hacker

Marlborough, MA and London, UK – Organizations experienced an average of 237 DDoS attack attempts per month during Q3 2017 – equivalent to 8 DDoS attack attempts every day – as hackers strive to take their organizations offline or steal sensitive data, according to the latest DDoS Trends and Analysis report from Corero Network Security (LSE: CNS), a leading provider of real-time DDoS defense solutions.

The data, which is based on DDoS attack attempts against Corero customers, represents a 35% increase in monthly attack attempts compared to the previous quarter (Q2 2017), and a 91% increase in monthly attack attempts compared to Q1 2017.


Corero attributes this increase in frequency to the growing availability of DDoS-for-hire services, and the proliferation of unsecured Internet of Things (IoT) devices. For example, the ‘Reaper’ botnet is known to have already infected thousands of devices, and is believed to be particularly dangerous due to its ability to utilize known security flaws in the code of those insecure machines. Like a computer worm, it hacks in to IoT devices and then hunts for new devices to infect in order to spread itself further.

Ashley Stephenson, CEO at Corero, explains: “The growing availability of DDoS-for-hire services is causing an explosion of attacks, and puts anyone and everyone into the crosshairs. These services have lowered the barriers to entry in terms of both technical competence and price, allowing anyone to systematically attack and attempt to take down a company for less than $100. Alongside this trend is an attacker arms race to infect vulnerable devices, effectively thwarting other attackers from commandeering the device. Cyber criminals try to harness more and more Internet-connected devices to build ever larger botnets. The potential scale and power of IoT botnets has the ability to create Internet chaos and dire results for target victims.”

Sophisticated multi-vector attacks
In addition to the frequency of attacks, the Corero data reveals that hackers are using sophisticated, quick-fire, multi-vector attacks against an organization’s security. A fifth of the DDoS attack attempts recorded during Q2 2017 used multiple attack vectors. These attacks utilize several techniques in the hope that one, or the combination of a few, can penetrate the target network’s security defenses.

Ashley Stephenson continues, “Despite the industry fascination with large scale, Internet-crippling DDoS attacks, the reality is that they don’t represent the biggest threat posed by DDoS attacks today. Cyber criminals have evolved their techniques from simple volumetric attacks to sophisticated multi-vector DDoS attacks. Often lasting just a few minutes, these quick-fire attacks evade security teams and can sometimes be accompanied by malware and other data exfiltration threats. We believe they are often used in conjunction with other cyber-attacks, and organizations that miss them do so at their peril.

“The only way to keep up with these increasingly sophisticated, frequent and low volume attacks is to maintain comprehensive visibility and automated mitigation capabilities across a network, so that even everyday DDoS attacks can be instantly detected and blocked as they occur and before they cause damage.”

Ransom Denial of Service
Corero observed a return of Ransom Denial of Service, or RDoS, in Q3 2017. A widespread wave of ransom DDoS threats from hacker group, Phantom Squad, started in September, targeting companies throughout the US, Europe and Asia. The extortion campaign spanned a variety of industries – from banking and financial institutions, to hosting providers, online gaming services and SaaS organizations – and threatened to launch attacks on 30 September unless a Bitcoin payment was made.

Ashley Stephenson continues, “Ransom is one of the oldest tricks in the cyber criminal’s book, and with cryptocurrency, is an anonymous way for them to turn a profit. As IoT botnets continue to rise, we may soon see hackers put on more dramatic RDoS displays to demonstrate the strength of their cyber firepower, so that their future demands for ransom will have to be taken more seriously. Paying the ransom is rarely the best defense, as it just encourages these demands to spread like wildfire. It is proven that with proper protection in place to automatically eliminate the DDoS threat, organizations will be in a much stronger position.”

For access to the complete Corero DDoS Trends report, download it at: http://info.corero.com/DDoS-Trends-Report.html

About Corero Network Security
Corero Network Security is the leader in real-time, high-performance DDoS defense solutions. Service providers, hosting providers and digital enterprises rely on Corero’s award winning technology to eliminate the DDoS threat to their environment through automatic attack detection and mitigation, coupled with complete network visibility, analytics and reporting. This industry leading technology provides cost effective, scalable protection capabilities against DDoS attacks in the most complex environments while enabling a more cost effective economic model than previously available. For more information, visit www.corero.com.

Read more

Filed under Web Hosting News by on #

Brought to you by Data Center Knowledge
Data centers these days are busy replacing expensive hardware solutions with "software-defined" everything, but the trend is the opposite when it comes to security. While software still prevails in keeping servers secure, hardware is often being added to the mix as another layer of protection, especially during the boot process, when a computer is vulnerable to dangers such as maliciously modified firmware.
This trend started when UEFI — and Secure Boot — replaced BIOS on computers, and was carried a step further when Google began including an additional custom designed hardware security chip on all servers and peripherals in its data centers. In June, Hewlett Packard Enterprise followed suit and announced it was joining the secured-by-hardware crowd by including its own custom chip on its Gen10 servers. Lenovo also includes a degree of security-on-a-chip technology on its line of servers, through XClarity Controller.
There are several advantages to having security protections contained in chipsets that are separate from a server's CPUs. Being isolated from the server's main components, they are more difficult for an outside hacker who manages to get through a system's defenses to find and penetrate. In addition, they can utilize read-only memory that can be difficult or impossible to modify.
See also: Here's How Google Secures Its Cloud
At its Cloud Next event in March, Google unveiled a custom security chip
Read more

Filed under Web Hosting News by on #

(The Hosting News) – A British man has been charged with breaking into the U.S. Federal Reserve’s server in New York where he stole and publicly posted private information, CNN reports.
The hacker, Lauri Love, infiltrated the Reserve’s computers by exploiting a vulnerability in the database, in which he could face a maximum sentence of 12 years for computer hacking and aggravated identity theft.
He also been accused of going after NASA, the Army, Health and Human Services, the Environmental Protection Agency, and Missile Defense Agency, among other U.S. government agencies.
According to New Jersey prosecutors, Love’s attacks “resulted in millions of dollars … More Details >>

Filed under Web Hosting News by on #

Unplanned webhosting/server downtime can disrupt your blog, website or business. It can alienate customers/members/visitors, and damage your and your company’s reputation. It can also impact you economically, as you loose revenue if your site is down.

Unforeseen outages are unexpected events that cause instant website downtime such as hardware or software failures, webmaster or web-host errors, hacking and other malicious acts, natural disasters, network issues, and ISP maintenance. Remember, even with 99% uptime, your website will be down for 87 hours, 36 minutes per year!

There is nothing worse for a website owner to be informed by a client that his website is not working, so to prevent this and minimize downtime, you need a hosting/server monitoring service.

There is a wide range of companies offering monitoring services (both free and paid) to meet just about any budget and business need. Here are some of our favorites:

  • BasicState
    They offer a free web site uptime monitor and alert service that checks your website every 15 minutes and will send alerts by email or SMS. You also get a daily uptime report with a 14 day history.
  • UptimeRobot
    You can monitor up to 50 websites every 5 minutes for free, and receive alerts via email, SMS, Twitter, RSS or push notifications for iPhone/iPad.
  • Pingdom
    They offer a free account to monitor one website. It includes 20 SMS alerts.
  • Mon.itor.us
    This free service allows you to monitor 1 website every 30 minutes, and get alerted via IM, SMS, E-mail, or RSS.
  • InternetSeer
    They claim to be the largest website monitoring service and offer a 24x per day free service.

If you get notified by your monitoring service that your website is down, it is important to address the problem immediately and correctly.

An informative website message with an estimate of how long the site will be down, is very useful. This way, both existing and potential clients and visitors are properly informed of the problem, and how soon it will be resolved. Ask for their patience and to please come back. This is good for your personal and business image, and can help to limit financial loss.

Of course, you then have to ensure the unforeseen issue is immediately addressed and resolved without delay. Get professional help, if necessary, like your web-host’s support, or a server administrator.

Filed under Web Hosting Basics by on #