Cyber Defense eMagazine December Edition for 2021

More documents

Recommendations

Info

The New Normal Several factors have converged to drive terabit-class attacks. Attackers continue to build massive botnets, the armies of infected devices that can direct malicious traffic at targeted systems. Meanwhile, IoT devices, which too often have lax cybersecurity standards, have only increased the number of devices available to compromise. A second factor is the continued development of reflection amplification attacks. Think of it this way: in most DDoS attacks, a targeted system is flooded with requests for information that initiate a response. In a reflection attack, attackers disguise the origin of the attack traffic to make it appear that it is coming from the targeted network or device. In other words, the attack tricks the targeted system into sending the response back to itself. But the size of the request for information and the response are not always symmetrical. For some internet-based services, a request for information initiates a response that is far larger in proportion. By targeting these services, attackers can significantly amplify the size of their attack. A reflection amplification attack both magnifies the amount of malicious traffic an attacker can generate, and obscures its source. In the first half of 2021 alone, threat actors weaponized at least seven new reflection and amplification vectors. The deployment of this new tactic ignited an explosion of new attack modes. Along those lines, the number of vectors used in multivector DDoS attacks has soared, with a record-setting 31 attack vectors deployed in a single attack against one German organization. That’s the type of attack launched against GitHub. Known as a memcached attack. Open source and free, Memcached is a high-performance, distributed memory caching system designed to optimize dynamic web applications. The amplification capabilities of Memcached servers is so great that if you send a single request, that request could send back more than 50,000 responses. Mixing Tactics, Vectors, and Targets Large attacks are relatively easy to identify by automated defenses. But that has value in itself to attackers. A large DDoS campaign may, for example, provide cover for another attack, and threat actors can adapt their tactics to overcome defenses when volume alone does not suffice (though, to be clear, a big attack still causes many problems). An emerging trend has been the development of adaptive attack techniques designed to evade traditional defenses. These types of attacks require extensive pre-attack research and reconnaissance to identify vulnerabilities. The result, however, is an attack perfectly calibrated to overcome an organization’s defenses. Furthermore, attackers don’t always need to attack an organization itself to cause damage. In many cases, DDoS attacks can target service providers, including DNS servers, VPN concentrators to inflict collateral damage. Defending Against Terabit-Class Attacks Overall, the first half of 2021 saw a staggering 11 million DDoS attacks. It’s not a matter of if a company will find themselves in the crosshairs of a DDoS attack, it’s a matter of when. The pandemic, and its Cyber Defense eMagazine – December 2021 Edition 134 Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.
accompanying shift toward more digital services for consumers and businesses, has expanded the threat surface. Businesses are more reliant on digital services to reach their customers than ever before, driving an even greater need for adequate defenses. The first step in protecting an organization is taking a good, hard look in the mirror. The shifting dynamics of the workplace brought massive changes. Businesses should conduct frequent evaluations to stay ahead of new threats, and assessments of whether DDoS mitigation capacity continues to be adequate. Companies should also have conversations with their third-party suppliers on which they rely for connectivity, including ISPs and VPN concentrators to ensure they have adequate mitigation capacity. Running next-generation security tools that leverage packet data can provide insights into possible incursions and changes to networks and infrastructure, offering early alerts to security and network operations teams. Despite being one of the oldest known forms of cyber attack, DDoS remains a pervasive threat. Terabitclass attacks are unfortunately inching closer to the mainstream, but even worse, they are just one tool in the attackers’ arsenal as they continue to innovate new vectors and attack methods. Hence it is more imperative than ever before that defenders and security professionals remain vigilant to protect the critical infrastructure that connects and enables the modern world. About the Author Richard Hummel has over a dozen years of experience in the intelligence field and is currently the Threat Intelligence Research Lead for NETSCOUT's ASERT Research Team. Previously, he served as Manager and Principal Analyst on the FireEye iSIGHT Intelligence’s Financial Gain team. He began his career as a Signals Intelligence Analyst with the United States Army. During the course of his service he became certified in Digital Network Intelligence and supported multiple operations overseas including a deployment to Iraq. After departing from the Army as an enlisted soldier, he began contracting work as a Computer Network Operations analyst in support of the Army. During his tenure as a contractor, he developed many methods and procedures for conducting Cyber Discovery and trained analysts at Army INSCOM HQ's. At FireEye iSIGHT Intelligence, he led a team of technical analysts in the tracking, reporting, and analysis of various cyber crime related malware families. Richard can be reached online at www.netscout.com Cyber Defense eMagazine – December 2021 Edition 135 Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.
Page 1 and 2:
9 Ways Social Media Sabotages Your
Page 3 and 4:
How Do You Secure the Modern Supply
Page 5 and 6:
@CYBERDEFENSEMAG CYBER DEFENSE eMAG
Page 7 and 8:
Cyber Defense eMagazine - December
Page 9 and 10:
Page 11 and 12:
Page 13 and 14:
Page 15 and 16:
Page 17 and 18:
Page 19 and 20:
Page 21 and 22:
Page 23 and 24:
Page 25 and 26:
Page 27 and 28:
Page 29 and 30:
Page 31 and 32:
Page 33 and 34:
Page 35 and 36:
Page 37 and 38:
Page 39 and 40:
With over 4 billion users, social m
Page 41 and 42:
Unsecure Mobile Networks When using
Page 43 and 44:
However, as concerning as these pra
Page 45 and 46:
Danny Lopez, CEO, Glasswall “Duri
Page 47 and 48:
estoring data. Modern organizations
Page 49 and 50:
When Diplomacy, Finance and Tech Co
Page 51 and 52:
Another way leaders can take initia
Page 53 and 54:
How Covid-19 Changed Advertising Fo
Page 55 and 56:
However, this shift might not be su
Page 57 and 58:
Why MFA Alone Isn’t Enough for Tr
Page 59 and 60:
just highlights how vulnerable most
Page 61 and 62:
on channels like email. This starts
Page 63 and 64:
3 Best Practices to Avoid Inevitabl
Page 65 and 66:
For example, an employee may become
Page 67 and 68:
and outcomes is essential for proje
Page 69 and 70:
Electric Vehicle Charging: The Next
Page 71 and 72:
Going forward, EV dealers, charging
Page 73 and 74:
How does this relate to MFA? Well,
Page 75 and 76:
constant exposure of countries to a
Page 77 and 78:
Why do you need a malware sandbox?
Page 79 and 80:
Multi-Cloud Security and Compliance
Page 81 and 82:
If security controls are not consol
Page 83 and 84: How Do You Secure the Modern Supply
Page 85 and 86: The case for isolation Supply chain
Page 87 and 88: Don’t Take Yourself Out of The Ga
Page 89 and 90: The U.S. Government Accountability
Page 91 and 92: assessment criteria for the tasks f
Page 93 and 94: the file. This was a great techniqu
Page 95 and 96: the wake of the pandemic where the
Page 97 and 98: Certain communications are protecte
Page 99 and 100: At Salt Communications we work with
Page 101 and 102: And it’s only getting worse. If y
Page 103 and 104: The benefits are great When HDOs ha
Page 105 and 106: 4 Pillars of Privacy-Preserving AI
Page 107 and 108: concern and a desire to be cautious
Page 109 and 110: and stay safe online. That’s why
Page 111 and 112: 2. Enabling over-the-horizon threat
Page 113 and 114: Techniques Used by Hackers to Bypas
Page 115 and 116: Phishing scams avoid email security
Page 117 and 118: ATO Detection Account takeover bene
Page 119 and 120: How To Protect Your Digital Legacy
Page 121 and 122: I worked with cybersecurity experts
Page 123 and 124: Sextortion Email Scams What to Do a
Page 125 and 126: Sextortion attacks are a type of cy
Page 127 and 128: How to respond to a sextortion emai
Page 129 and 130: Example 2:'You've been hacked' emai
Page 131 and 132: How can this strategy be implemente
Page 133: Surviving The New Era of Terabit-Cl
Page 137 and 138: Survey results show businesses are
Page 139 and 140: Enterprises Cannot Achieve Zero Tru
Page 141 and 142: Capital One breach back in 2019. Ad
Page 143 and 144: Cyber Defense eMagazine - December
Page 161 and 162: CyberDefense.TV now has 200 hotseat
Page 163 and 164: Books by our Publisher: https://www
show all

Cyber Defense eMagazine December Edition for 2021

Create successful ePaper yourself

Delete template?

Save as template?