1.888.900.DRIZ (3749)
The Driz Group
  • Managed Services
    • SME CyberShield
    • Web Application Security >
      • Schedule WAF Demo
    • Virtual CISO
    • Compliance >
      • SOC1 & SOC2
      • GDPR
    • Third-Party Risk Management
    • Vulnerability Assessment >
      • Free Vulnerability Assessment
  • About us
    • Testimonials
    • Meet The Team
    • Resources
    • In the news
    • Careers
    • Subsidiaries
  • Contact
    • Newsletter
  • How WAF Works
  • Blog
  • Managed Services
    • SME CyberShield
    • Web Application Security >
      • Schedule WAF Demo
    • Virtual CISO
    • Compliance >
      • SOC1 & SOC2
      • GDPR
    • Third-Party Risk Management
    • Vulnerability Assessment >
      • Free Vulnerability Assessment
  • About us
    • Testimonials
    • Meet The Team
    • Resources
    • In the news
    • Careers
    • Subsidiaries
  • Contact
    • Newsletter
  • How WAF Works
  • Blog

Cybersecurity Blog

Thought leadership. Threat analysis. Cybersecurity news and alerts.

4/28/2020

0 Comments

Web Shell Malware Facilitates Cybercriminals' Access to Victims’ Networks, New Report Shows

 
web shell malware

Web Shell Malware Facilitates Cybercriminals' Access to Victims’ Networks, New Report Shows

A recent report from the national security agencies in Australia and the US showed that cybercriminals are increasingly using web shell malware to access victims’ networks.

In a joint advisory, Australia’s national security agency, the Australian Signals Directorate (ASD), and its counterpart in the US, the National Security Agency (NSA) said that cybercriminals have increased the use of web shell malware for computer network exploitation.

"Web shell malware can facilitate cyber attackers' access to a network where they are able to execute arbitrary system commands, enumerate system information, steal data, install additional malicious software or use the infected server to pivot further into the network," the ASD said in a separate statement. The NSA, meanwhile, said in a separate statement, “Malicious cyber actors have increasingly leveraged web shells to gain or maintain access on victim networks.” 

What Is Web Shell Malware?

Web shell malware is a type of malicious software that’s deployed by an attacker on a compromised web server – referring to a software to which web browsers connect to run web applications. A web application, meanwhile, refers to a set of code written to perform certain action or actions on a web server and display the result to a web browser.

An example of a web shell malware is China Chopper, a malware that allows attackers to execute various commands on the server, including dropping other malware. First found in the wild in 2012, this web shell malware uses a simple and short code that can be deployed on the target web server by simply typing it with no file transfer needed. Due to the malware’s simple code and ease of use, security researchers have difficulty in connecting this malware to any particular threat actor or group.

Preventive and Mitigating Measures Against Web Shell Malware?

The national security agencies in Australia and the US recommend the following preventive and mitigating measures against web shell malware:

1. Web Application Update

Web shell malware is often created by making changes to a file in a legitimate web application. Attackers are able to make malicious changes to legitimate web applications due to the failure of the users’ to apply in timely manner patches to known security vulnerabilities in web applications.

According to the national security agencies in Australia and the US, web application updates need to be prioritized as attackers sometimes target vulnerabilities in internet-facing and internal web applications within 24 hours of a patch release.

2. Early Detection Methods

Web shell malware is hard to detect using typical detection methods as malware creators hide their creation using encryption and obfuscation. “Known-Good” comparison and monitoring anomalous network traffic are some of the suggested measures.

In known-good comparison, a verified version of a web application is compared to your organization’s on-hand version of the web application. Discrepancies between the verified version and the on-hand version need to be manually reviewed.

Depending on the attacker, any of the following could be indicators of anomalous network traffic resulting from web shell malware: unusually large responses (an indicator of data exfiltration), recurring off-peak access times typically during non-working hours, and request from unlikely geographical location (an indicator of a foreign threat actor).

3. Harden Web Application Permissions

According to the national security agencies in Australia and the US, web applications shouldn’t have permission to write directly to a web accessible directory or modify web accessible code. The national security agencies said that malicious actors are unable to upload a web shell to a vulnerable web application if the web server blocks access to the web accessible directory.

In February of this year, Microsoft reported that attackers uploaded a web shell in multiple folders on the web server owned by an organization in the public sector. "DART’s [Microsoft’s Detection and Response Team] investigation showed that the attackers uploaded a web shell in multiple folders on the web server, leading to the subsequent compromise of service accounts and domain admin accounts,” Microsoft said. “This allowed the attackers to perform reconnaissance using net.exe, scan for additional target systems using nbtstat.exe, and eventually move laterally using PsExec.”

4. Use Intrusion Prevention

The use of Web Application Firewall (WAF) adds an extra layer of defence for web applications by blocking some known attacks. Attackers, however, have been known to evade this signature-based blocking, as such, this approach should only be part of the whole cybersecurity measures. WAF has also been known to block the initial compromise but is unlikely to detect web shell traffic.

5. Network Segmentation

Network segmentation refers to the practice of dividing a network into sub-networks. This practice ensures that in case a particular sub-network is compromised by attackers, the other sub-networks won’t be affected.

For instance, it’s important to put in place in one sub-network internet-facing servers. The practice of network segmentation blocks web shell propagation by preventing connections to other sub-networks. “While web shells could still affect a targeted server, network segmentation prevents attackers from chaining web shells to reach deeper into an organization’s network,” the national security agencies in Australia and the US said.

6. Harden Web Servers

Securing the configuration of your organization’s web servers can prevent the deployment of web shell malware. As additional measures to harden web servers, the national security agencies in Australia and the US recommend that access to unused ports or services should be blocked, and routine vulnerability scanning should be conducted to identify unknown weaknesses in an environment.

0 Comments

4/20/2020

0 Comments

When Patching Isn’t Enough

 
when patching isn't enough

When Patching Isn’t Enough

While patching is one of cybersecurity’s best practices, in some cases, this best practice isn’t enough to protect your organization’s network. Such is the case of patching your organization’s Pulse Secure VPN product.

Pulse Secure VPN Patch

On April 24, 2019, VPN vendor Pulse Secure released software updates, also known as patches, addressing multiple security vulnerabilities, including a patch for the security vulnerability designated as CVE-2019-11510. This security vulnerability allows an unauthenticated remote attacker with network access via HTTPS to send a specially crafted URI to perform an arbitrary file reading vulnerability.

Because of the CVE-2019-11510 vulnerability, an attacker will then be able to view files, such as plain text cache of credentials of past VPN users. Armed with stolen credentials, an attacker can pretend to be a legitimate Pulse Secure VPN user. The following are the affected Pulse Secure VPN versions:

  • Pulse Connect Secure 9.0R1 - 9.0R3.3
  • Pulse Connect Secure 8.3R1 - 8.3R7
  • Pulse Connect Secure 8.2R1 - 8.2R12
  • Pulse Connect Secure 8.1R1 - 8.1R15
  • Pulse Policy Secure 9.0R1 - 9.0R3.1
  • Pulse Policy Secure 5.4R1 - 5.4R7
  • Pulse Policy Secure 5.3R1 - 5.3R12
  • Pulse Policy Secure 5.2R1 - 5.2R12
  • Pulse Policy Secure 5.1R1 - 5.1R15

Following the release of Pulse Secure security updates, Cyber Security Centers in several countries, including Canada, US and Japan have issued alerts calling local organizations to apply in a timely manner the security updates released by Pulse Secure, including the patch for CVE-2019-11510.

Post Pulse Secure VPN Patching Exploitation

The United States’ Cybersecurity and Infrastructure Security Agency (CISA) recently issued a follow-up alert, warning organizations that those that applied the April 24, 2019 Pulse Secure VPN update could still face continued threat actor exploitation post Pulse Secure VPN patching. According to CISA, as the security vulnerability CVE-2019-11510 allows attackers to steal victim organizations’ credentials, failing to change those stolen credentials allows an attacker to move laterally through the organization’s network even after the organization has patched this vulnerability.

CISA reported it observed threat actors used connection proxies, such as Tor infrastructure and virtual private servers (VPSs), to lessen the chance of detection when they connected to victims’ networks via Pulse Secure VPN. The US Cybersecurity Agency found that once inside the victims’ networks, threat actors conducted the following malicious activities:

  • Creating persistence via scheduled tasks/remote access trojans
  • Amassing files for exfiltration
  • Executing ransomware on the victim’s network environment

CISA added that, in one case, it observed a malicious actor attempting to sell the stolen Pulse Secure VPN credentials after 30 unsuccessful attempts to connect to a victim’s network to escalate privileges and drop ransomware. CISA also noted that this same malicious actor successfully dropped ransomware at hospitals and U.S. Government entities.

CISA further reported that malicious actors that leveraged stolen Pulse Secure VPN credentials used tools such as LogMeIn and TeamViewer. LogMeIn is a software that allows users to remotely access another computer. TeamViewer, meanwhile, is an all-in-one solution for remote support, remote access and online meetings. According to CISA, LogMeIn and TeamViewer enable malicious actors to maintain access to the victim’s network environment if they lost their primary connection, that is, via VPN access.

Preventive and Mitigating Measures Against Post Pulse Secure VPN Patching Exploitation

As many organizations encourage employees to work from home as a result of the current COVID-19 crisis, the use of VPN products has been increasing. It’s important to secure this communication line between remote workers and your organization.

Patching, from the word “patch”, is a set of changes to the source code of a software program for the purpose of fixing a known security vulnerability or to improve it.

While patching is still one of the top cybersecurity best practices, this practice alone isn’t enough especially when the exploited security vulnerability involves stolen authentication credentials. According to the US Cybersecurity Agency, organizations that have applied patches for CVE-2019-11510 may still be at risk for exploitation from compromises that occurred pre-patch.

Below are the suggested detection methods by the US Cybersecurity Agency to find out if your organization had been targeted before applying the Pulse Secure VPN patch.

  • Turn on unauthenticated log requests.
  • Check logs for exploit attempts. To detect exploit attempts, look in the logs for strings such as ../../../data.
  • Manually review logs for unauthorized sessions, in particular, sessions originating from unexpected geo-locations.
  • Run CISA’s detection tool – a tool that’s available on CISA’s GitHub page. This tool allows system administrators to triage logs (provided authenticated request logging is turned on) and automatically search for CVE-2019-11510 exploitation.

The following are the additional suggested mitigating measures against post Pulse Secure VPN patching exploitation:

  • Look for software programs installed without authorization.
  • Remove software programs, especially those that allow remote access not approved by your organization.
  • Remove any remote access trojans – malicious software that disguised as legitimate software.
  • Check scheduled tasks for scripts or executables that could allow an attacker to connect to your organization’s work stations or servers.

“If organizations find evidence of malicious, suspicious, or anomalous activity or files, they should consider reimaging the workstation or server and redeploying back into the environment,” the US Cybersecurity Agency said.

0 Comments

4/13/2020

0 Comments

Vulnerable Remote Working Technologies to Watch Out

 
vulnerable remote working technologies

Vulnerable Remote Working Technologies to Watch Out

Mass workforce working remotely has come way too soon as a result of the COVID-19 social distancing restrictions. This sudden shift, however, gives many organizations little time to prepare.

Vulnerable Remote Working Technologies

Below are some vulnerable remote working technologies to watch out as these vulnerabilities could allow cybercriminals to gain a foothold within your organization’s network:

VPN Vulnerabilities

VPN, short for virtual private network, is particularly aimed at remote workers and workers in branch offices to access corporate networks in a secure and private manner.

In 2019, security researchers have found and disclosed several security vulnerabilities in several VPN products. While vendors of these vulnerable VPN products, within a certain period of time, released security updates – also known as patches – fixing these disclosed security vulnerabilities, some users have delayed applying these patches resulting in the active exploitation of the disclosed security vulnerabilities.

Here are examples of VPN security vulnerabilities that have been actively exploited in the wild by cyberattackers:

- CVE-2018-13382: A security vulnerability in Fortinet Fortigate VPN that could allow an unauthenticated user to change the VPN user passwords.

- CVE-2019-1579: A vulnerability in the Palo Alto GlobalProtect VPN that could allow a remote, unauthenticated actor to execute arbitrary code on the VPN server.

- CVE-2019-11510: Multiple security vulnerabilities in the Pulse Connect Secure and Pulse Policy Secure products that could allow a remote, unauthenticated actor to view cached plaintext user passwords and other sensitive information.

- CVE-2019-19781: A security vulnerability in Citrix Gateway virtual private network servers that could allow an attacker to remotely execute code without needing a login.

-VPN 2-Factor Authentication Bypass

Researchers at Fox-IT reported that a threat actor was able to gain VPN access to a victim’s network that was protected by 2-factor authentication (2FA).

“An interesting observation in one of Fox-IT’s incident response cases was that the actor steals a softtoken for RSA SecurID, which is typically generated on a separate device, such as a hardware token or mobile phone,” researchers at Fox-IT said. “In this specific case, however, victims using the software could also use a software-based token to generate 2-factor codes on their laptop. This usage scenario opens up multiple possibilities for an attacker with access to a victim’s laptop to retrieve 2-factor codes used to connect to a VPN server.”

Vulnerable Remote Working Apps

The COVID-19 crisis has turned the video-teleconferencing app a must-have. This technology allows employers and employees in different geographical locations to conduct meetings in real-time by using simultaneous audio and video transmission.

Amidst the COVID-19 crisis, the video-teleconferencing app called “Zoom” has come into the limelight, not just because of the growing number of users but because of the security threats that slowly come to light.

On March 23, 2020, security researcher known only as @_g0dmode on Twitter disclosed a security vulnerability in Zoom’s video-teleconferencing app. "#Zoom chat allows you to post links such as \\x.x.x.x\xyz to attempt to capture Net-NTLM hashes if clicked by other users," @_g0dmode said. Security researcher Matthew Hickey expounded @_g0dmode’s discovery saying that Zoom’s video-teleconferencing app can be used to steal Windows credentials of users.

RDP Vulnerabilities

Vulnerabilities in Remote Desktop Protocol (RDP) – a network communications protocol developed by Microsoft that provides remote access over port 3389 – have recently been disclosed by Microsoft.

-CVE-2019-0708: Dubbed as “Bluekeep”, this vulnerability allows an unauthenticated attacker to connect to the target system using RDP and send specially crafted requests.

- CVE-2020-0609 and CVE-2020-0610: Collectively dubbed as “BlueGate”, this vulnerability similarly allows an unauthenticated attacker to connect to the target system using RDP and sends specially crafted requests.

According to Microsoft, Bluekeep and BlueGate are pre-authentication vulnerabilities and require no user interaction. Microsoft described Bluekeep and BlueGate in the same way: “An attacker who successfully exploited this vulnerability could execute arbitrary code on the target system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.”

Cybersecurity Best Practices

The above-mentioned security vulnerabilities on their own could allow malicious actors to gain access to your organization’s networks, for instance, through ransomware lockdown. Allowing remote workers to access your organization’s networks creates a much larger attack surface for cybercriminals.

Here are some cybersecurity best practices to keep your organization’s networks and your organization’s remote workers safe online:

Keep All Software Up to Date

All the above-mentioned security vulnerabilities have available patches. Apply these patches in a timely manner to keep your organization’s networks and remote workers safe online.

Be Mindful of How Your Organization’s Data Is Handled

In early April of this year, researchers at the University of Toronto reported that Zoom – a Silicon Valley-based company that owns 3 companies in China through which nearly 700 employees are paid to develop the app – used an encryption method that isn’t recommended as “patterns present in the plaintext are preserved during encryption”. The researchers also found that some of Zoom’s video-teleconferencing traffic was being routed through China even though all participants of the video-teleconference were in North America.

Zoom, for its part, said in a statement that the routing of some of Zoom’s video-teleconferencing traffic was a mistake and apologized for the said incident.

Stay safe!

0 Comments

4/7/2020

0 Comments

7 Pillars of Cloud Data Governance

 
cloud data governance

7 Pillars of Cloud Data Governance

Cloud computing is fast becoming the norm. Even before COVID-19 forced countless businesses to switch to a remote structure and allow employees to work from home via cloud-based software, more than 70 percent of Canadian companies had migrated to the cloud.

While cloud computing offers a wealth of benefits (scalability, vast storage, task automation, remote accessibility, etc.), data security is a key risk organizations must consider.

This is where cloud data governance comes in.

What is Data Governance?

Data governance helps businesses to take tighter control of information related to its own operations, customers, finances, and strategies. Poor management can leave data in the wrong hands and allow unauthorized users to take advantage of weaknesses, such as gaining access to your accounts, supplying competitors with corporate secrets, and exploiting customers.

Effective data governance lets companies leverage information to make smarter decisions, understand target audiences, identify potential security vulnerabilities, and measure overall performance. Gathering data and analyzing it properly can help businesses manage their finances, supply chains, and production processes effectively over time.

Establishing a proper data governance framework encourages teams to treat data responsibly and follow processes that prevent breaches. Data will be created, stored, and deleted according to strict guidelines. This ensures organizations comply with regulations (such as GDPR) and minimize oversights that could cause severe reputational damage.

Without data governance, companies may lose track of which data has been gathered, where it is stored, which steps are required for compliance, and more.

In short: with so much critical data now stored and analyzed in the cloud, data governance is essential for security and efficiency.

7 Pillars of Cloud Data Governance

When putting a cloud data governance framework in place, organizations must consider the following factors as fundamental pillars:

1. Define your goals and motivations

First and foremost: identify those concerns and goals motivating your business to implement a data governance strategy.

This can vary from one company to another. Security may be a core concern prompting your organization to take cloud data governance seriously, particularly with more than 28 million Canadians affected by a data breach within just 12 months.

Hackers continue to leverage increasingly sophisticated techniques to gain unauthorized access to systems, and businesses’ cybersecurity defenses must be reinforced to mitigate dangers. If security is a main driver, companies should explore how they’re at risk and the ways in which data governance reduces them.

Whatever the main drivers, they have to be clarified and discussed to justify the level of investment channeled into effective data governance. This establishes fixed goals that can drive quality decision-making from the start.

2. Establish clear roles within your team

Accountability is vital in building a cloud data governance framework. Certain individuals should be responsible for specific data assets (such as customer records) and have the knowledge to make decisions concerning utilization.

These ‘data owners’ should be chosen carefully based on their familiarity with the entities and their purpose, such as the team/person most likely to recognize an issue with the relevant data.

Data owners must be able to understand a data asset’s function and value within the business. They need the authority to greenlight actions, such as cleansing or improving the application of relevant data.

3. Bring key stakeholders up to date

Internal and external stakeholders should be aware of the current and planned status of data governance. Implementing a framework must be a well-planned, well-informed process, in which all key personnel understand why, how, and when changes are taking place.

All stakeholder needs must be considered when putting cloud data governance into effect. This includes shareholders, third-party vendors, business partners, and customers — improper collection, storage, and utilization of data in the cloud can have profound effects on them all.

4. Determine critical data elements

Critical data elements (CDEs) are classified as data which is essential for success in one or more areas of business. CDEs might contain personal information that must be protected to ensure compliance with privacy laws, such as that relating to a customer, supplier, or a product’s manufacturing process.

If any of these were to be compromised, business operations and quality could be put at risk. As a result, critical data elements should be determined when setting a cloud data governance framework in place, to keep them secure and managed properly to make the most of the information available.

5. Choose the most valuable metrics for performance tracking

Certain metrics can be utilized to measure the performance and value of data governance over time.

These may include cost reduction, data accuracy, the number of times data has to be updated to address issues, timeliness of data, and more. Monitor your chosen metrics consistently to identify potential improvement opportunities.

6. Pick your tools and technologies wisely

The right tools help to make effective data governance easier. They cultivate stronger decision-making, data management, and data quality, while automating smaller tasks for more time-efficient processes.

Popular data governance tools include Talend, Collibra, IBM, and IO-TAHOE. Choose your tools and technologies carefully to make sure they align with your business goals, processes, expectations, and budget. Again: don’t rush into a decision. Good data governance is too valuable to underestimate.

7. Keep your team educated and updated

It’s crucial that all employees and stakeholders stay updated on the value of effective cloud data governance. Regular training should be delivered in accessible programs, covering procedures, policies, data owners, technologies, and crisis responses.

This reduces the risk of mistakes or oversights caused by educational blind spots. When you first start building your data governance framework, try to identify the current level of awareness and put training programs which align with this in place.

Cloud data governance is fundamental for any company switching to cloud-based technologies. Cybersecurity and compliance are two of the most important elements to consider when putting a framework in place: errors in either can lead to serious problems with the potential to disrupt operations significantly.

To discuss our data governance, third-party risk management, compliance, and vulnerability management services, just get in touch today!

0 Comments

4/6/2020

0 Comments

Cybercriminals Take Advantage of the COVID-19 Crisis by Launching DDoS Attacks

 
covid19 ddos attacks

Cybercriminals Take Advantage of the COVID-19 Crisis by Launching DDoS Attacks

As a significant number of people have shifted to working remotely from home in light of the COVID-19 pandemic, cybercriminals are taking advantage of the current crisis by launching distributed denial-of-service (DDoS) attacks.

What Is DDoS Attack?

DDoS, short for distributed denial-of-service, is a type of cyberattack by which an attacker hijacks vulnerable computers and controls these hijacked computers as a “botnet” – a group of hijacked computers controlled by an attacker to perform malicious activities such as DDoS attacks.

DDoS enables attackers to launch more attack power on a target such as a particular website, driving more traffic to this targeted website and rendering this target unable to serve its legitimate users. DDoS attacks nowadays can be launched by low skilled attackers as botnets aimed for DDoS attackers are being rented out as “attack-for-hire” services, making this type of crime readily available and relatively cheap.

DDoS attack-for-hire services and the mere fact that those that launch the actual attacks are hijacked computers make attribution of the real source of the DDoS attack difficult to identify.

DDoS Attacks During the COVID-19 Pandemic

As of April 4, 2020, the Canadian Government reported 13,882 confirmed COVID-19 cases and 231 confirmed deaths in Canada. Globally, as of April 5, 2020, the World Health Organization (WHO) reported 1,093,349 confirmed COVID-19 cases and 58,620 confirmed deaths worldwide.

The COVID-19 pandemic, which resulted in the lockdown or quarantine of nearly a billion people worldwide, gave way to the unprecedented number of people shifting to working remotely from home. This global crisis requires everyone to step up in terms of cybersecurity as attackers have seemed to be stepping up in exploiting the crisis.

DDoS attackers collectively exploit the growing need of businesses to serve their customers online. In the foreword of the paper "Catching the virus cybercrime, disinformation and the COVID-19 pandemic", Catherine De Bolle, Executive Director of the European Union Agency for Law Enforcement Cooperation, better known under the name Europol, said: "This pandemic brings out the best but unfortunately also the worst in humanity. With a huge number of people teleworking from home, often with outdated security systems, cybercriminals prey on the opportunity to take advantage of this surreal situation and focus even more on cybercriminal activities.”

The Europol reported that since the outbreak of the COVID-19 pandemic, there has been a slight increase in DDoS attacks. The report added that it’s expected that there will be an increase in the number of DDoS attacks in the short to medium term. “Due to a significant increase in the number of people working remotely from home, bandwidth has been pushed to the limit, which allows perpetrators to run ‘extortion campaigns’ against organisations and critical services and functions,” the Europol said.

Last March 19, Jitse Groen, Founder and CEO of Takeaway.com, shared a screencap via Twitter a message from the DDoS attacker or attackers. The attackers demand from Groen 2 bitcoins (valued nearly 14,000 USD as of April 5, 2020).

Groen’s company Takeaway.com is one of Europe’s leading online food delivery marketplace, connecting consumers and restaurants in different European countries. The attackers told Groen that one of his company’s websites was under DDoS attack and the attackers threatened to attack another company website.

In another part of the globe, last March 15, DDoS attackers attempted to launch an attack on the U.S. Department of Health and Human Services (HHS) website using an undisclosed flood of DDoS traffic. “On Sunday, we became aware of a significant increase in activity on HHS cyber infrastructure and are fully operational as we actively investigate the matter,” HHS spokeswoman Caitlin Oakley said in a statement.

Officials told Bloomberg that the campaign of disruption on HHS’s website was part of a campaign of disinformation that was aimed at undermining the response of the U.S. Government to the COVID-19 pandemic. The HHS website is one of the go-to places for US citizens looking for health information, including official announcements and links to COVID-19 updates from the Centers for Disease Control and Prevention (CDC).

How to Protect Your Organization’s Website from DDoS Attacks

In a DDoS attack, two vulnerabilities are exploited by attackers: vulnerable computers hijacked for botnets and vulnerable websites.

Vulnerable computer systems, including IoT devices such as routers, often don’t have sound security postures, making them easy prey for DDoS attackers. These IoT devices come with default username and password combinations that are never changed by users, making them vulnerable to be exploited as part of a botnet for DDoS attacks.

By using IoT products’ default username and password combinations, a DDoS attacker can easily hijack hundreds of thousands of these IoT devices, all along without the knowledge of the owners of the IoT devices. To prevent your organization from being part of the bigger DDoS problem, ensure that default username and password combinations of IoT devices are changed to stronger authentication credentials.

Owners of websites that are vulnerable to DDoS attacks often don’t even realize that their websites are under DDoS attacks as symptoms of these attacks are similar to non-malicious activities such as slow network performance in either accessing the website or in opening files or total unavailability of a website. Owners of sites that are under DDoS attacks often only know about this form of attack when notified by the attackers themselves.

A DDoS attack can best be monitored via a firewall or intrusion detection system. Through this firewall or intrusion detection system, rules can be set up to detect unusual traffic or drop network packets when certain criteria are met.

When you are concerned about DDoS attacks or already under attack, give us a call at 1.888.900.DRIZ (3749) or contact us online.

Call today and we will mitigate DDoS attack in under 10-minutes. Best of all, there is no hardware or software to buy or maintain, and no IT support requirements. Stay safe!

0 Comments

    Author

    Steve E. Driz, I.S.P., ITCP

    Picture
    View my profile on LinkedIn

    Archives

    March 2025
    February 2025
    January 2025
    November 2024
    October 2024
    September 2024
    July 2024
    June 2024
    April 2024
    March 2024
    February 2024
    January 2024
    December 2023
    November 2023
    October 2023
    September 2023
    August 2023
    July 2023
    June 2023
    May 2023
    April 2023
    March 2023
    February 2023
    January 2023
    December 2022
    June 2022
    February 2022
    December 2021
    November 2021
    October 2021
    September 2021
    August 2021
    July 2021
    June 2021
    May 2021
    April 2021
    March 2021
    February 2021
    January 2021
    December 2020
    November 2020
    October 2020
    September 2020
    August 2020
    July 2020
    June 2020
    May 2020
    April 2020
    March 2020
    February 2020
    January 2020
    December 2019
    November 2019
    October 2019
    September 2019
    August 2019
    July 2019
    June 2019
    May 2019
    April 2019
    March 2019
    February 2019
    January 2019
    December 2018
    November 2018
    October 2018
    September 2018
    August 2018
    July 2018
    June 2018
    May 2018
    April 2018
    March 2018
    February 2018
    January 2018
    December 2017
    November 2017
    October 2017
    September 2017
    August 2017
    July 2017
    June 2017
    May 2017
    April 2017
    March 2017
    February 2017
    January 2017
    December 2016
    October 2016
    August 2016
    May 2016
    March 2016
    January 2016
    November 2015
    October 2015
    August 2015
    June 2015

    Categories

    All
    0-Day
    2FA
    Access Control
    Advanced Persistent Threat
    AI
    AI Security
    Artificial Intelligence
    ATP
    Awareness Training
    Blockchain
    Botnet
    Bots
    Brute Force Attack
    CASL
    Cloud Security
    Compliance
    COVID 19
    COVID-19
    Cryptocurrency
    Cyber Attack
    Cyberattack Surface
    Cyber Awareness
    Cybercrime
    Cyber Espionage
    Cyber Insurance
    Cyber Security
    Cybersecurity
    Cybersecurity Audit
    Cyber Security Consulting
    Cyber Security Insurance
    Cyber Security Risk
    Cyber Security Threats
    Cybersecurity Tips
    Data Breach
    Data Governance
    Data Leak
    Data Leak Prevention
    Data Privacy
    DDoS
    Email Security
    Endpoint Protection
    Fraud
    GDPR
    Hacking
    Impersonation Scams
    Incident Management
    Insider Threat
    IoT
    Machine Learning
    Malware
    MFA
    Microsoft Office
    Mobile Security
    Network Security Threats
    Phishing Attack
    Privacy
    Ransomware
    Remote Access
    SaaS Security
    Social Engineering
    Supply Chain Attack
    Supply-Chain Attack
    Third Party Risk
    Third-Party Risk
    VCISO
    Virtual CISO
    Vulnerability
    Vulnerability Assessment
    Web Applcation Security
    Web-applcation-security
    Web Application Firewall
    Web Application Protection
    Web Application Security
    Web Protection
    Windows Security
    Zero Trust

    RSS Feed

Picture

1.888.900.DRIZ (3749)

Managed Services

Picture
SME CyberShield
​Web Application Security
​Virtual CISO
Compliance
​Vulnerability Assessment
Free Vulnerability Assessment
Privacy Policy | CASL

About us

Picture
Testimonials
​Meet the Team
​Subsidiaries
​Contact us
​Blog
​
Jobs

Resources & Tools

Picture
​Incident Management Playbook
Sophos authorized partner logo
Picture
© 2025 Driz Group Inc. All rights reserved.
Photo from GotCredit