Attackers focused on COVID-era lifelines such as healthcare, e-commerce, and educational services with complex, high-throughput attacks designed to overwhelm and quickly take them down, Netscout reveals.
“The first half of 2020 witnessed a radical change in DDoS attack methodology to shorter, faster, harder-hitting complex multi-vector attacks that we expect to continue,” stated Richard Hummel, threat intelligence lead, Netscout.
“Adversaries increased attacks against online platforms and services crucial in an increasingly digital world, such as e-commerce, education, financial services, and healthcare. No matter the target, adversary, or tactic used, it remains imperative that defenders and security professionals remain vigilant in these challenging days to protect the critical infrastructure that connects and enables the modern world.”
Record-breaking DDoS attacks at online platforms and services
More than 929,000 DDoS attacks occurred in May, representing the single largest number of attacks ever seen in a month. 4.83 million DDoS attacks occurred in the first half of 2020, a 15% increase. However, DDoS attack frequency jumped 25% during peak pandemic lockdown months (March through June).
Bad actors focused on shorter, more complex attacks
Super-sized 15-plus vector attacks increased 2,851% since 2017, while the average attack duration dropped 51% from the same period last year. Moreover, single-vector attacks fell 43% while attack throughput increased 31%, topping out at 407 Mpps.
The increase in attack complexity and speed, coupled with the decrease in duration, gives security teams less time to defend their organizations from increasingly sophisticated attacks.
Organizations and individuals bear the cost of cyber attacks
To determine the impact that DDoS attacks have on global Internet traffic, the Netscout ATLAS Security Engineering and Response Team (ASERT) developed the DDoS Attack Coefficient (DAC). It represents the amount of DDoS attack traffic traversing the internet in a given region or country during any one-minute period.
If no traffic can be attributed to DDoS, the amount would be zero. DAC identified top regional throughput of 877 Mpps in the Asia Pacific region, and top bandwidth of 2.8 Tbps in EMEA. DAC is important since cybercriminals don’t pay for bandwidth. It demonstrates the “DDoS tax” that every internet-connected organization and individual pays.
BT Security has announced the key partners that it will work with going forward to provide industry-leading managed security services to customers. The decision follows BT’s largest-ever appraisal of its security suppliers, and a comprehensive review of the security vendor ecosystem as a whole.
BT’s decision to refine its security partner base was driven by the recognition that many of its customers find it difficult to navigate today’s complex security landscape.
The huge range of suppliers and products in the market can be bewildering, and lead to the adoption of multiple overlapping systems. This in turn can render security estates difficult to manage, burdened with unnecessary costs and, ultimately, with lower overall levels of protection.
BT Security is reflecting its customers’ desire to reduce complexity by having a leaner set of partners and clearly laying out its view of the best providers for specific security requirements.
The confirmed partners were agreed following a detailed evaluation of their respective capabilities across all security control and threat management technologies. The final selection provides BT’s view of the security market’s leading providers, who will support a harmonized portfolio of solutions to its customers going forward.
Kevin Brown, Managing Director of BT Security, said: “Our new security partner ecosystem showcases the benefits of BT Security as a Managed Security Services Provider. We’re able to use our deep experience and insight of the security ecosystem to help our customers navigate what can be an incredibly confusing market.
“We’re also ensuring that BT Security customers will benefit from working with the best suppliers from across the security industry.”
McAfee, Palo Alto Networks and Fortinet were selected as BT Security’s ‘Critical Partners’. Each of those companies will provide a range of services and products that will be incorporated into BT Security’s global portfolio, as well as providing holistic support to its commercial and operational activities.
BT Security will also work with these partners to develop a roadmap of security solutions which continue to reflect evolving customer demands and integrate the latest developments in security automation.
Lynn Doherty, Executive Vice President of Global Sales and Marketing at McAfee, said: “We’re proud to partner with BT to fight against cybercrime and accelerate new business environments for our customers as they look for more solution integrations, deeper engagement and faster modernization efforts.
“Together through our strategic service provider partners, like BT, McAfee is able to deliver world class security services that enable organizations to evolve their defenses into areas like Secure Access Service Edge (SASE) and Extended Detection and Response (XDR).”
Alex Zinin, VP, Global Service Provider Business at Palo Alto Networks, said: “We’ve been working closely with BT Security for several years to bring innovative cybersecurity solutions to our joint customers.
“We are honored to be selected as one of their critical partners to continue this close collaboration, in recognition of the breadth of our security capabilities across multiple market segments. This comes at a time when it’s never been more essential for communications and security to be closely aligned to help all organisations with staff working remotely.
“We look forward to working together as we strive to make each day safer and more secure than the one before.”
John Maddison, Executive Vice President of Products and Chief Marketing Officer at Fortinet, said: “Digital Innovation is disrupting all industries, markets, and segments, leading to increased risk as cyber threats take advantage of this disruption.
“To protect against known advanced threats as well as unknown sophisticated attacks, Fortinet enables organizations to apply security anywhere and protect all edges – including WAN, cloud, data center, endpoint, identity, and home – while reducing the number of required products to save costs and remove complexity.
“We’re proud to partner with BT Security to help customers address the most critical security challenges and protect data across the entire digital infrastructure.”
Microsoft, IBM and Cisco were all confirmed as ‘Strategic Partners’ for BT Security. This categorization reflects not only their relationship with BT Security, but also their broader activities and remit across the whole of BT.
BT Security also confirmed a further nine ‘Ecosystem Partners’, who will be incorporated into its global portfolio of solutions for customers due to their complementary technology capabilities. These partners are Skybox, Forescout, Zscaler, Check Point, CrowdStrike, Okta, Qualys, Netscout and F5.
Through deeper strategic relationships, BT Security and its partners will work together to provide better customer experience and protection, while those selected partners will also be BT Security’s main collaborators as they look to develop future customer solutions.
BT Security will regularly review the partnerships to monitor the latest vendor developments, while continuing to assess the wider industry for new and emergent security companies and technologies.
NETSCOUT and Oracle help customers gain real-time visibility into risks from apps and digital services
NETSCOUT SYSTEMS announced that it is collaborating with Oracle to help customers gain end-to-end visibility for service assurance and security of mission-critical applications and services across their hybrid cloud infrastructures. NETSCOUT is a Gold level member of the Oracle PartnerNetwork (OPN).
NETSCOUT’s vSTREAM and virtual nGeniusONE are now available from the Oracle Cloud Marketplace, offering Oracle Cloud customers best-in-class application visibility and the ability to leverage authentic information contained in application and network traffic for real-time telemetry.
This “Smart Data” enables I.T. teams to gain consistent visibility and perform monitoring and troubleshooting of their critical services, regardless of the application or underlying infrastructure, with the ability to provide the deep forensics needed for faster and more efficient responses.
Deployable from Oracle Cloud Infrastructure, the nGeniusONE platform uses ISNG software, appliances, and vSTREAM agents, to provide proactive service assurance by identifying developing service delivery problems across any hybrid cloud environment. It analyzes network and application traffic to deliver end-to-end visibility into the availability and performance of applications, networks, service enablers, and end-users.
The Oracle Cloud Marketplace is a one-stop-shop for Oracle customers seeking trusted business applications and service providers offering unique business solutions, including ones that extend Oracle Cloud Applications.
Oracle Cloud is a Generation 2 enterprise cloud that delivers massive, non-variable performance and next-generation security across a comprehensive portfolio of services including SaaS, application development, application hosting, and business analytics.
Customers get access to leading compute, storage, data management, integration, security, HPC, artificial intelligence (AI), and Blockchain services to augment and modernize their critical workloads. Oracle Cloud runs Oracle Autonomous Database, the industry’s first and only self-driving database.
“Digital transformation has new meaning and urgency in today’s reality,” stated Tom Raimondi, Jr., chief marketing officer, NETSCOUT. “Our relationship with Oracle provides customers borderless visibility into their network — from the core to the edge — as they migrate from on-prem to the cloud.”
While organizations require more automated application and network performance monitoring, which is imperative for successful deployments of critical business services, they currently rely on dozens of tools that aren’t integrated. This flaw results in visibility and operational gaps that open the delivery of applications and business services to increased risk.
“The cloud represents a huge opportunity for our partner community,” said David Hicks, vice-president, Worldwide ISV Cloud Business Development, Oracle.
“NETSCOUT’s commitment to innovation with the Oracle Cloud and its ability to help our mutual customers gain real-time visibility into risks from applications and digital services provides a significant operational benefit.”
RSA Conference 2020 is underway at the Moscone Center in San Francisco. Check out our microsite for the conference for all the most important news.
Here are a few photos from the event, featured vendors and organizations include: Shujinko, Build38, Styra, TrueFort, Menlo Security, NETSCOUT | Arbor, SkySync, NIST Cybersecurity, Centrify, Teramind.
Netscout released the findings of its Threat Intelligence Report for the second half of 2019, which also incorporates insights from its 15th Annual Worldwide Infrastructure Security Report (WISR) survey.
The report underscores the proliferation of risks faced by global enterprises and service providers. These organizations must now not only defend IT infrastructures, but also manage risks caused by increased DDoS attacks on customer-facing services and applications, mobile networks, and unsecured IoT devices.
“We’ve uncovered some disturbing statistics,” stated Hardik Modi, AVP, engineering, threat and mitigation products, Netscout. “By weaponizing new attack vectors, leveraging mobile hotspots, and targeting compromised endpoint IoT devices, attackers are increasingly finding ways to infiltrate our internet-connected world. They are getting more sophisticated by using a minuscule portion of the available vulnerable devices to carry out a successful attack. The largest OpenVPN DDoS attack we observed used less than one percent of the available reflectors connected to the internet. Botmasters are waiting in the wings, since the risk will only increase in 2020 when an estimated 20.4 billion more devices are connected to the internet.”
Key findings from the report
- Attackers weaponized seven new UDP reflection/amplification vectors and combined variations of existing well-known attack vectors to launch pinpoint-focused DDoS attacks.
- Carpet-bombing tactics increased vertical sector attack activity; satellite telecommunications witnessed a 295% increase in attacks.
- Adversaries discovered how to use advanced reconnaissance to target client services at well-protected targets like ISPs and financial institutions to amplify attacks against specific enterprises and network operators.
- Wireless communications companies experienced a 64% increase in DDoS attack frequency from 2H 2018 to 2H 2019, mainly due to the increased tendency of gamers to use their phone services as wireless hotspots, as well as the popularity of gaming on mobile devices with 4G or LTE connectivity.
- Mirai-based variants dominated the second half of 2019 with a 57% increase targeting 17 system architectures; ASERT honeypots reflect this growth with an 87% increase in the number of exploit attempts.
- Service provider respondents to the WISR reported a 52% increase in DDoS attacks on publicly exposed service infrastructures compared to 38% the previous year.
NETSCOUT enables streamline monitoring and reduces risk through greater visibility across the network
NETSCOUT, a leading provider of service assurance, security, and business analytics, announced the availability of its 7000 series nGenius Packet Flow Switches (PFS 7000 Series), nGenius Decryption Appliance (nDA), NETSCOUT External PowerSafe Tap (EPT) and PFS Monitor, which enable unified security and visibility to address the growing need for simplified data center security management.
“As bad actors hijack weaker encryption or piggyback on legitimate SSL sessions, NetOps and SecOps teams need greater visibility into events happening across different systems and domains,” stated Richard Kenedi, president, Core Markets Business Unit, NETSCOUT.
“These products enable streamline monitoring and reduce risk through greater visibility across the network.”
NETSCOUT introduced the industry’s first Open Compute Platform (OCP) based packet brokers with the 5000 Series nGenius Packet Flow Switches (PFS 5000) to address service assurance use cases.
PFS 5000 packet brokers reshaped the telemetry market by enabling pervasive visibility across enterprise and service provider networks with the lowest total cost of ownership.
With the introduction of the PFS 7000 Series, NETSCOUT is extending the OCP value proposition for security use cases supporting active and passive mode of operation with uninterrupted operations.
SSL/TLS has become the dominant encryption protocol in the enterprise LAN and WAN, as well as throughout most service provider networks. The new nGenius nDA enables inspection of SSL/TLS encrypted traffic for use by passive or active security and service assurance tools without reducing performance.
Deployed as a transparent in-line bump-in-the-wire device, it can be used in Layer 2 or 3 environments. It can also be deployed as a passive out-of-band appliance to decrypt and feed traffic to passively attached service assurance and security tools.
When combined with PFSs, service chains comprised of multiple in-line and passive tools can also be created.
PFS Monitor provides real-time visibility and a statistics dashboard for PFS fabric health. In combination with NETSCOUT nGeniusONE, the PFS Monitor eliminates finger pointing between the PFS fabric and tools teams, delivering faster resolution of configuration and scalability problems.
NETSCOUT, a market leader in service assurance, security, and business analytics, announced Arbor Sightline with Sentinel to deliver the next generation of DDoS visibility and protection for service providers and large enterprises.
Combining core ARBOR NETWORKS and NETSCOUT Layer 7 technologies with intelligent analytics, machine learning, and automation, Sightline with Sentinel integrates network infrastructure defense functions into an orchestrated capability that delivers unparalleled protection for network, customer, and application services at a lower cost.
“As networks evolve, operators are looking to mitigate DDoS attacks at the network’s edge with speed and accuracy,” stated Jeff Wilson, research director and advisor, cybersecurity technology, IHS Markit (now part of Informa Tech).
“They’re challenged by the growth of IoT-enabled botnets, and the unknowns brought about by technologies like 5G, which make planning DDoS mitigation for the near future very difficult. They need always-on, automated solutions that offer Layer 7 visibility and protection so they can roll out new services to their customers across networks.”
“A majority of the world’s internet service providers, along with data center operators and large network operators, rely on NETSCOUT Arbor solutions for advanced DDoS protection,” said Tom Lyons, vice president of product management, NETSCOUT.
“Sightline with Sentinel significantly builds upon NETSCOUT’s Smart Data technology, which uses its patented Adaptive Service Intelligence (ASI) technology leveraging Layer 7 visibility and intelligent analytics to deliver smart visibility and detection that identifies application-layer threats at Terabit scale.
“NETSCOUT is the first to deliver inter-provider signaling to give ISPs and large network operators the means to coordinate their attack response. Also, Sightline with Sentinel provides orchestrated mitigation that allows the network to play an active role as a defense shield to block threats closer to the network’s edge, enabling next-generation always-on, value-added services.”
ISPs need visibility at the network, application, and services layers to optimize network utilization and cost, and to maximize value-added service revenue.
Sightline with Sentinel leverages NETSCOUT Smart Data to provide service- and application-layer visibility, augmenting flow data to deliver additional insight and enabling OTT service analysis and content delivery optimization across complex, high-scale networks.
Using Layer 7 visibility, Sightline with Sentinel will provide ISPs with a deep understanding of the services their customers use, as well as allow them to detect a broader range of application-layer threats to enable a new breed of visibility and security value-added services.
Through inter-provider signaling, Sightline with Sentinel ushers in a new era of DDoS defense by sharing attack data with seamless coordination of attack responses between ISPs and large network operators regionally and across the globe.
The new inter-provider signaling function allows these network operators to share their attack data and proactively coordinate defense against DDoS attacks, stopping them nearer to their source.
Sightline with Sentinel uses smart visibility to drive new intelligent automated analytics and mitigation functions, inside and outside of the network, to reduce the cost of managing DDoS attacks.
Sightline with Sentinel understands the capabilities of routers within a multi-vendor infrastructure and uses these capabilities – in combination with the Arbor Threat Mitigation System (TMS) – to mitigate any attack, regardless of size and complexity.
Sightline with Sentinel is the only product that can provide smart protection, combining all available infrastructure capabilities and delivering detailed reporting on all dropped traffic, even that dropped by BGP Flowspec within network routers and switches.
NETSCOUT’s nGeniusPULSE now enables testing of network and app availability and performance over Wi-Fi
NETSCOUT SYSTEMS, a market leader in service assurance, security, and business analytics, announced that it has introduced new capabilities to NETSCOUT’s nGeniusPULSE that enable testing of network and application availability and performance over Wi-Fi connections and business transaction testing (BTT) that test performance within an application.
These capabilities improve visibility of the end-user experience regardless of where end-users are located, such as remote offices, retail stores, or sporting and entertainment events.
These additions help IT professionals to uncover, isolate, and help resolve application and network performance issues within a wired or Wi-Fi environment. With earlier domain identification, IT can reduce mean-time-to-resolve to improve the user experience across any cloud or hybrid environment.
“IT Directors and network managers are looking for a competitive edge when it comes to early issue detection that might impact an end-user’s ability to access the network or critical applications over Wi-Fi from remote offices or headquarters to private data centers or cloud, SaaS, or co-lo,” stated Daryle DeBalski, vice president and general manager, new markets business unit, NETSCOUT.
“NETSCOUT’s holistic approach includes the nGeniusONE™ platform with in-depth, passive packet-based monitoring combined with nGeniusPULSE’s always-on active testing and infrastructure monitoring, to provide customers with end-to-end visibility for better service assurance at any user location.”
nGeniusPULSE offers critical visibility from virtually anywhere – even when users are not on the network – with synthetic testing over wired or Wi-Fi networks to monitor SaaS, cloud-hosted, or on-prem applications, and Voice over Internet Protocol (VoIP) services to identify current and potential connectivity and performance problems.
By simulating users’ actions through configurable scripts for performance testing of key applications from log-in to log-out, IT professionals can produce reports of cloud and SaaS services that can be shared with providers to help ensure high-availability and high-quality delivery of these applications.
Through built-in integrations with nGeniusONE, nGeniusPULSE also helps monitor infrastructure health while streamlining workflows and reducing complexity.
Privacy concerns will ratchet up further around IoT and 5G. Even if the industry manages to secure the billions of IoT devices already deployed, they permeate so many aspects of life that it will be nearly impossible to keep personal and private information out of the public domain.
The rollout of 5G will further accelerate the proliferation of IoT technology as manufacturers rush to produce low-cost devices with integrated connectivity. All Mobile Network Operators (MNOs) are keen to adopt 5G, with IoT and Enterprise services being primary drivers, providing operators with access to new revenue opportunities from new services and applications.
The proliferation of private data in the public domain will expand hackers’ capabilities. Social engineering is the most effective method cybercriminals use to breach secure systems. They know consumers will continue to connect more devices in their homes, offices, and cars, not to mention public spaces, allowing them to create a more complete picture of a person’s activities, locations, likes and dislikes.
Even when these gadgets use encryption to transfer data, the backend systems with which they communicate may have their own flaws. And, even anonymized data can be used to infer a lot when cross-correlated. The Princeton University IoT Research Project had this to say about the phenomenon:
“Let’s say you have a Roku TV and that you are live-streaming the Bloomberg Channel without interacting with the TV otherwise. Do you know that the Bloomberg Channel could be communicating with 13 different advertising and tracking servers in the background? Or let’s say you have a smart Geeni light bulb. Are you aware that it could be communicating with a Chinese company every 30 seconds even while you are not using the bulb?”
One might recall the loyalty card craze of the 80s which spurred the IT storage market and opened the door to the broad adoption of data science technologies. Customers began to feel more and more uneasy about the level of detail companies were tracking and able to infer about them. IoT may take this to a whole new level.
Smart connected devices are making the idea of Big Brother much more real; businesses can know what time their customers wake up in the morning, when they brush their teeth, when they put the baby to sleep, when they vacuum the living room, and what they watch on TV.
Customers might not feel violated today, but all this data could come back to haunt them in the future as more and more complete models of our lifestyles are built and used within algorithms that could make decisions that profoundly affect us e.g. banks could deny loans, insurance companies could increase their premiums.
The data that represents our interactions with the connected world is undoubtedly valuable, and regulatory frameworks rightly exist to ensure it is used responsibly and stored / transferred securely; however, the speed of innovation and the range of information are changing the game. The time is now to design systems with visibility, transparency, and security integrated from the start.
Slowly but surely, 5G digital cellular networks are being set up around the world. It will take years for widespread coverage and use to be achieved, so what better time than now for finding a way to ease into it while keeping security in mind? Opportunity comes with risks “Without a doubt 5G opens up a whole new world of opportunities for services that take advantage of the higher speeds and lower latencies that 5G … More