Microsoft releases SQL Server 2022

Microsoft has announced the general availability of SQL Server 2022, which it calls the most Azure-enabled release of SQL server yet with improvements to performance, security and availability.

The connections to Azure, including Azure Synapse Link and Microsoft Purview, allow customers to drive deeper insights, predictions and governance from their data at scale. Azure integration includes managed disaster recovery to Azure SQL Managed Instance, enabling database administrators to manage their data estates with more flexibility and minimal impact to end users.

Built-in query intelligence enhances performance and scalability, and the company says the solution is fortified with Ledger for SQL Server, which uses blockchain to create a tamper-proof track record of tie of all changes to the database.

Read this Microsoft blog to learn more.

Microsoft announces Teams Shared Device License

Microsoft says it is evolving its software offerings to accommodate new workplace use cases and is rebranding its Common Area Phone license to the Teams Shared Device license to enable broader functionalities involving shared devices.

The Teams Shared Device license will continue to support the existing user experience for phones in common areas, but the license will now also support use cases for Microsoft Teams Displays and Microsoft Teams Panels to address the evolving use cases for shared and common spaces that don’t need a full Teams Rooms license.

The rebranded license will be available at the end of 2022. Read this blog to learn more.

CompTIA launches Tech Job Posting Optimizer

IT Industry association CompTIA has launched the Tech Job Posting Optimizer, a new free web-based platform that provides a library of tech job templates and smart data tools to help employers optimize job postings for skills, qualifications and inclusivity oriented to the U.S. labor market. The tool also provides a check of bias language, salary curves and a job posting best practices guide.

The tool is free and available to any employer in any industry looking to recruit technology professionals.

Learn more about the Tech Job Posting Optimizer.

U.S. agencies warn of Hive ransomware attacks

The U.S. Cybersecurity & Infrastructure Security Agency (CISA), the FBI and the Department of Health and Human Services have issued a joint advisory on the Hive ransomware group that has victimized over 1,300 organizations globally, securing about $100 million in ransom payments. The group targets critical infrastructure, including healthcare, government facilities, communications, critical manufacturing and IT.

Read the joint advisory to learn more about the Hive ransomware group’s operations.

DDoS attacks up in October as ransomware declines

A new report from the NCC Group finds DDoS attacks are continuing to increase, with October seeing the highest number of incidents so far this year with 2,090, a 14% rise from September. This comes as ransomware attacks decreased by 7% in October from the previous month.

“We are seeing a vast growth in DDoS attacks, with the numbers in October hitting an all-time high,” says Matt Hull, global head of threat intelligence at NCC Group. “This shift is even more notable this month as overall ransomware attacks decrease.”

Read the report to learn more about cyberattack trends.

The post This Week in IT: SQL Server 2022, Teams Licenses, Tech Jobs, Cyberattacks appeared first on My TechDecisions.

The company says Arbor Insight  can be combined with Arbor Sightline, its anomaly-detection and network traffic analysis solution, to extend NETSCOUT’s DDoS prevention by leveraging the company’s metadata technology to correlate multiple sources of network telemetry with global intelligence and local configuration to deliver an 80-plus facet record for each monitored network communication.

According to NETSCOUT, Arbor Insight provides security and network operations teams with datasets to perform critical tasks, including time-series analysis of critical traffic dimensions and annotated flow data for in-depth investigations, forensics and analysis.

Organizations can access “high-fidelity data” with minimal storage and compute requirements to help extend the value of existing Sightline deployments.

The company says Insight also provides reports on threat and traffic data via new customizable Advanced Traffic Reports designed to segment operational workflows with n-dimensional visibility into key areas of interest to help quickly expose network dynamics such as attack targets and vectors, historical anomalies, threat signatures and more.

The reports also automatically maintain the desired data fidelity and granularity to allow for instant response to queries, supporting long- and short-term visibility needs, the company says. Those capabilities are designed to help network operators tune their defenses, deliver superior design, scale their mitigation capabilities, and more quickly onboard new service customers – reducing costs and increasing revenue.

“Arbor Insight extends the value of Sightline by providing the right dataset at the speed of thought with integrated end-to-end workflows for superior visibility and performance,” stated Tom Lyons, vice president of product at NETSCOUT. “ATRs provide the ideal solution for short- and longer-term reporting, so operators can better answer network, security and business questions​ and provide reliable, relevant services to their customers.”

The post NETSCOUT Launches Arbor Insight for Enhanced DDoS Prevention appeared first on My TechDecisions.

The malware, called XorDdos, is named after its attack method, denial of service on Linux endpoints and servers, in addition to XOR-based encryption for its communications, according to a Microsoft security blog.

What makes this malware noteworthy is its ability to amass botnets that can be used to carry out large DDoS attacks, which Microsoft says can be used to hide further malicious activities, such as deploying malware and infecting other systems and devices.

According to Microsoft, XorDdos is known for using Secure Shell (SSH) brute force attacks to gain remote control on target devices, leveraging  widely used IT infrastructure protocol that enables encrypted communications over insecure networks for remote system administration activities that makes it an attractive target for attackers. XorDdos identifies valid SSH credentials and uses root privileges to run a script that downloads and installs the malware on the target device, per the blog.

The Linux trojan is also sneaky; it uses evasion and persistence tactics that allow it to remain active and very hidden, including obfuscating its activities; evading rule-based detection and hash-based file lookup, as well as leveraging anti-forensic techniques to break process tree-based analysis, according to Microsoft.

In recent campaigns, Microsoft observed XorDdos hiding malicious activities from analysis by overwriting sensitive files with a null byte, as well as other various persistence mechanisms to support different Linux distributions.

This is part of an alarming trend in which a DDoS trojan is used to deliver other malware, as devise first infected with XorDdos were later infected with the Tsunami backdoor, which Microsoft says further deploys a cryptocurrency miner. However, XorDdos did not directly install and distribute those secondary payloads. Instead, the trojan may be leveraged as a vector for follow-on activities, the company says.

For more information, including indicators of compromise, read Microsoft’s blog.

The post Watch Out For This Linux DDoS Trojan, Microsoft Says appeared first on My TechDecisions.

In an Azure blog, Microsoft says the November 2021 attack targeted an Azure customer in Asia that originated from about 10,000 sources from multiple countries, including the U.S., China, South Korea, Russia, Thailand, India, Vietnam, Iran, Indonesia and Taiwan.

“We believe this to be the largest attack ever reported in history,” the company’s blog reads.

That massive DDoS attack paints the picture of the second half of 2021, which the company says was fraught with similar attacks against gaming services, VoIP services and other targets.

According to Microsoft, attack vectors were “UDP reflection on port 80 using Simple Service Discovery Protocol (SSDP), Connection-less Lightweight Directory Access Protocol (CLDAP), Domain Name System (DNS), and Network Time Protocol (NTP) comprising one single peak, and the overall attack lasted approximately 15 minutes.”

The company says it mitigated an average of 1,955 attacks per day, a 40% increase from the first half of 2021. The company mitigated a total of 359,713 unique DDoS attacks against its global infrastructure in the second half of 2021, a 43% increase from the first half.

The company mitigated other very large DDoS attacks, including a 2.4 Tbps attack in October.

December also saw two ore attacks that surpassed 2.5 Tbps, both of which were in Asia.

Most of the attacks were short-lived, but the proportion of attacks that were 30 minutes or less dropped from 74% to 57%, and attacks that lasted longer than an hour doubled, from 13% to 27%.

Microsoft says UDP spoof floods became the top DDoS attack vector in the second half of 2021, making up 55% of all attacks, a 16% increase from earlier in the year.

The second-most common vector was TCP ACK floods and DNS amplification.

Aside from gaming—which was the hardest hit industry—other common targets are financial institutions, media, internet service providers, retail and supply chain, Microsoft says.

While the U.S. remains the most targeted nation, Microsoft reports a sharp uptick in India and other East Asia countries.

Read Microsoft’s Azure blog for more information on DDoS attack trends.

The post Microsoft Says It Mitigated Largest Ever DDoS Attack appeared first on My TechDecisions.

The company’s DDoS Attack Trends report for the fourth quarter of 2021 revealed a ransom DDoS attack increase of 29% for the year and a whopping 175% for the quarter.

Unlike ransomware where the hacker encrypts a victim’s systems and holds their data hostage unless they pay a ransom, a ransom DDoS attack is when a threat actor attempts to extort money from a victim by threatening a DDoS attack. If that DDoS attack is successful at crashing victim systems, it has the same effect as a ransomware attack—downtime and a loss of business.

Now, nearly one quarter of DDoS victims say attackers have sent them a letter demanding payment to stop the attacks.

In December alone, nearly one third of survey respondents reported being targeted by a ransom DDoS actor or threatened by the attacker, according to Cloudflare’s report.

The company says the fourth quarter and November were particularly active with persistent ransom DDoS attacks against VoIP providers around the world.

Although the fourth quarter of 2021 was full of ransom DDoS attacks, the attacks were far less frequent in other quarters, with just 8% in Q2, 9% in Q2 and 14% in Q1.

My TechDecisions Podcast Episode 143: DDoS Attacks and Triple Extortion

Cloudflare also included data from the fourth quarter of 2020 when 17% of DDoS attacks included a ransom threat.

Generally, ransom DDoS attacks spike in the fall and winter, according to Cloudflare’s data.

The company’s report cited security headlines from the past year, including the Kaseya ransomware compromise, the Log4j vulnerability and record-breaking HTTP DDoS and network-layer attacks.

“Prominent attacks such as the ones listed above are but a few examples that demonstrate a trend of intensifying cyber-insecurity that affected everyone, from tech firms and government organizations to wineries and meat processing plants,” the company said in a blog discussing the data.

According to the report, other alarming data about DDoS attacks includes:

• Manufacturing was the most attacked in the fourth quarter with application-layer DDoS attacks, recording a 641% increase from Q4 2020.
• The company says it mitigated the largest DDoS attack on record—a 17.2 rps attack from the Meris botnet.
• The fourth quarter was the busiest for network-layer DDoS attacks, with December recording more than all the attacks observed in the first two quarters.

For more information on DDoS attacks, read Cloudflare’s blog post. 

The post DDoS Attacks Combined With Extortion Attempts Exploded in Q4 appeared first on My TechDecisions.

According to cybersecurity company Netscout, there were 5.4 million distributed-denial-of-service (DDoS) attacks in the first half of 2021, which is an 11% increase from the first half of 2020. The company also predicts a record-setting year for these attacks, expecting them to surpass 11 million globally, fueling a growing cybersecurity crisis impacting both public and private sectors.

The company’s seventh b-annual Threat Intelligence Report also found that threat actors exploited seven newer reflection/amplification attack vectors, spurring an increase in multisector DDoS attacks with a record-setting 31 attack vectors deployed in a single attack against one organization.

The report also offers new insight into how cybercriminals are combining DDoS attacks with other attack methods, including ransomware. In this scenario, threat actors find their way into a victim’s network, encrypt data, steal that data and threaten to publicly release. If the victim still doesn’t pay, hackers resort to triple extortion and conduct DDoS attacks to pressure the victim into paying a ransom.

“First, it emphasizes the seriousness of the adversary,” the report says. “And second, maintaining availability adds yet another stressor to a security team already dealing with the first two events.”

The report comes as news of VoIP company VoIP.ms battles a DDoS attack, which has made the company require visitors to its website complete a CAPTCHA to prove that they’re human. In Twitter posts, the company said it is battling a “massive” DDoS attack and is working to re-establish its services.

Read Next: The Rise of Triple Extortion Ransomware

Although unconfirmed, a Twitter account purporting to be associated with the rEvil ransomware gang has claimed responsibility and has demanded $4.3 million to stop the attacks.

A message on the company’s website states the DDoS attacks continue to target the company’s website and POP servers, but some services have been restored. Check out the company’s twitter for more updates on this.

VoIP.ms, according to Netscout’s report, is an ideal target, as “vital components of the connectivity supply chain” are seeing increasing DDoS attacks. The report listed DNS servers, virtual private networks (VPN) and internet exchanges as the top targets.

According to Netscout, wired and wireless telecommunications carriers and data, hosting and related services make up the top vertical industry targets for DDoS attacks.

“Even if the attack does not take the component fully offline, these services represent hundreds of thousands, if not millions, of consumers, and are the gateways to everything we do online,” the report said. “Take one down, and you impact a huge array of people, organizations, and service providers.”

Indeed, VoIP.ms, which says it has over 80,000 clients, has had its hands full responding to the attack and working with customers to get services back online, according to its Twitter posts over the last several days.

We understand your frustration for the limited information we have shared with our customers around our measures, but please understand that we have to limit our exposure when disclosing critical details that could potentially compromise our recovery plan.

— VoIP.ms (@voipms) September 23, 2021

Other findings in Netscout’s report include:

• The fastest DDoS attack recorded a 16.17% year-over-year increase.
• The largest DDoS attack, 1.5 Tbps, represented a year-over-year increase of 169%.
• Botnets contribute to more than 2.8 million DDoS attacks. 

Check out the company’s report for more information on the DDoS threat landscape, including how to defend against these disruptive attacks.

The post Report: DDoS Attacks Increasing As Record-Setting Year Is Anticipated appeared first on My TechDecisions.

In a blog post exploring the growth of distributed denial-of-service (DDoS) attacks, Google revealed that it was the target of a six-month campaign that utilized multiple methods of attack.

“Despite simultaneously targeting thousands of our IPs, presumably in hopes of slipping past automated defenses, the attack had no impact,” wrote Damian Menscher, a Google security reliability engineer, in the blog.

“The attacker used several networks to spoof 167 Mpps (millions of packets per second) to 180,000 exposed CLDAP, DNS, and SMTP servers, which would then send large responses to us. This demonstrates the volumes a well-resourced attacker can achieve.”

According to Menscher, that attack was four times larger than the “record-breaking 623 Gbps attack from the Mirai botnet” last year, and is also the highest-bandwidth attack reported to date.

In a separate post, the company said its security team measured the attack, which appears to be from several Chinese ISPs.

Read Next: Microsoft: Russia, China, Iran Targeting US Elections

The attack is even larger than a 2.3 Tbps DDoS attack on Amazon in February, which was then thought to be the largest such cyberattack ever recorded. Amazon didn’t identify the targeted customer.

It caused three days of elevated threat during a single week in February, according to Amazon.

Google’s disclosure comes as the company is warning IT teams – particularly those close to political groups and elections – that cyber attacks are increasing as global events like the COVID-19 pandemic and campaign season present golden opportunities for state actors and hackers.

Google in June announced it detected phishing attacks against staffers for both the Biden and Trump campaigns by Chinese and Iranian actors. Attackers used targeted malware campaigns, python-based implants using Dropbox and an impersonation of antivirus software McAfee.

“Overall, we’ve seen increased attention on the threats posed by APTs in the context of the U.S. election,” wrote Shane Huntley of Google’s Threat Analysis Group, in a blog post.

“U.S government agencies have warned about different threat actors, and we’ve worked closely with those agencies and others in the tech industry to share leads and intelligence about what we’re seeing across the ecosystem. This has resulted in action on our platforms, as well as others. Shortly after the U.S. Treasury sanctioned Ukrainian Parliament member Andrii Derkach for attempting to influence the U.S. electoral process, we removed 14 Google accounts that were linked to him.”

The post Google Says Company Mitigated 2.5 Tbps DDoS Attack, Largest Ever appeared first on My TechDecisions.

Yes, some services were down simultaneously for some reason yesterday, but it wasn’t because of a single coordinated DDoS attack, according to cybersecurity experts.

Early yesterday, people across the U.S. were posting to social media that they weren’t able to make calls, send text messages or access other services. Even internet service providers, social media platforms, online gaming and other services were impacted, Forbes reported.

That list included T-Mobile, Fortnite, Instagram, Comcast, Chase Bank and others.

A twitter account allegedly associated with Anonymous tweeted that the country was under a major DDoS attack. That tweet even included an ominous map that showed a supposed influx of traffic to the U.S. from other countries.

With millions of Twitter followers, that news spread like wildfire on social media. Pretty soon, headlines were about the largest ever DDoS attack ever.

Read Next: Co-Founder of Cybersecurity Company Admits To Using DDos-For-Hire

However, that map was essentially a random sample of DDoS traffic and didn’t indicate anything out of the ordinary, Forbes reported.

Other cybersecurity and DDoS experts told Forbes that there was no evidence of a significant, large-scale DDoS attack.

Much of the speculation was around T-Mobile’s outages, but that was due to poorly executed maintenance on the carrier’s network, Newsweek reported.

Meanwhile, both AT&T and Verizon reported normal operations, according to Newsweek.

Both publications cited cybersecurity expert Marcus Hutchins, who quickly threw water on the sensational idea that multiple companies and services were being targeted.

T-Mobile outage means everyone using them can’t access any websites, leading to reports that facebook, twitter, instagram are all down (they’re not). Customers also can’t call/be called by other providers, leading to reports other providers are down too (they’re not).

— MalwareTech (@MalwareTechBlog) June 15, 2020

This is a reminder to rely on only trusted sources and vetted, public cybersecurity experts and not a shadowy organization with unknown backers.

The post Relax — There Was No Large-Scale DDoS Attack appeared first on My TechDecisions.