Posts

ddos attack net of thieves over a computer desk

DDoS Top 6: Why Hackers Attack

Lately, it seems like the companies that haven’t had their web and cyber security compromised are in the minority.

Many are hit hard by web vulnerability attacks. Specifically we see an increase in DDoS (Distributed Denial of Service) attacks. With DDoS, the attacker’s main goal is to make your website inaccessible using botnets. Botnets are basically an army of connected devices that are infected with malware. Your website’s server becomes overloaded and exhausted of its available bandwidth because of this army. Much of the time, the attack doesn’t usually even breach your data or go over any security parameters.

So if it’s not to breach your data, why would someone go through the effort to shut down your website? There are a multitude of reasons, but today we’ll look at the top 6 reasons for a Distributed Denial of Service Attack.

1. Some (not-so) friendly competition

As more and more enterprises are taking their storefronts to the cyber world – there is also competition within the cyber world.

In fact, in a recent survey nearly half the responding businesses said that they believed that their competitors were launching DDoS attacks in order to disrupt services. After all, if your competition’s website is down, all the traffic will come to your website instead. Additionally, your competition’s brand image is tarnished, giving positive associations to your company instead.

Even if an entrepreneur may not be skilled in hacking, DDoS attacks are now available for hire, and attacks can be executed for a fairly low price on the dark market.

2. DDoS for Hacktivism

As we’ve noted, DDoS attacks aren’t necessarily about taking data. It can be used to strongly voice an opinion – any opinion. Voicing your opinion on the Web can have a bigger and faster effect than if you were to attend an in-person rally or strike. DDoS is often used to show support or opposition regarding a certain topic. It could be political (see below), but also for/against businesses or banks, ethical concerns, or even an online game.

3. All about politics

A subset of reason #2, DDoS attacks can also happen between countries or governments. The Web is the newest battlefield. DDoS attack victims can be government websites. While the sites could have been attacked by apolitical hackers, many do believe that governments or political parties often attack each other using the DDoS method.

As most governments rely on the Web to communicate and run their country, this has proven to be an effective method to show political opposition.

4. Seeking their revenge

An extremely common reason for DDoS attacks, this situation could apply to businesses, individuals, as well as governments. Not necessarily to give an opinion, attacks are used to seek revenge on your enemy. There’s no need to get your hands dirty at all.

For example, there have been increasing instances of previous employees hiring DDoS attacks on the dark market to seek revenge on their former employers. We’ve previously written on internal data breaches by present or past employees, but this is yet another form of when one person holds a grudge and it affects an entire company.

5. A precursor for something bigger

On New Year’s Eve of 2015, BBC was reportedly attacked with a DDoS attack measuring over 600 Gbps, beating out the previously set record of 334 Gbps. The attackers who claimed responsibility, New World Hacking, said that it was simply “testing.” More recently, the hacking group PoodleCorp took responsibility for shutting down the trending Pokemon Go game using the DDoS attack and they claimed that they were also testing for something on a larger scale.

A hacker may be preparing for something new like the above two cases, or they may be using the attack as a distraction for a larger attack, hoping that they won’t be found out. This is one case where the attack may be used indirectly for a security breach.

6.Some plain ol’ fun?

And lastly, sometimes there’s really no rhyme or reason to why DoS or DDoS attacks happen.

There’s a misconception that there is a specific reason behind all attacks. However, this is simply not the case. Many hackers get an adrenaline rush from hacking into a system or a website, no matter how big or how small it may be.


Therefore, there’s the responsibility as the individual user or as the CIO/CTO of a company to ensure that security measures are being taken. One needs to prepare for an attack because no one is ever exempt from the chances of an attack.

So what are these security measures I speak of? In my opinion, the most essential step you can take is to protect yourself with a WAF (Web Application Firewall). By using WAF services like Cloudbric or a WAF like WAPPLES, you can make sure your website is continuously protected.

For more information on Cloudbric (full service website security provided for free if your website’s bandwidth is under 4GB/month), check out their website and find out more about WAPPLES, the WAF they use for their service.

credit-card-1591492_640

Cyber Attacks on Banks: How Vulnerable is Your Money?

When it comes to online banking, there’s no room for tolerating sloppy data security. You might not lose any sleep if your (hopefully unique) Adobe password is leaked and you may only experience a few minutes of rage if your Dota 2 game is DDoSed. But if your bank goes offline, you had better hope it’s only for a few minutes. Also that your money is safe. Today let’s look at some cyber attacks and what these types of attacks can mean for your savings.

3 Cyber Attacks with Devastating Consequences

Whether we’re talking about large banks or scrappy new fintechs, any financial companies that do business online are vulnerable to security risks, just like anyone else. Here are three major incidents where online banks had their security compromised.

1. American Banks Targeted With Extended DDoS Campaign

Starting in early 2012, a wave of malicious cyber attacks swept over several American banks, targeting banking web applications one at a time. The attacks affected Bank of America, Citigroup, Wells Fargo, Capital One, and HSBC, among others. Rather than targeting customer data or stealing money, the hackers used DDoS attacks to overwhelm online banking websites. This prevented actual customers from accessing bank services.

A group called Izz ad-Din al-Qassam Cyber Fighters took credit for the attacks. Dubbed Operation Ababil, they claimed retribution for an anti-Islam video. But due to the sophistication of the attacks, the US government suspects the group is just a front for the Iranian government, seeking their own retribution for American cyberwarfare attacks.

The campaign was one of the largest cyber attacks in history (a record since surpassed many times). Cyber attacks were carried out in three phases, the final launching in March 2013. More than just a nuisance, a successful DDoS attack costs banks an estimated $100,000 per hour. Worse, any server, web application, device, or IoT device compromised by a botnet can be used in such a DDoS attack.

cyber attack on individual code injection

2. South Korea’s Banking Industry Hit By Massive Coordinated Attack

On March 20, 2013, South Korean citizens were rattled by a far-reaching cyber blackout. This attack froze computer terminals and paralyzed ATMs and mobile payments. At two banks, Windows and Linux computer systems were affected and entire hard drives were wiped. Others such as Woori Bank reported intrusion attempts. They claimed to have fended off the hackers. The attackers also managed to disrupt broadcasts of three major TV stations.

The South Korean government accused North Korean operatives of orchestrating this cyberwarfare campaign from China, where the attacker IP was traced. It is possible either a North Korean cyberwarfare unit was active in China. Another possibility is a China-based mercenary botnet that had already compromised South Korean targets.

This attack was carried out by a relatively unsophisticated malware program known as “DarkSeoul,” and could have been prevented had adequate cyber security measures been put in place. Despite the disruption to services and deletion of data, it is clear the attack was mainly intended to disrupt business and cause chaos. The total cost of the carnage, both through denial of service and data loss,  was calculated at $725 million.

An old-time bank in the Wild West with a woman on horseback.

3. Russian Hackers Pull Off World’s Biggest Bank Heist

A cybercriminal gang has been attributed to a crime spree that launched a diverse repertory of well-planned attacks against as many as 100 banks across 30 countries. The group, dubbed Carbanak by Kaspersky Lab, is believed to consist of Russians, Ukrainians, and Chinese, with their targets being located primarily in Russia, followed by the US, Germany, China, and Ukraine. Their crime spree began in early 2014, peaking in June, and went unaddressed until February 2015.

The hackers used botnets to send out malware-infected e-mails to bank employees, a tactic called spearphishing, and were able to infiltrate many employee accounts. This allowed them to steal many different kinds of sensitive information, including customer data, secret keys used by ATMs to confirm PINs, bank video surveillance, and information on security systems and anti-fraud measures. They could also manipulate account balances and create fake accounts to move stolen money around. Each attack took around two to four months.

One bank was robbed of $7.3 million when the hackers reprogrammed its ATMs. Another bank’s online platform was accessed and the thieves made away with $10 million. Some of these attacks could have been prevented had employees only updated their Microsoft software. The thieves were able to make off with as much as $1 billion, and authorities have been unable to catch them.

So now what?

These three incidents show hackers with varying motivations and means, using differing techniques to achieve their own unique goals. Whether disrupting service or stealing money, or cybercrime or cyberwarfare, cyber threats cannot go unaddressed. And rather than going after only the biggest banks, hackers are increasingly targeting smaller fintech startups with fewer resources and less experience with cyber security. We must cooperate to secure the Internet from these actions, or we’ll pay the price in the end.


This blog post was originally featured on cloudbric.com. Visit their blog for more insight, news, and accessible information on web threats and trends. If you would like to learn more about Cloudbric’s logic-based WAF service, please contact info@cloudbric.com.

stairs-1229149_1920

Database Encryption: the new trend?

We’ve talked quite a bit about database encryption in this blog, and perhaps you have heard about it on the news or in the media as well. Every other day a company is hacked. Data is everywhere. Cyber security is an unavoidable topic as of late, especially here in Korea.

In Seoul, digitization is the norm, not the exception. Billboards are all in LED format. The majority of any commercial shopping can be done online. Having a mobile application for any activity is an obvious given. Considering how everyday life is inextricably linked to the digital world, it seems inevitable that laws comply with the changing trends.

For example, Korea’s Personal Information Privacy Act (PIPA), requires any commercial entity that deals with private user information to apply encryption to its databases. Otherwise they need to take other precautions to ensure user privacy. If they don’t comply with the act and private records become breached, those responsible could be sentenced for up to 2 years imprisonment and/or a $10,000 fine.

This kind of approach to privacy gives a good push to the information security market.

For the past few years, the database encryption market has seen increased potential due to the Information Communication Act, which is similar to the Privacy Act but much less strict. Moreover, government institutions have been major customers for encryption security in the past. This pressures other enterprises (like insurance companies or financial firms) to join in the fun. The potential for this market is $50 million – not a small amount.

Database Encryption for the “IT Crowd”

For example, since the privacy act became enforced, Korean IT-security firm Penta Security Systems has shown consistent and significant annual sales increases. In 2013, sales increased to 75% in terms of revenue, and 70% in terms of the number of customers. It was as if clients in the government sector had become “the IT crowd,” and other enterprises were lining up to follow the lead in database encryption.

There are countless benefits in utilizing a DB encryption solution, especially for government entities and enterprises. For example, the leading encryption solution in APAC, D’Amo offers access controls for encrypted data, so by distinguishing authorized vs. unauthorized users, the access can be under your control. The administrator can specify user login authority by the IP address, permitted time period, and application program. It also provides an auditing function for important data columns that tracks which users or computers have performed operations. Based on the provided data, it can apply security measures to prevent questionable access or privilege abuse.

Trends and policies come and go… Encryption is here to stay

Lately, the hot topic words are “cloud trends” or “database encryption trends.” While it’s a start that these topics are being mentioned – the word “trend” can be misleading. It signifies that there will be a point in time where it is no longer popular to be doing something.

However, database encryption is something that everyone should start to be concerned about. And we should continue to be concerned. While it’s easy to wait for policies to be made in order to adhere to a set standard, corporations and individuals alike do need to remember that at the end of the day, the responsibility of cybersecurity lies with you.

A recent report by Symantec found that up to 60% of cyber attacks target SMBs. In addition, Kaspersky Lab reported that on average, enterprises paid US $551,000 to recover from a security breach. That’s money that would send the budgets of many start-ups or SMBs in the red. Why wait for an attack when you could build a long-term defense?

When looking for an encryption solution, don’t think about it in the short term. Look at what solutions will give you long-term benefits. Countless new vulnerabilities may arise, but a company should be able to give you optimized solutions for what you need at any given time. It shouldn’t send you into a panic attack every time a new cyber threat makes its way into the digital world.

For more information on encryption solutions, head to the D’Amo Overview page, or contact us at info@pentasecurity.com

Threat Report 2015-2

Web Application Threat Trends: Penta Security Systems Releases Bi-Annual Report

Second half of 2015 sees sharp increases in hacking attempts targeting website vulnerabilities

Seoul, Korea: Penta Security Systems Inc. has released its bi-annual Web Application Threat Report. Data is collected from detection reports gathered and analyzed in the second half of 2015. It is compiled from approximately 1000 separate units of Penta Security’s Web Application Firewall (WAF), WAPPLES. The units are from customers who have consented to the threat report. Penta Security does not release any sensitive customer data. Through this report, customers are able to gain insight on the newest trends in web application threats, and gain assistance in planning accordingly for future attacks.

Web Application Threat Trends:

In the second half of 2015, the threat report found that a significant portion of the attacks were Vulnerability Assessment attacks (roughly 400 million detections). Many were labelled as “Critical” in terms of risk levels. Vulnerability Assessment refers to when attempts are made to determine the vulnerabilities of a web server.

For web attacks corresponding to OWASP (Open Web Application Security Project) Top 10 attacks, Injection was the most prevalent, at 31%. Injection, where malicious codes are inserted in order to attack applications, causes extensive damage despite the comparatively easy execution process. Second, a high detection was measured for Security Misconfiguration at 26%. Security Misconfiguration attacks are when security settings are re-defined and the system is compromised. This can give hackers access to private data.

The report additionally includes the “WAPPLES Black List Top 30,” a list of source IPs from various countries and networks that have been categorized as spam or hacking with high danger levels.

Penta Security’s Head of Planning, Duk Soo Kim, stated:

web application threat trends“When infiltrators to the system succeed in their target, there could be a multitude of issues as a result of attacks: information leakage, defacement, and even complete server malfunction. Our hope is that through our analytical reports, there can be a push for better access control in order to better prepare to face these types of trends head-on, especially for those responsible for server security.”

For the full copy of the web application threat trends report from the second half of 2015, please visit the Reports section of the Penta Security Systems website.


About Penta Security:

Penta Security Systems Inc. (CEO/Founder Seokwoo Lee) is a leading provider in data and cyber security solutions and services. With over 19 years of IT security expertise, Penta Security is recognized by Frost & Sullivan as the top Web Application Firewall vendor in the APAC region based on market share. For more information on Penta Security Web security services, please visit www.pentasecurity.com/en. For potential partnership inquiries, please send an email to info@pentasecurity.com

clouds

Cloud Trends…or Cloud Threats?

“Cloud” is a term that’s thrown around quite often in the IT world. But are we talking enough about cloud threats?

Even if you’re not familiar with technology, you probably own at least one device that’s essential to your every-day responsibilities. Your immediate thought? Probably your smart phone.

Mobile technology affects every corner of our lives. Before smart phones, cell phones were mainly for calling, texting, and maybe a few other novelties . But within the past few years, people are becoming accustomed to smart phone technology. In fact, most would agree that using your cell phone for just calling and texting could be “old-fashioned.”

What’s the reason behind this change? Advancements in hardware and communication technologies are givens, but development in cloud computing is also a major contributor. Cloud computing has allowed users to produce, store, share, and utilize content more conveniently. This in turn increased the value of technologies aiming to provide convenience because suddenly, data isn’t just sitting thereit’s portable. No need to carry around all of your devices to be productive in your workload.

But this is no win-win mentality. Because due to its rapid growth and development, the cloud is becoming a target for hackers, and many are concerned about the state of safety and security in the cloud.

Cloud Threats

The Cloud Security Alliance (CSA) is an organization that’s dedicated to raising awareness and spreading knowledge about cloud threats and security. Every year, CSA releases a “Top Threats” list of the cloud threats to be on the lookout for – here’s their full list for 2016, but for the purposes of this blog post, let’s take a look at two in particular: Data Loss and Abuse and Nefarious Use of Cloud Services.

cloud computing can be done from a phone but dark and dangerous sometimes

Data Loss

Many people who have multiple devices tend to store their data in the cloud, but it’s not always 100% safe. An accidental deletion, a physical catastrophe, a malicious attack… all of these could lead to the permanent loss of your data unless you as a consumer takes the measures to back the data up. When you’re signing up with a cloud data storage provider, make sure to read the fine print. Although your data could have been lost, depending on the provider, the responsibility might not be on the provider’s shoulders but on yours.

Reviewing the provisions and understanding the conditions is important for any contract. However, especially when sensitive information is at stake, this is not a step you want to skip. More and more consumers are putting risky information into cloud storage while assuring themselves that this is the safest way to go. Although this is partially true, this doesn’t mean that there is no action necessary.

Abuse and Nefarious Use of Cloud Services

While this sounds like a extravagant title, the summarized version: there will always be people who want to use your data for unethical purposes. Whether it’s through the guise of free cloud trials or maybe just a poorly designed cloud service, not all providers are created equal. Malicious hackers may try to use the cloud to launch DDoS attacks, spam and phishing scams, or defacement.

So be prudent when choosing a provider. They should include controls and monitoring so you can see how the cloud workload is doing. A cloud provider shouldn’t have anything to hide, and should be reputable.

So we’re doomed? 

Not at all. Cloud computing is a great development – we can access any kind of information from virtually anywhere in the world. It’s permeated different markets and services and has users ranging from people like you and me, to SMBs or startups, to large enterprises and government entities. It’s affordable, accessible, and maintenance is fairly easy.

But like any service (tangible or virtual), we need to make sure we know what we’re getting into, and take precautions for cloud threats as necessary. Just because you can’t see it, doesn’t mean someone isn’t after it.

For more information on products or services pertaining to web security, check out our products page or leave us a comment – we’d love to continue this conversation with you.

1

Attempts to Leak Information on the Rise, Threat Report for Second Half of 2013 Released

Web attack attempts to leak information have increased by 32 million compared to the same period last year

Data encryption and web security provider Penta Security Systems Inc. (CEO/Founder Seokwoo Lee, www.pentasecurity.com) released the “Web Application Threat Report, Trend for the Second Half of 2013.” One of the most significant findings was the rise in Sensitive Data Exposure, with rising attempts to leak information by perpetrators.

The web application threat report on the second half of 2013 is an analysis using detection log statistics gathered from customers who have agreed to participate in the Web Attack Trends program. None of the customer information that is sensitive in nature is released. The number of participants totals about 1,000 units, excluding public institutions, from July 1 to December 31, 2014. The report is written based on information collected from actual sites. Therefore, the report identifies the latest web security threats trends, and enables readers to respond to ever-changing web attacks more quickly and effectively.

Sensitive Data Exposure, as defined by the international web security experts at OWASP, showed the highest frequency of attacks during the second half of 2013. These attacks attempt to expose sensitive data, such as private information and corporate assets that need to be protected. When successful, these attacks result in the decrease of value, loss of brand perception and legal consequences for executions to leak information. It is therefore critical to deal with such hack attempts before they happen, through the utilization of a web application firewall.

Downloads for the latest, as well as previous reports are available.

These are distribution downloads, and full versions are available for WAPPLES customers of Penta Security Systems. For more information about the award-winning web application firewall, please visit the WAPPLES overview page here. Please contact info@pentasecurity.com for further inquiry.