UK Government reveals Plans to Build Trust in Use of Digitial Identities
This week, the UK government released a draft of the rules they would be using to govern the future of digital identities. It will be making it easier and quicker for people to verify themselves using modern technology, as trusted as using identification resources such as a passport or bank statements. The framework will include principles, policies, procedures, and standards used to govern the use of digital identities.
Once it’s pushed out, there will be expectations in businesses to also do their part in creating a data management policy. The policy should include how digital identities will be created, obtained, disclosed, and how to protect or delete the data. It should also include ways of notifying users of suspected fraudulent activity. This initiative has been escalated because of the pandemic and reliance on technology, it’s been created under the belief that “digital identity systems should be inclusive and accessible for anyone that chooses to use them”
Senior Managers Set Terrible Example for Secure Remote Working
Senior managers in UK and US companies are routinely exposing their organization to cyber-threats with more risky device and password management practices than their junior colleagues, according to OneLogin. It found that senior managers were twice as likely to share a work device with someone outside the organization: 42% admitted doing so versus 20% of their junior counterparts. They were also more than twice as likely to share passwords: 19% confessed to giving their credentials to a family member compared to only 7% of junior employees. Finally, nearly a third (30%) senior staff admitted working from public Wi-Fi, versus just 15% of junior workers. The report also revealed that male respondents were more likely to engage in risky behavior than their female colleagues.
Trickbot has introduced a new module that performs LAN reconnaissance, scanning local networks with open ports for quick lateral movements once a network is breached. The module, named Masrv uses masscan utility on newly infected devices to scan for open ports on the network to be attacked later. Scan results are uploaded to a trickbot command and control server.
When open or management ports are discovered on a networked system, specialized modules are deployed to exploit the vulnerability and infect new systems or devices. The module is believed to be in testing stages at the moment, since only one variant has been observed so far, compiled in early December 2020.
Accellion is a US Cloud provider with a product developed in the early 2000’s called FTA. FTA is a file transfer service, which allows users to move and store large files that cannot be sent through email. A threat actor exploited a zero day vulnerability with a SQL injection. Once the SQL code is executed, a web shell is installed enables the attacker to steal files stored in the FTA application. Some of the effected entities is the Reserve Bank of New Zealand, University of Colorado, and Sintel, Singapore’s largest telecommunications company. Few days after the breach a firmware update was released and Accellion announced an end of life date of April 30th, 2021, retiring FTA. The reality is the zero day vulnerabilities and attacks are unpredictable and can even affected the most secure networks.
The Transition to TIC 3.0: Ensuring Agency Readiness for Network Modernization
This article outlines the need for organizations to use the “Trusted Internet Connection 3.0” for organizations due to businesses transitioning to mobile and cloud environments. TIC 3.0 helps divide agency architectures by trust zones. The goal of the trust zone is to ensure baseline security protections are in place to protect the boundary of the zone.
TIC 3.0 “gives agencies the ability to build architectures around concepts and technologies—such as bring your own device, virtual private network access, multi-factor authentication, and alternative authentication methods—removing prior TIC inefficiencies.” With the TIC 3.0 guidance, organizations can deploy strategies to increase their network and collaboration capacity while ensuring they are secure.
Vast Majority of Phishing and Malware Campaigns Are Small-Scale and Short-Lived
Researchers from Google and Stanford University have analyzed the patterns of more than 1.2 billion email-based phishing and malware attacks targeting Gmail users, and found that most attack campaigns are short-lived and sent to fewer than 1,000 targets.
This short duration is likely a direct response to attackers attempting to re-configure campaigns to evade detection. Absent cycling to new campaigns, traffic to phishing pages has been found to disappear within a few hours after detection.
According to the report, the research has revealed that an individual’s email usage patterns, security posture, demographics, and location have a significant impact on the likelihood of attack. The risk would increase with each subsequent age group, and those who had their personal data exposed in a third-party breach are more likely to be targeted.
Users who haven’t yet enabled additional security protections are more at risk, just as those who are more active on Gmail. The use of multiple devices also increases the odds of an attack, the report reveals.
Vulnerability in VMware vSphere Replication Can Facilitate Attacks on Enterprises
VMware last week informed customers about the availability of patches for a potentially serious vulnerability affecting its vSphere Replication product. vSphere Replication, a VMware vSphere component, is a virtual machine replication engine designed for data protection and disaster recovery. VMware has told customers that several versions of the product are affected by a high-severity (important) command injection vulnerability that can be exploited by a hacker with admin privileges to execute shell commands on the underlying system. An attacker could obtain the access required for exploitation through, for example, social engineering or by hoping that the targeted admin account is protected by a weak password. Once the account has been accessed, exploitation of the vulnerability is not difficult, the researcher said.
According to an article on DarkReading.com, it was reported that over 100 financial firms were attacked via DDoS in 2020. These firms are located all over the globe, and the types of firms involved in these ransom attacks were banks, exchanges, payments companies, card issuers, payroll companies, insurance firms, and money transfer services. The DDoS attacks seem to originate from North Korea and Russia. According to the Financial Services Information Sharing and Analysis Center, the attacker would send an extortion note to the firms threatening to disrupt their service unless they were paid. The FS-ISAC reported that none paid the ransom, and the firms would share information with each other about the impending DDoS attacks to help mitigate it as the attacks were continuing to happen.
Signal, WhatsApp and Telegram: Major security differences between messaging apps
The article compared three messaging apps’s security and privacy protocol which has the greatest download numbers. Signal, Telegram and WhatsApp all use end-to-end encryption in some portion of their app, meaning that if an outside party intercepts your texts, they should be scrambled and unreadable. It also means that the exact content of your messages supposedly can’t be viewed by the people working for any of those apps when you are communicating with another private user. This prevents law enforcement, your mobile carrier and other snooping entities from being able to read the contents of your messages, even when they intercept them. Signal does not collect data but only collect your phone number. It is free and does not had advertisement, and it is funded by nonprofit signal foundation. It is fully open-source. Its encryption use it own signal protocol. Telegram does collect your data including name, phone number, contacts, and user IDs. It is free, forthcoming on Ad platform and premium features, and it is funded mainly by founder. The app is only partially open-source. It Encryption protocol is using MTProto. The third one is whats app. It collect data that is too much to list. It is free and business version available for free, and funded by facebook. Its not open0-source, except for encryption. Its encryption is using signal protocol.
UK cryptocurrency exchange EXMO knocked offline by ‘massive’ DDoS attack
Cryptocurrency exchange EXMO has been knocked offline by a “massive” DDoS attack. EXMO said that it experienced an unusual amount of traffic at 16.10 GMT, with the number of connections temporarily disrupting its activity and shutting down its website for 2 hours. The attack drove 30 GB of traffic per second and affected “the whole network infrastructure, including the website, API, Websocket API, and exchange charts”. The attack was repelled with the help of DDoS protection Qurator. News of this DDoS attack follows another security incident with EXMO on December 21, 2020, which saw attackers steal around $4 million in cryptocurrency from them. The attackers took an estimated 6% of the exchange’s assets. The funds were withdrawn through exchange Poloniex, and therefore cannot be returned. It seems with the success of the initial attack that EXMO is now being targeted.
France’s national cybersecurity agency announced that several hacker organizations’ activities are similar to the incident of another group to Russian intelligence attacking this Monday. The hackers exploit a vulnerability of monitoring software from French group Centreon to affect information technology providers, especially the web-hosting providers. The agency also found that “a backdoor” is on several Centreon severs, so the hacker can access its network. It emphasizes that this is a long period of hacking from 2017 to 2020, and the hackers may target stealing information or spying. Moreover, US intelligence and law enforcement agencies state that the recent incidents of hacking aim at an American firm, SolarWinds may be from Russian hackers. They believe that the hackers are trying to be an intelligence-gathering effort rather than stealing or breaking the IT system.
IRS issued an urgent warning to tax professionals over a new scam in which the cyber-criminals impersonate the IRS over email in an attempt to steal Electronic Filing Identification Numbers (EFINs). Targets are asked to send an EFIN acceptance letter dated within the last 12 months and scans of their driver’s license to a fake email address in order for their EFIN to be verified. This information can be used to impersonate that professional and file fraudulent returns. IRS commissioner stated phishing scams are the most common tool used by identity thieves to trick tax professionals into disclosing sensitive information. An alert was issued Feb 10 by the IRS and other tax agencies to save this scam email as a file and sent it as an attachment to the email address provided. The article suggests that to defend against such attacks people should be educated and be more aware about these types of scams.
Over two-thirds of British adults are unaware how to report cybercrime, with many admitting they feel uninformed about attacks, according to a new study. Digital agency Reboot Online analyzed European Commission data from across the region. 68% of Brits said they didn’t know how to report cybercrime or illegal online behavior. This is worrying because the level of cybercrime continues to rise. According to ONS, crimes reported by businesses and individuals in the 12 months to March 2020 have surged by 23%. the article suggests that familiarize yourself with government-supported cybercrime agencies/institutions, and apply their recommended best practices to your online actions, can play an important role in reducing your risk of becoming a victim of cybercrime.
DDoS attacks have risen substantially this past year, due to the shift in digital users by COVID-19. ATLAS observed that over 10,000,000 DDoS attacks were conducted last year, which was 1.6 million higher than the previous year. They mention that these attacks do go up year by year, but this YoY growth suggests that criminals are exploiting the growth of internet users working at home during the pandemic. Attack frequency was up 20% across the entire year but excluding Jan-Mar (pre-pandemic) that number was 22%. Essential sectors were heavily targeted such as e-com, online learning, and healthcare. They target these sectors as the impact is much more critical compared to prior to the pandemic when an attack would be focused on a retail environment. In addition, a lot of these essential sectors that have moved remote may have implemented things too quickly and were unprepared for potential threats.
I love reading whitepapers, especially when they apply to a lesson or a task at work that I may be dealing with!
This week I ran across a white paper that lists the top 9 DDoS attacks that an organization need to watch out for. A new term to me was the “botnet killer”.
Types of Attacks:
– IoT Botnets – Mirai botnet – launched the largest DDoS attack in history.
-DNS Attacks – use tools to learn and gain deep knowledge of the DNS traffic behavior.
-Burst Attacks and APDoS campaigns – short burst/high volume at random.
-SSL/Encrypted Attacks – SSL protocol masking
-Layer 7 Application Attacks – resource exhaustion by HTTP (and others) exploitable weaknesses
– RDoS Attacks – ransom motivated attacks
-Reflection/Amplification Attacks – using a router as an amplifier to broadcast the IP address to send messages to other IP addresses which will in turn respond to the spoofed target ID
-Telephony DoS (TDoS) Attacks – high volume of calls to the target network => financial and public emergency areas.
-Dynamic Content and CDN-Based Attacks – the inability of orgs to block traffic coming from CDNs IP addresses creates a weakness for those that use content delivery networks to support global site and application performance. Attackers overload servers wit requests for noncached content.
The article gives an overview of each type of attack and highlights areas or industries where they are most common.
DDoS attack takes down EXMO cryptocurrency exchange servers
The servers of British cryptocurrency exchange EXMO were taken offline temporarily after being targeted in a distributed denial-of-service (DDoS) attack. British cryptocurrency exchange EXMO said on Twitter “Please note that the EXMO exchange website is now under the DDoS attack. The servers are temporarily unavailable.”
In a separate alert issued through the company’s official Twitter account, EXMO said that it’s working on addressing the issue. While no update was published since the DDoS attack was announced, the platform’s servers and website are now back online.
The British cryptocurrency exchange — self-described as “one of the largest cryptocurrency exchanges in Europe” — disclosed in December 2020 that unknown attackers were able to withdraw roughly 5% of its total assets after compromising EXMO’s hot wallets. Unlike cold wallets (aka offline or hardware wallets) that have no Internet connection, hot wallets are Internet-connected and are used by exchanges to temporarily store assets for ongoing transfers and transactions.
EXMO said “Our team is currently developing a new infrastructure for hot wallets. Since each blockchain needs a separate server, the process will take some time,” EXMO added in a subsequent update. https://www.bleepingcomputer.com/news/security/ddos-attack-takes-down-exmo-cryptocurrency-exchange-servers/?&web_view=true
The article I picked this week was around network segmentation as an additional defense against attackers. Network segmentation is simply the process of breaking a large flat network into several smaller networks to limit traffic from one part of the network from reaching another segment. For example, application developers can be segmented to a separate segment than business users who transact in production daily. Firewalls can be established between the various segments to limit traffic, filter or monitor. In my experience, active directory organizational units (OUs) are used to segment with firewalls between the OUs. Segmentation sounds simple, however, it is extremely complex when you are looking at placement of applications, servers, users and groups within each segment. Think about a segment for developers. The segment needs to include all the users, the groups that contain permissions and the applications and databases they need to do their daily work. Moving or copying an application in multiple segments can create licensing issues, code consistency issues, etc. The article eludes to the complexity of segmentation.
Mei X Wang says
UK Government reveals Plans to Build Trust in Use of Digitial Identities
This week, the UK government released a draft of the rules they would be using to govern the future of digital identities. It will be making it easier and quicker for people to verify themselves using modern technology, as trusted as using identification resources such as a passport or bank statements. The framework will include principles, policies, procedures, and standards used to govern the use of digital identities.
Once it’s pushed out, there will be expectations in businesses to also do their part in creating a data management policy. The policy should include how digital identities will be created, obtained, disclosed, and how to protect or delete the data. It should also include ways of notifying users of suspected fraudulent activity. This initiative has been escalated because of the pandemic and reliance on technology, it’s been created under the belief that “digital identity systems should be inclusive and accessible for anyone that chooses to use them”
https://www.infosecurity-magazine.com/news/govt-trust-digital-identities/
Zibai Yang says
Senior Managers Set Terrible Example for Secure Remote Working
Senior managers in UK and US companies are routinely exposing their organization to cyber-threats with more risky device and password management practices than their junior colleagues, according to OneLogin. It found that senior managers were twice as likely to share a work device with someone outside the organization: 42% admitted doing so versus 20% of their junior counterparts. They were also more than twice as likely to share passwords: 19% confessed to giving their credentials to a family member compared to only 7% of junior employees. Finally, nearly a third (30%) senior staff admitted working from public Wi-Fi, versus just 15% of junior workers. The report also revealed that male respondents were more likely to engage in risky behavior than their female colleagues.
https://www.infosecurity-magazine.com/news/senior-managers-bad-example-secure/
Humbert Amiani says
Trickbot has introduced a new module that performs LAN reconnaissance, scanning local networks with open ports for quick lateral movements once a network is breached. The module, named Masrv uses masscan utility on newly infected devices to scan for open ports on the network to be attacked later. Scan results are uploaded to a trickbot command and control server.
When open or management ports are discovered on a networked system, specialized modules are deployed to exploit the vulnerability and infect new systems or devices. The module is believed to be in testing stages at the moment, since only one variant has been observed so far, compiled in early December 2020.
https://www.zdnet.com/article/new-trickbot-module-uses-masscan-for-local-network-reconnaissance/
Anthony Wong says
Accellion is a US Cloud provider with a product developed in the early 2000’s called FTA. FTA is a file transfer service, which allows users to move and store large files that cannot be sent through email. A threat actor exploited a zero day vulnerability with a SQL injection. Once the SQL code is executed, a web shell is installed enables the attacker to steal files stored in the FTA application. Some of the effected entities is the Reserve Bank of New Zealand, University of Colorado, and Sintel, Singapore’s largest telecommunications company. Few days after the breach a firmware update was released and Accellion announced an end of life date of April 30th, 2021, retiring FTA. The reality is the zero day vulnerabilities and attacks are unpredictable and can even affected the most secure networks.
https://www.zdnet.com/article/accellion-to-retire-product-at-the-heart-of-recent-hacks/
Jonathan Castelli says
The Transition to TIC 3.0: Ensuring Agency Readiness for Network Modernization
This article outlines the need for organizations to use the “Trusted Internet Connection 3.0” for organizations due to businesses transitioning to mobile and cloud environments. TIC 3.0 helps divide agency architectures by trust zones. The goal of the trust zone is to ensure baseline security protections are in place to protect the boundary of the zone.
TIC 3.0 “gives agencies the ability to build architectures around concepts and technologies—such as bring your own device, virtual private network access, multi-factor authentication, and alternative authentication methods—removing prior TIC inefficiencies.” With the TIC 3.0 guidance, organizations can deploy strategies to increase their network and collaboration capacity while ensuring they are secure.
https://www.nextgov.com/ideas/2021/02/transition-tic-30-ensuring-agency-readiness-network-modernization/171793/
Wenyao Ma says
Vast Majority of Phishing and Malware Campaigns Are Small-Scale and Short-Lived
Researchers from Google and Stanford University have analyzed the patterns of more than 1.2 billion email-based phishing and malware attacks targeting Gmail users, and found that most attack campaigns are short-lived and sent to fewer than 1,000 targets.
This short duration is likely a direct response to attackers attempting to re-configure campaigns to evade detection. Absent cycling to new campaigns, traffic to phishing pages has been found to disappear within a few hours after detection.
According to the report, the research has revealed that an individual’s email usage patterns, security posture, demographics, and location have a significant impact on the likelihood of attack. The risk would increase with each subsequent age group, and those who had their personal data exposed in a third-party breach are more likely to be targeted.
Users who haven’t yet enabled additional security protections are more at risk, just as those who are more active on Gmail. The use of multiple devices also increases the odds of an attack, the report reveals.
https://www.securityweek.com/vast-majority-phishing-and-malware-campaigns-are-small-scale-and-short-lived
Xinyi Zheng says
Vulnerability in VMware vSphere Replication Can Facilitate Attacks on Enterprises
VMware last week informed customers about the availability of patches for a potentially serious vulnerability affecting its vSphere Replication product. vSphere Replication, a VMware vSphere component, is a virtual machine replication engine designed for data protection and disaster recovery. VMware has told customers that several versions of the product are affected by a high-severity (important) command injection vulnerability that can be exploited by a hacker with admin privileges to execute shell commands on the underlying system. An attacker could obtain the access required for exploitation through, for example, social engineering or by hoping that the targeted admin account is protected by a weak password. Once the account has been accessed, exploitation of the vulnerability is not difficult, the researcher said.
https://www.securityweek.com/vulnerability-vmware-vsphere-replication-can-facilitate-attacks-enterprises
Krish Damany says
According to an article on DarkReading.com, it was reported that over 100 financial firms were attacked via DDoS in 2020. These firms are located all over the globe, and the types of firms involved in these ransom attacks were banks, exchanges, payments companies, card issuers, payroll companies, insurance firms, and money transfer services. The DDoS attacks seem to originate from North Korea and Russia. According to the Financial Services Information Sharing and Analysis Center, the attacker would send an extortion note to the firms threatening to disrupt their service unless they were paid. The FS-ISAC reported that none paid the ransom, and the firms would share information with each other about the impending DDoS attacks to help mitigate it as the attacks were continuing to happen.
https://www.darkreading.com/attacks-breaches/100+-financial-services-firms-targeted-in-ransom-ddos-attacks-in-2020/d/d-id/1340165
Ting-Yen Huang says
Signal, WhatsApp and Telegram: Major security differences between messaging apps
The article compared three messaging apps’s security and privacy protocol which has the greatest download numbers. Signal, Telegram and WhatsApp all use end-to-end encryption in some portion of their app, meaning that if an outside party intercepts your texts, they should be scrambled and unreadable. It also means that the exact content of your messages supposedly can’t be viewed by the people working for any of those apps when you are communicating with another private user. This prevents law enforcement, your mobile carrier and other snooping entities from being able to read the contents of your messages, even when they intercept them. Signal does not collect data but only collect your phone number. It is free and does not had advertisement, and it is funded by nonprofit signal foundation. It is fully open-source. Its encryption use it own signal protocol. Telegram does collect your data including name, phone number, contacts, and user IDs. It is free, forthcoming on Ad platform and premium features, and it is funded mainly by founder. The app is only partially open-source. It Encryption protocol is using MTProto. The third one is whats app. It collect data that is too much to list. It is free and business version available for free, and funded by facebook. Its not open0-source, except for encryption. Its encryption is using signal protocol.
https://www.cnet.com/news/signal-whatsapp-and-telegram-major-security-differences-between-messaging-apps/
Anthony Messina says
UK cryptocurrency exchange EXMO knocked offline by ‘massive’ DDoS attack
Cryptocurrency exchange EXMO has been knocked offline by a “massive” DDoS attack. EXMO said that it experienced an unusual amount of traffic at 16.10 GMT, with the number of connections temporarily disrupting its activity and shutting down its website for 2 hours. The attack drove 30 GB of traffic per second and affected “the whole network infrastructure, including the website, API, Websocket API, and exchange charts”. The attack was repelled with the help of DDoS protection Qurator. News of this DDoS attack follows another security incident with EXMO on December 21, 2020, which saw attackers steal around $4 million in cryptocurrency from them. The attackers took an estimated 6% of the exchange’s assets. The funds were withdrawn through exchange Poloniex, and therefore cannot be returned. It seems with the success of the initial attack that EXMO is now being targeted.
https://portswigger.net/daily-swig/uk-cryptocurrency-exchange-exmo-knocked-offline-by-massive-ddos-attack
Cami Chen says
France’s national cybersecurity agency announced that several hacker organizations’ activities are similar to the incident of another group to Russian intelligence attacking this Monday. The hackers exploit a vulnerability of monitoring software from French group Centreon to affect information technology providers, especially the web-hosting providers. The agency also found that “a backdoor” is on several Centreon severs, so the hacker can access its network. It emphasizes that this is a long period of hacking from 2017 to 2020, and the hackers may target stealing information or spying. Moreover, US intelligence and law enforcement agencies state that the recent incidents of hacking aim at an American firm, SolarWinds may be from Russian hackers. They believe that the hackers are trying to be an intelligence-gathering effort rather than stealing or breaking the IT system.
Cami Chen says
https://techxplore.com/news/2021-02-french-cyber-agency-reveals-russian.html
Priyanka Ranu says
IRS Warns of EFIN Scam
IRS issued an urgent warning to tax professionals over a new scam in which the cyber-criminals impersonate the IRS over email in an attempt to steal Electronic Filing Identification Numbers (EFINs). Targets are asked to send an EFIN acceptance letter dated within the last 12 months and scans of their driver’s license to a fake email address in order for their EFIN to be verified. This information can be used to impersonate that professional and file fraudulent returns. IRS commissioner stated phishing scams are the most common tool used by identity thieves to trick tax professionals into disclosing sensitive information. An alert was issued Feb 10 by the IRS and other tax agencies to save this scam email as a file and sent it as an attachment to the email address provided. The article suggests that to defend against such attacks people should be educated and be more aware about these types of scams.
https://www.infosecurity-magazine.com/news/irs-warns-of-efin-scam/
Junhan Hao says
Over two-thirds of British adults are unaware how to report cybercrime, with many admitting they feel uninformed about attacks, according to a new study. Digital agency Reboot Online analyzed European Commission data from across the region. 68% of Brits said they didn’t know how to report cybercrime or illegal online behavior. This is worrying because the level of cybercrime continues to rise. According to ONS, crimes reported by businesses and individuals in the 12 months to March 2020 have surged by 23%. the article suggests that familiarize yourself with government-supported cybercrime agencies/institutions, and apply their recommended best practices to your online actions, can play an important role in reducing your risk of becoming a victim of cybercrime.
https://www.infosecurity-magazine.com/news/most-europeans-dont-know-report/
Austin Mecca says
https://www.infosecurity-magazine.com/news/ddos-surge-202-covid/
DDoS attacks have risen substantially this past year, due to the shift in digital users by COVID-19. ATLAS observed that over 10,000,000 DDoS attacks were conducted last year, which was 1.6 million higher than the previous year. They mention that these attacks do go up year by year, but this YoY growth suggests that criminals are exploiting the growth of internet users working at home during the pandemic. Attack frequency was up 20% across the entire year but excluding Jan-Mar (pre-pandemic) that number was 22%. Essential sectors were heavily targeted such as e-com, online learning, and healthcare. They target these sectors as the impact is much more critical compared to prior to the pandemic when an attack would be focused on a retail environment. In addition, a lot of these essential sectors that have moved remote may have implemented things too quickly and were unprepared for potential threats.
Vanessa Marin says
I love reading whitepapers, especially when they apply to a lesson or a task at work that I may be dealing with!
This week I ran across a white paper that lists the top 9 DDoS attacks that an organization need to watch out for. A new term to me was the “botnet killer”.
Types of Attacks:
– IoT Botnets – Mirai botnet – launched the largest DDoS attack in history.
-DNS Attacks – use tools to learn and gain deep knowledge of the DNS traffic behavior.
-Burst Attacks and APDoS campaigns – short burst/high volume at random.
-SSL/Encrypted Attacks – SSL protocol masking
-Layer 7 Application Attacks – resource exhaustion by HTTP (and others) exploitable weaknesses
– RDoS Attacks – ransom motivated attacks
-Reflection/Amplification Attacks – using a router as an amplifier to broadcast the IP address to send messages to other IP addresses which will in turn respond to the spoofed target ID
-Telephony DoS (TDoS) Attacks – high volume of calls to the target network => financial and public emergency areas.
-Dynamic Content and CDN-Based Attacks – the inability of orgs to block traffic coming from CDNs IP addresses creates a weakness for those that use content delivery networks to support global site and application performance. Attackers overload servers wit requests for noncached content.
The article gives an overview of each type of attack and highlights areas or industries where they are most common.
https://dsimg.ubm-us.net/envelope/414933/633973/Top_9_DDoS_Attacks_to_Prep_For_FIN_2020.pdf
Zhen Li says
DDoS attack takes down EXMO cryptocurrency exchange servers
The servers of British cryptocurrency exchange EXMO were taken offline temporarily after being targeted in a distributed denial-of-service (DDoS) attack. British cryptocurrency exchange EXMO said on Twitter “Please note that the EXMO exchange website is now under the DDoS attack. The servers are temporarily unavailable.”
In a separate alert issued through the company’s official Twitter account, EXMO said that it’s working on addressing the issue. While no update was published since the DDoS attack was announced, the platform’s servers and website are now back online.
The British cryptocurrency exchange — self-described as “one of the largest cryptocurrency exchanges in Europe” — disclosed in December 2020 that unknown attackers were able to withdraw roughly 5% of its total assets after compromising EXMO’s hot wallets. Unlike cold wallets (aka offline or hardware wallets) that have no Internet connection, hot wallets are Internet-connected and are used by exchanges to temporarily store assets for ongoing transfers and transactions.
EXMO said “Our team is currently developing a new infrastructure for hot wallets. Since each blockchain needs a separate server, the process will take some time,” EXMO added in a subsequent update.
https://www.bleepingcomputer.com/news/security/ddos-attack-takes-down-exmo-cryptocurrency-exchange-servers/?&web_view=true
Heather Ergler says
https://securityintelligence.com/articles/what-is-network-segmentation/
The article I picked this week was around network segmentation as an additional defense against attackers. Network segmentation is simply the process of breaking a large flat network into several smaller networks to limit traffic from one part of the network from reaching another segment. For example, application developers can be segmented to a separate segment than business users who transact in production daily. Firewalls can be established between the various segments to limit traffic, filter or monitor. In my experience, active directory organizational units (OUs) are used to segment with firewalls between the OUs. Segmentation sounds simple, however, it is extremely complex when you are looking at placement of applications, servers, users and groups within each segment. Think about a segment for developers. The segment needs to include all the users, the groups that contain permissions and the applications and databases they need to do their daily work. Moving or copying an application in multiple segments can create licensing issues, code consistency issues, etc. The article eludes to the complexity of segmentation.