Sun Tzu, the famous 5th century BC Chinese general and philosopher has been credited with the statement ‘know yourself, know your enemy and you shall win a hundred battles without loss.’ This applies to cyber-criminals, too. A critical part of your organization’s defense is understanding the extent and nature of the threat. Here’s an example of what I mean.
We recently installed a server for a client which communicates directly to and from the Internet. While it’s a given that adequate security needs to be in place, many business people don’t realize the extent to which the bad guys will go to gain access to a system like this. Cybercriminals deploy automated systems to silently scan for computers, routers, and other IT-related devices which are connected to the Internet and once found, automatically and continuously attempt to exploit configuration mistakes, default or ‘easy’ passwords, and unpatched vulnerabilities.
After only 1 day, here’s a summary of the individual attempts to hack this single system:
Russian Federation (18)
Note that because of the software we installed, after an attack was attempted 3 times that address was blocked from further access. So the above total of 168 individual attempts in 24 hours – if not stopped by the software we had installed – would have likely been continuous attempts every few seconds by each attacker. This would likely have put the daily total at close to 300,000 – 400,000 attempts.
The takeaway? Don’t underestimate the enemy. They have resources to find your systems, exploit vulnerabilities, and make your life miserable.
Invest in good quality security, keep systems and hardware up to date, and monitor everything.
Everyone stay safe out there!
Most likely you were affected by last Friday’s DDoS attack. Everyone awoke and found many popular Internet sites slow or unresponsive. This was due to a multi-pronged attack against Domain Name Service (DNS) provider DynDNS and on Amazon Web Services. Affected sites included Twitter, Spotify, Soundcloud, and many others.
Without getting into too much technical detail, a DDoS attack utilizes thousands of compromised systems to flood a service – in this case Dyn and AWS – with so much traffic that its servers are overwhelmed trying to respond to it. It took Amazon and Dyn a couple of hours to restore normal operations.
The exact cause and ultimate size of Friday’s attack hasn’t been pinpointed yet, but other recent attacks were conducted by compromised Internet-of-Things (IoT) devices – think toasters and refrigerators with built in connectivity. I’ve been amused by the predictions of how IoT will take over the world without any problems when as yet we can’t even effectively manage security on the much smaller number of devices we already use. IoT devices use very simple embedded operating systems – most with minimal security – and many with undocumented embedded backdoor access mechanisms from their manufacturers.
So what can be learned? A couple of things.
First, a reminder. If you are 100% reliant on Cloud services, you have to be prepared for downtime and have a plan for how you’ll respond.
Second, be very careful with IoT devices on your business network. Heck, be careful with them on your home network. Most offer no option to monitor or manage what they are doing or what information they are collecting. If you have IoT devices that you want to leverage at your business, plan to deploy them securely on an isolated network.
Finally, consider updating your employee policies to cover bringing these devices into your organization. This is similar to employees bringing in their own wireless notebooks/tablets/etc., but now there can be many more varieties of devices.
Interested in learning about what the Cloud can cost and how secure it is? Check our Part 2 of my interview with Gillian Burdett on CBS Pulse.
And if you missed Part 1 where I talked about the benefits of Hybrid Cloud deployments, you can find it here.