Your Network Is The Modern Day Castle, And It Is Under Seige.

‘In cyber space, computers are attacked from the moment they connect to the Internet’ – Ed Skoudis, Counter Hack Reloaded.

As I am studying for my next Certificate, the SANS GCIH, I am drawn back to the memories of my summer vacations with my grandfather in Hawaii. Every summer began by reading a book of his choosing, and when I arrived in Oahu, we would spend the next six weeks discussing it while going on the greatest adventures.

The last summer I spent with him our discussion focused on Sun Tzu’s Art of War 孫子兵法.  My grandfather would say that ‘life is challenging, its distractions will pull you in a million directions. In order to succeed, you need to apply a filter that takes all the chaos and puts it into perspective. Rather than seeing problems you now see opportunities.’ – Sean Maximus Murphy

The Art of War has survived for 2,500 years because its advice is not only persuasive, but concise, easy to grasp, and malleable. The Art of War is a series of recommendations that can be continuously adapted to a diverse set of circumstances. At its core, The Art of War is about human nature, and more importantly, how it can be exploited.

This post will explore how the Art of War principals and stratagems can apply directly to the modern world of Cyber Security.

Sun Tzu’s The Art of War begins with a forewarning:  ‘The Art of War is a matter of life and death, a road either to safety or to ruin. Hence it is a subject of inquiry which can on no account be neglected.’― Sun TzuThe Art of War

Sun Tzu stresses throughout his treatise; ‘Know thy enemy. A thousand battles, a thousand victories.’ ― Sun TzuThe Art of War

So who is this enemy?

Professional criminals are well funded ‘businessmen’ who have adopted ‘corporate best practices’ establishing professional business models that outsource cybercrime called Crime-as-a-Service (CaaS). It is a distributed system where anyone with an agenda canobrela-security-industries-8-638 simply rent, lease or purchase an ‘‘As-A-Service’, services and ‘cash in’ on their crimes.

Some of the more of the well-known services include

  • Distributed Denial of Service as a Service (DDoSaaS)
  • Ransomware as a Service (RaaS)
This list is growing exponentially.

An advanced persistent threat (APT) is an attack campaign carried out by a team of sophos-apt-lifecycle1highly sophisticated cyber criminals with substantial financial backing.

The APT’s intent is to establish an unlawful, long-term presence on a network harvesting intellectual property and/or sensitive data usually by installing malware downloaded by advanced social engineering techniques such as Whaling campaigns.

Insider Threats are employees who have access to the organization’s network and are able to misappropriate data, use data exfiltration or destroy/alter the data. More often than not they are able to use legitimate credentials and permissions in order to access the data, consequently evading detection.

  • According to the 2017 Crowd Search Partners Insider Threat findings,
    • 56% of security professionals say insider threats have become more frequent in the last 12 months.
    • 60% privileged users, such as managers with access to sensitive information, pose the biggest insider threat to organizations followed by 57% third parties and 51% of regular employees.
    • More than 75% of organizations estimate insider breach remediation costs could reach $500,000 while 25% believe the cost exceeds $500,000 and can reach in the millions.

Hacktivists are motivated by personal, political, religious or other beliefs, and they are intent on causing destruction and disruption including

  • Data theft
  • Reputational Damage (Release of emails/confidential information)
  • Distributed Denial of Service Attacks (DDoS)
  • Defacing websites

Nation States Bad-Actors who are preparing for

  • Cyber-war
    • Utilizing malware in order to disrupt or disable key infrastructures including power grids, water treatment plants, and nuclear power plants.
  • Network Infiltration
    • Launching distributed denial of service attacks (DDoS) in order to shut down access to government websites, emergency systems, and transportation systems.
  • Espionage
    • Collecting information for leverage such as blackmail.

 


 

‘Just As Water Retains No Constant Shape, In Warfare There Are No Constant Conditions’― Sun TzuThe Art of War

Cyber criminals are ruthless in their pursuit of finding a weakness they can exploit via rootkits, keyloggers, RATs, botnet attacks and countless other attack types and vectors. If successful, they will go back and collect their treasures that can be readily bought or sold on the Darknet including credit card numbers, social security numbers, bank account data and intellectual property. Worse yet, take control of your system to be used in a botnet in order to carry out future attacks on other systems.

Organizations can no longer remain the slow moving dinosaurs of the past using the excuse ‘we have always done it this way.’ Organizations need to be consistently evolving and adapting by upgrading systems, introducing new technologies and/or changing business models. The goal of securing your network is an ongoing, never-ending task; Organizations should be utilizing a best practice framework for IT, such as COBIT 5.vijf

‘You can be sure of succeeding in your attacks if you only attack places which are undefended.’ ― Sun TzuThe Art of War

In 2017; your network is constantly under attack.  The typical system will be attacked hundreds if not thousands of times in a given day. However, cyber criminals are lazy and will always ‘attack a weakness,’ over a stronghold. Employees, weak passwords, unhardened, and unpatched systems are their favorite ‘go-to’s.’

  • Employees are targets
    • Your employees are the principal targets for cyber criminals to gain access to your organization’s resources with Phishing attacks being the most common means by which breaches occur.
  • Weak passwords are a vulnerability
    • ‘Weak’ passwords may be the difference between a future breach and the security of your organization’s data.
    • Organizations control access to their data and systems 1409797915660227through ‘authentication,’ i.e., ‘the extension of trust’ based on a form of furnished proof of identity, that proof is more often than not a password.
    • Educate employees on why using strong passwords is essential, not a hassle.
      • A strong password should be at least eight characters and should include uppercase, lowercase, and special characters – like @#?%^&*.
      • Adding just one capital letter, and one special character changes the processing time for a cyber criminal to crack an eight character password from 2.4 days to 2.10 centuries. Think about that!
  • ‘Out of the Box’ is not secure
    • The majority of individuals want ease of use in their devices. However, ‘out of the box’ or default configuration settings are far from secure and are easily ‘hacked.’ Default accounts and passwords need to be changed, and unnecessary services should be removed.
  • Patch Everything
    • Organizations can significantly reduce their cyber-risk by running the latest software and applications on all devices.

‘The whole secret lies in confusing the enemy so that he cannot fathom our real intent.’ ― Sun TzuThe Art of War

Worlds-Biggest-Data-Breaches-1-August-2016

When data becomes compromised, the consequences can be devastating. High-profile data breaches and ransomware attacks are increasing daily. Critical data should be encrypted both at rest and in transit.

Simply, data is always either in transit, moving via applications, email, through website connections and browsers; While at rest, it is stored in databases, the cloud, hard drives, and mobile devices.

  • Organizations that manage information have an obligation to protect it.
  • In the case of sensitive/confidential information, it is the law.
  • Encryption, using the science of cryptography, jumbles plain text into an unreadable cipher text using an algorithm that is irreversible without the decryption key.
  • At a minimum
    • Mobil devices should have their hard drives encrypted, thus reducing the risk of information exposure if the device is lost or stolen.
    • Servers, databases, backup media and all files containing sensitive/confidential information should be encrypted.
    • Encrypt data that is synced with the cloud.
    • All employees especially contractors and third-parties,  that access resources remotely should do so through a Virtual Private Network (VPN).

Backup, Backup, Backup

  • This principle can not be stressed enough. Backup your data people.
  • There are two kinds of organizations: those who have lost critical your-money-or-your-data-ransomware-cyber-security-and-todays-threat-landscape-18-638data as the result of not backing up their data, and those who will.
  • Backing up your data can literally be the only thing that ensures that your organization is able to continue to operate if critical data has been appropriated, corrupted, or held hostage by ransomware.
  • The threat is defused if you have a physical copy, a second copy off-site and a third in the cloud.

All warfare is based on deception.’ ― Sun TzuThe Art of War

Social Engineering is the ‘art of deception on the grandest of scales,’ and your employees are the weakest link in the chain. Cyber criminals prefer social engineering because ‘it is much easier to hack a human than a secured network.’  Social engineering attacks are a choreographed strategy against many employees, i.e., Phishing or a high valued target, i.e., Whaling.

However, social engineers also use an assortment of in-person or over the phone techniques to steal data, identities, credentials, money and/or infect a computer with viruses, keyloggers, trojans, and spyware.

In recent years, social engineering has been the primary cause of many high profile cyber-attacks. The impacts can be staggering including

  • Economic Loss
  • Business Failure
  • Loss of Privacy
  • Loss of Goodwill
  • Lawsuits
  • Regulatory Issues (PCI-DSS, HIPPA)

‘First lay plans which will ensure victory, and then lead your army to battle’― Sun TzuThe Art of War

When we know what assets cyber criminals are likely to target, organizations can better focus on protecting them.

  • Asset Management
    • Before you can confirm that your organization’s IT Resources are secure, you have to know what they are and where they are.
    • Create an inventory of your resources including their location, hardware, software and operating systems and update it regularly.
  • Physical security assessment
    • Review perimeter barriers, access controls, fencing, and electronic security systems.
  • Operational Security Assessment (OPSEC)
    • The majority of security failures occur on the operational side.
    • OPSEC emboldens organizations to view operations from the perspective of an outsider (i.e., competitor or cyber criminal) in order to identify vulnerabilities.
    • If an organization is able to remove their data while impersonating an outsider, the odds are high that cyber criminals can too.
      • OPSEC consists of a five step process
        • Identify the Critical Information
        • Determine the Threats
        • Analyze the Vulnerabilities
        • Assess the Risks
        • Apply Applicable Countermeasures

‘Rouse him, and learn the principle of his activity or inactivity. Force him to reveal himself, so as to find out his vulnerable spots.’ ― Sun TzuThe Art of War

There is no ‘Silver Bullet’ for cybersecurity. The only way to know that you have taken reasonable safeguards is to monitor and test them.

  • Real-Time Systems Monitoring
    • Monitoring systems in real-time for any unusual activity or suspicious behavior that could indicate a breach is in progress. This can alert security teams to shut down any access before criminals can do significant damage.
  • Your systems’ security logs are your friend
    • Log monitoring is a best practice and a crucial part of performing due diligence.
      • They identify event patterns
      • They pre-empt insider attacks
      • Real-time alerts can detect, alert, and avert network security attacks
      •  They are a pro-active measure, thus reducing the risk to business continuity
  • Endpoint Assessments
    • Ensure that all desktop, laptop, printers or any internet-capable computer hardware device on a TCP/IP network within the organization have not been compromised.
  • Perform Vulnerability Assessments (especially on legacy resources, i.e., older systems.)
    • Network Vulnerability Assessments look outward to your publicly exposed (i.e., internet-connected) firewalls, routers, servers and other devices in order to identify weaknesses.
    • Servers Vulnerability Assessments look internally focusing on applications and software running on servers providing reassurance that a breach has not occurred and looked to identify security holes.
  • Website Assessment
    • Any devices connected to the internet represents a likely attack vector for cyber criminals to enter your network. Some of the most dangerous attack methods include
      • SQL Injection (SQLi) Number 1 issue listed on OWASP 
      • Cross-Site Scripting (XSS)
      • Cross-Site Request Forgery (CSRF)
    • Testing detects vulnerabilities within web applications that are accessible from both inside and outside the organization and indicates what needs to be corrected.
  • Penetration Testing (Pen Testing)
    • Pen testing captures a picture of the current security posture and identifies potential security breach points. Moreover, it tests the effectiveness of existing security processes and ensures that configuration management has been followed through on assiduously.
  • Employee Awareness
    • Test your employee’s knowledge from the C-Suite to the mailroom.
    • Engage your IT department or hire an outside firm to run Phishing campaigns, Phone-based and In-person Social Engineering tests.
      • The phishing tests will determine how likely your employees are to click on a malicious link.
      • Phone based/In-person tests will demonstrate how much confidential data was able to be extracted from your employees.

‘In The Midst of Chaos, There Is always Opportunity’ ― Sun TzuThe Art of War

It ‘is not if but when’ your network will be attacked. Security teams and management should capitalize on the experience as an opportunity to learn. The more security teams can learn, the more effective they can become. Incorporate the intelligence that was learned from previous security incident(s) into the company’s overall security strategy and make practical and efficient use of it in order to make better-informed decisions.

‘Do not repeat the tactics which have gained you one victory, but let your methods be regulated by the infinite variety of circumstances.’ ― Sun TzuThe Art of War

So far in 2017 (as of 6/30/2017), there have been over 790 security breaches with more than 12,389,462 records exposed. Cyber criminals are not static; they exist in a state of flux. Altering methods, strategies and exploit tools. When it comes to defeating this elusive enemy, organizations must move from a position of defense-waiting for a cyber criminal to breach their network, to one of offense-controlling the cyber criminals actions and denying them the wherewithal to call the shots

In conclusion, Cyber criminals are increasingly harder to trace and even harder to remediate. They are creative collaborators, sharing successful techniques and progressively more dangerous malware. They are stealthier, using multiple vectors and entry points in order to navigate around network defenses and breach them; not to mention remaining hidden in our systems longer, thus becoming more costly for organizations. Business continuity is crucial for the success of any organization. Insecure systems are detrimental. Follow the teachings of Sun Tzu. ‘Victorious warriors win first and then go to war, while defeated warriors go to war first and then seek to win’― Sun TzuThe Art of War

 

As-A-Service Expands, Buckle Up Your Seatbelt.

Cybercrime is a thriving high reward low-risk business model, and it can be summed up easily with just-$.

In the past, there were various obstacles to overcome in order to get into the cybercriminal game. The ‘original cybercriminals’ ran a centralized operation which images (7)owned the servers and constructed malicious software (malware) from scratch.

This business model proved to be incredibly expensive to operate and exceedingly time-consuming; in order to make a substantial profit, large organizations were the only option.

However, similar to other ecosystems, the cybercriminal ecosystem continues to evolve. obrela-security-industries-8-638Today,  it is a distributed system where anyone with an agenda can simply rent, lease or purchase an ‘as a Service,’ services and ‘cash in’ on their crimes.

Some of the more of the well-known as a Service, services include:

  • Malware as a Service (MaaS)
  • Distributed Denial of Service as a Service (DDoSaaS)
  • Ransomware as a Service (RaaS)
  • Hacking as a Service (HaaS)
  • Money Laundering as a Service (MLaaS) to name a few.

The distributed system requires less effort because the criminals take advantage of the current ‘trends’ including the ‘human factor,’ where one in three individuals within an organization, regardless of training, will click on a phisher’s email and/or ‘low-hanging fruit’ otherwise known as the persons or organizations that despite all the warnings incur the risks with sub-par security, found easily by an exploit kit. Rather than deploying sophisticated and expensive Zero-Day attacks, now, any endpoint becomes a potential source of revenue.

As a Service, services is a flourishing business model run on the black markets found on the DarkNet such as the TOR network. TOR is a technological revolution in the ddasfacilitation of cybercrimes, because of the anonymity under which groups are able to operate.

Cybercriminals commit crimes directly against individuals, organizations, or governments through means such as malware attacks.

Direct methods are when resources are taken directly from the victim including

The criminals also attack in indirect manners including identity theft and fraud.

Indirect methods involves information obtained covertly from the victim which can be sold on the DarkNet including

The introduction of the cloud computing as a Service, services paradigm has brought abundant 3bjbp2xc-1323738953advantages to the information technology industry but also greater opportunities for cybercriminals.

Cybercriminals no longer need to rely on their own skills and assets to carry out exploits.

Several of these services include

  • Infrastructure as a Service (IaaS) provides the rental of servers and storage devices.
  • Software as a service (SaaS) provides the infrastructure enabling the dynamic production of applications.
  • Data as a Service(DaaS) Data is stored in the cloud and is accessible by a range of systems, and devices.
  • Platform as a Service( PaaS) allows users to develop, run and manage applications without the complexity of building and maintaining expensive infrastructure and the space required to develop and launch applications.

These cloud-based technologies afford cybercriminals with greater flexibility, greater resource management and agility in the furiously-paced technological environment allowing for even-more-dangerous and aggressive exploits.

Cybercriminals have taken full advantage of these services because they eliminate the need to maintain their own infrastructure, they can facilitate better operational security (OpSec) which adds a layer of obfuscation between the cybercriminals and the organizations hunting them while efficiently creating and distributing their malware attacks.

Another fuel for as a Service is the rise and popularity of cryptocurrencies. Cryptocurrency iscrypto-currency_market_capitalizations digital money that utilizes a decentralized, peer-to-peer (P2P) payment network thus making it harder to discover criminal activity.

The most utilized form of cryptocurrency is Bitcoin.

Bitcoin is used globally for legitimate organizations but is better know for the criminal exploits.

The topic of Bitcoin would not be complete without addressing the processes of Tumbling. Tumbling essentially adds an additional layer of anonymity to block attempts to track and uncover Bitcoin transactions. There are multiple ways to Tumble Bitcoins including

  • Multiple Wallets Cybercriminals creates a wallet via TOR and adds Bitcoins to it. Atop-crypto-currency-wallets-03 second wallet is created, again, utilizing TOR, and moves the funds into the second wallet. Last but not least, a third wallet is created, and the funds are moved again, thus confusing the trail of transactions between the three wallets making attribution almost impossible.
  • Third Party Services DarkNet organizations offer services in order to launder howitworksbitcoins which add a ‘proprietary obfuscation technology’ that breaks the link to the source of the funds and prevents any blockchain analysis tracking bitcoin transactions.

The DarkNet is an encrypted network built on top of the DarkWeb. Two typical DarkNet Deep-Web-Dark-Webtypes are P2P used for file sharing and networks such as TOR for anonymity.

Tor-EncryptionTOR which is short for ‘The Onion Router,’ provides anonymity to its users by bouncing the user’s communications around a distributed network of relays worldwide; TOR also prevents tracking of what sites are visited, prevents the sites visited, from learning the user’s physical location, and allows access to .onion sites ranging from legal to absolutely illegal. TOR can be used on Windows, Mac OS X, or Linux without any additional software.

As with all things as a Service, where there is a need, service providers seem willing to satisfy it. Moreover, as long as the return on investment (ROI) remains high, the expectation for continued investment into even more resources in order to unleash greater numbers of cybercrimes on the broadest possible range of targets will continue. Buckle up your seatbelt.  

                                                 Prevention Guidelines

  • Use strong passwords- Eight characters. Include upper and lower case letters, Numbers and Special Characters (!@#$%^&*(
    • Adding just one capital letter, and one special character changes the Brute Force processing time for an 8 character password from 2.4 days to 2.10 centuries. Think about that!passwords
  • Never write your password on a sticky for an intruder to find.
  • Group the sites you visit into categories, i.e. business, personal, sensitive, and use a password for each category.
  • Activate your Firewall- it is the first line of defense.
  • Use your Anti’s
    • Anti-Virus
    • Anti-Malware
    • Anti-Spyware
  • Secure your Mobile Devices-They are just as vulnerable as your computer.
  • Install the latest OS updates.
  • Download Applications and Attachments FROM TRUSTED SOURCES ONLY.
  • Delete all unknown e-mails.
  • Use encryption for all your sensitive data.
  • Use HTTPS for all your transactions.
  • Backup your data frequently and store it in multiple locations.

Cybersecurity is a shared responsibility. Stop. Think. Connect.

‘Know Thy Enemy,’ Distributed Denial of Service or DDoS.

images

We all know the axiom ‘know thy enemy’ – and this is above all germane to DDoS attacks.

Cybercriminals and their tactics are always evolving, becoming more dangerous and harder to detect by the day.

Unlike a Denial of Service (DoS) attack, in which a single Internet-connected device causes disruption and destruction. DDoS attacks are launched from numerous compromised devices, often dispersed globally in what is referred to as a botnet and controlled remotely by the botnet herder using a covert channel, such as Internet Relay Chat (IRC).

Some of the larger botnets whose name comes from the malware used to infect them are estimated to be in the millions of bots including  Zeus or ZbotConficker, and BredoLab or Oficla to name a few.

It is estimated that upwards of 3000+ websites fall victim to DDoS attacks daily. Regardless if the websites are back up and running the same day, damages to both revenue and customer and/or client trust can follow organizations for years.

The primary purpose of the DDoS is to overload network layers with a substantial amount of outwardly legitimate traffic.  Ultimately the traffic consumes a disproportionate amount of bandwidth within and/or outside of the network and pushes network operations to become excruciatingly sluggish or basically nonfunctional.

Adding to the confusion, botnet servers can be controlled either by a single botnet herder or by multiple herders. Ultimately, at any given DDoS attack there can be multiple origins and multiple controllers making it much more complicated to mitigate than attacks originating from a single source.

The aggressiveness of DDoS attacks was illustrated last year by the Mirai Botnet in which the attacks besieged several systems using corrupted Internet of Things (IoT) devices. iot

The expectation of IoT is upwards of 25 Billion televisions, refrigerators, watches, thermostats, and other connected devices by 2020; most with minimum to zero security in order to prevent malware infections. Resulting in an unknown amount of IoT devices ending up as mindless bots caught up in a criminal botnet.

To make matters worse, roughly 40 percent of malicious bots are able to emulate human behavior. Not only do the malicious bots deceptively present themselves to websites as legitimate bots, but they can also persistently change identities.

The infrastructure which enables these attacks is also increasing rent_a_botnet_ddos_for_hire_botnet_service_02dramatically. Anyone with mal intentions can easily purchase on-demand botnet services for DDoS attacks.

They are readily available from multitudes of online sources; for as little as $5 an hour to $40 per day; Cloaked behind the definition of  Booters or stressers services.

They are also referred to as ddoser, ip stresser, ddos tools and ddos programs. No matter the name, they all provide the same service- providing paying customers with on-demand DDoS attack capabilities, at will.

Below find some of the more well-known Booters and Stressers which are easily accessed on the Internet.

NetworkStresser.com

120GB/s of combined power. Takes down everything. Working Skype resolver. Active support. Multiple payment options.

Betabooter.com

100GB/seconds. Easy to use. API. Insane Power. Accepts Paypal.

Critical-Boot.com

Good Power. Easy to use source. PayPal/Credit cards and 15% off Bitcoin. Build Your Plan.

There are three standard types of DDoS attacks including Volumetric, Application, and Protocol attacks.

Volumetric Attacks utilize massive amounts of traffic inundating the bandwidth of the host.

Volumetric attacks are generated by employing amplification techniques which primarily elicit server responses that are disproportionate to the original packet request sent; ultimately completely blocking access to a website or service. The extent of the attack is measured in either bits or packets per second. Domain Name System Servers (DNS) Amplification being a well known volumetric attack.

DNS amplification is an asymmetrical attack in which the dns amplificationcriminal exploits vulnerabilities in DNS servers, i.e., ‘The Internet’s Backbone’ by manipulating publically-accessible domain name system servers by querying the DNS with spoofed or ‘faked’ target IP’s and making them flood a server with large quantities of User Datagram Protocol (UDP) packets.

This results in small queries being turned into massive payloads that can ultimately be used to bring down even the most robust server(s).

Moreover, DNS amplification attacks often relay the exploited DNS requests through one or more botnets, radically increasing the volume of traffic and making it that harder to track the attacker(s) identity(s).

osi-modelApplication Attacks exploit a weakness in the Layer 7 or as the name suggests the application layer.

The cyber community, in general, agrees that application attacks are both the most sophisticated and the most challenging to identify and/or mitigate.

Application attacks begin with making a connection with the host then it exhausts the dnshost’s resources by controlling processes and transactions. DNS Flood attacks are the most well known.

DNS floods are a symmetrical attack that endeavors to exhaust server-side assets like memory or CPU, with an inundation of UDP requests, generated by malicious scripts running on multiple botnet machines. The criminals will often target one or more DNS servers belonging to a specified zone, with the goal of obstructing and overwhelming the resolution of resource records of that zone and its subzones.

Protocol attacks specifically exploit weaknesses in the Layer 3 and Layer 4 protocol stack by consuming all the processing capacity of the intermediate critical resources like a firewall causing service disruption; With the most notorious attack being the Ping of Death.

A ‘ping’ is part of the Internet Control Message Protocol (ICMP) which is a networking utility that determines whether or not a host is reachable. The ICMP request packet is sent to the host, which the host then responds with an ‘echo’ reply. The size of an accurately formed ICMP request packet should be no larger than 65,535 bytes; anything larger is in violation of the Internet Protocol.ping of death

Criminals, in turn, send malformed packets in fragments as fast as possible in which the host attempts to assemble using up bandwidth. This leads to a packet size which violates the internet protocol of 65,535 bytes causing a buffer overflow, and eventually causing the host to crash and become unavailable for legitimate users. This is a Ping of Death DDoS attack.

DDoS scripts are written most often in Python, PHP, or Pearl and refers to malicious software that enables the execution of DDoS attacks.Each script can diverge in severity, ease of use and impact and attacks at the application layer.

Some of the DDoS scripts available for free on the internet (too many to list) include

LOIC  (Low Orbit In Canon)

LOIC was made famous by the hacker group Anonymous. It is easy to use especially for beginners, because of its easy-to-use GUI; all you need is the URL of the IP address of the server. LOIC performs the DOS by sending UDP, TCP, or HTTP requests to the victim server.

XOIC

XOIC comes with an easy-to-use GUI, so all levels can easily use it to perform attacks on servers and websites anonymously and secretly. All that is required is an IP address.

XOIC has three methods including, Test mode; Attack mode; Attack mode with a TCP/HTTP/UDP/ICMP Message.

TORsHammer

Tors Hammer is written in Python, and it is a slow post tool* that can be run through the TOR network** and can kill most unprotected web servers running Apache and IIS by means of a single occurrence.

HOIC (High Orbit in Cannon)

HOIC is written in BASIC and is an open source network stresser that can attack as many as 256 URLs at any one time.

Slowloris

Slowloris is written in Python and operates at the application layer. It opens as many connections to the web server as it can, and holds them open as long as possible by sending partial requests, and periodically adding them to keep the connection alive but never completing and denying connection attempts from legitimate users.

DDoS toolkits are software packages that require greater resources and generally more in-depth knowledge of scripting and systems and attacks the network layer. They infect computers and other Internet-connected devices (IoT) with malware in order to build a botnet.

The malicious bot landscape continues to evolve. Considering that more than 60 percent of the Internet traffic is generated by bots of which upwards of 30 percent is represented by malicious bots which present a force to be reckoned with when talking about internet security.

DDoS attacks can be unassuming or sophisticated, regardless, they are always ddos ransomdangerous, calculated and profit-driven with DDoS ransom being one of the nastiest elements.

Extortionists will demonstrate their capabilities by acting out an attack such as shutting down a website, followed by a threatening e-mail requesting a monetary sum usually in Bitcoin to be paid within a time-period. ‘Pay the ransom or face greater attacks.’

The extortionists will continue broadening their scope and diversifying their targets to include more diverse industry sectors and larger organizations and even larger payoffs.

Below find a few strategies which can make your network less vulnerable to attackers, remembering, there is No 100 Percent Solution to prevent cyberattacks. Continuous learning and continuous experimentation are critical.

  • Limit the number of new connections. Set parameters for the number of new connections during specific periods of time by a single user or by the network. Doing this simple strategy will make it that much harder for a criminal to overload systems.
  • Bandwidth Shaping. If configured correctly, bandwidth shaping can be an easy to apply policy against DDoS attackers.
  • Network Segmentation. By dividing your network into segments into public and internal sections, each protected by a firewall, this tactic can support your internal network when there is a DDoS attack against your public-facing systems.

CyberSecurity is a shared responsibility. Stop. Think. Connect.