ICYMI: Putin's rage, DDoS attacks, and post-Heartbleed OpenSSL

This week's In Case You Missed It column looks at Vladimir Putin's Internet views, bigger and badder DDoS attacks, and further reaction to OpenSSL and Heartbleed.

ICYMI: Putin's rage, DDoS attacks, and post-Heartbleed OpenSSL
ICYMI: Putin's rage, DDoS attacks, and post-Heartbleed OpenSSL

Putin the boot into the CIA

Fresh from his interview with Edward Snowden on government surveillance (short answer: Russia apparently does nothing of the sort), Russian president Vladimir Putin claimed earlier this week that the Internet is in fact a “CIA project”, presumably in light of the revelations from Snowden on alleged NSA spying.

This brings up the possibility of a locally-controlled Internet, something that has also been proposed in Germany. However, it comes in the same week that The Guardian reported that the Russian parliament passed a law, requiring foreign social media websites to keep their servers in the country. What's more, the law also requires them to save all information on their users for at least the first six months. It's also the same week that the Pavel Durov, founder of Russia's 'Facebook', VKontakete, fled the country claiming he had been forced to sell out to Putin 'cronies'.

DDoS attacks: 800Gbps and beyond

Distributed-denial-of-service (DDoS) attacks are getting bigger and badder, according to three reports published earlier this week.

Black Lotus – which provides solutions to defend against DDoS attacks – published its Q1 report which predicts that attacks will exceed 800Gbps within the next 12 to 18 months. It found that DDoS attacks peaked at 421Gbps and 122 million packets per second.

In the same week, Akamai's Q4 2013 State of the Internet report revealed that there had been a 50 percent rise in DDoS attacks in 2013 and - interestingly - indicated that one in three attacks are likely to be replicated against the same organisation.

In addition, as a sign of how these attacks have become forefront of mind over the last 12 months, Verizon Data Breach Investigations Report gave DDoS attacks its own section this year. It revealed an increase in DDoS attack size from 7Gbps on average in 2012 to 10.1Gbps last year.

Verizon report takeouts: Cyber espionage, data breach recovery

Verizon published its well-respected Data Breach Investigations Report earlier this week, and the 60-page report makes for interesting reading.

One of the standout observations is that cyber espionage has grown three-fold year-on-year, although this in itself could be a lopsided figure – in 62 percent of espionage cases the breach went for months without being detected, and 5 percent went on for years. In 85 percent of cases, the breach was discovered by an outside party.

Almost 50 percent of cyber espionage is believed to have come from East Asia – including China, but a fifth now comes from Eastern Europe.

Indeed, the study – which revealed a steep rise in external attacks - further highlighted how data breach discovery is often ongoing for ‘weeks or months'.

Charities are fair game for hackers

It looks like charities and non-profit organisations are fair game for hackers. Not that long after a hacker stole the names, addresses and phone numbers of thousands of people who had contacted the British Pregnancy Clinic charity for advice, news spread this week on a sub-section of Anonymous attacking a children's hospital in Boston (Anonymous has publicly denounced the attack on Twitter).

Adding to this, two weeks ago it was revealed that cyber-criminals in Ukraine and Russia had used the Zeus malware to steal thousands of dollars from the Franciscan Sisters of Chicago order of nuns.

FireEye researchers this week revealed how hackers are targeting non-government organisations and non-profit groups. By and large, it seems that hackers see charities as ‘easy pickings', with the majority (44 percent) stealing financial and account records.

Post-Heartbleed, OpenSSL gets a boost

A couple of weeks after the Heartbleed bug was first found (if you disbelieve the theories concerning the NSA), and the open-source OpenSSL could be about to get a serious cash injection from those in the technology industry.

The Linux Foundation has formed a new project to “fund and support critical elements of the global information infrastructure”, and the first project under consideration to receive funding will be OpenSSL. The funding for these open-source software projects is just over £2 million in total.

The statement details that the funding would be “for key developers as well as other resources to assist the project in improving its security, enabling outside reviews, and improving responsiveness to patch requests.”

Perhaps we shouldn't be surprised regarding this announcement, considering the 12 big technology companies behind the project, including Facebook, Google, Microsoft, IBM, Dell, IBM and VMware.

Whatsapp-ening with mobile app security

Concerns about security by design rumble on, especially in the mobile developer world. Two of the most popular iOS IM messaging apps, Whatsapp and Viber, were found to have big vulnerabilities.

Researchers at the US University of New Haven's Cyber Forensics Research & Education Group (UNHcFREG) found that when WhatsApp users share their location data, it is left unencrypted and – as a result – could be intercepted in a Man-in-the-Middle (MiTM) attack.

And the same researchers found a similar issue at Viber – a competing iOS messaging app. It too doesn't encrypt data (videos, images and other files), in transit or at rest on Viber's Amazons servers.

SC Webcasts UK

Sign up to our newsletters

FOLLOW US