks in IoT systems.

While it may seem outlandish now, imagine hackers locking you out of your smart car and demanding a ransom before unlocking it. If hackers find ways to gain access to a company’s devices that are essential to its productivity, analysts predict that the greater loss of profits due to these disruptions will prompt the attackers to go after higher-profile targets.

“The evolution of ransomware in 2017 should remind us of how aggressively a threat can reinvent itself as attackers dramatically innovate and adjust to the successful efforts of defenders,” Grobman said.

McAfee predicts that individuals who are seen as high-value targets can expect threats to shut down their essential devices, such as expensive smartphones and smart home appliances like thermostats and vehicles. Wealthier targets are perceived by hackers as more likely to pay the ransom.

Another trend with ransomware are attacks that encrypt businesses’ data and shut them out of essential systems but that don’t ask for a ransom or appear to have any means to request one. These types of attacks, such as the outbreak of WannaCry Ransomware, are puzzling, with experts theorizing that these attacks are tests or demonstrations to show others their destructive power, making an example of certain businesses so other companies are more willing to pay for their removal.

The use of serverless applications using platforms such as Amazon Web Service to build high-quality and smooth-running applications is growing in popularity, but security experts warn that proper precautions need to be taken before rushing into this technology. Serverless applications are built on a framework where the backend setup and upkeep are handled by a third-party cloud service.

McAfee says that while this saves developers the trouble of maintaining servers and allocating resources, these applications are still vulnerable through traditional means, such as privilege escalation attacks, which allow hackers to hijack the application’s network. Because an application’s function must be transferred over a network to the servers where the data resides, it creates a new point of intrusion for hackers.

As serverless applications continue to catch on, McAfee warns that attacks on the companies that implement them will also increase. As security methods evolve for serverless computing, it’s advised that developers ensure traffic on their application takes place over a VPN or that some form of encryption is used.

Gathering data on consumers becomes easier with each device added to a household. Corporations rely on a consumer’s willingness to hit the I Agree button on privacy agreements without reading them. Corporations have incentives to gather and sell as much data as possible so our connected devices that are capable of listening, watching, tracking and analyzing are turning consumers’ homes into buffets of information.

Corporations can, and likely will, push the line as to how far they can go with data collection, according to McAfee. New updates and firmware installations usually come with new privacy agreements that users must agree to in order to use them, with more permissions and disclosures snuck into the agreements. McAfee predicts that some corporations will tow this line by calculating the cost of breaking privacy laws and paying fines against profits gained by data collection.

While this mass data is consumed with the purpose of marketing in mind, with high-profile data breaches of notable corporations occurring regularly, this trend could result in such data falling into criminal hands.

It’s no secret that employers often pull up search results, histories and digital records of potential employees. For most adults, this history extends to the time we first starting using the internet and building social profiles. It’s technically possible that children born and raised during this time of mass collection could have these profiles created from moment they’re born.

For most small children, data collected is likely trivial. But habits and behaviors can still be recorded and stored. A worst-case scenario explained by McAfee is a child being denied entry to a school because officials could find out they spent most of their time binge-watching videos. The capabilities of technology to gather data on children should be concerning. While it’s hard to tell what this data collection will result in as time goes on, it’s important to know that it’s happening and will likely escalate.

If a child’s privacy is important, then parents are advised to pay attention to the devices they buy, turn off unnecessary features and change the default passwords to something stronger.


Alleged DDOS attack wipes almost $2,000 off Bitcoin price

BTC now trying to stablize around $9,500

Over the past 24 hours, Bitcoin (BTC) has been on a parabolic run all the way from $10,000 up to almost $11,500. Many including myself feared a sharp correction would be due at any moment, as the kind of growth we saw was not sustainable, not even in the crazy world of crypto.
BTC hit a high of $11, 441 on Bitfinex before tumbling quickly all the way down to $9,000 in just a few minutes. Many went to Twitter to voice opinion that the reason for the drop was a DDOS attacked on many of the largest exchanges around the world. While a mass DDOS attacked has not been confirmed yet, it seems likely it was the cause of the sudden crash.

Screen Shot 2017-11-30 at 08.56.57

Approximately $53 billion was wiped off the total cryptocurrency market cap in under an hour, a figure which calculates the value of Bitcoin and other alternative coins combined. At the time of publishing, Bitcoin was trading close to $9600, but appears to be facing resistance heading back to $10,000 and beyond.



Cybersecurity is only in the spotlight when it fails. After high-profile, large-scale data breaches, it takes a beating. But cybersecurity provides critical layers of infrastructure in our modern, cyber-dependent society. Rehearsing for potential failures is always worthwhile.

Executives tend to relegate cybersecurity to the IT department.

That is a mistake, because cyber incidents affect the entire organisation. We should conduct regular cybersecurity drills, as we do fire and safety drills. That’s where tabletop exercises can play a big role.

At last month’s Cyber3 Conference Tokyo 2017, international stakeholders from academia, industry, government and civil society gathered at Keio University for the third annual conference on cybersecurity.

The meeting was an opportunity for ministries and agencies to align on cybersecurity, and for the private sector to follow suit. Japan’s private sector has the lowest efficiency and productivity in the G7; improving its cybersecurity could change this.

During the two-day conference, a tabletop exercise (or TTX) simulated cyber-attacks on Japan’s forthcoming 2019 Rugby World Cup. The simulation generated insights applicable not only to large-scale sports events such as the 2020 Tokyo Olympic and Paralympic Games, but also to the national cybersecurity infrastructure of Japan and other countries.


The simulation, dubbed Operation Rugby Daemon, was aimed at helping Japanese government agencies, businesses, and other stakeholders understand, coordinate and better respond to potential cyber threats to information flows and critical infrastructures. It was sponsored by the Sasakawa Peace Foundation USA.

Three types of cyberattacks were simulated between a theoretical date range of 20 September to 2 November, 2019: (1) phishing e-mails to acquire access to critical industrial control systems, (2) disruption of the power grid based on network access gained from these e-mails, and (3) distributed denial of service (DDoS) attacks against the Rugby World Cup website and related internet addresses.

In the TTX, four teams of eight to 10 people from government and industry acted as a public-private task force to ensure security during the World Cup. They were given clues through a series of injects on two dates, with information coming from domestic and foreign sources.

The energy grid penetration and the DDoS attacks occurred simultaneously, emulating the ‘fog’ of cyberwar. The teams were challenged to identify the sources of the attacks and prevent serious consequences. They were also asked to present a five-minute summary of their response to a control team of observers.

In the phishing attack, hypothetical adversaries sent emails to staff at a large Japanese power utility, industrial conglomerates, and Japan’s Ministry of Economy, Trade and Industry (METI). The phishing e-mail contained a description in Japanese that concealed malicious code. In the scenario, a utility worker clicked on the attachment, giving attackers a foothold in the utility’s local area network (LAN).

If team members failed to take effective steps, there would be a power failure at Yokohama Stadium during the World Cup’s final game. If they took remedial steps, a small part of the grid would go down, but the utility would be able to react quickly and compensate.

In the DDoS attacks, websites associated with the Japanese prime minister, the Rugby World Cup, and other public and private entities were hit with more than 700 Gbps of incoming traffic, causing them to go down. A ransom note, purportedly from an anti-whaling group, was sent to the utility’s CEO. The attacks appeared to be foreign botnet operators conducting the DDoS through an overseas address. The scenario included diversion-tactic information sent to Japan’s National Police Agency. Teams that took effective steps were able to mitigate the extent of damage from the DDoS attacks.


The teams were encouraged to coordinate and act quickly. This tests a very real-world problem of authority’s ability to respond in crises. Aside from the need to coordinate horizontally, government officials must know what they can and cannot do. Otherwise, they will lose precious time sending permission requests to higher-ups, who may then send them further up the chain of command, slowing the response and wasting crucial time.

As Paul Maddinson of the UK National Cyber Security Centre told conference attendees, the most useful thing he could do when managing a team of responders during the WannaCry attack was to order pizza for them. They knew their roles, responsibilities and authority. Mr Maddinson stepped back and let them do their job.

The most effective participants communicated rapidly with domestic and international partners, shared information, and formed conclusions that helped mitigate the DDoS attacks and the power grid disruption. Other teams chose not to make key recommendations to higher authorities because they questioned their legality. Some players tried to send requests directly up the chain of command to lead agencies, instead of sharing horizontally.

Aside from the importance of sharing information and communicating across regulatory jurisdictions, one of the most important lessons gained from the TTX is that participants need to develop situational awareness as events unfold. This involves understanding how the individual pieces fit into the bigger picture, as well as being aware of the timeline of phishing attacks transitioning to power grid disruptions. The same will hold for any large cyber incident.

Operation Rugby Daemon showed that Japan must develop a series of TTXs to raise awareness about cybersecurity for the upcoming sports events. It must develop experienced game veterans who can offer useful recommendations in real-world situations. Japan also needs experts with the ability to make decisions based on incomplete information – a stressful experience that can only be prepared for during TTX exercises like the Rugby World Cup scenario. Book knowledge and checklists are no match for the ability to coordinate, share information and make quick decisions that can have a huge impact in a crisis.

“The fact that we store our wealth and treasure in databases in computers more than banks makes us vulnerable,” Richard Ledgett, former deputy director of the US National Security Agency, told conference attendees after participating in the TTX.

“Cybersecurity underpins our daily existence and democracy. These threats are serious and real. With the tabletop exercises, we highlighted how hard it is to respond. We need to practice, practice.”

Several of the security industry’s leading vendors and academic institutions now offer cyber range centres, which provide testing and training to simulate cyber-attack preparedness and response in much the same way TTX do. Any technology vendor should have a good answer when asked about training resources. Keeping cyber skills sharp can make as much difference during a crisis as any other investment in people, process or technology.