Hass and Associates Cyber Security: Web sites attacks around Australia are shorter but bigger

Web sites attackers are utilizing shorter bursts of activity to infiltrate servers and systems inside a large way, in comparison towards the relaxation of Web sites attacks in Asia-Off-shore.

Arbor Networks' first-quarter Active Threat Level Analysis System (ATLAS) set of distributed denial-of-service (Web sites) attacks demonstrated that Australia possessed a shorter time period of Web sites attack activity, however that the attacks were greater in scale, as compared to the relaxation of Asia-Off-shore.

Arbor Systems discovered that the attack length around Australia throughout the very first quarter of 2015 was 22 minutes, versus 46 minutes in Asia-Off-shore. Consequently, nearly all attacks were so short resided that 96 percent survived under 1 hour, in comparison to Asia-Off-shore, where 90 % of attacks survived under an hour or so.

However, the typical size Web sites attacks around Australia were 1.25Gbps roughly two times as large because the average attack recorded in Asia-Off-shore.

"Rapid time period of attacks reported in Q1 is interesting. Short bursts of Web sites attack activity require automated defences to safeguard against them," stated Nick Race, Australia country manager for Arbor Systems.

"Operators around Australia absolutely should be aware. On-premise Web sites protection is important for recognition and minimization of attacks, enabling bad visitors to be scrubbed within an immediate and automatic fashion."

Based on Arbor Systems, attackers utilized reflection amplification techniques on network time protocol, simple service discovery protocol (SSDP), and DNS servers.

Around Australia, SSDP capped their email list for many common individual reflection attack within the first quarter, using the biggest reported at 26Gbps. However the biggest individual attack was an NTP reflection attack which was recorded at 51Gbps.

NuData Security reveals improvements to online fraud detection engine

Software development company NuData Security recently revealed its enhancements to its online fraud detection engine called NuDetect, according to Hass and Associates Cyber Security.

They added new powerful anti-fraud tools, based on continuous behavioral analysis and compiled behavioral biometric data. This enables them to significantly reduce the probability of fraud while also avoiding false positives.

NuDetect's expanded array of behavioral biometric sensors achieves 97 percent accuracy in verifying a user's identity. Its improved user interface acts as an "early warning system" that makes high-risk events easily accessible to security teams. This enhancement allows detection as early as 15 days before a fraud attempt is made wherein it provided the client with sufficient time to track, discover and avoid fraudulent transactions from happening.

Institutions that fall victim to fraud are at risk of losing large amount of money and customers, and suffering long-term brand damage. To avoid additional damages, NuDetect provides an immediate solution through behavior-based fraud detection, real-time detection and mitigation, faster development, historical context awareness, invisible implementation, and reducing cost and workload.

Furthermore, NuDetect utilizes behavioral biometric to greatly improve on traditional device identity and deliver far more intelligence than traditionally available, without interrupting a user's experience. It monitors activity in real time that allows the client to easily take action against fraud because the system shows fraudsters' intent before they have a chance to penetrate and do damage. It also allows for deployment in just a couple of days so that companies are equipped to defend against fraud as quickly as possible.

NuDetect also uses historical cross-session and cross-cloud behavior patterns stored in the NuData cloud. This provides outstanding accuracy and security from day one. Institutions are able to determine risk and deploy necessary security countermeasures only to the most suspicious actors.

With this platform, more back-end work is completed in advance, therefore lowering institutions' expenses and developer needs. Moreover, these institutions need to do less work to customize how data is sent, further improving deployment time.

Nowadays, it is obvious that attackers become more sophisticated in terms of identity theft, therefore institutions must quickly implement strong fraud detection measures. NuDetect's improved features put highly effective anti-fraud tools into the clients' hands. It provides clients with a more in-depth view in how fraud attacks functions and the full fraud lifecycle, instead of focusing only at the fraudulent purchase of goods.

The company of NuData Security predicts and prevents online fraud, protecting businesses from brand damage and financial loss caused by fraudulent or malicious attacks. NuData Security analyzes and scores billions of users per year and services some of the largest e-commerce and web properties worldwide.

‘Trojan.Laziok’ malware targets energy companies

Malicious software called ‘Trojan.Laziok’ was recently revealed by the researchers of an American technology company called Symantec.

Based upon the report of Hass and Associates Cyber Security, the malware is known to be a part of an ongoing worldwide espionage campaign wherein it targets energy companies worldwide especially in the Middle East.

Attacks are launched through spam emails from a moneytrans.eu domain. Those emails contain an attached Microsoft Excel file wherein it activates a backdoor that gives the hackers a crucial view into the targeted computer.

The malware collects system data including the name of the computer, CPU and GPU details, installed software, hard disk and RAM size, as well as what antivirus software was installed. Immediately after, it uploads those data towards the attackers and then downloads additional malware such as Backdoor.Cyberat and Trojan.Zbot.

Petroleum, gas and helium companies were most often targeted in the United Arab Emirates, Saudi Arabia, Pakistan and Kuwait. Based on a report obtained by Hass and Associates Cyber Security, whoever is behind these attacks may have an intentional interest in the activities of the affected companies.

Attacks rarely happened on energy companies in other countries like India, United Kingdom, and the United States.

Symantec also claims that “the group behind the attack does not seem to be particularly advanced, as they exploited an old vulnerability and use their attack to distribute well-known threats that are available in the underground market.”

The attack is simple and outdated which clearly shows the significance of frequently updating all software because organizations nowadays fail to follow basic security guidelines which includes updating the software running on a secure system.

Hewlett-Packard partners with cybersecurity firm FireEye

The prominent cybersecurity firm FireEye, Inc. and tech giant Hewlett-Packard (HP) recently announced a partnership to develop advanced threat protection.

Hass and Associates Cyber Security perceives this as one of the coming wave of alliances between small and large tech companies aiming to strengthen their security.

The deal that will expand Milpitas-based FireEye’s reach was announced at the RSA Conference on security that is held in San Francisco.

This year’s conference has 500 exhibitors, compared with 400 last year.

The interest in cybersecurity has been heightened in the conference because of the attacks on big companies for the past two years such as Sony, Target Corporation, JPMorgan Chase, Anthem Inc., and Home Depot.

CEO and Chairman of the Board of FireEye, Dave DeWalt defined the deal as “capability meets scale” during an interview before the announcement.

In addition, the two other alliances announced by HP were cloud security partnerships with Los Angeles-based Securonix and Palo Alto-based Adallom.

Securonix is a provider of security intelligence platform for monitoring security events. It also identifies and access data to detect insider threats and advanced targeted attacks. While Adallom is a cloud security firm with research headquarters in Israel.

HP described the alliances as developing an advanced cyber defense emphasizing the protection of users’ interactions, applications and data, rather than the old practice of securing the perimeter, in which data flows were restricted in the interests of security.

Although HP has its own large security team, given the threat level, HP needs a FireEye which has a next-generation security platform.

HP’s own security professionals can now bring in FireEye’s technology and the investigative group from Mandiant.

On December 30, 2013, FireEye acquired Mandiant in a stock and cash deal worth in more than $1 billion.

In February 2013, Mandiant rose to prominence when it released a report documenting evidence of cyber-attacks by the Chinese People’s Liberation Army targeting at least 141 organizations in the United States and other English-speaking countries extending as far back 2006.

Mandiant’s main services are expensive. However, the deal will bring a co-branded version of its services to smaller companies.

Executive Vice President of HP Enterprise Services, Mike Nefkens said that the partnership will beef up HP’s security portfolio. HP and FireEye are making it possible for their clients to analyze and improve their defenses before the next attack with the most advanced cybersecurity protection available today.

HP also reaches many countries where FireEye has a smaller presence including Africa, Middle East, and Europe.

FireEye also announced a partnership with Israeli security provider Check Point Software Technologies to share threat intelligence to protect customers from modern advanced attacks.