Looking Behind The Attacks: The Top 3 Attack Vectors to Understand in 2015

We saw an unprecedented number of high profile cyber-attacks and malware infections reported in 2014 – Target, Snapchat, eBay and Adobe (to name a few). This has brought cyber security much more into focus, not only for c-level executives and cyber security analysts, but also for world leaders. The complexity of these attacks and the frequency that we saw in 2014, begs the question what does 2015 hold?

In this whitepaper our security experts look behind the attacks and highlight the key elements that malware, advanced persistent threats (APT) and other cyber-attacks typically use to infiltrate networks and how businesses like yours, can protect their valuable assets and data.

Download it hereWhitePaperImage

DNS based DDoS Attacks- What’s in a Name?

You may already know that we have recently partnered with Infoblox.This partnership provides us with an excellent array of network control and security solutions.

InfoBloxControYourNetworkA big focus for Infoblox is their secure DNS solution. DNS attacks are at an all-time high and traditional DNS servers do not offer the protection you need. Recent press has shown a marked increase in DDoS attacks on ISPs around the world. Our ISP customers may be interested in this blog post from Renuka Nadkarni at Infoblox.

Here Renuka explains how ISPs are especially sensitive to DDoS attacks – disruptive to the business and time consuming to mitigate. Her blog goes on to explain the six new attack types and how each one works, covering: Basic NXDomain Attack, Random Sub-domain attacks on Legitimate Domains, Phantom Domain Attacks, Lock-Up Domain Attacks, CPE-driven DDoS attacks in the ISP network and DDoS attacks using Malware-infected CPE devices.

Infoblox are working with ISPs and enterprises to help them protect their DNS infrastructure. Read the full blog post on the Infoblox website here.

Have you been breached? How secure are your assets?
Test-drive Infoblox DNS Firewall free for 60 days to see if you have malware and APT’s lurking in your network. Visit the website here for more and to sign up.

 

 

 

Attack of the Floods

By Malcolm Orekoya, Senior Technical Consultant, Netutils

Views expressed in this post are original thoughts posted by Malcolm Orekoya, Senior Technical Consultant, Netutils. These views are his own and in no way do they represent the views of the company.

FloodBlogistockAs most of the United Kingdom is being bombarded by storms and hurricane-force winds resulting in flooding in several parts of the country, it is understandable that most of our attention is on this bit of news.

However, some of you in the IT world will have also heard of another flood hitting the headlines this week – the massive NTP reflection attack that exploited a vulnerability in the NTP protocol, a widely used protocol on the internet, which is used for clock synchronisation between computer systems.

Business concept male finger pointing DDoS  keyHackers seem to have taken the floods caused by the weather as a go ahead to press the Distributed Denial of Service (DDoS) button on their keyboards to launch a massive flood of their own on the internet. The attack was first revealed on Twitter by CloudFlare’s CEO Matthew Prince on Monday 10th January 2014, saying “Very big NTP reflection attack hitting us right now. Appears to be bigger than the #Spamhaus attack from last year.” The attack has been recorded in Europe as the biggest DDoS attack to date reaching 400Gbps at its peak.

So with flaws in protocols such as NTP and DNS, that were not built with security in mind being continually exposed and with the world wide use of such protocols across the internet attracting more malicious hackers, what should you do to mitigate these denial of service attacks?

Well in my opinion, for starters administrators and organisations need to be proactive about keeping abreast of the latest security alerts, news, blogs and trends.

There have been several organisations, such as the US-CERT and Team Cymru’s Secure NTP Template page, that have released alerts and mitigation techniques regarding flaws in NTP as well as other protocols. Proactive enterprises would have already taken steps to mitigate the specific NTP threat, but also sought general DDoS protection for their business critical web facing systems.

In addition to looking into DDoS protection vendors and services, it is important to understand the differences in the plethora of protection solutions and vendors available on the market. For example solutions like Juniper Networks DDoS Secure product, provides DDoS protection against in-bound as well as out-bound traffic, which is a unique selling point in comparison to some other vendors in the same space.

Finally, it’s important for organisations to know where their strengths and weaknesses lie and lean on the experts where necessary. A lot of enterprises do not have a SOC or the human resource (in helpdesk or administrators) to proactively manage their security. This should be recognised and the use of expert security consultants to work alongside the on premise teams should not be avoided, not for financial or “it won’t happen to me” reasons. Because at the end of the day, every organisation that has at least one point of contact with the World Wide Web is susceptible, and in almost every attack situation, the end customer and the organisation will end up feeling the brunt of the consequences of any ignorance or neglect.

We have already helped customers who have been affected by the recent NTP attack and urge you to get in touch with us even if you’d just like some advice to help assess the level of vulnerability in your organisation.