Network Security

What is a DDoS Attack?
What is a DDoS attack? 1024 576 Ravensdale Digital

What is a DDoS attack?

In an era where digital security is paramount, understanding the mechanics and implications of cyber threats, such as Distributed Denial-of-Service (DDoS) attacks, is crucial for businesses. At Ravensdale Digital, not only do we provide insights into these cyber threats, but we also offer robust solutions, including secure hosting capable of withstanding DDoS attacks and continuous monitoring to protect your online assets. Based in Gqeberha (formerly Port Elizabeth), we are dedicated to fortifying businesses against these increasingly common cyberattacks.

What is a DDoS Attack?

A DDoS attack is a malicious attempt to disrupt the normal traffic of a targeted server, service, or network by overwhelming it with a flood of internet traffic. These attacks can render websites and digital services inoperable for periods ranging from a few seconds to weeks, causing significant disruption and potential loss of revenue.

How Does a DDoS Attack Work?

DDoS attacks involve a network of compromised internet-connected devices, known as a botnet. These devices, infected with malware, are controlled remotely by an attacker. The botnet sends numerous requests to the target’s IP address, leading to an overwhelmed server or network and denying service to legitimate traffic. Differentiating between legitimate and attack traffic can be challenging since each bot is a genuine internet device.

Identifying a DDoS Attack

Key indicators of a DDoS attack include:

  • Unusually slow network performance.
  • A sudden spike in traffic from a single IP address or IP range.
  • An unexpected surge in requests to a single page or endpoint.
  • Traffic patterns show unnatural spikes or intervals.

Common Types of DDoS Attacks

  1. Application Layer Attacks: Targeting the layer where web pages are generated, causing resource exhaustion.
  2. Protocol Attacks: Exploiting protocol stack vulnerabilities to disrupt service.
  3. Volumetric Attacks: Consuming all available bandwidth to the target, utilizing massive traffic from a botnet.

Mitigating a DDoS Attack

Mitigating a DDoS attack involves distinguishing between normal and malicious traffic. DDoS mitigation services re-route harmful traffic away from the victim’s network. These services, offered by providers like Cloudflare and Akamai, are essential in defending against such attacks.

Ravensdale Digital’s Commitment to Cybersecurity

At Ravensdale Digital in Gqeberha, we recognize the gravity of these cyber threats and offer advanced hosting solutions designed to withstand DDoS attacks. Our services include:

  • Secure Hosting: Robust hosting solutions equipped to counter DDoS attacks.
  • Continuous Monitoring: Round-the-clock surveillance of your website for any signs of attack.
  • Expert Support: Our team of cybersecurity experts is on hand to provide support and advice.

Conclusion

In today’s digital landscape, a DDoS attack can be a significant threat to any online business. Understanding these attacks and taking proactive measures is essential for maintaining a secure and reliable online presence. With Ravensdale Digital’s secure hosting and vigilant monitoring services, businesses in Gqeberha and beyond can confidently protect themselves against these cyber threats.

Need Protection Against Cyberattacks?

Don’t wait until it’s too late. Contact Ravensdale Digital today and fortify your online presence against DDoS attacks with our expert cybersecurity solutions.

Phishing campaign delivers data-stealing malware via fake court summons emails Ravensdale Digital

Phishing campaign delivers data-stealing malware via fake court summons emails



A newly uncovered hacking campaign is targeting employees in the insurance and retail industries with phishing emails, claiming to be from the Ministry of Justice, that infect the victim with information-stealing malware.

Uncovered by researchers at cybersecurity company Cofense, the phishing emails have the subject ‘Court’ and feature UK Ministry of Justice logos. They claim to provide information about ‘Your Subpoena’ and ask the victim to click a link because they’ve been ordered to attend a law court and have 14 days to comply. There’s no information about what the court case supposedly relates to.

If victims click through to the link, they’re directed to a cloud hosting provider which redirects them to a document containing Predator the Thief, a form of malware that’s commonly up for sale on underground hacking forums.

Predator the Thief can steal usernames, passwords, browser data and the contents of cryptocurrency wallets, as well as take photos using a webcam. The malware first emerged in July 2018.

The phishing emails use a number of layers to hide the malicious intention of the message from security software. The email contains a Google Docs link which, if clicked, automatically redirects the user to Microsoft OneDrive, which delivers a Microsoft Word document to the victim. As in many other phishing campaigns, the document asks users to enable macros; if they do, the malware is downloaded via PowerShell.

The malware then connects to a command-and-control server and provides the attacker with a gateway to the infected system and the ability to secretly steal data. When the cybercriminals decide they have gathered all the data they need, Predator the Thief self-destructs, cleaning up any evidence that it was there in the first place.

Legal technicality

Shock tactics like telling a potential victim they have a court date is a regular trick used by cybercriminals, designed to scare people into clicking phishing links and downloading malware. However, there’s a prominent clue that all is not right with this message — and it’s not just the strange email address.

The message refers to a subpoena. The term is regularly used in the United States, but the UK court system hasn’t used ‘subpoena’ since 1999 when the relevant term was changed to ‘witness summons’.

The email’s phrasing, therefore, suggests that while the cybercriminals are using UK imagery in an attempt to dupe victims, they’re not familiar with the details of the local system.

To help protect against these kinds of attacks, researchers recommend that macros are disabled by default and that users are educated about the dangers of enabling them.

Malware infection disrupts production at defence contractor plants in three countries Ravensdale Digital

Malware infection disrupts production at defence contractor plants in three countries

One of the biggest defence contractors in the world is having a very bad week after malware infected the company’s network and caused “significant disruption” at plants in three countries, the company said on Thursday.

The infection took root on Tuesday, September 24, and affected Rheinmetall AG, a German corporation based in Düsseldorf, and one of the biggest manufacturer of armored fighting vehicles, tanks, ammunition, and various electronic systems.

Plants in Brazil, Mexico, and the US have been impacted, Rheinmetall said in a press release.

The company did not reveal any details about the incidents, or what type of malware was involved.

RHEINMETALL EXPECTS LOSSES IN THE TENS OF MILLIONS OF EUROS

Rheinmetall said it expects to malware incident to have an impact on its bottom line in the long run, with losses in the tens of millions of euros.

While deliverability is assured in the short term, the length of the disruption cannot be predicted at this time. The most likely scenarios suggest a period lasting between two and four weeks,

it said

“As things stand, the Group expects the malware event to have an adverse impact on operating results of between €3 million and €4 million per week starting with week two.”

A spokesperson was not available for comment and additional details.

Rheinmetall is not the only major company to suffer a major malware infection in the past year. Past incidents mostly include ransomware incidents, such as those at aeroplane parts manufacturer Asco, aluminium provider Norsk Hydro, cyber-security firm Verint, the UK Police Federation, utility vehicles manufacturer Aebi SchmidtArizona Beverages, engineering firm Altran, the Cleveland international airport, and chemicals producers Hexion and Momentive.

Earlier this week, French TV station France24 revealed that Chinese state-sponsored hackers breached multiple Airbus suppliers by using unpatched VPN systems to enter their internal networks. The same hackers are said to have also targeted British engine-maker Rolls-Royce and the French technology consultancy and supplier Expleo.

 

Ransomware – Precaution is better than Paying Cash Ravensdale Digital

Ransomware – Precaution is better than Paying Cash

Ransomware – Precaution is better than Paying Cash

According to a 2017 Annual Threat Report by SonicWall, ransomware attacks have exploded in 2016. SonicWall’s Global Response Intelligence Grid saw more than 628 million ransomware attempts last year, up from the 3.8 million attempts recorded in 2015, and 3.2 million recorded in 2014. A 19% increase year-over-year is alarming, but a 165 fold increase over the course of a single year is a call for action.

As a business owner in today’s world, you are not safe from ransomware attacks. Learn how you can prevent a cyber-attack on the IT infrastructure of your business and keep data protected. Remember precaution is always better than giving ransom money to cybercriminals.

Last week’s global ransomware attack #wannacry successfully immobilized over 200,000 computers across 40 countries, including 70,000 machines and medical equipment across NHS hospitals in England and Scotland. The attack also caused large corporations to halt operations, such as the UK’s Nissan Manufacturing Plant- one of the busiest in the country, and FedEx, which later ordered all North American facilities to take any non-essential Windows devices off their networks.

The attack was thwarted late Friday afternoon by a 22-year-old in the UK, who exploited a flaw in the malware by registering a $10 domain name. It seems the malware was calling out to a specific unowned domain to carry out the attacks. Now at the start of a new work week, security experts are expecting #wannacry to make a comeback- this time it will be missing its kill switch.

Below you will find a quick summary of the different types of ransomware and how you should protect your business from future risk.

Ransomware can affect your devices in different ways, usually broken down into two sub-types, encrypting and non-encrypting.

Encrypting Ransomware

Encrypts your documents, pictures, videos and every other type of file format you have on your computer. You will need to pay a cybercriminal for a key to decrypt the system. Examples of encrypting ransomware include CryptoLocker and CryptoWall.

Non-Encrypting Ransomware

Locks your screen and prohibits you from accessing the system. You will only be able to access your computer when you pay the ransom money. WinLock is an example of non-encrypting ransomware. There are also a few non-encrypting ransomware trojans that display fake messages from law enforcement agencies to extract money from victims.

A Less Common Ransomware

Another type of ransomware is MBR (Master Boot Record) Ransomware. It strikes the MBR section of the computer’s hard drive and restricts it from booting the operating system.

Is your Business At Risk? Yes, it is.

Last week’s #wannacry attack is a great example of why no one is safe from ransomware. If your business has a computer and access to the internet, your business is at risk.

Cybercriminals attack businesses for many reasons such as:

  • Unlike individuals, business owners are assumed to have the resources to pay large amounts of money in short time periods.
  • Many business owners do not report cyber-attacks because they believe that it will damage their reputation and negatively impact their customer base.
  • Cybercriminals know business owners will look for the quickest solution if their business operations are disrupted. In most cases, this means paying the ransom.
  •  New business policies such as BYOD (Bring Your Own Device) or Remote Access File-Sharing provide flexibility to employees. But, they also offer an easy platform for cybercriminals to attack your business.
  • Business owners often ignore the security of IT infrastructure which makes the computers prone to vulnerabilities.
  • Usually, small business owners manage the IT infrastructure on their own without the help of experienced IT professionals. This leaves businesses defenceless against multiple data issues including ransomware.

How does a Ransomware affect a Computer?

  • The most common method involves using spam emails with malicious links.
  • Vulnerable software and installation of pirated/outdated software.
  • If you visit an untrusted website or a legitimate website with malicious code, it can spread ransomware.
  • If your PC is on a ransomware-affected network, it can give cybercriminals access to your data.

Precautions against Ransomware

Precaution is the best solution in a fight against ransomware! Cybercriminals take advantage of unpatched software, outdated apps, and pirated operating systems to access your system. It is best to take preventative measures against ransomware so you do not have to leave your business’ uptime in the hands of cybercriminals. Here are a few tips to help keep you safe:

  • Keep the operating system updated. Avoid using pirated versions of operating systems. Update your apps regularly. Remember that patches save you from a large number of cyber-attacks.
  • Install a robust anti-virus program and make sure that your employees update it regularly.
  • Backup your data to an external hard-drive or any other backup appliance. Cloud-based ransomware attacks have made it necessary to use a physical layer as part of your back-up strategy. Also, do not forget to back up your websites and website databases.
  • Do not login to untrusted websites and train employees to avoid trusting unknown websites.
  • Provide limited access to certain users. If a user’s PC is infected by ransomware, cybercriminals will only be able to access areas the user is allowed to. This can help mitigate risks to other devices in a different security layer.
  • Set up strong SPAM filters to block attachments such as .exe, .zip, .rar, .scr, etc. to restrict access to SPAM messages with ransomware trojans.
  • Disable macros on your entire network. Use of macros for malware attack is a very common phenomenon. You can use the new blocking feature in Office 2016 and disable it via a Group Policy or on an individual basis.

Cybercriminals are inventing new ways of attacking your business every day. It can be taxing to try and keep up with the latest security updates and best practices. That’s why many business leaders choose to hire managed IT professionals to oversee and protect their IT infrastructure. Choose a reputable company to manage your IT environments that can ensure accountability and has a proactive service model. This way, decision-makers can focus their efforts towards new business goals and drive future growth!

If you have any further question about ransomware or need technical support, Ravensdale IT is only a call away. Call  067 822 1105 and learn more about how Ravensdale IT can protect your business from ransomware attacks and many other forms of cyber-attacks.