3 Ways to Defeat DDoS Attacks

In 2012, a number of DDoS attacks hit Bank of America, JPMorgan Chase, Wells Fargo, U.S. Bank and PNC Bank. These attacks have since spread across most industries from government agencies to local schools and are showing an almost yearly evolution, with the most recent focus being the Internet of Things (IoT).

In 2016, compromised cameras, printers, DVRs and other IoT appliances were used in a large attack on Dyn that took down major websites including Amazon, Twitter, Netflix, Etsy and Spotify.

Inside Distributed Denial-of-Service Threats

Although these large attacks dominate the headlines, they’re not what most enterprises will deal with day to day. The most common attacks are in the range of 20 to 30 Gbps or less, while larger attacks have been reported at 1.2 tbps.


Creating DDoS Defense

Security technology is becoming more sophisticated, but so are hackers, which means attacks can be much more difficult to mitigate now than in the past. Enterprises must be knowledgeable and prepared with mitigation techniques as the attacks continue to evolve.


DDoS mitigation comes in three models:

Scrubbing Centers

The most common DDoS mitigation option for enterprises is to buy access to a scrubbing center service. During an attack, traffic is redirected to the security provider’s network, where the bad traffic is “scrubbed out” and only good traffic is returned to the customer. This option is good for multi-ISP environments and can be used to counter both volumetric and application-based attacks. For added protection, some providers can actually place a device in your data center, but this is not as cost-effective as the cloud-based option.


ISP- Clean Pipes Approach

With the rise of DDoS attacks, many ISPs have started their own scrubbing centers internally, and for a premium will monitor and mitigate attacks on their customers’ websites. In this scenario, ISPs operate as a one-stop-shop for bandwidth, hosting and DDoS mitigation. But some ISPs are more experienced at this than others, so customers must be sure to thoroughly test and research the quality of the service offered by their ISPs.


Content Delivery Network Approach

The distributed nature of content delivery networks (CDNs) means that websites live globally on multiple servers versus one origin server, making them difficult to take down. Large CDNs may have over 100,000 servers distributing or caching web content all over the world. However, CDN-based mitigation is really only a good option for enterprises that require core CDN functionality, as porting content to a CDN can be a time-intensive project.



https://www.forbes.com/sites/gartnergroup/2017/08/28/3-ways-to-defeat-ddos-attacks/#a981226da78f

15 Trends That Will Transform The Way We Live And Work

Great change is underfoot in the places that we live, and also in the spaces where we work. While demographic trends and a mounting thirst for self-actualization plays a big part in these shifts, technological advances are the one factor that is accelerating this change.

In their book Spaces for Innovation: The Design and Science of Inspiring Environments, Kursty Groves and Oliver Marlow shares their discoveries on the impact that a physical space can have on workplace behavior. Their journey takes them through the offices of tech behemoths Airbnb, Microsoft, and others -- and gives an illuminating look at the trends that are rapidly shaping the way that we live and work.

1. The mistrust of institutions. Thanks to the public debt crisis and a heightening mistrust in big banks and corporations, the book points out that only 22% of Americans say that they trust their country’s financial system.

2. Big changes in the corporate world. Between 1983 and 2011, the 50 companies that made up 90% of American media have fallen to 6. This has to do with the consolidation of companies and also the illusion of choice.

3. Crisis in the natural world. Today, 50% of the world’s original forests have all bit disappeared. As tropical forests are home to a minimum of 50% of species, clearing out 17 million hectares of these forests every year are sure to do irreparable damage to our living environments.

4. The proliferation of online identity. Otherwise known as a “second life for all,” social media has created a new layer of identity. Facebook alone has 1.6 billion active monthly users in 2016, which is up 15% from 2015.

5. The generation conundrum. By 2025, 75% of workers around the world will be Millennials. An interesting thing to point out is that Gen-Z, the generation born after 1998 will be the very first post-Internet generation.

6. The real-estate problem. The issue that everyone is facing in regards to real estate these days is there is “nowhere to live, nowhere to work.” The book notes that 50% of Londoners will be renting by 2025, up from 40% in 2000.

7. Disruption in manufacturing and supply chain. The global 3D printing industry is set to skyrocket to US$12.8 billion by 2018, up from US$3.07 billion in 2013. This figure is set to surpass US$21 billion in revenue by 2020, and is supporting the trend of rapid making and customization.

8. The doing away of “single-use architecture.” As many are beginning to adapt to the “in my own place, on my own time” regimen, what will become of traditional brick-and-mortar environments? The book suggests that there will be a hybridization of environments as more take up the possibility of remote work.

9. It’s the end of the office as we know it. Thanks to advancements in robotics, AI, and genetics, over five million jobs will be lost by 2020. Two-thirds of these job losses will be in the administrative and office-related roles.

10. Self-actualization a priority. As people move towards purpose and self-worth, they’ll also want to find work that is both fulfilling and meaningful. Today, only 13% of employees globally report being engaged and emotionally invested in their work.

11. Deeper understanding of why we need creativity and flow. Workers are starting to be more in tune with the conditions needed for psychological happiness. According to Prof. M. Csikszentmihalyi, “Enjoyment appears at the boundary between boredom and anxiety, when the challenges are just balanced with the person’s capacity to act.”

12. Increased need for collaboration to stay engaged. The book points out that collaboration and teamwork are growing in importance. When working in a team, 71% of people reported feeling creative, 62% citing an increase in productivity, and 90% feeling more confident when coworking.

13. Urban explosion. Today, 54% of the world’s population are living in cities, which is expected to reach 66% by 2050. There is also a clustering of cities to create megacities (cities with more than 10 million). By 2030, there will be 41 megacities around the world, pitted against just 10 back in 1990.

14. Rise of the gig economy. Who can say who is the boss these days? By 2020, 40% of the American workforce will be working as a freelancer or independent contractor. This helps companies save money on things like benefits, but also helps people chart their own path to work-life autonomy.

15. Collaborative consumption. Sharing economy players, like Airbnb, continue to impact the way we live as more people tune into the digital nomad lifestyle. According to the book, the consumer peer-to-peer rental market is worth US$26 billion today.



https://www.forbes.com/sites/irisleung/2017/07/29/15-trends-that-will-transform-the-way-we-live-and-work/#6e5cb8fb3cdf

What Is Data Democratization?

Every business is inundated with data from every angle. There is pressure to use insights we glean from the data to improve business performance. As a result of this incredible amount of data to process and new tech that helps non-technical people make sense of the data, there is desire and demand for data democratization. Let’s explain what that means, the pros/cons of data democratization and the tech innovation that has transpired to support this effort.

What is data democratization?

Data democratization means that everybody has access to data and there are no gatekeepers that create a bottleneck at the gateway to the data. It requires that we accompany the access with an easy way for people to understand the data so that they can use it to expedite decision-making and uncover opportunities for an organization. The goal is to have anybody use data at any time to make decisions with no barriers to access or understanding.

Until recently, data was “owned” by IT departments. Business units such as marketing, business analysts and executives used the data to make business decisions, but they always had to go through the IT department to get the data. This is the way it’s been for the better part of five decades and there are still some who believe it should remain that way.


Why should there be data democratization?

Proponents of data democratization believe it’s imperative to distribute information across all working teams to gain a competitive advantage. The more people with diverse expertise who have the ability to access the data easily and quickly will enable your organization to identify and take action on critical business insights. There are many professionals who believe data democratization is a game changer. When you allow data access to any tier of your company, it empowers individuals at all levels with ownership and responsibility to use the data in their decision making.


https://www.forbes.com/sites/bernardmarr/2017/07/24/what-is-data-democratization-a-super-simple-explanation-and-the-key-pros-and-cons/#48c1f3846013

How Does Ransomware Affect IOT Applications?

How does ransomware affect IOT applications? originally appeared on Quora: the place to gain and share knowledge, empowering people to learn from others and better understand the world.

Answer by Stan Hanks, CTO of Columbia Ventures Corp, on Quora:

I actively worry about how malware and ransomware will affect Internet of Things (IoT) applications.

The one thing we know about IoT - largely based on other embedded systems like WiFi access points and cable modems - is that once the system is shipped, there’s nearly zero chance that it will be updated.

That’s probably a good thing, because if you make it possible to remotely update the core software of an embedded system, and you get the security mechanisms wrong (which is easy to do, particularly if you’re trying to do it cheaply because it’s all about per-unit cost in consumer devices), then having a vector by which someone can upload an “update” that’s really a security compromise and is a really, really bad thing.

Which creates a conundrum: you can’t update it once it’s shipped, and you can’t realistically create an ecosystem in which trusted updates flow natively at IoT price points. (Because someone is going to mention this, I’ll point out that it’s a really big difference in pushing updates for Windows computers, or smartphones, versus for devices that need to have a bill-of-materials cost under $20; you don’t have the financial headroom to use bigger processors, more memory, more storage, or more importantly, more headcount to make it possible do to it the same way it happens for your laptop or phone.)

As I see it, this is really problematic. Odds are pretty good that the developer didn’t spend the time to patch and harden the OS that’s running the IoT device - particularly if they’re just embedding some else’s system-on-a-chip solution. That means that a determined hacker can figure out how to penetrate the attack surface and re-purpose the device. And if you can do it for one, you can do it for, well, all of them.

Case in point: remember the DDOS attack on Dyn, back in October 2016? Well, hacked cameras and DVRs powered it. That’s the first time we’ve seen this, but trust me, it won’t be the last.

So how does ransomware play into this? How about a scenario? Let’s say that you manage the Trump World Tower, 72 floors of luxury high-rise living. And let’s say that you decide that if you use super-smart IoT controls for the building, that you can save a huge amount of money every year on energy costs (which is true). And let’s say that you want to promote this as an extra-luxe feature, and allow things like your smart phone telling your apartment that you’re almost home to change the settings as part of this (hey, that’s a thing…)

So you bite down and replace all the controls with this spiffy new fully interconnected Internet-accessible stuff. Costs millions to install and get working right. Takes months and months to do, probably over a year.

And there’s a problem, and it gets hacked.

And I’m now going to screw with everyone who lives there. Turn the heat on full in the middle of the night in July, turn off the hot water, run the AC in January, whatever. I’m just going to make everyone’s life miserable, randomly.

Or you can pay me to “manage your facility” for just a modest fee: only a million bucks. A month. Forever.

Or until you replace it. And hope that whatever you replaced the compromised control systems with doesn’t let me do it again.

Scale that horizontally, it’s less compelling: if you hack my Nest thermostat, it will be painful for me to replace (hey that’s like what, $200 or so?) but it’s manageable, for me as an individual. Less opportunity there, even times a million homes. I’m not going to bother to hold you hostage on ransomware with it, because the cost to replace is too low.

But vertically scaled infrastructure? That’s a different thing. Much more expensive to nuke-and-repave your world, much more painful while you’re doing it because it takes a lot of time.

At the “in your home” scale, the opportunity is different. That’s using the IoT device as a foothold to explore and penetrate the rest of your home. So I can possibly create a ransomware vector by using your thermostat to hack your router and send your computer to places you wouldn’t otherwise go so I can give you a big fat malware payload to do whatever I want with.

The more connected the world gets, more you have to think about this stuff. Unfortunately the number of people who are thinking about it, and who are in the position to get executive management to take the right action, is vanishingly small.


https://www.forbes.com/sites/quora/2017/07/13/how-does-ransomware-affect-iot-applications/

What is Cryptocurrency?

A cryptocurrency is a medium of exchange like normal currencies such as USD, but designed for the purpose of exchanging digital information through a process made possible by certain principles of cryptography. Cryptography is used to secure the transactions and to control the creation of new coins. The first cryptocurrency to be created was Bitcoin back in 2009. Today there are hundreds of other cryptocurrencies, often referred to as Altcoins.

Put another way, cryptocurrency is electricity converted into lines of code with monetary value. In the simplest of forms, cryptocurrency is digital currency.

Unlike centralized banking, like the Federal Reserve System, where governments control the value of a currency like USD through the process of printing fiat money, government has no control over cryptocurrencies as they are fully decentralized.

Most cryptocurrencies are designed to decrease in production over time like Bitcoin, which creates a market cap on them. That’s different from fiat currencies where financial institutions can always create more, hence inflation. Bitcoin will never have more than 21 million coins in circulation. The technical system on which all cryptocurrencies are based on was created by Satoshi Nakamoto.

While hundreds of different cryptocurrency specifications exist, most are derived from one of two protocols; Proof-of-work or Proof-of-stake. All cryptocurrencies are maintained by a community of cryptocurrency miners who are members of the general public that have set up their computers or ASIC machines to participate in the validation and processing of transactions.


History of Cryptocurrency

The first cryptocurrency was Bitcoin. Bitcoin was created in 2009 by a pseudonymous developer named Satoshi Nakamoto. Bitcoin uses SHA-256, which is a set of cryptographic hash functions designed by the U.S National Security Agency. Bitcoin is a cryptocurrency that is based on the proof-of-work system.

In April 2011, Namecoin, the first altcoin, was created to form a decentralized DNS to make internet censorship more difficult. In October 2011, Litecoin was released and became the first successful cryptocurrency to use scrypt as its hash function rather than SHA-256. This gave the general public the ability to mine for litecoins without the purchase of specific hardware such as the ASIC machines used to mine Bitcoin.

Litecoin began receiving media attention in late 2013 – reaching a market cap of $1 billion. Ripplecoin, created in 2011, was built on the same protocol as Bitcoin but services as  a payment system – think of it like a Paypal for cryptocurrencies that supports any fiat currency, cryptocurrency, commodity or even frequent flier miles.


Cryptocurrencies & Market Capitalization

Bitcoin is the largest cryptocurrency in both market capitalization, volume, acceptance and notoriety, but it’s not the most valuable coin. NEMstake, while only having a market cap of $1,116,720, trades at $1,117 a coin. Looking at the market cap, Litecoin takes second place after Bitcoin with Ripple close behind.

One coin that you are more than likely familiar with is Dogecoin. Dogecoin ranks, on average, thirds in trading volume, but has a relatively low market cap – ranking number six in the largest cryptocurrency.


What is a Cryptocurrency Hash?

Cryptocurrency mining power is rated on a scale of hashes per seconds. A rig with a computing power of 1kH/s is mining at a rate of 1,000 hashes a second, 1MH/s is a million hashes per second and a GH/s is one billion hashes per second. Every time a miner successfully solves a block, a new hash is created. A hash algorithm turns this large amount of data into a fixed-length hash. Like a code if you know the algorithm you can solve a hash and get the original data out, but to the ordinary eye it’s just a bunch of numbers crammed together and remains practically impossible to get the original data out of.


SHA vs. Scrypt

While Bitcoin and a several other coins are mined using SHA-256, Litecoin and many other coins, use Scrypt. This are the two major hashing functions, but several different kinds exists and are used by other cryptpcurrencies such as scrypt-N and x11. The different hashing functions were adopted to answer concerns with the SHA-256. Before, individuals were able to mine Bitcoin with their GPU’s, which require a large amount of energy. But as Bitcoin grew in popularity, ASIC SHA-256 machine were built which  made GPU mining obsolete.

To give you an idea of just how powerful these machines are, a mining rig running 4 GPU’s would get a hash rate of around 3.4 MH/s and consume 3600kW/h while an ASIC machine can mine 6 TH/s and consume 2200kW/h. This effectively killed GPU mining and left many individuals worried about the security of the network. With less individuals being able to profitably mine from their home computer, the network become less decentralized. Scrypt mining was implemented with the promise of being ASIC resistant due to the memory problem it introduced.

Scrypt hashes require lots of memory, which GPU’s are already designed to handle and ASIC machines were not. However, Scrypt mining require a lot of energy and eventually scrypt-ASIC machines were designed to address this problem. At this point Litecoin considered changing their proof-of-work function to avoid ASIC mining. Scrypt also taut that their proof-of-work is much more energy efficient than SHA-256. Bitcoin blocks are solved at a rate of 1 per 10 minutes while Litecoin blocks are solver at a rate of 1 per 2.5 minutes.


Cryptocurrency Security

The security of cryptocurrencies is two part. The first part comes from the difficulty in finding hash set intersections, a task done by miners. The second and more likely of the two cases is a “51%” attack“. In this scenario, a miner who has the mining power of more than 51% of the network, can take control of the global blockchain ledger and generate an alternative block-chain. Even at this point the attacker is limited to what he can do. The attacker could reverse his own transactions or block other transactions.

Cryptocurrencies are also less susceptible to seizure by law enforcement or having transaction holds placed on them from acquirers such as Paypal. All cryptocurrencies are pseudo-anonymous, and some coins have added features to create true anonymity.


Cryptocurrency Legality & Taxes

While cryptocurrencies are legal in most countries, Iceland and Vietnam being an exception – Iceland mainly due to their freeze on foreign exchange, they are not free from regulations and restrictions. China has banned financial institutions from handling bitcoins and Russia, while saying cryptocurrency is legal, has made it illegal to purchase goods with any currency other than Russian rubles.

In the U.S., the IRS has ruled that Bitcoin is to be treated as property for tax purposes, making Bitcoin subject to capital gains tax. The Financial Crimes Enforcement Network (FinCEN) has issued guidelines for cryptocurrencies. The issued guidelines contain an important caveat for Bitcoin miners: it warns that anyone creating bitcoins and exchanging them for fiat currency are not necessarily beyond the reach of the law. It states:

“A person that creates units of convertible virtual currency and sells those units to another person for real currency or its equivalent is engaged in transmission to another location and is a money transmitter.”

Miners seem to fall into this category, which could theoretically make them liable for MTB classification. This is a bone of contention for bitcoin miners, who have asked for clarification. This issue has not been publicly addressed in a court of law to date.


Cryptocurrency Services

There are a host of services offering information and monitoring of cryptocurrencies. CoinMarketcap is an excellent way check on the market cap, price, available supply and volume of crypto currencies. Reddit is a great way to stay in touch with the community and follow trends and CryptoCoinCharts is full of information ranging from a list of crytocoins, exchanges, information on arbitrage opportunities and more. Our very own site offers a list of crypto currencies and their change in value in the last 24hrs, week or month.

Liteshack allows visitors to view the network hash rate of many different coins across six different hashing algorithms. They even provided a graph of the networks hash rate so you can detect trends or signs that the general public is either gaining or losing interest in a particular coin.

A hand website for miner is CoinWarz. This site can help miners determine which coin is most profitable to mine given their hash rate, power consumption, and the going rate of the coins when sold for bitcoins. You can even view each coins current and past difficulty.


https://www.cryptocoinsnews.com/cryptocurrency/

Anti-money laundering software (AML)

Anti-money laundering (AML) software is a type of computer program used by financial institutions to analyze customer data and detect suspicious transactions.

Anti-laundering systems filter customer data, classify it according to level of suspicion and inspect it for anomalies. Such anomalies would include any sudden and substantial increase in funds or a large withdrawal. In both the United States and Canada, all transactions of $10,000 or greater must be reported.

Smaller transactions that meet certain criteria may be also be flagged as suspicious. For example, a person who wants to avoid detection will sometimes deposit a large sum as multiple smaller sums within a brief period of time. That practice, known as "structuring," will also lead to flagged transactions. The software flags names that have been blacklisted and transactions involving countries that are thought to be hostile to the host nation. Once the software has mined data and flagged suspect transactions, it generates a report.

A human will investigate and evaluate flagged transactions. Often, when a flag is investigated, the customer involved can explain the transaction and the flag is dismissed. For example, a customer whose banking typically consists of regular weekly paycheck deposits and smaller withdrawals may suddenly deposit an unusually large sum of money. That transaction will be flagged. Upon examination, however, the deposit may turn out to be from the sale of a car or other property.

The U.S Treasury's Financial Crimes Enforcement Network researches almost five million suspicious activity reports a year. Wes Gill, enterprise risk manager for SAS Canada, estimates that $500-billion to $1.5-trillion (U.S.) is laundered, globally, on a yearly basis. Most of that money comes from drugs and organized crime.


http://searchfinancialsecurity.techtarget.com/definition/anti-money-laundering-software-AML