Posts

ddos attack net of thieves over a computer desk

DDoS Top 6: Why Hackers Attack

Lately, it seems like the companies that haven’t had their web and cyber security compromised are in the minority.

Many are hit hard by web vulnerability attacks. Specifically we see an increase in DDoS (Distributed Denial of Service) attacks. With DDoS, the attacker’s main goal is to make your website inaccessible using botnets. Botnets are basically an army of connected devices that are infected with malware. Your website’s server becomes overloaded and exhausted of its available bandwidth because of this army. Much of the time, the attack doesn’t usually even breach your data or go over any security parameters.

So if it’s not to breach your data, why would someone go through the effort to shut down your website? There are a multitude of reasons, but today we’ll look at the top 6 reasons for a Distributed Denial of Service Attack.

1. Some (not-so) friendly competition

As more and more enterprises are taking their storefronts to the cyber world – there is also competition within the cyber world.

In fact, in a recent survey nearly half the responding businesses said that they believed that their competitors were launching DDoS attacks in order to disrupt services. After all, if your competition’s website is down, all the traffic will come to your website instead. Additionally, your competition’s brand image is tarnished, giving positive associations to your company instead.

Even if an entrepreneur may not be skilled in hacking, DDoS attacks are now available for hire, and attacks can be executed for a fairly low price on the dark market.

2. DDoS for Hacktivism

As we’ve noted, DDoS attacks aren’t necessarily about taking data. It can be used to strongly voice an opinion – any opinion. Voicing your opinion on the Web can have a bigger and faster effect than if you were to attend an in-person rally or strike. DDoS is often used to show support or opposition regarding a certain topic. It could be political (see below), but also for/against businesses or banks, ethical concerns, or even an online game.

3. All about politics

A subset of reason #2, DDoS attacks can also happen between countries or governments. The Web is the newest battlefield. DDoS attack victims can be government websites. While the sites could have been attacked by apolitical hackers, many do believe that governments or political parties often attack each other using the DDoS method.

As most governments rely on the Web to communicate and run their country, this has proven to be an effective method to show political opposition.

4. Seeking their revenge

An extremely common reason for DDoS attacks, this situation could apply to businesses, individuals, as well as governments. Not necessarily to give an opinion, attacks are used to seek revenge on your enemy. There’s no need to get your hands dirty at all.

For example, there have been increasing instances of previous employees hiring DDoS attacks on the dark market to seek revenge on their former employers. We’ve previously written on internal data breaches by present or past employees, but this is yet another form of when one person holds a grudge and it affects an entire company.

5. A precursor for something bigger

On New Year’s Eve of 2015, BBC was reportedly attacked with a DDoS attack measuring over 600 Gbps, beating out the previously set record of 334 Gbps. The attackers who claimed responsibility, New World Hacking, said that it was simply “testing.” More recently, the hacking group PoodleCorp took responsibility for shutting down the trending Pokemon Go game using the DDoS attack and they claimed that they were also testing for something on a larger scale.

A hacker may be preparing for something new like the above two cases, or they may be using the attack as a distraction for a larger attack, hoping that they won’t be found out. This is one case where the attack may be used indirectly for a security breach.

6.Some plain ol’ fun?

And lastly, sometimes there’s really no rhyme or reason to why DoS or DDoS attacks happen.

There’s a misconception that there is a specific reason behind all attacks. However, this is simply not the case. Many hackers get an adrenaline rush from hacking into a system or a website, no matter how big or how small it may be.


Therefore, there’s the responsibility as the individual user or as the CIO/CTO of a company to ensure that security measures are being taken. One needs to prepare for an attack because no one is ever exempt from the chances of an attack.

So what are these security measures I speak of? In my opinion, the most essential step you can take is to protect yourself with a WAF (Web Application Firewall). By using WAF services like Cloudbric or a WAF like WAPPLES, you can make sure your website is continuously protected.

For more information on Cloudbric (full service website security provided for free if your website’s bandwidth is under 4GB/month), check out their website and find out more about WAPPLES, the WAF they use for their service.

ddos attack net of thieves over a computer desk

XSS: The Con-Artist

“XSS” is an acronym you hear often in the field of information security. It’s a relatively common attack for both the client and the server. Acronyms can make you think that it’s a bit more hi-tech and complicated than it really is. But at the root of it, XSS is basically a con-artist, waiting for his next ploy.

What is XSS?

Short for Cross Site Scripting, this web vulnerability is a type of injection where the attacker inserts script (oftentimes JavaScript) into a page. The script is not sanitized and allowed to remain in the browser – meaning the script can execute as if the administrator had written it.

There could be a variety of consequences: It could alter the display, modify the browser, or even steal your session cookie and sign in as an administrator, which could give complete control over to a hacker.

But I use the word “could” because there’s a lot of variety and uncertainty when it comes to the XSS vulnerability: what the consequences can be, when they can happen, and to what extent they reach. So let’s make it a bit easier to process.

Think of the XSS vulnerability as a con artist’s latest trick. You never go out looking for a con-artist, but some way or another, they get you right where they want you.

Non-Persistent XSS: the Pickpocket Scam

Pickpocketing is the oldest trick in the book, proven to work time and time again. It’s become a common and simple way for attackers to get their target. The pickpocket may approach you as the “nice stranger” who’s asking for directions on the street. But their hand reaches to take your wallet from your pocket while you’re explaining directions. Though the pickpocket targeted you, when the ordeal is done and your money is gone, it’s as if it never happened.

non-persistent xss chart

It’s the same with Non-Persistent XSS, the most common type of XSS. An attacker will inject script that’s targeted and contains malicious script. You click it, and fall for the trap. But just like with a pickpocket, when the code is injected and you have been fooled, none of what happened goes to the server. The website will simply execute the script and reflect it back to your browser, and the cookies will go to the attacker. Immediacy and the lack of detectability are the highlights of these non-persistent XSS attacks.

Persistent XSS: The ATM Skimmer

On the other side, Persistent XSS is much less common. While it has the potential of causing more significant damage, it can also be found out and remedied quicker. Think of an ATM skimmer. A skimmer is an electronic device that is placed within or outside an ATM. It takes the information that a customer may put into the ATM. The difference? While the skimmer may look the same as the ATM that the customer uses on a daily basis, it is copying all information and relaying it to the con-artist. It’s non-targeted, so everyone who uses the ATM will be affected without discrimination.

Like the ATM skimmer, the website may look the same as it usually does after the malicious script has been injected. It is saved by the server and then displayed on normal pages. All users who are browsing the website will be subject to the XSS. It will be affected over and over again.  In fact, this is why this type of XSS vulnerability is much more dangerous. Damage can be done to a wider breadth of users without anyone knowing that there is anything amiss.
PERSISTENT xss

Fortunately, because this type of XSS takes place on a server – if someone is able to spot the unwelcome script, it can be remedied. In the case of the skimmer, perhaps the ATM maintenance crew notices that there is a bar code missing, or a warranty seal that’s in the wrong place. They can take quick and urgent steps to make sure that the skimmer is removed.

XSS Exploits in Real Life

XSS-affected websites can suffer from a variety of issues. Unfortunately, websites with a large number of active users are often affected through both persistent and non-persistent XSS. Recently, a Persistent XSS vulnerability was found on PayPal’s website. This would have allowed for hackers to inject code resulting in a malicious payload, potentially opening up attacks for its 150 million customers. Thankfully, the company was notified of the vulnerability before any negative impact. But of course, there are companies that aren’t so lucky.

Hackers will always find popular websites, big or small, to execute their attacks, so what can you do to protect your website?

  • Source Code Analysis: Source code analysis tools are used to find security flaws by going through source code line by line. Ideally, this tool will be used before the website goes live. This way, problems can be re-mediated before any issues arise.
  • Vulnerability Scanners: There are security scanners that will identify vulnerabilities like XSS. Although they’re not perfect (because they’re not optimized for your website or application specifically), they can allow you to find the most obvious vulnerabilities to clean up.
  • Web Application Firewall: Web Application Firewalls or WAFs follow rule-sets to detect or block anything suspicious. WAFs will normally prevent attacks such as XSS and SQLi as part of their rule-set. Make sure that your WAF is one that has low false positive rates. That’s it! You’re well on your way to having a safer, cleaner website.

Which method is the most effective? As I always say, there’s no perfect way to escape any form of web attack. But the best thing you can do is follow the points above like a process. Source code analysis tools will scan for flaws before anything goes live. Vulnerability scanners will then look for further issues as the website is up. A WAF will block the attempts that manage to slip through the cracks. Unfortunately, nothing is foolproof. But risk can always be reduced and controlled.

Boy Programming On Computer With Multiple Monitors And Laptop On Desk

What’s a Zero-Day Attack?

Zero-day attack, as cool as it may sound, is one of the most harmful web attacks because it is invisible. It consists of exploiting a vulnerability of a software that its developers aren’t aware of. It is extremely hard to prevent these attacks and by the time there is a fix, the damage has already been done. The term “zero-day” derives from the concept when a critical system, software or platform vulnerability is discovered and subsequently patched. Usually, the time it takes to correct this vulnerability leaves users open for attacks.

Zero-Day Attack Example

WordPress, the content management system that powers 25% of the whole internet, experienced a major software vulnerability on its version 4.2. The attacks allowed the hacker to obtain admin credentials of a website powered by WordPress. This was done by cross-site scripting (XSS), which consisted of sending code snippets of Javascript to manipulate data stored in the server. Ultimately, the hacker could change the administrator’s password, create new credentials and take over the website completely. After the issue was reported, WordPress recognized the weakness and announced a security patch but wasn’t specific on the patch release date. This left millions of users wondering when a security solution would be implemented. Ever since the attack, WordPress has been fixing their vulnerabilities to assure safety to their users and avoid another major attack.

How to Deal with Zero-Day Attacks

Zero-day attacks can strike at any given time because we don’t know when commonly used programs or software experience security exploitations. This is why users, especially small and medium business owner must be proactive about web security. Cloudbric recommends users to have special safeguards in place in case a zero-day attack can strike. Here are three measures you could use while waiting for a security patch:

data protection depicted with lock

1. Inform Yourself

The first step in dealing with a security problem is to be aware of it. Be mindful of what exact software or programs experienced a security exploitation. For example, a great resource to check for security vulnerabilities in commonly used programs or software is the Exploit Database website. This website also provides information on when a security vulnerability may get patched.

2. Web Application Firewall (WAF)

Since users don’t know when zero-day attack may strike and, more importantly, when software might get patched, it is extremely important to have a great insurance plan. This is where a WAF can really help keep your website safe. Choosing the right WAF for your business will be critical. Cloudbric recommends using a WAF that not only detects web attacks at a high accuracy rate but does not incorrectly block innocent users.

3. Antivirus Software

Some antivirus software are very intelligent blocking malicious attacks to your internal network. These days, antivirus software uses heuristic analysis to determine not only if a file is dangerous but reviews its execution and behavior. In case any malicious files make their way into your network and system, you can rest easy knowing that you have proper antivirus protection.

Ultimately, zero-day attacks can be only fixed by the companies who made the software. In the meanwhile, implementing these measures listed above will help minimize any potential damage that can arise. To learn more about web security trends and issues, keep up with Cloudbric blog today!


This blog post was originally featured on cloudbric.com. Visit their blog for more insight, news, and accessible information on web threats and trends. If you would like to learn more about Cloudbric’s logic-based WAF service, please contact info@cloudbric.com.

credit-card-1591492_640

Cyber Attacks on Banks: How Vulnerable is Your Money?

When it comes to online banking, there’s no room for tolerating sloppy data security. You might not lose any sleep if your (hopefully unique) Adobe password is leaked and you may only experience a few minutes of rage if your Dota 2 game is DDoSed. But if your bank goes offline, you had better hope it’s only for a few minutes. Also that your money is safe. Today let’s look at some cyber attacks and what these types of attacks can mean for your savings.

3 Cyber Attacks with Devastating Consequences

Whether we’re talking about large banks or scrappy new fintechs, any financial companies that do business online are vulnerable to security risks, just like anyone else. Here are three major incidents where online banks had their security compromised.

1. American Banks Targeted With Extended DDoS Campaign

Starting in early 2012, a wave of malicious cyber attacks swept over several American banks, targeting banking web applications one at a time. The attacks affected Bank of America, Citigroup, Wells Fargo, Capital One, and HSBC, among others. Rather than targeting customer data or stealing money, the hackers used DDoS attacks to overwhelm online banking websites. This prevented actual customers from accessing bank services.

A group called Izz ad-Din al-Qassam Cyber Fighters took credit for the attacks. Dubbed Operation Ababil, they claimed retribution for an anti-Islam video. But due to the sophistication of the attacks, the US government suspects the group is just a front for the Iranian government, seeking their own retribution for American cyberwarfare attacks.

The campaign was one of the largest cyber attacks in history (a record since surpassed many times). Cyber attacks were carried out in three phases, the final launching in March 2013. More than just a nuisance, a successful DDoS attack costs banks an estimated $100,000 per hour. Worse, any server, web application, device, or IoT device compromised by a botnet can be used in such a DDoS attack.

cyber attack on individual code injection

2. South Korea’s Banking Industry Hit By Massive Coordinated Attack

On March 20, 2013, South Korean citizens were rattled by a far-reaching cyber blackout. This attack froze computer terminals and paralyzed ATMs and mobile payments. At two banks, Windows and Linux computer systems were affected and entire hard drives were wiped. Others such as Woori Bank reported intrusion attempts. They claimed to have fended off the hackers. The attackers also managed to disrupt broadcasts of three major TV stations.

The South Korean government accused North Korean operatives of orchestrating this cyberwarfare campaign from China, where the attacker IP was traced. It is possible either a North Korean cyberwarfare unit was active in China. Another possibility is a China-based mercenary botnet that had already compromised South Korean targets.

This attack was carried out by a relatively unsophisticated malware program known as “DarkSeoul,” and could have been prevented had adequate cyber security measures been put in place. Despite the disruption to services and deletion of data, it is clear the attack was mainly intended to disrupt business and cause chaos. The total cost of the carnage, both through denial of service and data loss,  was calculated at $725 million.

An old-time bank in the Wild West with a woman on horseback.

3. Russian Hackers Pull Off World’s Biggest Bank Heist

A cybercriminal gang has been attributed to a crime spree that launched a diverse repertory of well-planned attacks against as many as 100 banks across 30 countries. The group, dubbed Carbanak by Kaspersky Lab, is believed to consist of Russians, Ukrainians, and Chinese, with their targets being located primarily in Russia, followed by the US, Germany, China, and Ukraine. Their crime spree began in early 2014, peaking in June, and went unaddressed until February 2015.

The hackers used botnets to send out malware-infected e-mails to bank employees, a tactic called spearphishing, and were able to infiltrate many employee accounts. This allowed them to steal many different kinds of sensitive information, including customer data, secret keys used by ATMs to confirm PINs, bank video surveillance, and information on security systems and anti-fraud measures. They could also manipulate account balances and create fake accounts to move stolen money around. Each attack took around two to four months.

One bank was robbed of $7.3 million when the hackers reprogrammed its ATMs. Another bank’s online platform was accessed and the thieves made away with $10 million. Some of these attacks could have been prevented had employees only updated their Microsoft software. The thieves were able to make off with as much as $1 billion, and authorities have been unable to catch them.

So now what?

These three incidents show hackers with varying motivations and means, using differing techniques to achieve their own unique goals. Whether disrupting service or stealing money, or cybercrime or cyberwarfare, cyber threats cannot go unaddressed. And rather than going after only the biggest banks, hackers are increasingly targeting smaller fintech startups with fewer resources and less experience with cyber security. We must cooperate to secure the Internet from these actions, or we’ll pay the price in the end.


This blog post was originally featured on cloudbric.com. Visit their blog for more insight, news, and accessible information on web threats and trends. If you would like to learn more about Cloudbric’s logic-based WAF service, please contact info@cloudbric.com.

WAF Market Leader in APAC For Third Consecutive Year

Frost & Sullivan announces Penta Security as the leader among WAF Vendors

Penta Security Systems Inc., a leading Web application and database security vendor, was recently announced to be the market leader among Web Application Firewall (WAF) Vendors in the Asia-Pacific (APAC) region. Selected by Frost & Sullivan, a globally recognized market research and consulting firm in the Frost Industry Quotient (IQ): Asia-Pacific Web Application Firewall Vendors, 2015 report, Penta Security’s WAF solution, WAPPLES, held the largest market share in APAC.

Frost & Sullivan is an North America-based company with more than 50 years of global research and consulting expertise. Each year, they publish the Frost IQ report, which presents an objective assessment of the IT industry.

WAF Market Vendors

As mentioned before,  Penta Security was reported as having the highest market share percentage in APAC. This places them ahead of China-based information security vendor NSFOCUS and more well-known vendors such as Imperva and F5 Networks. The report highlighted a few of the key factors that contributed to the dominance of WAPPLES in the APAC WAF market. WAPPLES runs on the superior performance of Penta Security’s proprietary logic analysis based engine, which attributes to its position as the long-running market share leader in Korea.

Penta Security also maintains strong relationships with its partners. It reaches out through regular seminars, technical support, and continued efforts to satisfy the needs of its customers. The benefiting results provide a deep insight into market demands.

waf on virtual appliance with cd and box

Penta Security leveraged its experience from building an extensive network of partnerships domestically as a foundation for establishing its regional network of international partners. WAPPLES offers deployment through a dynamic array of high-performance WAPPLES appliances or the WAPPLES V-Series, a virtual version of WAPPLES for the cloud. The intuitive WAPPLES Management System simplifies WAF management and provides robust web protection. In addition, customers are able to have a better grasp of the cyber security threat landscape with access to both the WAPPLES Management Portal as well the web attack trend reports published every year in Korean, Japanese, and English. It is these sorts of commitments that put Penta Security at the top of Frost & Sullivan’s list.

10 Years

Penta Security’s CTO, Duk Soo Kim says,

“It’s been 10 years since we first launched WAPPLES. To hear news that it’s leading the WAF market in the APAC region holds deep meanings for me. It makes me proud of our staff that their hard work over for the past 10 years. It shows that it was not in vain.” He continues, “We reached the top domestically and now in APAC. But it’s not the end. We will continue to pour all our efforts into developing great products and become a top global leader.”

More information on Penta Security can be found at www.pentasecurity.com. For more information regarding specific products or opportunities, contact global@pentasecurity.com

aboutWAF_02

WAPPLES, Penta Security’s WAF marks 10th anniversary

Data encryption and web security provider Penta Security Systems Inc. marked the 10th anniversary of its WAF product WAPPLES on April 25, 2015.

201504_01

WAPPLES has been released with the catch-phrase of “intelligent web security gateway product,” and it has protected the web at application level by detecting web attacks with an intelligent detection engine called COCEP.

When this web application firewall was first released, there was a growing demand for web security due to the rapidly increased number of hacking incidents. WAPPLES met the demand and grew quickly by providing intelligent analysis of traffics, detecting and blocking web attacks.

Background of WAPPLES

More than 2,500 WAPPLES have been sold, as of January 2015, protecting over 170,000 websites around the world. According to the cumulative statistics provided by Korea Public Procurement Service, it was ranked number one among WAF products, with 68% market share, based on the amount of orders received from 2011 to 2014.

Penta Security has begun to export WAPPLES in 2006 to countries such as Japan, Southeast Asia, and Australia. It also received Frost & Sullivan’s WAF of the Year Award for the two consecutive years.

Penta Security CTO Duk Soo Kim explained, “For the past 10 years, WAPPLES has led the web security market. It placed WAF as a basic necessity for general ICT industry. Our goal for the next 10 years is to popularize WAF so that those who are not very familiar with web security can use WAFas well.” He continued, “As part of an effort, we have launched Cloudbric, which is a cloud-based WAF service targeting the global market. Also we have established a research center for IoT technology. We will constantly make an effort to achieve our goal.”


About Penta Security:

Penta Security Systems Inc. (CEO/Founder Seokwoo Lee) is a leading provider in data and cyber security solutions and services. With over 19 years of IT security expertise, Penta Security is recognized by Frost & Sullivan as the top Web Application Firewall vendor in the APAC region based on market share. For more information on Penta Security Web security services, please visit www.pentasecurity.com/. For potential partnership inquiries, please send an email to info@pentasecurity.com