fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

DDoS Attacks Against Russian Firms Have Almost Tripled in 2021

DDoS Attacks Against Russian Firms Have Almost Tripled in 2021

A report analyzing data from the start of the year concludes that distributed denial-of-service (DDoS) attacks on Russian companies have increased 2.5 times compared to the same period last year.

A DDoS attack is when an attacker floods a service or network bandwidth with more requests than it can handle, causing the service to suffer an outage.

Threat actors are increasingly deploying huge swarms of DDoS-backing devices (botnets) to launch crippling attacks against targets on a wide range of industries and sectors.

DDoS attacks are commonly used to extort victims with ransom demands or as a distraction for IT teams while hackers attempt to steal precious data from compromised systems.

Another reason for launching these attacks against an organization is to disrupt their business, degrade the quality of their services, and lead their clients to competitor platforms.

Also Read: How To Secure Your WiFi Camera: 4 Points To Consider

Russians under fire

In a report from Rostelecom, the largest telecommunications provider in Russia, September 2021 was recorded as the worst period for DDoS attacks again Russia in recent history.

During that time, threat actors launched 90% of all 2021 DDoS attacks analyzed in the report, a notable surge that also manifested in other regions.

Last month, we reported on VoIP service providers troubled by DDoS disruptions, the emergence of a massive DDoS botnet called Mēris, and Yandex battling the largest DDoS attack in its history.

The number of DDoS attacks in the past three years (Q1-Q3)
The number of DDoS attacks in the past three years (Q1-Q3)
Source: Rostelecom

In terms of targeting trends, DDoS actors appear to be moving away from the gaming industry, which was the focus in 2020 due to COVID-19 lockdowns and stay-at-home orders, and are now targeting online trading, financial, and public sector entities.

Compared to 2020, the attacks have grown 26% more powerful, last 1.5 days longer (from 3 to 4.5), and rely upon much larger botnets that count hundreds of thousands of devices.

As for the types of DDoS attacks, the main methods remain SYN flooding, UDP flooding, and fragmented packet attacks (FRAG).

Also Read: How Formidable is Singapore Cybersecurity Masterplan 2020?

Types of DDoSing methods used.
Types of DDoSing methods used.
Source: Rostelecom

While there hasn’t been a technical development this year that would break through all mitigations, DDoS actors appear to make up for this by scaling up.

As Rostelecom explains, the most commonly recruited devices in the analyzed 2021 DDoS swarms is networking equipment from MikroTik.

In the process of its investigation, the telco managed to identify and “free” 45,000 of these devices, but a lot more remains under the control of DDoS botnet operators.

Average DDoS attack power.
Average DDoS attack power.
Source: Rostelecom

To reduce the risk and impact of DDoS attacks, Rostelecom suggests detaching web apps from the rest of your firm’s resources either by placing them in different data centers or onto separate sites.

Moreover, they suggest adding a Web Application Firewall (WAF) as an extra layer in your existing anti-DDoS solution, which should also help stop app data theft attempts.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us