Category: DDoS Attacks

A few weeks ago, Tesla CEO and X (formerly Twitter) owner Elon Musk hosted a friendly conversation on X with former President Donald Trump. The interview was delayed by more than 40 minutes as X experienced technical difficulties. Musk immediately tweeted that there appeared to be a massive distributed denial-of-service (DDoS) attack on X causing the delay. It turns out X was not under a DDoS attack, but most likely a technical overload of its servers without the proper pretesting of the infrastructure to support that amount of traffic.

We’ve seen how big events (take this summer’s Paris Olympics, for example) tend to increase the threat of cyber-attacks, including DDoS attacks. Beyond the financial sector and online services, political campaigns have also become prime targets for DDoS attacks, aiming to disrupt their online presence and communication channels. Now that we’re about two months from the US Presidential election in November, it is reasonable to assume we will see an uptick in cyberthreats against the election ecosystem. While I agree with ​CISA and the FBI’s recent statement that DDoS attacks targeting election infrastructure will have little to no impact on the integrity of the actual voting process in the November election, I do think we will see threats made to informational election sites like marketing campaigns for each candidate, ‘get out the vote’ campaigns, etc. With only about 60 days left until the election, if bad actors are able to take down an information site for days, that’s a huge problem. 

Adaptive Attacks 

DDoS attacks are not a static phenomenon. Cybercriminals continually refine their techniques, leveraging technological advancements and exploiting vulnerabilities to launch increasingly sophisticated and disruptive attacks. Staying ahead of this evolving threat landscape requires constant vigilance and adaptation. Two significant changes have occurred to create this perfect storm of increased DDoS attacks: the increasing availability of vulnerable systems that facilitate DDoS attacks, as highlighted in recent Corero blogs, and the bad actors’ heightened motivation to adapt and innovate during attacks.  

1.The rise in global network capacity has led to a growing number of vulnerable network devices. These systems’ accessibility allows the bad actors to create targeted DDoS attack traffic. As a result, we are witnessing changes in the size, duration, and tactics of attacks, both during reconnaissance and active attempts to cause harm. 

2.Historically, DDoS attacks were simpler; bad actors would launch the DDoS attack and hope for success. Today, the bad actors actively monitor and adjust their strategies in real-time to bypass DDoS prevention systems. Modern DDoS attacks are far more adaptive — if one approach fails, the bad actors quickly shift to a different vector, often within minutes, repeating this process until they penetrate the network. The sophistication of these attacks has significantly increased compared to recent years. 

The Perfect Target 

During the 2016 US election season, there were reports of DDoS attacks targeting the websites and online infrastructure of both the Democratic and Republican campaigns. These attacks were aimed at disrupting their ability to communicate with voters and raise funds online. This isn’t just a problem in the United States, but rather a global problem. In 2012, the website of French presidential candidate François Hollande’s campaign was reportedly hit by a DDoS attack just hours before the polls opened. The attack was attributed to a group calling themselves Anonymous, who claimed they were protesting Hollande’s policies. 

Why is this election ecosystem the ‘perfect’ target for bad actors? 3 simple reasons:  

1.Motivation – politics can be ugly and most of the time, you are happy to see your opponent go down. In this instance, being able to disrupt communication around your opponent’s messaging, or preventing voters from registering in a timely manner, or educating themselves against your political ideology, is very attractive.   

2.Time – With only two months until the election, time is of the essence.  

3.DDoS availability – the ability to launch a DDoS attack has increased and they are much more effective and worse today. 

Service Availability Matters 

Even though the previously mentioned X incident was not an external DDoS attack, it doesn’t really matter. When your system is down, you are down. It underscores the importance of defending service availability.

Today, an organization’s ability to remain online is a necessity. If your main form of communication is online, when a disruption occurs for hours or even days, the result can be catastrophic. Organizations must be prepared and implement the right security solutions. Because even the smallest disruption can have significant consequences. 

 

The post DDoS Attacks and the Upcoming US Presidential Election appeared first on Cybersecurity Insiders.

Distributed Denial-of-Service (DDoS) attacks flood target networks with an overwhelming number of requests all at once, resulting in a denial of service that can shut down internet connectivity across all verticals. They are particularly troublesome since attacks continually evolve to overcome existing defensive measures.

From 2022 to 2023, Radware reported a 120% increase in DDoS attacks, along with a 60% increase in large attack vectors and a staggering 770% increase in malicious web transactions. The rise in DDoS attack scale is partly due to the availability of large-scale Internet of Things (IoT) botnets — networks of compromised devices collaborating in attacks. These sophisticated assaults leverage vast botnet networks, made possible by the proliferation of IoT devices.

These attacks are not mere inconveniences. They have substantial repercussions. The costs of downtime alone can be staggering, averaging $6,130 per minute or $367,800 per hour. Beyond financial losses, successful DDoS attacks can also harm reputations and lead to regulatory violations. Any organization with an online internet presence is susceptible.

Types of DDoS Attacks Vary

DDoS attacks come in various forms, continually evolving to bypass countermeasures. Volumetric attacks flood networks with data, crippling operations. Application layer (L7) attacks target specific applications, slowly draining resources. Protocol attacks exploit network protocol vulnerabilities. However, zero-day DDoS attacks are the most challenging to detect since they are entirely new and lack pre-existing signatures.

Tactics of the attacks can also vary. For example, carpet-bombing attacks target multiple addresses, while burst attacks strike suddenly and deliver intense but short-lived traffic surges, sometimes repeating at various intervals, and SSL floods overwhelm servers with numerous SSL handshakes, all causing network or server resource depletion.

With 31% of organizations facing daily or weekly attacks and 60% encountering attacks monthly, the challenge is substantial, particularly amid a shortage of cybersecurity experts. Given the diversity of DDoS threats and the anticipation of new forms of attack, comprehensive protection is essential. Solutions must defend both network and application layers against current and future attacks.

Real-Time Monitoring Key

An effective DDoS protection strategy hinges on real-time monitoring, enabling rapid identification of attack signatures — whether known or new.

A DDoS protection solution should be easy to deploy and equipped with real-time monitoring for quick detection of a range of attacks. Malicious traffic must be stopped before it reaches your network edge by rerouting it to minimize or prevent disruption, often without you even realizing an attack is in progress.

A holistic approach is crucial to safeguarding against a wide array of advanced DDoS attacks. Advanced technology can be utilized to detect, analyze, and mitigate both sophisticated and emerging DDoS threats. They incorporate behavior-based detection powered by Machine Learning (ML) and Artificial Intelligence (AI) to recognize zero-day (unknown) attacks and dynamically adjust defenses based on the specific context of the attack. With access to global detection networks, these solutions automatically deploy updates to protect against new threats. Benefits of these advanced services include:

  • Comprehensive 360-degree defense: Consistent protection against both existing and emerging threats across all environments and entry points is achieved with advanced technologies, combined with threat intelligence. This consistency keeps businesses secure, regardless of network setups or deployment scenarios.
  • Intelligent protection: AI and ML algorithms enable automated, real-time defenses that evolve with new attack vectors, providing adaptive protection against both known and unknown attack types.
  • Fast detection and mitigation: Rapid identification and response are crucial to counter DDoS attacks efficiently. Advanced algorithms detect new attack patterns in real time, ensuring proactive defense against evolving threats.
  • User-friendly portal: A customer portal offering real-time reports and attack insights gives users visibility and control over their network security.
  • Fully managed expert service: A fully managed DDoS protection service provides peace of mind, with security experts available 24/7/365 to offer assistance during attacks and guidance during non-attack periods.
  • Minimized latency with ISP: Leveraging your Internet Service Provider (ISP) for DDoS protection integrates the solution directly into the ISP’s network core, allowing for the fastest possible detection and mitigation. This eliminates the extra hops associated with external scrubbing centers, reducing latency and ensuring optimal network performance during an attack. Additionally, using your ISP streamlines support, with a single team managing both internet service and DDoS mitigation.

With attacks on the rise, organizations can stay ahead of cybercriminals by leveraging DDoS protection backed by advanced technology, intelligent defense mechanisms, and comprehensive support. Proactive and robust defense against the ever-evolving landscape of DDoS cyber threats is critical for safeguarding critical internet connectivity.

 

 

The post A Holistic Approach to Security: 6 Strategies to Safeguard Against DDoS Attacks appeared first on Cybersecurity Insiders.

Distributing cloud solutions and services via a proprietary SaaS platform can be a highly profitable business model. Vendors of successful platforms can earn hundreds of millions of dollars annually, following the examples of Datadog, Hubspot, Salesforce, and other SaaS market players.

However, when developing a SaaS platform, vendors have to ensure the security of data they process and store. A single data breach can ruin a platform’s reputation and discourage thousands of paying customers from using it. Additionally, the platform’s vendor can be fined by a data protection regulator. To avoid these issues, a vendor should properly secure its SaaS platform against cyber threats.

In this article, we cover the most dangerous cyber threats for a SaaS platform and provide four tips on how a vendor can mitigate them.

Key security threats for a SaaS platform

• Malware attacks

Malware is any malicious program used to penetrate and infiltrate a target cloud system or environment. According to Thales’ 2024 Data Threat Report, 41% of companies faced a malware attack last year, and cloud storage, SaaS applications, and cloud infrastructure management tools were primary targets.

SQL injection attacks, enabling hackers to penetrate vulnerable SQL servers across a cloud infrastructure, are one of the most dangerous for SaaS platforms. A hacker could use this attack to corrupt a SaaS vendor’s corporate data, steal sensitive customer information, or disrupt a SaaS platform’s work.

• DoS/DDoS attacks

A DoS attack involves sending a large number of requests to the vendor’s servers to make a SaaS platform unavailable to users. DDoS is a more large-scale type of DoS attack that involves sending a large volume of traffic from multiple compromised sources. As highlighted in the DDoS Threat Report for 2024 Q1 by Cloudflare, DDoS attacks have become 50% more frequent compared to 2023.

According to the same report, four out of ten DDoS attacks lasted more than 10 minutes, while almost three out of ten lasted more than 1 hour. Given that customers expect 99.999% uptime from their SaaS and cloud service providers, mitigating DDoS timely can be critical for a vendor to remain competitive.

• Insider threats

An insider is a person (employee, business partner, etc.) with authorized access to the SaaS platform’s vendor’s systems, infrastructure, or data. Abusing this authorized access for sabotage, espionage, or other malicious purposes is an insider attack.

The 2024 Data Exposure Report by Code42 reveals that the number of companies that faced insider attacks has grown from 66% to 76% during 2019-2024. According to the same report, a single insider attack costs a business $15 million on average.

How to make your SaaS platform secure

Implementing secure development practices

SaaS vendors can mitigate many potential security risks and vulnerabilities by implementing appropriate security measures early in the platform development. Here are some practices that can help build a more secure SaaS platform:

• Threat modeling

Threat modeling involves identifying the most dangerous threats for the future SaaS platform, assessing their potential impact, and defining the best ways to mitigate them. By using tools such as OWASP Threat Dragon or Microsoft Threat Modeling Tool, IT teams can build and visualize threat models, analyze architecture designs for vulnerabilities, and generate insights on how to avoid potential attacks.

• Software Bill of Materials

In manufacturing, Bills of Materials (BOM) are lists covering all components required to build particular product items. BOM, which allows manufacturers to maintain complete component visibility, can also be used for SaaS platform development.

A Software Bill of Materials (SBOM) lists all libraries, scripts, licenses, services, and other components in a software solution. By documenting SBOM during platform engineering, developers can ensure full component transparency and streamline a platform’s vulnerability and risk management.

In practice, SBOMs allow developers to easily track current versions of different software components, which helps prioritize software fixes and updates to prevent critical vulnerabilities. Security teams can also use SBOM to understand the scope of security incidents and identify affected components, addressing potential cyber attacks more efficiently.

• Continuous testing

Continuous testing involves implementing security checks at multiple stages of the software development life cycle (SDLC). One of the essential continuous testing approaches is shift left testing, enabling IT teams to detect vulnerabilities at early software development stages and thus eliminate potential cyber threats quicker and with fewer resources.

Ensuring ISO 27001 and SOC 2 compliance

ISO 27001 and SOC 2 are two information security standards that help SaaS vendors maintain IT security within their organizations, which in turn can contribute to the security of the solutions they provide. Although adhering to these standards helps strengthen data security, only 8% of SaaS providers have achieved both ISO 27001 and SOC2 compliance, according to Vertice’s 2023 data.

ISO 27001 focuses on establishing a reliable information security management (ISM) system, which in turn defines security controls for the software development process. For instance, if a vendor is developing its SaaS platform in-house, ISO 27001-based ISM can guide a corporate testing team on how often they should run security tests and of what kind.

SOC 2 also establishes necessary data security controls for the software development process, helping make the SDLC more transparent, traceable, and controllable. For example, it prescribes software developers adhere to specific secure coding practices, such as input validation or output encoding, to avoid vulnerabilities in the code and ensure the SaaS platform’s security.

Improving physical security across an organization

SaaS platform vendors can establish their own data centers, rent cloud storage from third-party providers, or use a hybrid data storage approach. If a vendor houses some volume of data and workloads on-premises, they must ensure that their servers and data centers are sufficiently protected to avoid an insider threat. 

Implementing a video surveillance system augmented with artificial intelligence technology is one way to protect a vendor’s physical infrastructure. When installed in a server room, such a system can detect suspicious behavior of those who enter the room and alert security teams about potential threats in real time.

Resorting to managed cybersecurity services

Establishing a security operations center (SOC) to identify and prevent cyber threats is an efficient way to address DDoS attacks. However, building one in-house can be challenging for a SaaS platform vendor, as it requires hiring and training security specialists, not to mention significant equipment and technology investments.

Outsourcing security operations to third-party experts is a great way for vendors to avoid these complexities. A third-party team can act as a dedicated security operations center that monitors traffic across a vendor’s network infrastructure, detecting various security incidents, such as DDoS attacks, and timely responding to them, helping a vendor ensure 24x7x365 protection of the SaaS platform.

Final thoughts

Developing and monetizing a SaaS platform allows a vendor to earn millions yearly by selling business solutions and services to clients. Although this business model is promising, it’s also risky, as even minor cybersecurity breaches can cause significant reputational and financial losses.

Fortunately, vendors can avoid these risks by strengthening the cybersecurity of their SaaS platforms. Using secure coding practices, following ISO 27001 and SOC 2 security standards, and enhancing the physical security of servers and data centers are just some of the essential measures that can make a great difference.

Also, vendors can outsource experienced security professionals to help develop a reliable SaaS platform and then provide managed cybersecurity services, helping prevent security threats of all kinds.

 

The post How to ensure the security of your SaaS platform appeared first on Cybersecurity Insiders.

A court in Northern Ireland charged an 18-year-old teenager for launching distributed denial of service attacks to disrupt websites related to international banks and the server/s hosting a boxing match between Logan Paul and Rapper KSI.

Josh Maunder is a teenager who is facing charges for illegally accessing servers of global banks and crashing them with intention.

Although Mr. Maunder from Bangor, County Down did not appear in court physically, he has been charged with 21 offenses, including 13 for unauthorized access to computers.

According to the details available to the media, the youngster was just fifteen when he conspired and cyber-attacked servers and websites related to banks and other institutions between Dec’17 to Oct’18.

Some of the noted websites that crashed because of the digital attack were Nationwide Building Society, Nuclear Fall Out Servers, and Police.UK, Police of the Czech Republic, and a server hosting a boxing match between two American celebrities.

Maunder was also found holding sensitive info on his personal computer, including stolen card details and stolen email addresses and passwords related to PayPal accounts in China, the UK, USA, and Germany.

Because of some reasons, the teenager could not be brought to court for a physical hearing and so the district judge adjourned the case till August 18th of this year.

Note- These days law enforcement agencies are launching inquiries about cyber criminals at the international level and so any cyber crook who commits crimes from any part of the world can be nabbed and prosecuted within days or a few months.

 

The post Teenager charged for launching DdoS attacks on International Banks and Websites appeared first on Cybersecurity Insiders.

All these days we have been discussing Distributed Denial of Service attacks aka Ddos attacks and the massive amounts of fake traffic they create to network disruptions in corporate and government networks.

But Yo-Yo DDoS Attack is different and seems to be an innovative way to attack public cloud infrastructures. Technically, they target cloud architecture’s auto-scaling capabilities to hurt those allocated with a portion of blobs on a financial note. They target the cloud with fake web traffic, thus immensely pressuring the cloud resources such as load balancing, front end services and other cloud services. The hackers then halt the web traffic, keeping the cloud over-provisioning of resources intact that keeps the billing counter ringing. As the attacker downs and ups the traffic, and keeps repeating the cycle, hence it’s been named as a Yo-Yo attack.

Yo-Yo attacks are difficult to identify as a kind of resource provisioning demand can also arise from the legitimate application requests. And cyber crooks indulge in such tactics to damage SMBs that have limited cloud budgets and put a temporary or permanent financial dent on them.

Then how to defend against such Yo-Yo Ddos Attacks

· Deploying AWS Shield, Google Cloud Armor and CloudFlare will help protect against such attacks

· Using a reliable Content Delivery Network (CDN) such as AWS CloudFront, Google CDN and CloudFlare helps

· As every hyperscaler has its security methods and techniques, using such tools will surely help

· Deploying a web application firewall (WAF) from Palo Alto Networks, F5, Imperva, will also help

· Keeping a tab of application security logs constantly will also make sense

· Always avoid default password settings to ensure that the network is secure enough

 

The post Know more about YO-YO DDoS Attacks appeared first on Cybersecurity Insiders.