Tag Archives: Internet Service Providers

“IP address key in countering brute force cyber attacks” asserts Verizon

Verizon’s 2020 Data Breach Investigations Report shows that 80% of the breaches caused by hacking involve brute force tactics or the use of lost or stolen credentials. Content Management Systems (CMS) are the usual targets of brute force attacks as over 39% of all websites run on WordPress, the most popular CMS of all.

Cyber criminals choose to attack pages built on CMS because they usually have the same admin page URL across websites and the default login credentials are identical, making these pages a vulnerable target. However, developers and admins can mitigate the risk by reducing IP access to the admin site login page. 

A brute force attack (sometimes referred to as brute force ‘cracking’) is a method of trying various possible passwords until the right one is found. Despite being old, the method is still widely used by hackers who attempt to gain access to a valid account. It allows bad actors to compromise the whole website and use it as a part of their network.

With more people now working remotely amid the ongoing Coronavirus pandemic, the number of brute force attacks against remote desktops via Windows’ Remote Desktop Protocol (RDP) has soared. Indeed, that number reached nigh on 100,000 attacks each day during last April and May.

In the worse case scenario, criminals can steal important data, such as passwords, pass phrases, e-mail addresses or PINs. They also use compromised websites for various fraud schemes, whereas pages themselves can be included in Google’s #blacklist’ and, as such, become invisible in search results.

Failed authentications

“Developers and admins can indicate an ongoing brute force attack by looking at failed authentications,” explained Juta Gurinaviciute, CTO at NordVPN Teams. “If the same IP address unsuccessfully tries to login to various accounts or different IP addresses are attempting to access one account in a short period of time, this is a clear sign of a data breach attempt.”

As the IP address is one of the indicators of a cyber attack, it can also be a cure. On that basis, it’s wise for companies to reduce the ‘surface area’ available for attack and limit access to the login page. This can be done by making use of IP allowlist, blocklist and fixed IP techniques.

Previously known as whitelist, IP allowlist is a set of IP addresses that have access to a specific website. The developer can specify which IP addresses are allowed to reach an admin login page and perform actions there. It’s also possible to indicate a range of IP addresses that can obtain authorised access. The latter solution is useful within bigger organizations or if numerous people require access to the website. 

However, Internet Service Providers may be changing IP addresses frequently and, as a result, the allowlist might constantly become outdated. This solution only works, then, if there’s a pool of limited IP addresses in use or the changes take place within the specific range.

Intrusion prevention frameworks

Also known as blacklist, IP blocklist is the exact opposite of the previously mentioned IP address directory as it blocks access to websites from the specified IP addresses. As this is difficult to do on a manual basis, admins and developers may employ intrusion prevention frameworks such as Fail2Ban. The framework automatically blocks IP addresses after a few unsuccessful authorisation attempts.

On the other hand, website owners can block the particular IP addresses as well as the whole IP address range. If a company notices that suspicious attacks from specific IP addresses persist, the management team should consider adding them to the blocklist.

Further, IP blocklist can also be used for geo-blocking as the IP address carries the information about where the request was sent from in the first instance. 

The third solution for minimising unauthorised access is the fixed IP method. As already mentioned, developers can limit availability of the login page to a set of trusted IP addresses. With fixed IP, they reduce the risk of IP sharing when a number of devices use the same IP address. This often leads to the ‘bad neighbour effect’ as, due to the deeds of other users, IP addresses end up in various blocked or spam lists.

The fixed IP method can be offered by Internet Service Providers and VPN services alike, but the latter ensures browsing privacy as an additional benefit.

Leave a comment

Filed under Security Matters

Cyber Europe 2014: ‘Biggest ever cyber security exercise in Europe’ states ENISA

Today, more than 200 organisations and 400 cyber security professionals from 29 European countries are testing their readiness to counter cyber attacks in a day-long simulation exercise organised by the European Union Agency for Network and Information Security (ENISA).

During the course of Cyber Europe 2014, experts from the public and private sectors including cyber security agencies, national Computer Emergency Response Teams, ministries, telecoms companies, energy firms, financial institutions and Internet Service Providers will be testing their procedures and capabilities against a life-like, large-scale cyber security scenario.

#CyberEurope2014 is the largest and most complex exercise of this nature organised in Europe. More than 2,000 separate cyber incidents will be dealt with, including Denial of Service attacks to online services, intelligence and media reports on cyber attack operations, website defacements (attacks that change a website’s appearance), ex-filtration of sensitive information, attacks on critical infrastructure (such as energy or telecoms networks) and the testing of EU co-operation and escalation procedures.

This is a distributed exercise involving several exercise centres across Europe and co-ordinated by a central exercise Control Centre.

More than 200 organisations and 400 cyber security professionals across Europe join forces today during the first phase of ENISA’s bi-annual cyber security exercise designated Cyber Europe 2014

More than 200 organisations and 400 cyber security professionals across Europe join forces today during the first phase of ENISA’s bi-annual cyber security exercise designated Cyber Europe 2014

Speaking about today’s event, European Commission vice-president Neelie Kroes commented: “The sophistication and volume of cyber attacks are increasing every day. These attacks cannot be countered if individual states work alone or just a handful of them act together. I’m pleased that EU and EFTA Member States are working alongside the EU institutions with ENISA bringing them all together. It’s only this kind of common effort that will help keep today’s economies and societies fully protected.”

Professor Udo Helmbrecht (ENISA’s executive director) added: “Five years ago there were no procedures in place to drive co-operation between EU Member States during a cyber crisis. Today, we have the procedures in place on a collective basis to mitigate a cyber crisis on a European level. The outcome of today’s exercise will tell us where we stand and identify the next steps to take in order that we make continual improvements.”

Sharing of operational information

Among other things, the Cyber Europe 2014 exercise will test procedures for the sharing of operational information on cyber crises in Europe, enhance national capabilities for tackling cyber crises and explore the effects of multiple and parallel information exchanges between private-public and private-private at both the national and international levels.

The exercise is also designed to test the EU Standard Operational Procedures (EU SOPs), a set of guidelines specifically designed for the sharing of operational information on cyber crises.

Professor Udo Helmbrecht: executive director of ENISA

Professor Udo Helmbrecht: executive director of ENISA

Increased sophistication of cyber attacks

According to ENISA’s Threat Landscape Report, which was published last year, threat agents have increased the sophistication of their attacks. It has become clear that maturity in cyber activities is not a matter for just a handful of countries. Rather, criminals in multiple countries have developed capabilities that can be used to infiltrate all kinds of targets – Governmental and private – in order to achieve their objectives.

In 2013, global web-based attacks increased by almost 25% while the total number of reported data breaches was 61% higher than in 2012. Each of the eight most prevalent forms of data breach resulted in the loss of tens of millions of data records, in turn exposing no less than 552 million identities.

According to industry estimates, cyber crime and espionage accounted for between $300 billion and $1 trillion in annual global losses during 2013.

This latest exercise simulates large-scale crises related to critical information infrastructures. Experts from ENISA will issue a report with key findings after the exercise ends.

#CyberEurope2014 is a bi-annual, large-scale cyber security exercise. It’s organised every two years by ENISA, and this year counts 29 European countries (26 from the EU and three from the EFTA) plus EU Institutions among its cohort. The exercise takes place in three phases throughout the year, as follows:

*Technical: Involves incident detection, investigation, mitigation and information exchanges (completed in April)
*Operational/tactical: Dealing with alerts, crisis assessment, co-operation, co-ordination, tactical analysis, advice and information exchanges at the operational level (taking place today and during early 2015)
*Strategic: Examines decision-making, political impacts and public affairs

ENISA's headquarters in Greece

ENISA’s headquarters in Greece

In the cyber security strategy for the EU and the proposed Directive for a high common level of network and information security, the European Commission calls for the development of national contingency plans and regular exercises, testing large-scale networks’ security incident response and disaster recovery capabilities.

ENISA’s new mandate also highlights the importance of cyber security preparedness exercises in enhancing trust and confidence when it comes to online services across Europe. The draft EU SOPs have been tested over the last three years, including during the course of Cyber Europe 2012.

Leave a comment

Filed under Risk UK News