News wrap on trending cyber-attacks; Get trending information on exploits, and vulnerabilities every week to help your organisation to be better equipped to avoid being victim of cybercrimes. Anglo African brings you the weekly cyber-attack news wrap-up and remedy tips to support your business to defend against hackers.
Axis Bank, India’s third-largest private bank, announced today that it was the victim of a cyber-attack, but has managed to stop the intrusion before the hacker stole any funds from customer accounts. Bank officials have already reported the incident to the Reserve Bank of India, the country’s banking regulator.
To no one’s surprise, the release of the Mirai malware source code has resulted in other crooks creating their own variants, infecting new devices, and more than doubling the size of the original Mirai botnet. This falls exactly into the plans of Anna-senpai, the nickname used by Mirai’s author, who hoped that others would take his malware and create new botnets that will help him conceal his mega-botnet, the one he used to launch the biggest DDoS attacks known today
Malware now targeting Australian users could be based on one of the world’s worst banking trojans. Fidelis malware mangler Jason Reaves says the TrickBot malware has strong code similarities to the Dyre trojan, a menace that ripped through Western banks and businesses in the US, the UK, and Australia, inflicting tens of millions of dollars in damages through dozens of separate spam and phishing campaigns since June 2014. Dyre stole some US$5.5 million from budget carrier Ryanair and fleeced individual businesses of up to $1.5 million each in substantial wire transfers using stolen online banking credentials.
One of the world’s most prolific Android malware instances is still the most prevalent piece of malware more than two years after it first emerged. The capable trojan known as Ghost Push infects Android up to version five, aka Lollipop, still employed by about 57 per cent of all users. Ghost Push won’t run on Android version six, Marshmallow, and the recently released version seven Nougat which together account for about 10 per cent of Android devices.
Preventing Denial of Service Attacks
Application Denial of Service attacks have rapidly become a commonplace threat for doing business on the Internet – more proof that Web application security is more critical now than ever. Denial of Service attacks can result in significant loss of service, money and reputation for organisations. Typically, the loss of service is the inability of a particular network service, such as e-mail, to be available or the temporary loss of all network connectivity and services. An HTTP Denial of Service attack can also destroy programming and files in affected computer systems. In some cases, HTTP DoS attacks have forced Web sites accessed by millions of people to temporarily cease operation.
Defending against a concentrated and sustained DDoS attack can be akin to defending against a 4 on 1 “fast break” in a full court game of basketball – there are too many attackers and not enough of you. Your defenses are completely overwhelmed, and the attackers are headed to the basket for an easy score.
Though it’s not always possible to defend against a large, organised DDoS attack without some impact to the targeted network, there are strategies that can help mitigate the effects of even the most vicious DDoS attacks:
- Recognise the signs of a DDoS attack: the first and best defense against a DDoS attack is the ability to recognise it early. Unfortunately, not all DDoS attacks are easy to distinguish from normal spikes in network or web traffic, or a sudden slowdown in network performance. Invest in the right technology, expertise and training to help you tell the difference, or use an anti-DDoS service.
- Incident response planning: Be ready with a great incident response program and include in it a DDoS mitigation plan.
- Contact your ISP provider: If your company is feeling the effects of a DDoS attack, it is likely affecting your ISP provider, as well. Call your ISP provider to see if they can detect DDoS attacks and re-route your traffic in the event of an attack rather than have you call for support. When choosing an ISP, inquire whether any DDoS protective services are available, and consider whether you might want to engage a backup ISP in the event of an attack to keep your business running.
- Have your threat intel handy: Half the battle in today’s environment is knowing what to look for. What are the potential indicators of compromise that an attack is underway? What threat vectors are most popular? And how are your peers responding to those attacks?
Other Mitigation Defenses and Tools: There are two tools that companies should consider in addition to standard signature-based firewalls and routers (to reject known bad traffic) when thinking about mitigation strategies:
(1) Load balancers to balance traffic across multiple servers within a defined network with the goal of creating additional network availability, and
(2) a cloud-based anti-DDoS solution to filter or divert malicious DDoS traffic.
Today, with the large-scale commoditisation and distribution of sophisticated cyber-attack tools, more and more people have access to sophisticated malware that facilitates DDoS attacks. Given this massive increase, today’s organisations need to be prepared to defend against DDoS attacks or risk outages and other damage.
Intrusions happen, threats emerge and your security operation needs to be at its peak efficiency. For more information about cyber security kindly contact Anglo African on 2331636 or by e-mail at contact@infosystems.mu
