The Industry’s Only SaaS-Delivered Enterprise DLP

Our unique approach to DLP allows for quick deployment and on-demand scalability, while providing full data visibility and no-compromise protection.

No-Compromise Data Protection is:

  • Cloud-Delivered
  • Cross Platform
  • Flexible Controls
DATAINSIDER

Digital Guardian's Blog

Everything Old is New Again



The adage that there is nothing new under the sun is especially relevant in the security field. Attacks and the technologies that spring up to defend against them tend to run in cycles, and the recent resurgence of DDoS attacks of various stripes has shown once again that we still don’t have a real handle on how to stop this problem.

When DDoS attacks first started gaining a lot of attention in the late 1990s, one of the things that security experts worried about and warned about was just how easy they are to execute. Even 20 years ago, it didn’t take much in the way of resources or technical knowledge to launch a large enough attack to cripple large sites or bother ISPs. DDoS toolkits were sold openly and for short money and anyone with enough time on his hands could assemble a botnet large enough to cause serious trouble and grab a few headlines.

Many of the early DDoS attacks were designed to do just that: generate publicity and annoy the target. They fell out of favor at some point, but never really went away. Hackers use them to attack each other all the time, which no one really cares about. It’s not until the nonsense spills out into the real world that people sit up and take notice. And that’s just what’s happening now.

The Mirai botnet has been at the center of this recent resurgence in high-profile DDoS activity. Mirai is best known for being used in attacks on Brian Krebs’s site and on a hosting provider several weeks ago. But the botnet - or more accurately, several botnets - also has been involved in a slew of other attacks, as well, including a series of recent powerful attacks on telecom providers in Liberia. Those attacks were short in duration but they were strong enough to temporarily interrupt Internet connectivity in the country, which relies on a single undersea cable for its connection. Those attacks were in the range of 500-600 Gbps, which is pretty impressive for a botnet of cameras and DVRs.

And in the run-up to the election, attackers used Mirai to hit sites owned by both the Trump and Clinton campaigns with short, powerful DDoS attacks. On Monday, someone using a portion of Mirai reportedly went after an automated calling tool that the Clinton campaign was using to call voters before election day.

“It was slower in the morning, and then went down for hours at a time,” Suzanne Henkels of NextGen, a climate awareness group using the tool to make calls, told The Verge.

But Mirai certainly isn’t the only botnet operating out there these days. Over the last couple of weeks, attackers have targeted the heating systems of two residential buildings in the Finnish city of Lappeenranta. The DDoS attacks were able to stop the systems and cause them to reboot many times, and prevented the systems from producing hot water to heat the buildings. That’s a problem, especially considering that temperatures are well below freezing in Finland at this time of year.

DDoS attacks are an old problem and networking and security experts have understood for a long time how to mitigate them. But the problem has never really been solved fully. The tools to run DDoS attacks are easily available and with the ubiquity of high-bandwidth connections and hundreds of millions of insecure connected devices, there is no indication that things are going to improve any time soon.

Dennis Fisher

ANALYST REPORTS

Selecting and Optimizing your DLP Program With Securosis

Dennis Fisher

Dennis Fisher is editor-in-chief at Duo Security. He is an award-winning technology journalist who has specialized in covering information security and privacy for the last 15 years. Prior to joining Duo, he was one of the founding editors of On the Wire, Threatpost and previously covered security for TechTarget and eWeek.