telecoms Archives - IT Security Guru

80% of European Businesses Under Threat of DDoS Ransom Attacks Over Next 12 Months, Corero Finds

The Gurus — Wed, 06 Jul 2016 10:10:17 +0000

Research from Corero Network Security has found that 80% of European IT security professionals expect DDoS ransom attacks to target their business within the next 12 months.
A poll of experts at the InfoSecurity Europe conference made evident the fears of cyber extortion attempts in the UK and Europe. Furthermore, warnings were issued by the City of London Police in May this year following risks identified from warnings by Lizard Squad, who were threatening charges of around £1,500 to stop DDoS attacks orchestrated by them. Corero also observed a sharp increase in DDoSers targeting theircustomers at the end of 2015, giving further gravity to the findings of this research.
Even more concerning was the finding that almost half of these IT security professionals (43%) thought that it was possible that their organization might pay such a ransom demand.
Dave Larson, COO at Corero Network Security, comments: “Extortion is one of the oldest tricks in the criminal’s book, and one of the easiest ways for today’s hackers to turn a profit. When your website is taken offline, it can cost businesses over $6500 a minute in lost revenue, so it’s understandable why some organizations choose to pay the ransom. But this is a dangerous game, because just a few willing participants encourage these threats to spread like wildfire. Rather than trying to negotiate with criminals, the only way to beat these attacks is to have a robust, real-time DDoS mitigation system in place, which can defend against attacks and prevent downtime.
“Our research data indicates that DDoS ransom attack threats are not only increasing in frequency but also being used by cyber criminals in new and creative ways to extract money from victims. For example, low-level, sub-saturating DDoS attacks are usually used as a precursor to ransomware attacks. Because they are so short – typically less than five minutes in duration – they are usually not detected by security teams and allow hackers to find pathways and test for vulnerabilities within a network which can later be exploited through other techniques.”
We have heard also that companies that meet ransom dfemands often risk putting themselves on a “suckers list” that means they’re known to cough up and will be targeted again in future on the assumption they’ll pay again.
As DDoS attacks become increasingly sophisticated, many organizations are looking further upstream to their Internet Service Provider to protect them against DDoS threats. The majority of those surveyed (59%) worry that their ISP does not provide enough protection against DDoS attacks, and almost a quarter (24%) of respondents believes that their ISP is to blame if a DDoS attack affects their business.
Furthermore, over half of those surveyed (53%) believe that ISPs are hiding behind net neutrality laws – the concept of treating all online traffic equally – as a way to dodge their responsibilities in terms of protecting their customers from cyber attacks, such as DDoS.
Telecoms companies have traditionally been regarded as responsible for directing traffic, without judging the content – the prized concept of net neutrality. Dave Larson tells us “the tide of opinion is changing and many customers now want their telcos to deliver not a decaying mélange of Internet traffic and increasingly sophisticated attack vectors, but a ‘clean pipe’ of good traffic, where the threats have been proactively removed. Providers now have a golden opportunity to offer their customers DDoS protection-as-a-service, and open up valuable new revenue streams in the process – or risk losing their customers.”
Almost 60% of those surveyed (58%) said that would leave their service provider because of poor service, and over a fifth (21%) would leave if they did not offer adequate protection against DDoS attacks.
The research report was compiled by Corero Network Security and examined the views of 103 European IT security professionals at the Infosecurity Europe conference in London during 7-9 June 2016.

The post 80% of European Businesses Under Threat of DDoS Ransom Attacks Over Next 12 Months, Corero Finds appeared first on IT Security Guru.

TalkTalk pays CEO Dido Harding $4.1 million in year firm hit by cyber attack

The Gurus — Mon, 20 Jun 2016 10:51:04 +0000

The chief executive of TalkTalk received 2.8 million pounds ($4.1 million) in pay and share bonuses for the last 12 months, despite the telecoms company suffering a cyber attack in October that put the data of thousands of customers at risk.
Dido Harding, who received 550,000 pounds in base pay, said she would donate her 220,000 pound annual cash bonus to charity following the hack on its business.
“Throughout the cyber attack, we worked hard to put our customers first, and we know that they have appreciated our efforts and our honesty throughout,” Harding said on Monday.

Original Source: Town Hall
View the full story here.

The post TalkTalk pays CEO Dido Harding $4.1 million in year firm hit by cyber attack appeared first on IT Security Guru.

The Evolution of DDoS

The Gurus — Wed, 04 Nov 2015 17:11:48 +0000

By Dave Larson, Chief Technical Officer of Corero Network Security

The World Wide Web is only 25 years old, but it has overseen countless advances in the way it is written and manipulated. Look at DDoS attacks – once simple volumetric attacks have now become deceptive and capable of carrying out several functions at once. Yet responses to this threat have not enjoyed the same rapid developments. This article examines what ISPs and carriers can do to mitigate the threat, as well as analysing what approaches are on offer to technical staff fighting the cyber-criminals.
The evolution of DDoS
In the early days of DDoS attacks (c. 2000), DDoS mitigation technology utilized in the Service Provider industry focused on the ability to determine that a DDoS attack was occurring, simply by sampling edge routers and interrogating NetFlow records from those routers. As a result, an operator could see the increase in DDoS traffic but they had few if any defenses at their disposal to block the attacks. Without any true solutions available or in place, a network operator would first interpret that an attack was in progress, then manually inject a null-route – sometimes referred to as a black-hole route – into the routers at the edge of the service provider’s network, and block the attack. This null-route effectively blocked all attack traffic headed toward the intended victim.
However, this approach had negative connotations as well. Null-route injections also blocked all good traffic along with the bad. The target victim was taken completely offline by the null route and this actually perfected the attack by dropping all packets destined to the victim’s IP addresses. This approach provided a way of at least blunting the flow of the attack and served as a tool to eliminate the collateral damage to other customers or infrastructure as a result of the DDoS attack.
Fast forward several years and we find improvements to DDoS mitigation, and an evolution in protection techniques available to operators. It became clear that a null-route was not an approach that operators preferred to use. Instead of injecting a null-route when an operator observes a large spike, they were now able to inject a new route instead. By implementing a new route, operators could now gain the ability to redirect all traffic through an appliance or bank of appliances that inspected traffic and attempted to remove the DDoS attack traffic from the good user flows. This approach spawned the existence of DDoS scrubbing-centers and DDoS scrubbing-lanes that are commonly deployed today.
This DDoS scrubbing approach, while a significant improvement, still required a considerable amount of human intervention. A DDoS attack would have to be detected (again by analyzing NetFlow records) then an operator would have to determine the victim’s destination IP address(s). Once the victim was identified, a BGP route update would take place to inject a new route to redirect or “swing” the victim’s incoming traffic to a scrubbing lane. The appliances in the scrubbing lane would attempt to remove the DDoS traffic from the good traffic and forward it to the downstream customer. In order to forward the good traffic back to the original destination, in most cases an operator would also have to create a GRE tunnel from the scrubbing lane back to the customer’s border router. This approach represents a significant improvement over null-route solutions but it also introduces significant complexity to the carrier network topology and requires dedicated and costly security personnel in order to ensure proper execution.
Recently, the complexity of the DDoS challenge has been evolving and attacks have been increasing in size, sophistication and frequency. Additionally, as large network operators have succeeded and grown, the sheer size and scale of their infrastructures and their massive customer base presents an incredibly attractive attack surface due to the multiple entry points and significant aggregate bandwidth that acts as a conduit for damaging and disruptive DDoS attacks. The combination of these trends is now driving the need for an even more sophisticated approach to DDoS mitigation that utilizes purpose-built technology to enable a better economic model for defeating these attacks and creating new revenue streams around clean-pipe services.
As we approach the modern day DDoS threat, with advanced mitigation techniques that have evolved over the last decade, innovative protection, sophisticated visibility and scalable deployment options are emerging. In-line deployments of mitigation technology at the Internet or transit and peering points offer much needed relief from the frequent and damaging attacks that providers are dealing with on a regular basis. Alternatively, many providers prefer a scrubbing-lane approach, but require enhanced visibility into the traffic patterns as well as the need to scale the scrubbing operation for increased bandwidth.
DDoS mitigation approaches and real-time threat responses
The weaknesses of old methods – being slow to react, expensive to maintain and unable to keep up with shifting and progressive threats – tell us that solutions appropriate for today need to be always-on and instantly reactive. It’s clear they also need to be adaptable and scalable so that defences can be quickly and affordably updated to respond to the future face of DDoS threats – whatever those may be.
The increasingly popular method of fulfilling these aims is dynamic, in-line DDoS mitigation bandwidth licensing. With this technique, an in-line DDoS mitigation engine is employed but the operator pays for only the bandwidth of attacks actually mitigated. The benefit of this approach is that it delivers full edge protection for locations in the network that are most affected by DDoS, at a fraction of the cost of traditional scrubbing centre solutions. The desirability of these tools is due to the fact that they can be constantly on, with no need for human intervention, and they provide non-stop threat visibility and network forensics.
Another aspect of effective DDoS mitigation is security event reporting. One of the Achilles heels of traditional DDoS scrubbing centre solutions is that they rely on coarse sampling of flows at the edge of the network to determine an attack is taking place. DDoS attackers are well aware of the shortcomings of this approach and have modified many of their techniques to ride under the radar, below the detection threshold, in order to evade ever being redirected to a scrubbing centre. Your security posture will only be as good as your ability visualize the security events in your environment, and a solution that relies on coarse sampling will be unable to even detect, let alone act on, the vast majority of the modern DDoS attack landscape. A robust modern DDoS solution will provide both instantaneous visibility into DDoS events as well as long-term trend analysis to identify adaptations in the DDoS landscape and deliver corresponding proactive detection and mitigation techniques.
New software and hardware makes real-time responses possible, mainly because the traffic from DDoS attacks generally forms a bell curve. The reason they behave this way is to elude the sample-based anomaly detectors that are supposed to spot and kill DDoS attacks. However the modern data analytics in newer solutions enables DDoS detection far before the system’s critical threshold is reached.
As a result, companies don’t have to accept DDoS as one of those risks that you just can’t avoid – either by paying for it themselves or asking for it from their service providers, they can now acquire the technology that will stop these attacks and prevent the costly downtime that they incur.

Visit Corero’s website for more information: www.corero.com

The post The Evolution of DDoS appeared first on IT Security Guru.

Vodafone investigators 'hack' phone records

The Gurus — Wed, 16 Sep 2015 10:17:03 +0000

Telecoms company Vodafone has been lambasted in the press this morning amid reports they may have unlawfully accessed a journalist’s phone records. Natalie O’Brien’s call and text records were accessed by investigators in 2011. I should add that Vodafone denies asking the investigators to make such a move. The Australian federal police have taken over the investigation.
It was for the purposes of tracking down a source – a Vodafone manager is quoted as instructing investigators to use ‘any means available’ to find out who it was. O’Brien was breaking a story of a massive data breach at Vodafone.
The news broke after an e-mail was leaked. The leaking of internal e-mails and data is a major security risk, as the insider threat is often argued as the least detectable threat actor. Additionally, it’s exceptionally hard to trace.
As for Natalie O’Brien’s personal data – it’s clear that your records on your phone may not always be safe. If they’re accessible in this way then perhaps they’re accessible in other ways too. A lesson here in being secure and being wary that these breaches of trust do occur and have occurred in the past. At the end of the day, telecoms companies can see every call, image, text and so on that you send via their network.
Yet another story of dodgy dealings with people’s personal data – a worry for everyone, journalists in particular. Also, we’re only finding out now – that’s a long time after these events occurred.

The post Vodafone investigators 'hack' phone records appeared first on IT Security Guru.

BT broadband in broad-based brownout and TITSUP incidents

The Gurus — Wed, 29 Jul 2015 09:19:27 +0000

If you can’t reach a chum in the UK, chances are they’ve fallen victim to a substantial outage that’s hit BT’s voice and broadband services. Or a Total Inability To Support Usual Performance (TITSUP) incident.
The carrier appears to be suffering from two issues, the first reported to us by Reg readers Colin and Neil who’ve complained of very slow downloads, difficulties accessing the Web, dropped packets galore and traceroutes that don’t make it past the home gateway.
A glance at the carrier’s service status page omits mention of the slow access problem, but does reveal 15 outstanding issues including one that’s hitting over 40 communities from Manchester to Newquay.
BT says “A small number of our customers in the areas shown below, may experience a loss of telephone and/or broadband services. We hope to have service restored as quickly as possible and apologise for any inconvenience this may be causing. Services can be affected by a variety of reasons such as damage caused by 3rd parties or cable theft.”

view the full story here

The post BT broadband in broad-based brownout and TITSUP incidents appeared first on IT Security Guru.

Nasty Bug Lets Hackers Into Nearly Any Android Phone Using Nothing But A Message

The Gurus — Tue, 28 Jul 2015 09:29:44 +0000

It’s like something from a bad movie: eager to learn the details of the bad guy’s dastardly plot, the good guys hack his phone armed with little more than knowledge of his phone number. No physical access to the phone, no tricking him into opening some shady application; just a quick message sent to his phone, and bam — they’re in.
Alas, that’s essentially how a new Android hack works, according to researchers… and the vast majority of Android devices are vulnerable.
Here’s the breakdown:

Researchers at Zimperium Mobile Labs, where it was discovered by VP of Platform Research and Exploitation Joshua Drake, claim that up to “95% of Android devices” are vulnerable.
To initiate the attack, the hacker sends a maliciously modified video message. The message is able to circumvent Android’s sandboxing security measures and execute remote code — at which point they’d have near-full access to your device, its storage, its camera and microphone, etc.
The hack is being referred to as “Stagefright.” “Stagefright” is also the media library that Android uses to process video, and is the bit of code being exploited here.
In many cases, the device will start processing the message without the user opening the message manually. Just receiving the message is enough to get the ball rolling.
Worse yet, an attacker could theoretically delete the message themselves as soon as they’ve executed the attack, leaving behind no trace but a notification that most would quickly swipe away with no idea that their device is now under an attacker’s control.
The bug is said to have been introduced in Android v2.2 (Froyo), but Zimperium has successfully tested it on builds as recent as the latest release, Android 5.1.1 (Lollipop). Devices running a build older than Jelly Bean (4.1) are said to be most vulnerable.

The good news: the bug can be fixed with an over-the-air update, and Google already has a patch ready to go.

view the full story here

The post Nasty Bug Lets Hackers Into Nearly Any Android Phone Using Nothing But A Message appeared first on IT Security Guru.