Layer 3 DDoS are some of the most common types of DDoS attack, and Cloudflare has reported seeing a peak at up to 400Gpbs over the past month. L3 attacks flood a target network with data packets that can completely overwhelm the capacity of the target network. These attacks cause very high volumes of traffic congestion, overloading the targeted network or server and causing extensive service disruption for legitimate users trying to gain access.
During the first quarter of 2016, Cloudflare noticed a 15x increase in individual DoS events that happens during the weekends and at massive sizes. DDoS attacks are measured in the number of malicious packets per second (pps) when the attack overwhelms a router’s processing power, and the attack bandwidth in bits per second (bps) when the attacks attempt to saturate the network capacity. At the highest peak, the 400Gbps of aggregate inbound traffic lasted for a couple of hours.
To effectively fight against L3 attacks, the DDoS filtering defense must be system and application-aware and preferably integrated with the DDoS volumetric filtering to facilitate a feedback system between them. With Cloudflare’s automatic attack mitigation system, volumetric attacks of massive sizes have become automated enough to respond quickly to network bottlenecks. Since they constantly upgrade their network capacity, they are able to sustain their network capacity and absorb most DDoS attacks at larger sizes.
Penta Security Launches WAPPLES Cloud for Business
Korean security vendor Penta Security now offers the WAPPLES V-Series along with several additional services to provide a full enterprise cloud WAF package for businesses. The WAPPLES is a virtual web application firewall designed that works over the cloud. It runs on an intelligent logic analysis engine called Contents Classification and Evaluation Processing, or COCEP. This logic analysis engine utilizes a system of “rules” designed to to detect over 26 different types of attacks.
This analysis enables WAPPLES to analyze web traffic to determine whether or not the traffic constitutes a threat to the web application. After passing all 26 rules, WAPPLES determines traffic is not a threat, transport it to Web Application, and support static performance separate from attacker, test environment, and operation environment. Otherwise, it will take appropriate countermeasures when threats are detected.
With easy security settings and operational convenience, WAPPLES leads the popularization of WAF with a broad range of consumers and now the service is offered as an extension for businesses. As more and more enterprises needs to integrate a set of security features such as load balancing, auto scaling, and a consolidated management system to handle and process heavy traffic and cloud-based needs.
FireEye Releases Mandiant M-Trends Report with Insights from Advanced Attack Investigations
FireEye has released of the seventh annual Mandiant M-Trends report. M-Trends 2016 provides trends, statistics and case studies to illustrate how advanced threat actors have evolved over the past year. Compiled from advanced threat investigations conducted by Mandiant’s leading consultants in 2015, M-Trends 2016 details the leading cyber trends and tactics threat actors used to compromise businesses and steal data across 30 industry sectors and offers recommendations on how they can prevent, detect, analyze and respond to cyberattacks.
Some of the report’s key findings about attack duration: the median number of days attackers were present on a victim’s network before being discovered dropped to 146 days in 2015 from 205 days in 2014. However, breaches can remain undetected for years. Attacks show that external identification takes longer, with an average of 319.5 days from compromise to discovery, and internal discovery takes an average of 56 days.
On the other hand, disruptive attacks are becoming more common. Over the past year, Mandiant responded to incidents where attackers destroyed critical business systems, leaked confidential data, held companies for ransom, and taunted executives. Some attackers were motivated by money, retaliating for political purposes, or simply wanted to cause embarrassment.
Seagate Phish Exposes All Employee W-2’s
This goes to show that even with the most advanced online security a business can have, any employee can become a large liability and the weakest in the security chain. KrebsonSecurity has discovered that an employee at Seagate was tricked into a phishing email scam that has exposed all information related to their W-2’s.
On March 1, a Seagate employee sent the data to an outside email address after receiving an email purportedly from Seagate’s CEO Stephen Luczo requesting 2015 W-2 data for current and former Seagate employees. The employee, believing the request to be real, forwarded the W-2 reporting data which subsequently exposed several thousand US employees of Seagate to potential tax fraud and identity theft. The W-2’s contain crucial information on Social Security numbers, salaries and other personal data.
Credit protection will not help recover such personal information. Attackers highly value this information mostly due to being able to file fake tax refund requests with the Internal Revenue Service (IRS) and the states.