Weekly Cyber Risk Roundup: Unique Cyber-Attacks and Insider Theft

Yahoo remained as the top trending cybercrime target due to a data breach affecting more than a billion accounts. The breach is so large that regulators such as the FTC and SEC are facing uncharted territory when it comes to potential fines or other consequences related to the incident, Vice News reported.  

2016-12-23_ITT.pngLooking beyond the ongoing Yahoo story, there were several unique cybercrime-related events worth noting from the past week.

For starters, a data breach at Kia and Hyundai aided in the physical theft of dozens of cars, Israeli police said. Criminals were able to use the stolen data to make car keys for luxury cars and steal those cars directly from the owners’ homes. The three men who were arrested allegedly looked for the registration numbers on Kia and Hyundai models and then used those number along with stolen anti-theft protection numbers and other codes to make keys for each specific car. Once the keys were made they would visit the owners homes — the information was also in the stolen data — to steal the vehicles and then sell them on the Palestinian car market.

Another interesting story is the recent sudden shutdown of a power distribution station near Kiev, which left the northern part of the city without electricity. Vsevolod Kovalchuk, the acting chief director of Ukrenergo, told Reuters that the outage was likely due to an external cyber-attack. The outage amounted to 200 megawatts of capacity, which is about a fifth of Kiev’s nighttime energy consumption.

If definitively tied to a cyber actor, the incident would be the second time in a year that a Ukrainian power outage was attributed to a cyber-attack. The December 2015 outage at Prykarpattyaoblenergo has been frequently cited as the first power outage directly tied to a cyber-attack.

2016-12-23_groups

Other trending cybercrime events from the week include:

  • Education Information Compromised: Online learning platform Lynda.com is notifying its 9.5 million users of a data breach after a database was accessed that contained users’ contact information, learning data and courses viewed. The Columbia County School District in Georgia confirmed it was the victim of a data breach after an external actor accessed a server containing confidential employee information such as names, Social Security numbers and dates of birth. A malware infection at Summit Reinsurance Services may have compromised the information of 1,000 current and former employees at Black Hawk College, as well as those employees’ dependents. The University of Nebraska-Lincoln notified approximately 30,000 students that their names and ID numbers may have been compromised when a server hosting a math placement exam was breached.
  • More Healthcare Data Breaches: Community Health Plan of Washington is notifying 381,534 people that their information may have been compromised due to a vulnerability in the computer network of NTT Data, which provides the nonprofit with technical services. East Valley Community Health Center in California is notifying patients of a Troldesh/Shade ransomware infection on a server containing patient information. The server contained 65,000 insurance claims from the past six years, which included names, dates of birth, home addresses, medical record numbers, health diagnosis codes and insurance account numbers. A number of employees allegedly attempted to access the medical records of Kayne West during his recent week-long stay at the UCLA Medical Center.
  • OurMine Continues to Hijack Popular Accounts: The hacking group known as “OurMine” managed to hijack the Twitter accounts of both Netflix and Marvel on Wednesday. The group posted its usual message about how they were just testing security, along with their contact information.
  • DDoS Attacks Used to Protest New Law in Thailand: Thai government websites were hit with DDoS attacks in protest of a new law that restricts internet freedom. The websites of the Defense Ministry, Ministry of Digital Economy and Society, the Prime Minister’s Office, and the Office of the National Security Council were all targeted. In addition, a hacker going by the name “blackplans” posted screenshots of documents allegedly stolen from government websites.
  • Other breach announcements: A May 2016 phishing incident led to 108 employees of L.A. County handing over their email credentials, resulting in a data breach affecting 756,000 individuals. A hacker going by “1×0123” claims to have hacked PayAsUGym and is attempting to sell a database of information on 305,000 customers. A database backup from the forum of digital currency Ethereum was stolen after a malicious actor socially engineered access to a mobile phone number and gained access to accounts. About 350 Ameriprise clients had their investment portfolios exposed due to an advisor synchronizing data between between his home and work and neither drive requiring a password. The Bleacher Report announced a data breach affecting an unknown number of users who signed up for accounts on its website. The U.S. Election Assistance Commission (EAC) acknowledged a potential intrusion after a malicious actor was spotted selling information related to an unpatched SQL injection vulnerability.

SurfWatch Labs collected data on many different companies tied to cybercrime over the past week. Some of those “newly seen” targets, meaning they either appeared in SurfWatch Labs’ data for the first time or else reappeared after being absent for several weeks, are shown in the chart below.

2016-12-23_ittnew

Cyber Risk Trends From the Past Week

2016-12-23_riskSeveral stories from the past week once again highlighted the problem of malicious insiders stealing intellectual property and taking that stolen data directly to company rivals in order to give those rivals a leg up on the competition.

The first case involves India’s Quatrro Global Services, which recently filed a complaint with local police accusing two former employees of stealing a customer database and using that database to open a rival remote support company, MS Care Limited.

The employees left Quatrro Global Services in late 2014 and early 2015 and opened the rival company in January 2016. The complaint alleges the database was “used to derive unlawful commercial benefit by accessing our customers, leading to our commercial loss while gaining unauthorised access to our customer’s personal information, which could be used for unlawful purposes.”

A separate case involves David Kent, 41, who recently pleaded guilty to stealing more 500,000 user resumes from Rigzone.com, a company that he sold in 2010, and then using the stolen data to boost the membership of his new oil and gas networking website, Oilpro. According to the complaint, Rigzone’s database was hacked twice, and its members were subsequently solicited to join Oilpro. After building up the membership base in this manner, Kent then tried to sell the Oilpro website by stating that it had grown to 500,000 members through traditional marketing methods.

As SurfWatch Labs noted in October, insider threats are one of the most difficult challenges facing organizations. A recent survey of 500 security professionals from enterprise companies found that one in three organizations had experienced an insider data breach within the past year and that more than half of respondents believe that insider threats have become more frequent over the past year.

SurfWatch Labs data confirms those security professionals worry, having collected data on more than 240 industry targets publicly associated with the “insider activity” tag over the past year.

POS Breaches: Bankrupting Small Businesses and Impacting the Supply Chain

There’s a popular cybercrime statistic that has been vexing me for years, and if you read cybersecurity news regularly, I’m sure you’ve seen it cited a few dozen times as well:

60% of small businesses close their doors within six months of a cyber-attack.

I’ve always been skeptical of that bold statistic. As Mark Twain wrote in his autobiography, attributing the now famous quote to British Prime Minister Benjamin Disraeli, “There are three kinds of lies: lies, damned lies and statistics.” Sixty percent is incredibly high (and what percent of these companies would have failed anyway, cyber-attack or not?); nevertheless, I’ve always wanted to find the source of that data and delve into the stories behind that number.

I’ve largely failed on both of those fronts over the past few years.

First, the statistic is most often attributed in some vague way to either the National Cyber Security Alliance or the U.S. House Small Business Subcommittee on Health and Technology. In fact, National Cyber Security Alliance executive director Michael Kaiser did quote that statistic before the House Small Business Subcommittee on Health and Technology in December 2011, but he was actually citing a Business Insider article from three months prior. The Business Insider article is similarly vague, saying only that “about 60 percent of small businesses will close shop within six months of an attack” — but providing no other context to back up that assertion.

Second, my repeated attempts to find small businesses that have failed due to cyber-attacks — and are willing talk publicly about those failures — have come up mostly empty.

When Breaches Lead to Bankruptcy

All of this serves as a backdrop to the recent conviction of Roman Valerevich Seleznev, aka Track2, 32, of Vladivostok, Russia. Seleznev was convicted on August 25 of 38 counts related to hacking point-of-sale systems and stealing payment card information. According to trial testimony, Seleznev’s scheme led to more than $169 million in losses across 3,700 financial institutions.

Perhaps most interesting — at least when it comes to my ongoing quest to chronicle small businesses being put out of business by cybercrime — was this tidbit from the Department of Justice press release:

Many of the businesses [targeted by Seleznev] were small businesses, some of which were restaurants in Western Washington, including the Broadway Grill in Seattle, which was forced into bankruptcy following the cyber assault.

According to the indictment, Seleznev and others used automated techniques such as port scanning to identify vulnerable retail point-of-sale systems that were connected to the Internet and then infect those systems with malware.

“[Seleznev and others] hacked into, installed malware on, and stole credit card track data from, hundreds of retail businesses in the Western District of Washington and elsewhere,” the indictment stated. “[They] stole, in total, over two million credit card numbers, many of which they then sold through their dump shop websites … generating millions of dollars of illicit profits.”

Seattle’s iconic The Grill on Broadway was one of those small businesses to be hit by point-of-sale malware in 2010. The incident, along with other issues inherited from previous owners, led to the restaurant being closed in 2013.

“It became a target of a credit card number harvesting scheme that claimed a number of businesses on Broadway as victims,” the Seattle Gay Scene wrote at the time of the closing. “Several years of missed software updates played a significant role in the incident and [owner Matthew] Walsh and his team discovered this fact only a few months after purchasing the business. The effects were devastating to The Grill, generating massive amounts of negative publicity and drastically reduced revenue at the restaurant.”

The resources required to stay afloat were simply too much.

“In spite of what it may seem, we’re a very small business,” Walsh said. “We don’t have endless financial resources to keep us afloat like a chain restaurant or large corporation could.”

Recent Supply Chain Issues Affect POS Systems

The conviction of Seleznev over stolen payment card information and the re-emergence of The Grill on Broadway’s story comes during the same month that several point-of-sale vendors, including Oracle MICROS, have announced potential compromises — and a series of retailers and hotels have subsequently published data breach notifications.

Those breaches haven’t been explicitly connected, but several of the hotels to recently announce breaches have previously confirmed using MICROS products.

For example, Millennium Hotels & Resorts (MHR), which recently announced a data breach affecting food and beverage point-of-sale systems at 14 hotels, said it was notified by a third-party service provider about “malicious code in certain of its legacy point of sale systems, including those used by MHR.”

“The third party is a significant supplier of PoS systems to the hotel industry,” a spokesperson responded when SurfWatch Labs inquired about problems stemming from the supply chain. “It is aware of these issues. We are not disclosing the name.”

However, in 2008 MICROS Systems, now owned by Oracle, announced that Millennium Hotels & Resorts would be using MICROS “as the standard food and beverage point-of-sale solution for its 14 Millennium Hotel properties located in the United States” — so it’s possible there’s some connection between the breaches.

The same Russian group that hit MICROS has targeted at least five other cash-register providers, according to Forbes’ Thomas Fox-Brewster. Investigations are ongoing, but as we noted in our recent report, cybercrime is increasingly interconnected and compromises can quickly move down the supply chain, affecting everyone from small businesses to large enterprises.

If that 60% statistic is true, even partially, then it begs the question: will these recent breaches in the point-of-sale supply chain lead to more shuttered doors in the future?

And will we hear those businesses’ stories if it does happen? Or will they just become another vague statistic that we all continue to reference?

After Slow Start in 2016, Point-of-Sale Breaches Surging

Last week Eddie Bauer became the latest in a growing string of companies to announce a major point-of-sale-related breach. All 350 North American stores were affected by malware that may have siphoned off customers’ payment card information between January and July of this year.

Not all cardholder transactions were impacted, the company said, and the breach does not include any online transactions; however, the announcement comes during the same month that Oracle MICROS, HEI Hotels & Resorts and several other companies posted similar breach announcements.

The recent surge follows a comparatively quiet period over the first half of 2016, as this chart from our Mid-Year 2016 Cyber Risk Report highlights.

POS
Compared to the large number of POS breaches and chatter in 2014, the past year and a half has been relatively quiet — other than a spike in late 2015 tied to several different hotel breaches, the report said.

“This dip in discussion is accentuated by the extreme number of high-profile organizations affected by POS breaches in 2014, perhaps skewing the perception for what ‘normal’ levels of activity should be,” the report noted. “Point-of-sale breaches are not making as many headlines, but breaches so far this year have proven that for many organizations the associated costs are as high or higher than they have ever been.”

Revisiting that chart a month and a half later, it appears the activity level is now kicking up to match those high costs. SurfWatch Labs has collected more point-of-sale-related CyberFacts in August (through just 21 days) than any other month so far this year.

2016-08-22_POS_Chatter.png
The number of point-of sale CyberFacts collected by SurfWatch Labs has surged in recent months (data through August 21). HEI Hotels & Resorts is the highest trending POS-related target this month after announcing a data breach.

Oracle, Other Vendors Compromised

Adding to the concern around point-of-sale systems, Brain Krebs recently broke the news of a breach of hundreds of computer systems at Oracle, including a customer support portal for companies using Oracle’s MICROS point-of-sale credit card payment systems.

Sources said the MICROS customer support portal has been observed communicating with a server known to be used by the Carbanak Gang. That’s alarming since the gang is suspected be behind the theft of more than $1 billion from financial institutions in recent years.

“This breach could be little more than a nasty malware outbreak at Oracle,” Krebs wrote. “However, the Carbanak Gang’s apparent involvement makes it unlikely the attackers somehow failed to grasp the enormity of access and power that control over the MICROS support portal would grant them.”

The investigation is ongoing, and Oracle so far has not provided customers or media outlets with many answers.

To make matters worse, Forbes’ Thomas Fox-Brewster reported that several other cash register suppliers besides MICROS have been breached recently.

“It now appears the same allegedly Russian cybercrime gang has hit five others in the last month: Cin7, ECRS, Navy Zebra, PAR Technology and Uniwell,” he wrote. “Together, they supply as many as, if not more than, 1 million point-of-sale systems globally.”

Hotels Remain Top Trending POS Target

In our mid-year report, the “Hotels, Motels and Cruiselines” subgroup of Consumer Goods dominated the chatter around point-of-sale breaches, and not much has changed in the two months since that report. In fact, nearly 42% of all the point-of-sale CyberFacts collected by SurfWatch Labs so far this year have fallen into that group.

2016-08-22_POS_Groups
More than 60% of SurfWatch Labs’ point-of-sale related CyberFacts collected this year fall into either the Hotels, Motels and Cruiselines or Restaurants and Bars groups.

The top trending point-of-sale target this month is HEI Hotels & Resorts, which announced a breach involving 20 hotels on August 12. The malware was discovered in June on point-of-sale systems used at restaurants, bars, spas, lobby shops and other facilities, according to Reuters. Twelve Starwood hotels, six Marriott International properties, one Hyatt hotel and one InterContinental hotel were impacted.

If those names sound familiar, it’s because several of them have already made news for data breaches of late, including Hyatt in December 2015 and Starwood in January 2016.

Other data breaches this year involving hotels include Kimpton Hotels, Hard Rock Hotel & Casino Las Vegas, Rosen Hotels & Resorts and the Trump Hotel Collection.

2016-08-22_POS_Groups_ITT

Although the various incidents that have been announced in recent weeks have not been explicitly connected by either researchers or law enforcement, the breach notice from Eddie Bauer did signify that other organizations have been targeted with a similar campaign.

“Unfortunately, malware intrusions like this are all too common in the world that we live in today,” the company wrote. “In fact, we learned that the malware found on our systems was part of a sophisticated attack directed at multiple restaurants, hotels, and retailers, including Eddie Bauer.”

Other experts such as Gartner fraud analyst Avivah Litan have speculated that the breach at Oracle “could explain a lot about the source of some of these retail and merchant point-of-sale hacks that nobody has been able to definitively tie to any one point-of-sale services provider.”

At the moment many questions remain, but if these investigations lead to the discovery of further compromises, expect to see more breach announcements and more payment card information being sold on Dark Web markets in the months to come.

Payment Transactions Face New Data Breaches and Exploits

The last few weeks have not been kind to businesses and customers concerning payment transactions and digital currency. Several point-of-sale systems and digital wallet services have come under fire for data breaches and potential financial theft — not to mention the recent theft of $68 million worth of bitcoin.

The most wide-reaching event may be the breach at software company Oracle Corp, which was reported by Brian Krebs on Monday. A Russian cybercrime group appears to be behind an attack that saw the compromise of hundreds of computers system, including a customer support portal for Oracle’s MICROS point-of-sale credit card payment systems.

This could be a potentially huge breach, as more than 330,000 cash registers around the world utilize Oracle’s MICROS point-of-sale system. In 2014, the company said that about 200,000 food and beverage outlets, 100,000 retail sites, and 30,000 hotels used the software.

It is currently unknown how many organizations were affected by the breach or how long the breach took place. The investigation is ongoing, but potential ties to the Carbanak Gang have raised the level of concern. Oracle did tell Brian Krebs that the company “detected and addressed malicious code in certain legacy MICROS systems,” and that Oracle asked customers to reset their MICROS passwords.

Digital Wallets Face Scrutiny

At last week’s Black Hat conference, a security researcher presented on a flaw in the mobile payment system Samsung Pay. Samsung Pay allows customers to save payment cards on a digital wallet, providing users the option to select the payment card of their choice with the added security of a PIN or fingerprint scan to complete a purchase.

Security expert Salvador Mendoza discovered several problems with Samsung pay, including static passwords used to protect databases, weak obfuscation, and comments in the code. Mendoza also discovered issues with the tokens that are used to complete transactions. Cybercriminals could potentially predict future tokens from studying previous tokens used to make fraudulent transactions.

“Samsung Pay has to work harder on the token’s expiration date to suspend it as quickly as possible after the app generates a new one, or the app may dispose of the tokens which were not implemented to make a purchase,” Mendoza explained. “Also, Samsung Pay needs to avoid using static passwords to ‘encrypt’ its files and databases with the same function because eventually someone will be able to reverse it.”

Samsung responded to Mendoza’s claims by saying “reports implying that Samsung Pay is flawed are simply not true.”

However, in a separate document Samsung did admit that “skimming” a token is possible, although extremely difficult.

“Samsung Pay’s multiple layers of security make it extremely difficult to make a purchase by skimming a token,” the company wrote. “This skimming attack model has been a known issue reviewed by the card networks and Samsung pay and our partners deemed this potential risk acceptable given the extremely low likelihood of a successful token relay attack.”

Samsung Pay isn’t the only digital wallet in the news for potential cybersecurity issues.  Venmo — a digital wallet service that allows users to interact with friends by sending money, making purchases, and sharing payments — made headlines recently for flaws that could potentially lead to malicious purchases.

A flaw in an optional SMS-based feature could allow a criminal to easily steal money from people’s accounts, according to researchers. Because Venmo allows users to charge friends through shared bill pay, that friend has to authorize the charge before payment is made. A hacker with physical access to a Venmo user’s phone could steal money from another user’s account by replying to a notification text message with a provided 6-digit code. A feature in Siri that allows users to reply to text messages from locked devices along with the iOS text message preview feature make this attack possible.

“A hacker could have sent a payment request to a targeted user, and if they had access to the victim’s locked device, they could have used Siri to send the approval code displayed on the screen, ” said Eduard Kovacs of SecurityWeek. “The maximum amount of money an attacker could have stolen from one user was $2,999.99 per week, which is the weekly limit set by the developer.”

Keeping Payments Safe

As we’ve highlighted on this blog and in recent threat intelligence reports, high-profile payment-related breaches aren’t at the forefront of cybercrime in the way they were several years ago. However, recent events prove that these payment systems — traditional point-of-sale systems, digital wallets and digital currencies — can lead to significant direct losses as well as brand damage and other consequences from the negative press generated by discovered vulnerabilities.

As SurfWatch Labs’ Chief Security Strategist Adam Meyer recently wrote, cybersecurity is largely about identifying and removing opportunity for malicious actors to do bad things — either directly or indirectly.  There are clear best practices that can be utilized by both businesses and customers to help protect sensitive payment data. Unfortunately, data is only as safe as the methods used to protect it.

Cybercriminals are constantly coming up with new methods and tricks to crack software and trick people into divulging their sensitive information. Cyber threat intelligence can help organizations remain mindful of the many new and evolving threats, identify their weaknesses, and deploy safeguards to protect data — whether that is payment-related data or other sensitive information.

 

Despite Drop In Frequency, PoS Data Breaches are Still a Threat

In 2014, point-of-sale (PoS) data breaches against mainstream retail stores like Target and the Home Depot were primary talking points in cybersecurity. In 2016, PoS data breaches haven’t garnered as much attention, with threats like ransomware and more sophisticated phishing attacks taking up the mantle of the leading concerns in cybersecurity.

Over the last two years, the amount of chatter around PoS breaches has dropped dramatically.

Point of sale chatter
The chart above shows all PoS-related CyberFacts from June 2014 – May 2016. Outside of a rise in CyberFacts starting in October 2015 the amount of chatter concerning PoS breaches has remained low. 

PoS breaches still occur, but the frequency of attacks, as well as the targets, have changed. In 2014, department stores were impacted the most by PoS data breaches. Since that time, cybercriminals have turned their attention towards hotels, restaurants and bars. In many instances, a hotel had an associated restaurant or bar’s payment system compromised. The payment card breach against Starwood properties is one example of this activity.

POS chatter by group
Cybercriminals have shifted to new targets with regards to PoS breaches. While Department Stores were a top trending target in 2014, since then, cybercriminals have shifted their efforts to breaching PoS systems at Hotels, Motels and Cruiselines. 

New EMV Standards Having an Impact on PoS Cybercrime

Back in October 2015, the United States implemented new EMV standards aimed at protecting against PoS cybercrime. Many big retail stores have adopted the technology, which has helped thwart the amount of payment card cyber-attacks against them.

There have been well-documented problems so far with EMV, from customers not having access to chip-enabled cards to retailers offering customers the option swipe their card rather than force them to use the Chip-and-PIN technology.  Perhaps the biggest problem with the EMV shift is the amount of retail companies that simply do not offer customers payment terminals that accept the new Chip-and-PIN cards.

Despite the problems, EMV has positively impacted PoS cybercrime. However, due to the increased security, cybercriminals are turning their attention to other, more lucrative attack vectors. In 2016, phishing and ransomware attacks have both trended highly.

Latest PoS Data Breaches and Malware

However, cybercriminals haven’t completely turned away from attacking payment terminals. To date, SurfWatch Labs has collected information on 23 industry targets related to PoS data breaches.

In what is probably the most recent of those breaches, security researcher Brian Krebs has reported fraudulent activity involving the Texas-based restaurant chain CiCi’s Pizza. In this event, a cybercriminal posed as a “technical support specialist” for the company’s PoS provider, which allowed access to payment card data. This social engineering technique is one way cybercriminals can circumvent EMV (assuming CiCi’s Pizza utilized these payment terminals).

The old-fashioned malware attack vector is still being utilized as well to conduct attacks on PoS systems. New variants are still being created and continue to evolve. Some of the latest PoS malware families to make headlines include:

  • TreasureHunt PoS
  • AbaddonPOS
  • Multigrain
  • FighterPOS
  • FastPOS

With EMV implementation taking place at new retail locations daily, the amount of PoS-related data breaches is bound to decrease. Protecting customers at the point of physical payment is paramount to retail operations, but organizations can do more. Social engineering and phishing attempts are among the biggest threats facing organizations today, and Chip-and-PIN won’t protect against this threat. Deploying physical security features like firewalls is obviously important, but educating employees about phishing and social engineering tactics is arguably just as important a cybersecurity strategy.

 

 

 

Consumer Goods Sector Most Impacted By DDoS In 2016

The consumer goods sector has seen more chatter around DDoS than any other sector so far in 2016, according to data from SurfWatch Labs.

2016-04-20_ddos
The Consumer Goods Sector has seen the most DDoS-related CyberFacts this year, including attacks against Blizzard, the BBC, Ireland’s National Lottery, and many more.

The consumer goods sector has become a popular target for DDoS attacks, with new groups like DD4BC emerging on the scene and attempting to extort money from victims in exchange for not launching a DDoS attack against them. Retail stores – especially online retailers – make appealing targets for cybercriminals as they are more likely to pay a ransom demand to avoid service interruption due to the amount of money that could be potentially lost during a DDoS attack.

Gaming networks such as Steam, Xbox Live, and the PlayStation Network are popular targets. Last week, the infamous cyber group Lizard Squad launched a DDoS attack against Blizzard’s gaming servers, effectively taking the servers offline for a couple hours.

DDoS attacks are a popular method of cyber-attack due to their ease of execution and price point. There are DDoS-for-hire services on the web that can be utilized for just $38 per hour. This price is shockingly low considering companies have reportedly lost anywhere from $5,000 to $40,000 per hour during a DDoS attack.

DDoS will remain a popular trend in cybercrime. However, DDoS related CyberFacts have decreased since peaking in January 2016.

2016-04-18_ddos3
DDoS attacks against high-profile targets such as the BBC and Ireland’s National Lottery led to a surge in DDoS-related chatter in January 2016. However, the number of CyberFacts related to DDoS has since dropped. 

Layer 7 DDoS Attack Makes Headlines

Earlier this month, a humongous Layer 7 DDoS attack was spotted reaching 8.7 Gbps of bandwidth through the Nitol botnet, which set a new record for this specific type of DDoS attack. While 8.7 Gbps doesn’t seem like much of a figure compared to traditional DDoS attacks of over 100 Gbps, Layer 7 DDoS attacks are different.

A DoS attack is an attempt by a criminal or hacktivist group to make a computer or network resource unavailable. This is done by interrupting a host’s services that are connected to the Internet. The most common method of DoS is a DDoS attack. DDoS attacks use botnets –- an enslaved group of computers –- to push massive amounts of communication to a targeted server to achieve its goal of service disruption.

A Layer 7 DDoS attack has the same end goal as a traditional DDoS attack, except for a few small differences. It only needs to use a small amount of network packets to disrupt service as this will create massive server processing operations that will exhaust a target’s CPU and RAM resources. This means that a Layer 7 DDoS attack can be pulled off by sending only a few thousand requests per second.  

As recent DDoS attacks have shown, cybercriminals have a variety of different ways to disrupt services or attempt to extort money from organization. Businesses should be prepared for the possibility of these attacks and work with a reputable DDoS mitigation company if they are concerned about those risks.