DDoS extortion attacks seem to be the new threats to look out for. According to GAD ELKIN of F5 Networks, a hybrid security approach is a company’s best chance of mitigating these attacks.
It is a testament to the sustained evolution of the cybersecurity landscape that we are still regularly seeing the emergence of new threats. Distributed denial of service (DDoS) attacks and ransomware are both well-established methods of cyber-attack, but we have recently seen a new tactic that combines elements of both: DDoS extortion attacks.
From what we’ve seen of the attacks so far, there is an almost professional approach to the whole process; initially, an email will arrive at the target explaining who the attackers are and even linking to some recent blogs written about them and their extortion tactics.
The email goes on to state that unless a fee is paid (usually around 40 Bitcoin but demands can go into the hundreds), a large-scale DDoS attack will be launched. Alternatively, some emails will only arrive after the attack has started, stating that the attack will only be stopped if the ransom is paid, or the severity will be reduced if a portion of the fee is paid.
We’ve monitored some attacks that start slowly and increase in scale – DD4BC, the company behind the extortion, claims it can launch attacks up to 400-500 Gbps. Such attacks are very rarely that strong, but they are known to last up to 18 hours, however, which is definitely enough time to seriously impact a business.
At this point, it seems that no particular industry is being targeted specifically, but there is one general theme. The targets we’ve seen so far have been those that rely on online transactions to operate, such as financial institutions and currency exchanges.
One endgame to this that we’ve seen is that the extortion element could actually be a diversion tactic, meaning the customer concentrates on the sheer volumetric high-end type of attacks, when the offenders are actually targeting a local application with a different attack vector. This means that hackers could be conducting local application level attacks involving any form of penetration into the application itself. So often the target isn’t actually to bring down or disrupt a website or service but to gain access to an application in order to steal information, whether it’s credentials, financial information, personal data or something else.
It’s understandable that some targets may think the email is junk and ignore it, but that’s not necessarily the best course of action. Of course, that doesn’t mean that paying the ransom is advisable either. That leaves targets with the option of mitigating the attack, despite the emails specifically stating that attempting to mitigate the DDoS attack is pointless. Whilst the protagonists may claim that the attack is too big for even the best technology to cope with, that’s just not true.
Mitigation is possible through a combination of on-premises and cloud-based anti-DDoS technologies. A hybrid approach allows a company to mitigate DDoS attacks that are launched from outside the infrastructure and also cope with local-level attacks targeting the application layer.
A DDoS attack up to 500 Gbps in size can only be stopped with cloud-based technologies. The local network and application level attacks (which will happen if the DDoS is a diversion tactic) has to be stopped with on-premises technologies. So one or the other won’t do; a hybrid approach is the key to protecting your business from the ever-expanding arsenal of the cyber-criminal.
Smash hits the
Super Smash Bros. delivers what the fans wanted in the latest “Ultimate” instalment, writes BRYAN TURNER.
Super Smash Bros. Ultimate, the latest addition to the popular Nintendo Smash series, has landed on the Nintendo Switch with a bang, selling 5-million copies in the first week of its release. The game has been long-anticipated since the console’s release, as many fans consider
It features 74 playable fighters, 108 stages, almost 1300 Spirit characters to collect while playing, and a single-player Adventure mode that took about three days (or 28 hours) of gameplay to complete. The game offers far more gameplay than its predecessors, making it the Smash game that gives its players the best bang for their buck.
For those new to the game, the goal is to fight opponents and build up their damage score (draining their health) to knock them off the stage eventually. This makes the game seem chaotic, as many players jump around the platforms as if they were on quicksand, in order to avoid being hit by the other players.
It also services two kinds of players: the competitive and the casual.
Competitive players can be matched on the online service by skill ranking to enjoy playing with similarly high-skilled opponents. This is especially important in e-sports training for the game, and for players wanting to master combos against other human players. The casual gamer is also catered for, with eight-player chaos and button-mashing to see who comes out luckiest. This segment is also important for those wanting to learn how to play.
Training mode is also a place to go for those learning to play. It offers “CPU” players that are graded by intensity to train as a single player to learn a character’s moves, combos and general fighting style. More challenging CPU players can also be used by competitive players to train when there isn’t a Wi-Fi connection available.
Direct Play features in this game, allowing two players with two Switch consoles to play against each other over a direct connection – no Wi-Fi needed. This is especially useful to those who want to have a social gaming element on the go, similar to that of the cable connector of the Gameboy.
Click here to read Bryan Turner review of Super Smash Bros. Ultimate.
Win Funko Fortnite in Vinyl
Gadget and Gammatek have nine Funko Fortnite figurines to give away.
A Funko Pop figurine based on a character set is indicative of reaching the heights of pop culture. It is no surprise, then, that the world’s biggest online game, Fortnite, has its own line of Funko Pop figurines. The Funkos are modeled on the characters in game, including Drift, Ragnarok, Dark Vanguard, Volar, Tracera Ops, and Sparkle Specialist.
Now, local Funko distributor Gammatek has released the Fortnite figurines in South Africa. To celebrate, Gadget and Gammatek are giving away a set of three Funko Fortnite figurines to each of three readers (9 figurines in total). To enter,
You can put the tweet in your own words, but entries must have the competition’s hashtag (#FunkoFortnite) and mention @GadgetZA to be considered valid.
Click here to select the Funko Fortnite character you want to tweet.