fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Nation-State Actor Hit Google With The Largest DDoS Attack

Nation-State Actor Hit Google With The Largest DDoS Attack

In an overview of distributed denial-of-service (DDoS) trends targeting its network links, Google revealed that in 2017 a nation-state actor used massive firepower that amounted to more than 2.54 terabits per second.

The actor targeted thousands of Google IP addresses at the same time and used several attack methods in a campaign that span across multiple months.

Google did not attribute the attack to a particular actor but said that the bad UDP packets hurled at its systems came from devices using several Chinese internet service providers (ASNs 4134, 4837, 58453, and 9394).

In an analysis of DDoS trends over the last years, Damian Menscher, a Security Reliability Engineer for Google Cloud, said that the attack occurred in September 2017 and used 180,000 exposed CLDAP, DNS, and SMTP servers to amplify responses directed at Google.

The effort, large as it was, did not create problems and Google services and infrastructure remained unscathed.

“Despite simultaneously targeting thousands of our IPs, presumably in hopes of slipping past automated defenses, the attack had no impact” – Damian Menscher

Also Read: How PII Data Works In Businesses And Its Advantages

Menscher says that the size of the attack, which is the largest ever disclosed publicly, shows “the volumes a well-resourced attacker can achieve,” noting that it was four times larger than the Mirai DDoS attack that shook the internet in 2016.

Another large attack was recorded this year from an IoT botnet. It targeted the network protocol and hit with 690 million packets per second (mpps)

In a report at the beginning of the year, Amazon AWS reported a 2.3Tb per second volumetric DDoS attack, recorded in the first quarter of 2020.

The largest packet rate per second mitigated by Amazon in that period was 293.1 Mpps, more than two times smaller than the one Google recorded this year.

Google warns that while its report shows the scale of past and current DDoS attacks and can help predict the size of future ones, defenses must be over-provisioned so they can withstand attacks of unexpected sizes.

Also Read: How To Check Data Breach And How Can We Prevent It

Collaborating with partners in the internet community (network providers, vendors, customers) can help mitigate large attacks in a timely manner. Network providers can trace bad packets and filter them, vendors can provide patches and alert customers to apply them.

As the internet keeps growing, it provides resources to both adversaries and defenders. Knowing what to expect, defenders can determine the capacity they need to resist the largest attacks.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us