Evaluating DDoS Mitigation Solutions – 7 Key Factors

The rapid growth of the DDoS threats in recent years has been followed by an influx of mitigation solutions. Selection, however, can be tough. How do you assess, evaluate and differentiate between the DDoS mitigation service providers? What are the key factors to pay attention to? How can you ensure that a solution not only matches your business and technical requirements, but will also deliver on its promise on the day of an attack?

Many companies have relied in the past on traditional DDoS protection solutions, using complex hardware such as firewalls and load balancers. However, such solutions have proven costly and in many cases ineffective.

Here is a brief summary of seven practical guidelines that will help you evaluate solutions and assess their capabilities.

Before you begin…

Before you begin to examine available DDoS solutions, clearly identify your needs. For example :

·         How critical is downtime for your business?
For some companies a single hour of downtime can cost up to $20,000 and for others it can exceed $100,000 per hour. Will you need an “Always on” DDoS protection solution or an “On Demand” protection mode? 

  

·         What is your network architecture?
Is it a private network with on premise servers, does it include public cloud resources (AWS, Azure), a combination of both? This will determine the solution implementation flavor you need to look for (cloud protection, on premise appliance, or a combination of both). Naturally, a solution that can offer protection to a wide range of network implementation will save you time, training, and administration overhead.

·         What are your requirements in regards to monitoring DDoS related events and integrating data into your existing security/IT systems?

Here is a summary of the 7 key factors to help you choose the right DDoS Protection solution for your company:

1 – Attack coverage

Select a solution that provides protection against ALL major attack types – be it an attack on the application layer or SSL-based attack, a volumetric attack, or a multi-vector and continuous attacks.

2 – Mitigation capabilities

Drill down to examine mitigation details – Which attack volumes can the solution handle? What it its scalability? How quickly does it detect, notify and mitigate an attack?

3 – Mitigation capacity

Continuous DDoS protection will depend on the setup and availability of scrubbing centers, their distribution, connectivity and redundancy. Look for a DDoS solution that has worldwide coverage and enough total scrubbing capacity to handle several attacks simultaneously.

4 – Fully managed vs. self serve

DDoS requires highly specialized skills and expertise. Select a solution provider that will monitor your protected assets and provides a 24/7/365 response team capable of mitigating new zero-day DDoS attacks.

5- Self management

Make sure you have the flexibility and visibility to manage and control DDoS protection both from within the system itself, and if needed, from within your existing security systems.

6 – Support and SLA

Ensure the solution provides sufficient support and expert assistance during and following a DDoS attack and that you receive quantifiable assurances, such as a service level agreement.

7 – Total Cost of Ownership

Carefully examine the value vs. price balance so that you don’t compromise on protection quality due to  a cheaper price.  Select a solution that is priced based on legitimate traffic volume and that provides unlimited attack traffic capacity.

Here is a summary of the 7 key factors to help you choose the right DDoS Protection solution for your company.

In summary, selecting a DDoS solution cannot be done using a one-size-fits-all approach. You must adopt an informed process to choose a DDoS mitigation solution that fits your needs and can successfully defend you against ALL attack types, including massive network attacks, which compromise over 65% of today’s DDoS attacks.

Best Regards ,

Web Admin

LATVIK SECURE

LATVIK TECHNOLOGIES ™

www.latvikhost.com | https://latviksecure.blogspot.com

Data on 500 Million Guests Stolen in 4-Year Breach @ MARIOTT

Hospitality giant Marriott today disclosed a massive data breach exposing the personal and financial information on as many as a half billion customers who made reservations at any of its Starwood properties over the past four years.

Marriott said the breach involved unauthorized access to a database containing guest information tied to reservations made at Starwood properties on or before Sept. 10, 2018, and that its ongoing investigation suggests the perpetrators had been inside the company’s networks since 2014.

Marriott said the intruders encrypted information from the hacked database (likely to avoid detection by any data-loss prevention tools when removing the stolen information from the company’s network), and that its efforts to decrypt that data set was not yet complete. But so far the hotel network believes that the encrypted data cache includes information on up to approximately 500 million guests who made a reservation at a Starwood property.

“For approximately 327 million of these guests, the information includes some combination of name, mailing address, phone number, email address, passport number, Starwood Preferred Guest account information, date of birth, gender, arrival and departure information, reservation date and communication preferences,” Marriott said in a statement released early Friday morning.

Marriott added that customer payment card data was protected by encryption technology, but that the company couldn’t rule out the possibility the attackers had also made off with the encryption keys needed to decrypt the data.

The hotel chain did not say precisely when in 2014 the breach was thought to have begun, but it’s worth noting that Starwood disclosed its own breach involving more than 50 properties in November 2015, just days after being acquired by Marriott. According to Starwood’s disclosure at the time, that earlier breach stretched back at least one year — to November 2014.

Back in 2015, Starwood said the intrusion involved malicious software installed on cash registers at some of its resort restaurants, gift shops and other payment systems that were not part of the its guest reservations or membership systems.

However, this would hardly be the first time a breach at a major hotel chain ballooned from one limited to restaurants and gift shops into a full-blown intrusion involving guest reservation data. In Dec. 2016, KrebsOnSecurity broke the news that banks were detecting a pattern of fraudulent transactions on credit cards that had one thing in common: They’d all been used during a short window of time at InterContinental Hotels Group (IHG) properties, including Holiday Inns and other popular chains across the United States.

It took IHG more than a month to confirm that finding, but the company said in a statement at the time it believed the intrusion was limited to malware installed at point of sale systems at restaurants and bars of 12 IHG-managed properties between August and December 2016.

In April 2017, IHG acknowledged that its investigation showed cash registers at more than 1,000 of its properties were compromised with malicious software designed to siphon customer debit and credit card data — including those used at front desks in certain IHG properties.Marriott says its own network does not appear to have been affected by this four-year data breach, and that the investigation only identified unauthorized access to the separate Starwood network.

Starwood hotel brands include W Hotels, St. Regis, Sheraton Hotels & Resorts, Westin Hotels & Resorts, Element Hotels, Aloft Hotels, The Luxury Collection, Tribute Portfolio, Le Méridien Hotels & Resorts, Four Points by Sheraton and Design Hotels that participate in the Starwood Preferred Guest (SPG) program.

Marriott is offering affected guests in the United States, Canada and the United Kingdom a free year’s worth of service from WebWatcher, one of several companies that advertise the ability to monitor the cybercrime underground for signs that the customer’s personal information is being traded or sold.

The breach announced today is just the latest in a long string of intrusions involving credit card data stolen from major hotel chains over the past four years — with many chains experiencing multiple breaches. In October 2017, Hyatt Hotels suffered its second card breach in as many years. In July 2017, the Trump Hotel Collection was hit by its third card breach in two years.

This is a developing story, and will be updated with analysis soon.

Best Regards ,

Web Admin

LATVIK SECURE

LATVIK TECHNOLOGIES ™

www.latvikhost.com | https://latviksecure.blogspot.com

Healthcare Organizations Falling Behind on Cyber Risk Management

Only 29% of healthcare organizations report having a comprehensive security program in place.

Only 29 percent of healthcare organizations reporting having a comprehensive security program in place, and among those that do not have such a program, 31 percent are either not meeting with their executive committee or are meeting less than once a year to give security updates.

According to CHIME’s 2018 Health-Care’s Most Wired report, the maturity of a healthcare enterprise’s security program impacts its capabilities and protocols. For example, enterprises with a comprehensive security program are more likely to support critical security measures like data-loss prevention, BYOD management, database monitoring, provisioning systems, log management and adaptive risk-based authentication for network access.

Most organizations seem prepared for disasters to strike; 68 percent estimate that if a disaster caused complete loss of their primary data center, they could restore operations within 24 hours for their clinical, financial, supply chain management, and human resources and staffing systems. Regarding the adoption of 10 components critical to an incident response plan (see graphic), 26 percent of organizations have all 10, with the most adopted including documented EHR-outage procedures, security/privacy breach notification procedures and at least annual tabletop exercises.

Best Regards ,

Web Admin

LATVIK SECURE

LATVIK TECHNOLOGIES ™

www.latvikhost.com | https://latviksecure.blogspot.com

Nearly 70 Percent of SMBs Experience Cyber Attacks

A study done in 2018 by State of Cybersecurity in Small and Medium Size Businesses segment, conducted by the Ponemon Institute, sponsored by Keeper Security, revealed that small businesses increasingly face the same cyber-security risks as larger companies, but only 28 percent rate their ability to mitigate threats, vulnerabilities and attacks as “highly effective.”

The number of attacks, including phishing, advanced malware, zero-day and ransomware attacks is rising -- with 67 percent experiencing a cyber attack and 58 percent experiencing a data breach in the last 12 months. Yet nearly half of respondents (47 percent) say they have no understanding of how to protect their companies against cyber attacks.  

Weak passwords can wreak havoc on small businesses

As SMBs become more vulnerable, the risk of employees and contractors causing a data breach or ransomware attack is simultaneously increasing -- 60 percent of those surveyed cited a negligent employee or contractor as being the root cause for a breach, compared to 37 percent pointing to an external hacker. Still, 32 percent of respondents assert that their companies could not determine the root cause of a data breach they have experienced in the past 12 months.

Forty percent of respondents say their companies experienced an attack involving the compromise of employees’ passwords in the past year, with the average cost of each attack being $383,365. Accordingly, 19 percent more IT and security professionals consider password protection and management to be increasingly critical this year compared to last.

Cyber attacks and data breaches target SMBs

“More SMBs are experiencing highly sophisticated and targeted cyber attacks. There is a failure to use strong passwords, two-factor authentication and unique passwords for every website, application and system. This is exposing SMBs to cyber criminals,” said Darren Guccione, CEO and Co-founder of Keeper Security. “The results of the 2018 State of Cybersecurity in Small and Medium Size Businesses study underscore the critical importance of implementing a secure password management solution to protect not only SMBs’ sensitive digital assets, but also their reputation and the longevity of their business operation.”

Additional highlights of the study include:

• Respondents indicated their two biggest password-related pain points are having to deal with passwords being stolen or compromised (68 percent) and employees using weak passwords (67 percent).
• Human memory and spreadsheets are used to protect passwords. Only 22 percent of respondents say their companies require employees to use a password manager. Of the 74 percent of respondents who say password managers are not required, more than half say their companies rely upon human memory and spreadsheets to protect passwords.
• SMBs continue to struggle with insufficient personnel and budget. Seventy four percent of respondents note they do not have the appropriate personnel and budget (55 percent) to effectively mitigate cyber risks.
• The respondents who believe they are “highly effective” at mitigating risks, vulnerabilities and attacks have higher budget and more in-house expertise. These companies also dedicate a higher percentage of their IT budget to cybersecurity.

         “As the threat landscape evolves, cyber criminals are leaving no stone unturned -- and companies -- no matter how big or small -- are only as strong as their weakest link,” said Dr. Larry Ponemon, chairman and founder, The Ponemon Institute. “The findings of the 2018 State of Cybersecurity in Small and Medium Size Businesses study show far too many SMBs rely upon human memory, spreadsheets and even sticky notes to protect their passwords -- thereby weakening a critical link in the IT security chain.”

Best Regards ,

Web Admin

LATVIK SECURE

LATVIK TECHNOLOGIES ™

www.latvikhost.com | https://latviksecure.blogspot.com

Former Anonymous Hacker Raises $2.5m for Startup

After being convicted of hacking-related crimes related to the Guy Fawkes Night campaign in 2012, Adam Bennett, a former Anonymous hacker, received a two-year suspended prison sentence and 200 hours of community service, according to the Australian Financial Review. Fast-forward to 2018, and Bennett has successfully raised $2.5 million dollars from investors for his cyber startup, Red Piranha.

“I’ve always been a privacy advocate and passionate about keeping Australian businesses secure,” Bennett said in an email interview. “I wanted to build a company that helped those struggling to afford the right cybersecurity controls or didn’t have the knowledge or resources to implement them.”

According to Bennett, small and midsized business (SMBs) are largely overlooked when it comes to the development of cybersecurity products, particularly with regard to affordability and ease of use. Red Piranha was founded with the goal of giving SMBs a slight advantage in fighting off cyber-criminals in mind.

“After the conviction, I was approached directly by a number of people asking for help. It was clear that the SMBs that I was speaking to needed something affordable. That’s what led me to found Red Piranha and develop Crystal Eye, our main cybersecurity product and the first Australian-made unified threat management (UTM) platform designed specifically for SMBs,” said Bennett.

The company was born out of the frustration that SMBs are left open to attack because they lack the money and resources to protect themselves. Since Bennett founded the company, it has grown from a startup of just two people to a company with over 55 employees in just a few years.

“Investors and all our new clients are eager to work with us. Given that we’re the only company in Australia doing what we do, we don’t expect to be slowing down anytime soon,” he said.

Working to cement its position in Australia's cybersecurity landscape, the company has also found ways to help increase Australia’s national intelligence ecosystem. To that end, the company is working in partnership with organizations set up by a federal government initiative, such as AustCyber, the growth center for Australia’s 

Why We Cannot be Trusted to Make Our Own Passwords

Let’s start this article off with a prediction. I’m going to predict that the last password you used had the number 1 in it? No, what about the number 2? If you answered yes then you're in the ~30% of people that use a tailing 1 or 2 in their passwords. What about letters, does your password include the letter e, the letter t? If it does then you’re also in the high percentage of people where e’s and t’s are their most used letters.

People are predictable. We follow patterns, schedules and do what we know and are comfortable with. There is already some great research out there on why we do the things we do. Whether it’s movement dynamics in crowds or looking at how we create traffic jams without a bottleneck. The real question, for us, comes down to how we can use these principles in computer security.

Passwords are one of the most intrinsic parts of our online lives. Some great teams, from Troy Hunt with Have I Been Pwned to the people at WPengine and their research on ten million passwords, have been doing great work in both correlating and analyzing the passwords we use day to day.  

Let’s take a step back and look back at our earlier prediction. Benford's law is a principle which defines that lower digits are more likely to be used over larger ones. From bus numbers to Twitter followers, we can see Benford's law put into practice in our day to day lives.

We can also see this in password security. In a study by WPengine of ten million passwords they concluded that the top three trailing numbers for passwords came down to 1 (23.84%), 2 (6.27%) and 3 (3.86%). This matches quite closely to the premise behind Benford's law.

Next we have letters. In a similar way to how Benford's law predicts the occurrence of numbers, frequency analysis can be used to predict the occurrence of letters. If we perform frequency analysis on the English language we can see that the most common letters are: e, t, and a.

Looking back at the WPengine research, and their ten most common password list, we can see that the letter e alone shows up in 60% of the passwords.

There is a great quote from Steve Davidson in his book The Crystal Ball that states: "Forecasting future events is often like searching for a black cat in an unlit room, that may not even be there."  This is the same for predicting passwords. All in all there are around: three quadrillion, twenty five trillion, nine hundred and eighty nine billion, sixty nine million, one hundred and forty three thousand and forty possible password permutations for an eight character password. That being the case, we’re probably not going to be guessing anyone’s full password any time soon.

We’re not going to give up there however. Even though it’s unlikely that someone's going to guess a password right off the bat there are still a plethora of ways that passwords can get compromised. This includes social engineering and OSInt to data breaches and password complexity.

The tried and tested advice still stands: create strong or random passwords, use a password manager (if that’s what works for you) and don’t make predictable passwords.

Phishing in the Deep End: The Growing Threat of Attacks Beyond Email

Phishing has long posed a threat to businesses thanks to attackers who convince users to open harmful email attachments and executable links. As a result, companies have strengthened malware blocking protections and added secure email gateways, while training employees to be more alert about phishing emails. But the landscape is changing yet again. 

In turn, hackers have increased their levels of sophistication through attacks that no longer rely on suspicious emails or attachment files at all, but instead are penetrating corporate networks via phony websites, fake ads, rogue apps, or realistic browser pop-ups, extensions and plug-ins.

Users who mistakenly click on these new delivery formats may be opening their companies up to costly data breaches or extortion attempts through backdoor ransomware payloads.

Recent findings from Ponemon Institute show that 77% of current attacks which compromise organizations are launched via file-less techniques designed to evade detection and bypass standard endpoint solutions. Cyber-criminals are turning more and more to such methods which exploit the human attack surface, taking advantage of the blind spots of current security solutions that evade existing safeguards. 

This problem is also exacerbated from the increased use of personal cellphones, laptops and tablets which employees adopt for work-related tasks. When employees access the internet for personal reasons on such dual-use devices, they may expose their corporate networks to phishing attacks which can lead to disastrous outcomes for their companies.

This new generation of threats doesn’t target the device, the software or the network, instead the primary target has now become the unsuspecting person using these systems, and the delivery method is no longer a malicious PDF, word doc, or zip file.

For example, one alarming new trend involves the injection of obfuscated malicious JavaScript code into compromised websites that redirect users to Tech Support Scams. The nefarious methods used to compromise these sites make it difficult for experts to identify the JavaScript injection hack because its tracks are buried within several layers of code. 

In examining the source code on such compromised websites, researchers found a suspicious encrypted script that uses numbers to hide the suspicious content within the eval() function. In that eval(), it deploys the JavaScript from CharCode() method to convert all the numbers into  characters which get embedded into the website. By decoding the numbers back into characters, the researchers were able to retrieve the hidden content beneath these numbers, which contained a hidden link to another site. When that URL was opened, it redirected users to a scam page. 

This scam page played a very loud audio warning based on text-to-speech, saying that your computer has been infected with a virus, so the user is urged to call Tech Support immediately to remove the virus. This scary notice was amplified by an additional message which warns users not to turn off their computers because doing so will cause sensitive financial data and credentials to be stolen:

This is an unfortunate example of where current security shortcomings fail to recognize a new type of threat. Firewalls are only effective when there is a known malicious URL to block, but the hackers have become skillful at quickly propping up new unidentified web pages and then taking them back down within hours to avoid detection.

Because these risky sites are so short-lived, there is no way for security indexing bots to track all of them. Since databases and threat feeds can’t keep pace either, standard firewalls are unable to block the risky sites.

Likewise, anti-virus and malware protections only help when there is a file to examine, it has become more critical to detect and block phishing attacks before any malicious files can penetrate the user environment.

Security professionals have begun to recognize this risk, but their organizations lack any defenses to effectively guard against phishing attacks beyond email, so they remain increasingly vulnerable to this new wave of socially engineered attacks.

There is only one solution to this growing problem – detecting and blocking phishing attacks before the user can reach the page behind the link and start the kill chain from which bad things happen.

Security professionals and IT practitioners need to start thinking differently about how the social engineered threat landscape is changing and what they need to do to address this growing threat. The solution for more powerful, real-time phishing threat detection lies at the intersection of computer vision, optical character recognition, natural language processing, and state-of-the-art machine learning to achieve truly adaptive threat detection capabilities to catch these sneaky new script and HTML-based attacks.