Tag Archives: Denial of Service

Radware reports increase in companies targeted by nation state hackers

Radware, the provider of cyber security and application delivery solutions, has released its 2019-2020 Global Application and Network Security Report. The report finds that more than one-in-four respondents attribute attacks against their organisation to cyber warfare or nation-state activity. In 2018, 19% of organisations believed they were attacked by a nation state. That figure increased to 27% in 2019. At 36%, companies in North America were more likely to report nation state attribution.

“Nation state intrusions are among the most difficult attacks to thwart because the agencies responsible often have significant resources, knowledge of potential zero day exploits and the patience to plan and execute operations,” said Anna Convery-Pelletier, chief marketing officer at Radware. “These attacks can result in the loss of sensitive trade and technological or other data. Security teams may be at a distinct disadvantage.”

These findings come at a time of heightened anxiety for security managers. Organisations are increasingly turning to microservices, server-less architectures and a mix of multiple cloud environments. Two-in-five managers reported using a hybrid environment that included cloud and on-premises Data Centres. Two-in-five said they relied on more than one public cloud environment. However, only 10% of respondents felt that their data was more secure in public cloud environments.

NationStateHackers

As organisations adapt their network infrastructure to enjoy the benefits of these new paradigms (such as microservices and multi-cloud environments), they increase their attack surface and decrease the overall visibility into their traffic.

For example, 22% of respondents don’t even know if they were attacked, 27% of those who were attacked don’t know the hacker’s motivations, 38% are not sure whether an Internet of Things (IoT) botnet hit their networks and 46% are not sure if they suffered an encrypted DDoS attack.

Convery-Pelletier added: “This report finds that security professionals feel as though the battlefield is shifting under their feet. Companies are increasingly adding and relying upon new paradigms, which means the infrastructure is harder to monitor for attacks. These new technologies force a shift in security implementation into the development teams. Security is often an afterthought as businesses march forward, and there’s a misconception that ‘good enough’ is enough.”

In addition, the report also found the following points of note:

The emergence of 5G networks As the push for 5G grows, there exists an important opportunity to build security into networks at its foundations. Despite the increasing buzz around 5G networks, only 26% of carriers responded that they felt well prepared for 5G deployment, while another 32% stated that they were somewhat prepared

Be careful what you wish for in terms of the IoT 5G promises to advance organisations’ implementation of (and the value they derive from) IoT technologies, but that promise comes with a corresponding increase in the attack surface. When it comes to IoT-connected devices, 44% of respondents said malware propagation was their top concern, while lack of visibility followed at 20% and Denial of Service at 20%

Data loss is top concern About 30% of businesses stated that data theft as a result of a breach was their top concern following an attack, which is down from 35% the previous year, followed by service outages at 23%. Meanwhile, 33% said that financial gain is a leading motivation for attacks

Leave a comment

Filed under Risk Xtra

Cyber Europe 2014: ‘Biggest ever cyber security exercise in Europe’ states ENISA

Today, more than 200 organisations and 400 cyber security professionals from 29 European countries are testing their readiness to counter cyber attacks in a day-long simulation exercise organised by the European Union Agency for Network and Information Security (ENISA).

During the course of Cyber Europe 2014, experts from the public and private sectors including cyber security agencies, national Computer Emergency Response Teams, ministries, telecoms companies, energy firms, financial institutions and Internet Service Providers will be testing their procedures and capabilities against a life-like, large-scale cyber security scenario.

#CyberEurope2014 is the largest and most complex exercise of this nature organised in Europe. More than 2,000 separate cyber incidents will be dealt with, including Denial of Service attacks to online services, intelligence and media reports on cyber attack operations, website defacements (attacks that change a website’s appearance), ex-filtration of sensitive information, attacks on critical infrastructure (such as energy or telecoms networks) and the testing of EU co-operation and escalation procedures.

This is a distributed exercise involving several exercise centres across Europe and co-ordinated by a central exercise Control Centre.

More than 200 organisations and 400 cyber security professionals across Europe join forces today during the first phase of ENISA’s bi-annual cyber security exercise designated Cyber Europe 2014

More than 200 organisations and 400 cyber security professionals across Europe join forces today during the first phase of ENISA’s bi-annual cyber security exercise designated Cyber Europe 2014

Speaking about today’s event, European Commission vice-president Neelie Kroes commented: “The sophistication and volume of cyber attacks are increasing every day. These attacks cannot be countered if individual states work alone or just a handful of them act together. I’m pleased that EU and EFTA Member States are working alongside the EU institutions with ENISA bringing them all together. It’s only this kind of common effort that will help keep today’s economies and societies fully protected.”

Professor Udo Helmbrecht (ENISA’s executive director) added: “Five years ago there were no procedures in place to drive co-operation between EU Member States during a cyber crisis. Today, we have the procedures in place on a collective basis to mitigate a cyber crisis on a European level. The outcome of today’s exercise will tell us where we stand and identify the next steps to take in order that we make continual improvements.”

Sharing of operational information

Among other things, the Cyber Europe 2014 exercise will test procedures for the sharing of operational information on cyber crises in Europe, enhance national capabilities for tackling cyber crises and explore the effects of multiple and parallel information exchanges between private-public and private-private at both the national and international levels.

The exercise is also designed to test the EU Standard Operational Procedures (EU SOPs), a set of guidelines specifically designed for the sharing of operational information on cyber crises.

Professor Udo Helmbrecht: executive director of ENISA

Professor Udo Helmbrecht: executive director of ENISA

Increased sophistication of cyber attacks

According to ENISA’s Threat Landscape Report, which was published last year, threat agents have increased the sophistication of their attacks. It has become clear that maturity in cyber activities is not a matter for just a handful of countries. Rather, criminals in multiple countries have developed capabilities that can be used to infiltrate all kinds of targets – Governmental and private – in order to achieve their objectives.

In 2013, global web-based attacks increased by almost 25% while the total number of reported data breaches was 61% higher than in 2012. Each of the eight most prevalent forms of data breach resulted in the loss of tens of millions of data records, in turn exposing no less than 552 million identities.

According to industry estimates, cyber crime and espionage accounted for between $300 billion and $1 trillion in annual global losses during 2013.

This latest exercise simulates large-scale crises related to critical information infrastructures. Experts from ENISA will issue a report with key findings after the exercise ends.

#CyberEurope2014 is a bi-annual, large-scale cyber security exercise. It’s organised every two years by ENISA, and this year counts 29 European countries (26 from the EU and three from the EFTA) plus EU Institutions among its cohort. The exercise takes place in three phases throughout the year, as follows:

*Technical: Involves incident detection, investigation, mitigation and information exchanges (completed in April)
*Operational/tactical: Dealing with alerts, crisis assessment, co-operation, co-ordination, tactical analysis, advice and information exchanges at the operational level (taking place today and during early 2015)
*Strategic: Examines decision-making, political impacts and public affairs

ENISA's headquarters in Greece

ENISA’s headquarters in Greece

In the cyber security strategy for the EU and the proposed Directive for a high common level of network and information security, the European Commission calls for the development of national contingency plans and regular exercises, testing large-scale networks’ security incident response and disaster recovery capabilities.

ENISA’s new mandate also highlights the importance of cyber security preparedness exercises in enhancing trust and confidence when it comes to online services across Europe. The draft EU SOPs have been tested over the last three years, including during the course of Cyber Europe 2012.

Leave a comment

Filed under Risk UK News