The first half of 2015 saw a 50% increase in DDoS attacks. They are not only becoming more frequent but they are getting more sophisticated too. On average, a DDoS attack will cost an SMB company €45,000 and an enterprise €400,000 – not to mention the damage done to the corporate image or share price. In other words, a DDoS attack might not only paralyze your online presence but could also be disastrous to your overall business continuity.
Data breaches and DDoS attacks are the most common threats to your website. Just take a look at these statistics: according to Kaspersky Labs, 74% of companies that suffer a DDoS attack face another security incident at the same time; 26% of these incidents are data breach attempts or data leaks which means these attacks are not primarily meant to take your website offline but are a diversion to get to your data. These are so-called layer 7 attacks: the hackers divert your attention to get your eye off the ball by disrupting the availability of the website while they quietly try to exploit any vulnerabilities in your web applications.
A security bug affecting Linux versions 3.8 and higher was recently identified. Although this bug (CVE-2016-0728) was first introduced into the Linux Kernel in 2012, it was only discovered and made public a few days ago. When we learned of the bug’s existence, we immediately patched all internal LeaseWeb servers. We advise everyone to patch their servers as well.
The vulnerability in the Linux kernel could potentially be used by attackers in order to obtain higher privileges from a regular account. It uses a technique called “use-after-free” to control the way memory is freed on kernel objects which is then replaced with user supplied data, while keeping the privileges of that memory object.
The IT industry is slowly becoming a technically solid sector, but until now, it continues to be vulnerable as well. Security incidents are still widely reported in the press. It’s an important topic, and one there are many ways of looking at it. This is I why lead a round table session with nine LeaseWeb customers, where questions were answered about the new Dutch Law on Data Breach Notifications (Meldplicht Datalekken) and participants discussed how to organize a secure online company.
The participants were executives of companies which have IT as a core business, or companies that use IT for their online services. They were joined by LeaseWeb founders Laurens Rosenthal and Con Zwinkels, and Jort Kollerie, Enterprise Security Specialist at Dell Security. In addition, IT journalist and security specialist Brenno de Winter shared his experiences about the topic.
Read the rest of this entry »