Tag Archives: Distributed Denial of Service Attacks

Recommendations for Adding Cybersecurity Intelligence to the Smart Grid Josh Ray, Verisign

Verisign logoOver the last few years, there has been an increased effort to modernize the U.S. electric grid. Building a “Smart Grid” has been central in the effort to help utilities better manage their resources, minimize power outages and reduce energy consumption. However, adding more electronic devices and sensors to the grid’s network has made it a prime target of cyberattacks, like Distributed Denial of Service (DDoS) attacks, which if successful, could cause wide-spread disruption of services affecting many other sectors.

According to a recent ICS-CERT incident response from The United States Computer Emergency Readiness Team (US-CERT), an organization within the Department of Homeland Security’s National Protection and Programs Directorate, of the 257 reported incidents ICS-CERT collected in 2013, 56 percent, or 151 incidents, occurred in the energy sector, which exceeded all incidents reported in the other sectors combined. Keep in mind that because reporting of cyber incidents is done on a voluntary basis, ICS-CERT estimates that many more incidents occurred but were not reported.

As new, advanced cyberattacks on public utilities are expected to grow in frequency, what should these organizations be doing to prepare? Below are recommendations for a new approach to cybersecurity for critical infrastructure based on recent research from Verisign iDefense Security Intelligence Services:

 

  1. Build security solutions into the front-end design: It is important that the energy sector build security solutions into the front-end design, manufacturing and deployment of Smart Grid systems and components. And as the roll out of the Smart Grid continues to take place, the energy sector will need to address legacy equipment issues and access control usage, while continuing to tighten its security policies and procedures.
  2. Examine the use of remote connections: While threat mitigation is an ongoing concern, organizations managing critical infrastructure will also need to examine the use of remote connections to their enterprises and determine how to best manage user access from the perspective of the least-privilege principle for access control.
  3. Frequently monitor for vulnerabilities and have a mitigation plan in place: The energy sector should frequently monitor their systems and networks for vulnerabilities, and embrace a full-scope risk management program for both the Information Technology (IT) and Industrial Control Systems (ICS) sides of the house. This will be critical for the success of their security programs.
  4. Protect availability of critical systems:  It is imperative that public utilities have a multilayered mitigation strategy in place to restore services quickly in the event of a DDoS attack. Due to the critical nature of smart grid networks, a hybrid approach to DDoS mitigation, which includes a dedicated appliance on the network, layered with a cloud-based DDoS solution to provide real-time adaptive mitigation that protects against both high-volume and targeted application-level DDoS attacks, may provide the most comprehensive protection.
  5. Invest in third-party expertise: Working with third-party security providers and experts can provide energy/utility companies with powerful tools to combat today’s cybersecurity risks as well as help them develop advanced threat intelligence capabilities to proactively protect their assets. Given what is at stake, all energy companies should consider making this investment.

To learn more about cybersecurity intelligence or DDoS protection services, visit www.VerisignInc.com/cybersecurity.

This article by Verisign’s Josh Ray was sourced with permission from the Verisign blog at:
blogs.verisigninc.com/blog/entry/recommendations_for_adding_cybersecurity_intelligence

Neustar 2014 ‘DDoS Attacks and Impact Report’ Finds Unpredictable DDoS Landscape

Neustar logo[news release] Neustar, Inc. … today (22/4) released its third annual “DDoS Attacks and Impacts Report,” delivering key insights on Distributed Denial of Service (DDoS) attacks and the business impact of these incidents. The survey reveals that DDoS attacks are now more unpredictable and damaging than ever, crippling websites, shutting down operations, and costing millions of dollars in downtime, customer support and brand damage. Nearly twice as many businesses surveyed suffered a DDoS attack last year and more than 40 percent estimated DDoS losses at more than $1 million per day.

Other key findings include a growing trend toward quicker, more concentrated attacks, suggesting a spurt in “smokescreening” – where criminals use DDoS attacks to distract IT staff while inserting malware to breach bank accounts and customer data.  In fact, 49 percent of businesses who suffered a DDoS attack and a breach in 2013 reported that a virus or malware was installed or activated and 55 percent of DDoS targets reported that they were also victims of theft. Attackers stole funds, customer data and intellectual property.

“DDoS attacks create an ‘all hands on deck’ mentality, and the potential for damage is high as criminals take advantage of the distraction to grab and clone private data to tap into funds, intellectual property and more,” said Rodney Joffe, senior vice president and senior technologist at Neustar. “Businesses should look out for shorter, more intense attacks without the traditionally expected extortion or policy demands. It is critical that they protect themselves by dedicating staff to watch entry systems during attacks, making sure everything is patched and having dedicated DDoS protection.”

Additional insights from the survey include:

  • Almost 90 percent of companies attacked were hit repeatedly
  • Larger attacks almost tripled. The number of attacks between 1-5 Gbps in size grew by 150 percent
  • DDoS attacks are consuming more manpower. Attacks requiring more than 10 people to put out the fire more than doubled compared to 2012
  • The costs of DDoS attacks were not only higher, but were felt more widely across the enterprise. Non-IT/security departments absorbed more than 50 percent of attack-related costs and customer support felt the impact most acutely at 63 percent of companies
  • There are now very few companies (under five percent) with no DDoS protection in place. Of the vast majority with protection, most still use traditional solutions like firewalls, switches and routers

Neustar surveyed nearly 450 North American companies in the financial services, technology, retail, government/public sector, health care, energy, telecommunications, e-commerce, Internet services and media industries. The full report, including comprehensive results from the survey and best practices from Neustar’s DDoS experts, may be found here.

 

###

 About Neustar

Neustar, Inc. (NYSE:NSR) is the first real-time provider of cloud-based information services and data analytics, enabling marketing and IT security professionals to promote and protect their businesses. With a commitment to privacy and neutrality, Neustar operates complex data registries and uses its expertise to deliver actionable, data-driven insights that help clients make high-value business decisions in real time, one customer interaction at a time. More information is available at www.neustar.biz.

This Neustar news release was sourced from:
www.neustar.biz/about-us/news-room/press-releases/2014/neustar-2014-ddos-attacks-and-impact-report-finds-unpredictable-ddos-landscape

PIR Survey Reveals That Most Americans Are Uninformed About DDoS Attacks

PIR .ORG logo[news release] Whether motivated by an extreme form of free expression or criminal intent, distributed denial-of-service attacks (DDoS attacks) are increasingly commonplace worldwide. Yet there remains a universal misunderstanding amongst the general public of what to do in the event of a DDoS attack.  According to a survey commissioned by Public Interest Registry (PIR) – the not-for-profit operator of the .ORG domain – to better assess Americans’ basic understanding of Internet and network attacks, 85 percent of Americans are uninformed or ill-equipped to deal with a DDoS attack. Moreover, only 17 percent could correctly identify what the acronym DDoS stood for with 77 percent admitting that they had no idea.

Through this survey, it was ultimately revealed that across the board there is a lack of understanding about DDoS attacks despite their increasing frequency. When asked whom should be the first point of call when one experiences a DDoS attack, respondents’ answers varied –a select number correctly identified a DNS Service Provider while the large majority of people said their first point of call would be their local electronic department store, a technology publication, their spouse or children, Google or the police, to name a few.

Additional findings from the survey revealed:

  • Overall, the higher the household income, the more knowledgeable Americans were on the subject. Regional differences (e.g. East Coast vs. Midwest) were marginal.
  • Surprisingly, education levels are not a factor. Respondents with college degrees were no more likely than those who did not complete their degree to correctly identify DDoS or know what to do if an attack ever happened to them.
  • On a whole, men are more informed on the subject than women with 24 percent correctly identifying DDoS as a type of network attack in comparison to their female counterparts’ 10 percent. Additionally, 20 percent of men compared to 11 percent of women would know what to do in the event of a DDoS attack.
  • In the event of a DDoS attack, only 36 percent of Americans would know where to turn to for advice. Of that number, nearly half of Americans 65-years-old and up would know where to seek help compared to only 28 percent of 18-24 year-olds.

“At PIR, we pride ourselves on being a name that people trust, and we’re committed to helping strengthen the safety and security of the Internet by providing the information people need to protect themselves from these attacks,” said Brian Cute, CEO of Public Interest Registry. “These findings only show that there is real misunderstanding about DDoS across all ages and levels of expertise, so we must do our part to engage with other Internet service providers and registry operators worldwide to discuss how we can be better prepared and prevent future attacks.  It’s in all of our interests – public and individual – to ensure that the Internet remains a safe and protected place for all users.”

In an effort to fuel the discussion about online attacks amongst, organizations and individuals, Public Interest Registry and NY Tech will be hosting “Mitigating DDoS Attacks: Best Practices for an Evolving Threat Landscape” – a forum on December 5 to help generate a thoughtful conversation on how Internet users can protect ourselves from DDoS attacks. Participants in the forum are experts from Google, Symantec, Afilias, Neustar, EFF, MAAWG, and De Natris Consult. For more information about the event (including registration and remote participation details) and the survey, please visit pir.org/why/security/ddos.

This PIR news release was sourced from:
pir.org/pr/2012/ddos

ICANN: New L-Root DNS Server Enhances DNS Fault Tolerance and Resistance to DDoS Attacks

ICANN logoA new instance of L-Root has been installed in Odessa, Ukraine, increasing the Domain Name System’s (DNS) overall fault tolerance and its resilience against certain types of cyber threats, such as Distributed Denial of Service (DDoS) attacks.

The launch of the server node is a joint operation between ICANN and Ukrainian domain registry Hostmaster. DNS Root Servers form a key part of the Internet infrastructure that contribute to the global security and stability of the DNS.

“Odessa is one of the largest Ukrainian cities, with one of the highest Internet penetration rates in the country,” said Dmitry Kohmanyuk, a Hostmaster official. “Moreover, the Internet provider we opted for has quality connections to Western Ukraine, which is precisely why we decided to deploy the node there.”

Hostmaster, the Ukrainian administrator of the .UA domain, supplied the equipment necessary for the installation of the new L-Root node.

“In addition to the newest L-Root server in Odessa, two other L-Root nodes, in Kyiv and Kharkiv, were also deployed through collaboration between ICANN and Hostmaster.” said Joe Abley, Director of DNS Operations at ICANN.”

This ICANN announcement was sourced from:
www.icann.org/en/news/announcements/announcement-18may12-en.htm