Articles Cloud Cloud News Datacenter

It costs $715,000 to mitigate a DNS attack in 2018: EfficientIP report

On average, a DNS attack costs $715,000 to organizations globally, up from $456,000 a year before, according to 2018 DNS Threat Report by EfficientIP.

EfficientIP surveyed 1000 organizations around Europe, Asia Pacific and North America to analyze the technical and behavioral causes of the rise in DNS (domain name system) threats, their effects on business, and remedies.

The report highlighted that organizations faced average seven DNS attacks in 2017, which costed around $5 million in damages. The organizations which don’t secure the DNS are at a higher risk of data loss, service downtime, compliance failure or compromised public image.

Key findings of the 2018 DNS Threat Report:

  • Average cost per attack increasing YoY

77% of the organizations were found subject to a DNS attack in 2018. The research shows that the average cost of damages caused by a DNS attack has increased by 57% over the previous year. The cost per attack varied country by country. For instance, cost per attack in France is $974,000, whereas it costs $654,000 to organization in North America.

  • DNS-based malware and phishing: Top DNS threats in 2018

DNS-based malware (36%) and Phishing (36%) are the most popular DNS threats in 2018, both of which have increased as compared to last year. Along these attacks, the DDoS attacks, Lock-up Domain attacks, and DNS Tunneling are the top DNS attacks, each of which accounts for 20% of all the DNS attacks in 2018.

  • DNS attacks damage brand image

The major cyber-attacks like WannaCry and NotPetya caused financial/brand damage and customer churn for organizations globally.

Due to DNS attacks, 40% of the organizations suffered cloud outages, 33% were victims of data theft, whereas, 22% lost their business. On average, an organization takes 7 hours to mitigate the attack, up 40% from a year before.

  • All industries vulnerable to DNS attacks

Further, the report revealed that all the industries are vulnerable to DNS attacks. The public sector takes the longest to mitigate an attack, while healthcare faces the highest cloud downtime. The telecom sector had the most sensitive customer information stolen, while it costed the highest to financial sector.

Also read: Biggest cloud security challenges in 2018 and their solutions

“Worryingly, the frequency and financial consequences of DNS attacks have risen and businesses are late in implementing purpose-built security solutions to prevent, detect and mitigate attacks. On the positive side, business and IT leaders globally now have a better understanding on why DNS is fundamental to ensuring business continuity and data confidentiality, so securing DNS has become a top priority for them,” said David Williamson, CEO of EfficientIP.

Read full report here.

Articles Web Security

How to effectively prepare a business to mitigate consequences of an aggressive cyber-attack?

After a series of malicious cybersecurity incidents in 2017 surfaced affecting large companies and private organizations all over the world, cyber – security alerts have become the norm. However, the worst is yet to come. Last week, the United States and Britain issued a joint warning regarding a new wave of cyberattacks, most likely aimed at governments and private organizations, but also on individual homes and offices.

Unfortunately, security incidents happen in all organizations. The only way to improve your company’s resilience, ensuring your customers’ and stakeholders’ confidence, as well as continuing to operate your business as normal, is to invest in incident management processes, such as DraaS. Such solutions help your business mitigate the harmful impacts of cyber – attacks.

Read below how you can prepare to fight possible business disruption caused by an aggressive cyber – attack.

Carrying out cyber security incident threat analysis –  For thousands of people living in the UK, the word – “ransomware” became comprehensible, when they were turned away from NHS hospitals last year, due to the malicious WannaCry attack. There is nothing unusual about this, as only recently businesses and private users around the world can see what cyber – crime means in practice, and what disastrous consequences to business continuity it can bring. One of the main stages for protecting your business from cyber – security incidents can be considered as a very epistemological one, that means, it will involve deep understanding what you might be dealing with and what is the level of threat to your organization.

Providers of Disaster Recovery as a Service help firms to contextualize cybersecurity threats by looking at key business processes and system interdependencies that might be targeted by hackers. It is important to channel all your worries to the investigators at this stage, to help them better tailor their services to your business operations.

Consider shifting the responsibility with service level agreements –  Building your own Disaster Recovery Team might be problematic, especially when you are running a small business. However, research shows, that formal cybersecurity incident teams are invaluable for dealing with disruptive events, as very often they are the only people who have the technical expertise needed to advise on business decisions quickly. It makes sense for small and medium organizations to often fully, or partially shift their responsibilities for creating and managing disaster recovery programs to Disaster Recovery Providers.

Transferring ownership can be done by signing service level agreement, which gives you the guaranty that aspects of the service to which you both agreed to, will be delivered. This essentially means that in the event of a cyber – security incident, an external Recovery Execution Team, not you, will be responsible for one or all of the following: identifying, investigating, taking appropriate action, or overseeing all the recovering processes.

Applying changes – When looking at vulnerabilities in your system, it’s highly likely that security investigators will recommend applying changes to your IT services within your company. Configuring your systems and networks, transferring mission-critical data to safe data centers as well as implementing adequate monitoring processes is crucial for eliminating single points of failure, that are often enough to compromise your infrastructure.

Securing and retaining your data is critical – These days companies run on data, so it is essential you take the proactive approach to properly recover not only your applications and servers, but ensure they are also working, and the data they store is recovered. Disaster Recovery providers can help you to identify data that needs to be protected, as well as where it is stored, and how it can be recovered, without the need to rely on outdated data deduplication.

Depending on your business objectives you might either choose replication services that create a fully working, ready – to – use, copy of your environment (this is especially important for companies with strict RTO ) or traditional back-up and vaulting methods, which are recommended for platforms that can afford being down between 4- 12 hours.

Continuous Review of your state of readiness –  Once you have realistic scenarios based on the conducted threat analysis, you might want to see if the changes you have applied to protect your infrastructure and data work properly. A good testing method usually involves initiating a fictional, yet very probable attack internally, and verifying how well you ( or your security provider)  can respond to it. This stage might also involve undergoing recovery exercises, that could prepare you even better for an actual disaster.


Guest Author: Matthew Walker-Jones

Specializing in content covering topics including data driven marketing, online data protection, data recovery and cyber security. With a passion for all things data, Matthew is constantly staying up to date with the latest news on data security information.

Articles Cloud News Web Security

Human error and misconfigured cloud servers responsible for most data breaches in 2017: IBM Security Report

Over 2.9 billion data records were leaked online globally in 2017, a drop of 25% from 4 billion records breached in 2016, according to a report from IBM Security.

The report, IBM X-Force Threat Intelligence Index 2018, however revealed that cybercriminals shifted their focus on ransomware attacks and other destructive attacks, where they demanded ransom from the victims by locking or destroying data.

“Last year, there was a clear focus by criminals to lock or delete data, not just steal it, through ransomware attacks. These attacks are not quantified by records breached, but have proven to be just as, if not more, costly to organizations than a traditional data breach,” said Wendi Whitmore, Global Lead, IBM X-Force Incident Response and Intelligence Services (IRIS). The ability to anticipate these attacks and be prepared will be critical as cybercriminals will continue to evolve their tactics to what proves most lucrative.”

  • Over $8 billion paid as ransom in 2017

Ransomware attacks like WannaCry, NotPetya, and Bad Rabbit grabbed the headlines in 2017, bringing enormous number of organizations to a halt. These cyberattacks infected and locked the systems and infrastructure in many industries including healthcare, transportation, and logistics.

The attackers locked the critical data through ransomware attacks, and demanded a huge sum of money from organizations, rather than leaking it online. As per the report, an amount of more than $8 billion was paid as ransom to the cybercriminals in 2017.

Longer the companies took to respond to the attack, the more it costed. According to another IBM Security study last year, a slow response can impact the cost of an attack, as the incidents that took longer than 30 days to contain, costed $1 million more than the incidents than those contained within 30 days.

  • Human error and misconfigured cloud servers responsible for data breaches

Human error and mistakes in infrastructure configurations like misconfigured cloud infrastructure, were responsible for around 70% of the compromised records.

According to the report, cybercriminals were aware of the existence of the misconfigured cloud servers, because of the mistakes by employees. Hence, the number of records breached through misconfigured cloud servers rose to 424% in 2017.

  • Millions of phishing attacks 

A lot of organizations were attacked through phishing attacks. The attackers launched spam campaigns and sent links and attachments that contained malicious code. When the links were clicked or the attachments were opened, the malicious code attacked the system.

In some instances, the cybercriminals relied on Necurs botnet, and distributed millions of spam messages within a few days. For example, IBM X-Force observed four separate Necurs campaigns that spanned more than 22 million emails, within two days in August 2017.

  • Drop in cyberattacks against Financial Services industry, but rise in banking Trojan

Information & Communication Technology and Manufacturing industries were the most attacked industries in 2017, accounting for 33% and 27% of the attacks, respectively.

Financial Services, the most targeted industry by cybercriminals for last few years, was the third-most attacked industry (17%) in 2017. However, it still faced the highest volume of security incidents (27%), for the second consecutive year.

The drop in the number of attacks on Financial Services organizations was because of the heavy investment in cybersecurity technologies by the industry. However, the cybercriminals started targeting the customers and end-users across the industry, using banking Trojans.

The banking Trojan is a malicious program used to gain confidential information about customers and clients using online banking and payment systems. In 2017, the Gozi banking Trojan and its variants were the most used malware against finance industry.

Also read: Cybercriminals using trending topics like Bitcoin and FIFA 2018 for phishing scams: Kaspersky Report


Increasing cyber-attacks – are we heading towards cyber doom?

The recent Petya ransomware tragedy that struck the computer systems worldwide, is the second largest cyber-attack after the WannaCry Ransomware that had hit the world last month.

The recent attack hit many countries, locking up the PCs and crippling enterprise-services. Ukraine and Russia were identified among the worst affected countries.

Based on the findings of security firm Kaspersky, the ransomware could possibly be a variant of Petya.D, Petya.A, or PetrWrap. Though it widely affected the systems just like WannaCry, but it is not its variant.

The Petya ransomware locks a computer’s files with a message and demands a ransom in lieu.

The attack reportedly started through an update that was used on a third-party Ukraine software, known as MeDoc. The software was used by many organizations in the country and is identified as the primary reason behind Ukraine being largely affected.

In Ukraine, government offices, banks, energy companies, cash machines, gas stations, railways, Chernobyl power and supermarkets, all were impacted.

Many multinationals like law firm DLA Piper, Mendelez International, Merck and shipping giant AP Moller-Maersk were also impacted.

Per Kaspersky, 60 percent of the attack hit in the Ukraine region while 30 percent was in Russia.

The ransomware reportedly used the EternalBlue Exploit – a software vulnerability in Microsoft’s Windows, just as in WannaCry attack. The tech giant had issued a security update for the same on March 14th – that is before the ransomware attack, and hence those who updated their systems were saved while others had to pay the cost.

The lack of proper security measures and failure to keep the systems updated are supposedly the major reasons behind the attacks.

Though the security agencies and cyber-police have not been able to find out the solution for decrypting the file, but have asked the users to be more aware of the ransomware and its effect.

The recent updates on the attack revealed that the attackers were hardly able to collect any ransom from the act. Some reports suggest that rather being a ransomware, it was a wiper whose primary aim was to cause destruction.

With global cyber-attacks that are crippling the backbone of many countries, one is left in doubt whether these are deliberate attacks of the cyber criminals to extort money or if there is some sinister ulterior motive behind all these attacks.