error

Reflection Attacks and Amplification Attacks

error

Here are two types of attacks that are intended to monopolize your system’s resources.

Reflection Attacks

Reflection attacks are attacks that use the same protocol in both directions. The attacker spoofs the victim’s IP address and sends a request for information via UDP to servers known to respond to that type of request. The server answers the request and sends the response to the victim’s IP address. From the servers’ perspective, it was the victim who sent the original request. All the data from those servers piles up, congesting the target’s Internet connectivity. With the maximized bandwidth, normal traffic cannot be serviced and clients cannot connect. Any server open to the Internet and running UDP-based services can be used as a reflector.

Amplification Attacks

Amplification attacks generate a high volume of packets to flood the target website without alerting the intermediary, by returning a large reply to a small request. The basic defense against these attacks is blocking spoofed-source packets.

amplification attacks

Amplification attacks increase the amount of data passing around.

DNS amplification attacks for example use DNS requests with a spoofed source address as the target.

As you can see, an attacker uses a modest number of machines with little bandwidth to send fairly substantial attacks. This is done by spoofing the source IP of the DNS request such that the response is not sent back to the computer that issued the request, but instead to the victim. Using very simple tools the attacker can send many thousands of spoofed requests to open revolvers, and the responses — which are much lager than the request — amplify the amount of bandwidth sent to the victim.

e-commerce-402822_1280 (1)

Holiday Cyber Security Tips – Santa, Sales… but what about Security?

From Black Friday to New Year’s Eve…

It’s that time of year again. Halloween is over and after the candy wrappers have been hidden and the costumes have gone on clearance, storefronts get ready for the holiday season. Starting with Thanksgiving and Black Friday, all the way to Christmas and New Year’s Eve, it’s a prime time to get your shopping done. In fact, statistics say that 19.2% of annual sales come from the holiday season. However, have you ever thought, “Wow, I’d really appreciate some holiday cyber security tips right about now!”…? Well, if you haven’t – you really should be.

e-commerce-402822_1280 (1)

It’s now easier than ever – shopping can be done at the click of a mouse or a touch of the finger on an iPhone. Nearly half of all shopping during the holiday season is done online – so you might not even have to face the horrid crowds of Black Friday. However, while you’re giddy about the possible steals, hackers might be celebrating for a completely different reason.

S is for Santa, Sale, and Security

40% of annual online fraud happens during the last three months of the year, according to Rurik Bradbury, a marketing executive at e-commerce security company Trustev. It’s an easy time to take advantage of customers who are eager to grab deals and get their Christmas shopping out of the way. Sales and Santa seem much more enticing than Security, and even the most security-conscious of people are duped into being carefree with their personal information.

However, we care about your security, so here are 5 tips to remember using SANTA during your shopping trips.

S – SSL?

To shop online, one must go to a website or a web application, so when connecting, make sure that you’re connecting to a site using SSL. SSL stands for Secure Sockets Layer, and it works by creating a secure connection through encryption.

How do you know the site you’re visiting uses SSL? Two steps: first, make sure that the url uses HTTPS and not HTTP (check in your browser bar), and second, see if your browser bar has a lock by the URL.

A – Ask the owner

Whether you’re shopping online or heading to some offline stores this holiday season, never hesitate to ask the owner or the site administrator about their security practices. Vendors are required to be PCI compliant if they’re handling payment of any kind – so make sure they can prove that to you as their valued customer.

N – No Wi-Fi

It might be tempting not to use any of your sacred cellular data when browsing through the store catalogs. However, make sure that you’re being careful with what network you are connecting to. Wi-Fi networks aren’t always secure and hackers can easily access personal or financial information on a public network.

T – Try Credit

While debit might seem like the safe idea to be financially savvy, to be security-savvy it’s a different issue. Credit cards are safer options because you don’t have to pay your bill immediately. This lets you as the buyer review what you’ve purchased. And fortunately many banks have fraud insurance so you’re not charged for some hacker’s wrongdoing.

A – Aim for what you know

Unfortunately, you could follow all these steps and still be vulnerable to attack. However, applying these steps and sticking to what you know can reduce your risks significantly. The holiday season isn’t the time to go to a website you’ve never visited before. It’s definitely not the right time to try a brand new payment method.

holiday cyber security deal for cyber monday by cloudbric gold signTake Charge of Your Holiday Cyber Security

It’s too bad that hackers take one of the happiest times of the year to try to wreak havoc on others’ finances and data. However, it’s best to be cautious so that your merriment won’t be disturbed.

To help your holiday season stay merry, here’s a bonus tip for you online site owners. Get a website protection service. And the great thing about the holiday season is that security companies are the most aware. They know the vulnerabilities of sites and the mischievous nature of hackers during the season.

Services like Cloudbric are offering one month of free service for its users. However, remember that it’s up to 100GB of traffic if you sign up on Cyber Monday. So take a cue and mark it on your calendar so you can spend your holidays worry free!

Happy (early) holidays!

botnet

Attack Agents and Bots

zombie computers are also botnetsOne of the critical parts of a successful DDoS attack relies on bots or a botnet. Botnets are groups of zombie computers under the remote control of an attacker via a command and control server (C&C Server). These zombie computers are highly useful as they are used to carry out commands on a whim and can be used as the front line offense to stall any web server that an attacker wants. Here is a good list of uses of botnets, other than carrying out DDoS attacks:

  • Spamming
  • Sniffing traffic
  • Keylogging
  • Spreading malware
  • Installing ads

How Does a Botnet Work?

I know you’re probably asking yourself, “how does a botnet actually work?” Well, we’re here to tell you.

1. First, a hacker sends out viruses, worms or malware to infect ordinary users’ computers, whose payload is a malicious application. This can help remotely control a computer and allow the attacker to communicate with the infected system.
2. Next, the bot on the infected PC logs into a particular C&C server. The C&C server acts as a command center for the main attacker to launch commands to the botnet.
3. Third, a spammer purchases the services of the botnet from the hacker. This actually happens fairly frequently, which contributes to the spreading or strengthening of the botnet.
4. Lastly, the spammer provides the spam messages to the hacker, who instructs the compromised machines via the control panel on the web server, causing them to send out spam messages.

Botnets frequently use DNS to rally infected hosts, launch attacks, and update their call of duties. Essentially, we become zombie armies that are ready and willing to execute any command you give them. They become martyrs to a web server attack and are used specifically to shut down or freeze the target’s system. This can wreak havoc on any website — both large and small. It’s important to not fall victim to being a botnet without knowing. Also, it’s more important to not be attacked by these botnets. Stay safe and stay tuned for more updates from Cloudbric!

open-sign-1309682_1280 (1) (1) (1)

PCI DSS and the Road to Compliance

When you’re in the world of cyber security and researching new products, there’s no doubt that you’ll run into a plethora of acronyms. With the large amounts of advanced technology and the technical terms there are, it’s easier to shorten them to save some time and space. However, sometimes all the terminology begins to run together. PCI DSS is one of those acronyms that we hear often, but might gloss over.

But if you’re a website owner and especially if you handle payment, there are more than a few reasons why you should understand the nuances of PCI DSS and how it can be easier than you think to get on the road to compliance.

PCI DSS: What is it?

PCI DSS stands for Payment Card Industry Data Security Standard. In short, it’s a security standard for organizations that handle major credit cards (think Visa, Mastercard, American Express, etc.) to decrease credit card fraud. Before this overarching standard, each organization could have had policies and regulations of their own. However, PCI DSS combined the slight differences in each so that policy would be regulated and maintained.

if you use payment systems then you need to follow pci dss

PCI DSS is not only talked about within the realm of cyber security, but in pretty much any industry related to payment. If your organization deals with payment and henceforth credit card data, chances are you’re going to need to comply with PCI DSS. It sounds simple enough, but the controls for PCI DSS compliance cover 12 different requirements. These requirements include maintaining a firewall, encrypting data, restricting access, and so on. Therefore, it can be daunting for corporations or organizations to meet the standards.

However, PCI compliance is a necessary not-so-evil and following just a few tips can put you well-on-the-way to meeting many of the standards. Today, we’ll give you three.

Three Tips to Get You Started on PCI DSS Compliance

1. PCI DSS Compliant Host

A PCI Compliant Host can reduce your PCI obligations, but this is a feat easier said than done. There are many ways that a host can be compliant. They may meet just one or many requirements. You can check the state of a service by contacting them directly. Unfortunately, hosts don’t always put the details where they’re easy to find. However, don’t take their word for it: ask for proof of compliance. Self-assessment says nothing. However, if they’ve been assessed by QSA (Qualified Security Assessors), you’re on the right path.

The benefits to a dedicated web host is are many. While they might be a bit pricey to start out with, it can greatly reduce the security measures you must take and save you costs in the long run.

2. Don’t Retain Cardholder Data

Standards for PCI DSS differ for all vendors. For example, if you store cardholder data, your process becomes much more complex because now you’re holding sensitive information.

However, if you choose to go the other route and refrain from retaining cardholder data, it greatly simplifies security measures. Make sure that whatever payment method you’re using (payment processor, card reader, POS, etc.) doesn’t retain data. Additionally, check with payment vendors on their methods regularly, just in case anything has changed. Per a survey conducted by the Ponemon Institute, 85% of the companies that didn’t retain cardholder data didn’t suffer any data breaches over a two-year period as opposed to 40% who did retain data.

And if you must retain cardholder data? It is understandable as many people have recurring billing as an option for payment. However, in this case, try to make it a bit easier by asking your payment vendor if they have options for inputting, storing, and encrypting data on their systems, not yours.

3. Web Application Firewall

Not only is using a WAF a smart choice to protect your website from hackers, it’s also a great way to get started on the infamous PCI 6.6 Compliance. This standard covers how to protect online environments to keep data safe. To meet compliance one can get a WAF or get an application code review. An application code review is an expensive process. Now, by no means am I saying that owning a WAF will be cheap. However, the good news is that there are options out there. Some options are even free for up to a certain amount of traffic, and even provide SSL as an added service.

So now what?

Now, following these three tips won’t guarantee that you’ll meet all 12 different requirements. But if you’re striving for compliance within a complex standard like PCI DSS, the best things you can do are a) try to do it in a cost-effective way and b) minimize the number of requirements by using fewer solutions that still produce outstanding effects.

As they say, half of the battle is getting started, so get on that road today. It might prove easier than you originally thought.

Cloudbric as a one-stop wall of security

Why You Need a Firewall

Your Website is Published. Is it Good to Go?

 

According to the Netcraft January 2015 web server survey, there are over 876 million websites all around the world. Among them, however, 30,000 websites are hacked each day and the majority of these websites are legitimate small businesses that are irrelevant to cyber criminals. Why is this the case? Many of them missed the final touch. The website owners must have thought their websites were ready to go online. Yet, there was one thing they left out. The firewall.

You might be thinking ‘Among those 876 million websites, mine is just a small one. Why would mine be attacked when there are so many out there to be targeted?’ You’ll be surprised to see how many attacks every website receives, regardless of size. Here are the ACTUAL dashboards of Cloudbric customers who kindly agreed to share their traffic levels.

1. Personal Website

A number of cyber attacks personal website received

Cloudbric protected this user’s website by blocking 2,323 attack attempts originating from five hackers.

2. Small/Medium-Sized Business

A number of cyber attacks business website received

Cloudbric has stopped a high volume of dangerous activity, with two recent spikes.

If you look at the dashboard images above, both the personal website and business website had been attacked. Indeed, the personal website had alarmingly high number of attacks. Your website is not an exception. Building a website with no protection measure is like building a house without a door lock. Do you still think hackers would ignore your site because it’s too small to get their attention? Well, that’s a big no!

Here Are 2 Main Reasons Why Hackers Attack Your Website

 

1. Just for Fun or to Show Off

“Deface hacking” is one of the hacking methods that is increasing sharply. This hacking activity finds a target website’s vulnerabilities and inserts a new webpage or changes content. As a result, the website will not appear at all or it will contain irrelevant content or malicious code.

2. To Use Your Site for Further Attacks

The most famous hacking method is DDoS attack. With this method, a hacker can connect many innocent computers to form a botnet. Such zombie computers are controlled by a hacker. A botnet makes it harder to detect the real hacker and also makes it harder to block. Your website may not be ‘that’ important, but it can still be used for another crime.

 

All Websites Are Constantly Being Attacked, Regardless of Size

Before publishing your website, make sure that it is secured. Simply set up a guard in front of your website.Once you set up a firewall, all kinds of website attacks can be blocked. Then you can finally have peace of mind for your website.

Cloudbric as a one-stop wall of security

Cloudbric fends off the major types of attacks.

A DDoS hacker

Who’s Behind DDoS Attacks and How Can You Protect Your Website?

DDoS attacks are increasing in intensity, frequency, and sophistication. So who’s behind DDoS attacks and why do they execute these attacks? What can you do to stop them? Despite all this innovating and evolving, DDoS attacks are still a blunt weapon deployed for one single basic purpose: to make target websites unavailable to users. There is very little else accomplished by a DDoS attack; they won’t gain admin access to your site, and your data isn’t threatened (unless the DDoS is a smokescreen to distract from the real attack). This may be done to disrupt an online business’s finances, or interfere with free speech, or for petty revenge. Or, it can even be done out of boredom or to further a political agenda.

Defend Your Website Against DDoS

A DDoS hacker

A DDoS attack can be aggravating, but who’s behind it?

Anyone could carry out a DDoS attack, so long as they have access to a botnet of enslaved devices that can be coordinated to strike a target. Oh, you mean you don’t have one of those lying around? That’s okay, there are plenty of DDoS-for-hire services known as booters that will do your dirty work.

Last year, the infamous hacking collective Lizard Squad launched the Lizard Stresser, granting DDoS access to anyone willing to pay. And it’s pretty cheap. It starts at $6 per month goes to “lifetime” plans. Anyone can sign up and target any site. Of course, operating this software isn’t exactly legal. Users of Lizard Stresser tend to be young, with a third of investigated users aged under 20.

A lizard

Lizards and websites don’t mix.

Other Reasons for DDoS Activity

A large amount of DDoS activity happens within the gaming community. This is where competitiveness and emotions run high. Both players and platforms make a ripe target. Gaming sites are especially vulnerable, because all an attacker needs to do to make a game unplayable is to slow it down, rather than outright taking it offline. Players might seek vengeance on an opponent in a more meaningful way than teabagging. Or perhaps they just want the notoriety of launching a high-profile attack that everyone’s talking about.Gamers, Hacktivists, and Extortionists

Hacktivism is another common motivation behind DDoS attacks, in which case a DDoS user may simply want to attack an opposing viewpoint. This could be disapproval of an unpopular program, or it could be simply to take down a negative review posted on someone’s website. When the New York Magazine published its cover story on the Bill Cosby scandal, a conveniently timed DDoS attack lost them an estimated half a million page views. The attacker, rather than defending Cosby, took out the magazine website because he hated the city.

New York

Pictured: New York City, not New York Magazine.

A targeted company would receive a message demanding a ransom that must be paid. Otherwise, the website will be taken out by a massive DDoS attack. To show they mean business, the attackers will send out a warning shot DDoS attack of limited power and duration. Some companies pay the ransom to take care of the problem. Or they’ll buy time to upgrade security. However, most security specialists advise against paying off the attackers, as it will expose your site as an easy target and damage your reputation. But perhaps the most insidious use for DDoS tools is to hold websites for ransom. This trend started taking off in the second quarter of 2015, Even this year, financial institutions are increasingly being hit. Groups like DD4BC go after second- or third-tier financial websites, especially new fintech companies with a focus on banking and credit unions, currency exchange, and payment processing.

Cloudbric can help!

DDoS attacks can hit anyone, so it’s best to take measures to protect your website. A web application firewall such as Cloudbric blocks botnet traffic. It disarms attacks by filtering them on the server level, so they’re as harmless as waves washing up on the shore. If your website isn’t already secured against DDoS attack, it’s time to start now. The tide is coming in.