fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Extortion DDoS Attacks Grow Stronger and More Common

Extortion DDoS Attacks Grow Stronger and More Common

The end of 2021 saw a rise in the number of distributed denial-of-service incidents that came with a ransom demand from the attackers to stop the assault.

In the fourth quarter of last year, about a quarter of Cloudflare’s customers that were the target of a DDoS attack said that they received a ransom note from the perpetrator.

RDDoS attacks over 2021

A large portion of these attacks occurred in December 2021, when almost a third of Cloudflare customers reported receiving a ransom letter.

By comparison with the previous month, the number of reported DDoS ransom attacks was double, Cloudflare says in a blog post today.

Also Read: The Competency Framework: A Guide for Managers and Staff

RDDoS attacks since October 2020

According to the company, 2021 is when most of these attacks happened, with a 29% recorded year-over-year increase and a 175% quarter-over-quarter jump.

Extortion or ransom DDoS (RDDoS) attacks started to become a new threat in August 2020 and grew bigger and more complex since then.

They started around 200Gbps and then flexed to more than 500Gbps in mid-September. In February 2021, internet security services company Akamai saw its share of a challenge dealing with an 800Gbps RDDoS that targeted a gambling company in Europe.

Last September, a threat actor deployed an RDDoS against VoIP.ms voice-over-Internet provider, disrupting phone services as the company’s DNS servers became unreachable.

Terabit-large attacks

Cloudflare says that application-layer DDoS attacks, HTTP DDoS ones in particular, targeted manufacturing companies and saw a spike of 641% compared to the third quarter of 2021.

Looking at the IP addresses, most of these DDoS incidents originate from China, the U.S., Brazil, and India, deployed by botnets such as Meris, which emerged this year with a record-breaking assault of 21.8 million requests against Russian internet giant Yandex.

Unlike an application-layer DDoS, which denies users access to a service, a network-layer DDoS attack targets the entire network infrastructure of a company trying to take down routers and servers.

One of the largest DDoS attacks that Cloudflare mitigated lasted for 60 seconds and came from a botnet with 15,000 systems that hurled close to 2Tbps of junk packets at a customer.

Also Read: Personal Data Protection Act Australia

While this is not the largest DDoS attack recorded to date, “terabit-strong attacks are becoming the norm,” Cloudflare says. This one was deployed from a network of IoT devices running compromised by a variant of the Mirai botnet.

Cloudflare notes that SYN floods remain a popular attack method. The SNMP protocol has seen a dramatic spike of almost 6,000% from one quarter to another, although UDP-based DDoS attacks were the second most used vector.

“When we look at emerging attack vectors — which helps us understand what new vectors attackers are deploying to launch attacks — we observe a massive spike in SNMP, MSSQL, and generic UDP-based DDoS attacks” – Cloudflare

Companies dealing with short-lived DDoS attacks, which are more frequent, should turn to an automated mitigation solution because it acts on the spot and stops the assault on the spot.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us