It is very well known today that the cyberspace became more dangerous in the previous year, 2016, with so many malware attacks all over the globe. Cyber criminals did huge operations which include even heist of a multi-million dollar virtual bank. There is also the evidence of North Korea attacking banks in Bangladesh, Vietnam, Ecuador, and Polland, where was stolen at least US $94 million.
The attackers were using Mirai, a malware that turns network devices running out of date version of Linux. With that old date version they built and IoT botnet big enough to carry out the largest DDoS attacks ever seen in the history. It is nowadays very hard for CIOs (both private and public sector) to avoid major breaches of their network.
The danger out there is like never before! It is always highly recommended that all end users are trained and well educated about identifying and avoiding phishing attempts. Never forget to have a backup plan and recovery program, if anything goes wrong. The cloud can provide you safety from internet security threats, but customers are those who are responsible for protecting their own system and data. But it is also important to follow the recommended internet security tips!
Symantec Internet Security Threat Report summarized that there were more than 88,900 recorded vulnerabilities, spanning more than two decades. Cybercriminals continue to use spear phishing to blend in with normal traffic, while advanced attacks and zero-day vulnerabilities continue to be a major threat. Cyber espionage is being used to cause chaos, disruption, disinformation and to influence the outcomes in the election processes.
The financial threat is also being bigger and stronger each day, moving from the traditional small time credit card to the inner workings of the financial industries (targeting $2,000 billion-dollar heist’s).
Using DDoS as a service explains that the cyber criminals no more need any deep technical knowledge to carry out their crime. What do they need, then? Just a laptop, and an internet connection. Do you use free wi-fi connection? Don’t use it, avoid it as much as you can. You don’t know with whom you’re sharing your connection with. Follow the cyber device security tips.
But what is actually DoS? As it name says, it’s a denial of service, renders websites and other similar online resources that are not available to intended users. They threatened to come in many flavors, with directly targeting the underlying server infrastructure. Those cyber attacks are different from the others because they do not have a long-term foothold, they do not attempt to breach your security perimeter. The DoS rather make your website and service unavailable to legitimate users. They often last for days, weeks or even months which makes them so dangerous for businesses which ruin their long-term reputation and work success, of course.
The difference between DoS and DDoS is that DDoS attacks are launched from multiple connected devices that are distributed across the internet. In that case, they are harder to deflect, mostly because of the number of the devices involved. They tend to target the network infrastructure with an intention to saturate it with huge volumes of traffic. DoS and DDoS are considered as cyber vandals, often described as bored teenagers looking for an adrenaline rush. Also, maybe they are trying to show their anger to some institution (University, for an example), or to afraid some people they dislike or had problems with in life.
The DDoS are not unknown with the money demands also. They can also be used to disrupt online competitions. That occurs often in some multiplayer games.
The top 5 DDoS attack that happened in 2016 are:
1. Russian Banks: Sberbank and Alfabank were the victims of DDoS attacks which lasted for 2 days.
2. RIO Olympics: These DDoS attacks lasted for several months. Such longevity could have easily disrupted the logistics and media coverage of the Olympics.
3. Clinton and Trump Campaign sites: Campaign launched against Donald Trump. The DDoS wanted to take down the billionaire’s website for his hotel chain and the presidential campaign. Also, his e-mail servers.
4. Brian Krebs: The blog of information security investigative reporter Brian Krebs was attacked by DDoS. They leveraged GRE traffic, which can’t be spoofed or faked.
5. DYN: An actor leveraged a Mirai botnet consisting 100,000 infected devices to launch a DDoS attack against Dyn. Etsy, Github, Spotify and Twitter, all went down and suffered service interruptions or get offline.
The security community needs to work together to create the expectation or regulation of security by design in IoT devices. Better to have this conversation sooner rather than later.
You can decrease the chance of getting into a danger by following recommended social security tips.
Let’s get over with DDoS and go back to Symanthec’s Internet Security Threats. There are much more types of them than we’ve already told.
Of course, and so it’s well-known, e-mails are again the popular weapon of choice for cybercriminals. Infecting targets with ransomware or delivering malware payloads steal credentials or gain initial access to a platform. It can be all done through an e-mail. It depends on the targeted victim if he or she will just do that one click.
Do not open spam e-mails or anything strange that occur suddenly in your inbox. Trust your common sense, always.
Furthermore, IoT devices are targeted every two minutes. Simple device connected to the internet with no security and being low powered and weak, can easily be turned into devastation and disruption. This also happens easily through the mobile phones, so be sure you are following your mobile device security tips.
Other reported tools used by cyber criminals are MimiKatz, PsExcs, Netscan, Samdump, and WCE. The attackers usually use stolen credentials to gain access and move around the network. It is always important to have a great and strong password, 8-10 characters long or even better-15-18 characters. Always include a mixture of text and numbers. Sharing your password with others should really be forbidden. All the users need to avoid reusing the same password on multiple websites.
The cyber crime victim can report a credit card fraud and just get a new number, but when it comes to Social Security number, then you are bound to it for life.
Follow recommended social security tips! Take care!