In response to Lizard Squad’s hack of Taylor Swift’s Twitter account, Bill Barry, Executive Vice President at Nexusguard, has prepared some comments on Lizard Squad and the rising prevalence of DDoS attacks.
“The hack on Taylor Swift proves that the Lizard Squad has another string to its bow, having previously used DDoS attacks to bring down Sony PlayStation, Microsoft Xbox, and Malaysian Airlines systems rather than infiltrate them. It’s time for businesses and brands to realise the multi-faceted security threats presented by sophisticated cyber criminals.
Free Cyber Security Training! Join the revolution today!
“The DDoS-for-hire space has become so lucrative that these mayhem-for-sport acts of hacking a celebrity Twitter account is a way to build brand recognition and raise awareness that anyone, anywhere could be the victim of cyber attacks. This heightened market awareness becomes a dangerous marketing engine to allow anyone with a slight motive to launch their own attacks at intended targets. Using this tactic has meant that in a short time, over 14,000 customers have signed up to use the Lizardstresser DDoS tool.
“The Lizard Squad has proved, if nothing else, that DDoS attacks are becoming more effective. The methods used by DDoS networks to locate vulnerabilities within security systems are more sophisticated and automated. Leveraging zero-day and zero-plus vulnerabilities in unprotected networks means that they are able to recruit and add infected computers to their attack army at an ever-alarming rate. This increased rate of botnet recruitment not only gives the attacker a flexible arsenal of attacks for causing mayhem, but increases the overall effectiveness and success rate of each attack. Imagine the leverage a group such as The Lizard Squad could gain by bringing down a betting website on Grand National Day, for example.
“The best way to guard against zero-plus attacks to is to always be vigilant and proactively try to identify vulnerabilities and weaknesses in your system before the attackers do. For an enterprise, this may mean compiling rules and guidelines on which online applications are approved for use and implementing proactive monitoring at an application level to detect abnormalities as early as possible. However, this is just the first layer of total protection – an effective defence requires in-depth, tailored implementation, not a one-size-fits-all mitigation solution. With multi-vector attacks, all avenues of attack must be detected and mitigated. For example, sophisticated attackers like the Lizard Squad may be using a mixture of DDoS and hacking – no off-the-shelf product is likely to deal with such an approach effectively. Best practice is to seek the guidance of a security specialist that can design and customise a solution specific to your business.”
By Bill Barry, Executive Vice President, Nexusguard
About Nexusguard
As a longtime leader in DDoS defense, Nexusguard is at the forefront of the fight against malicious Internet attacks, protecting organizations worldwide from threats to their websites, services, and reputations. Continually evolving to face new threats as they emerge, we have the tools, insight, and know-how to protect our clients’ vital business systems no matter what comes their way.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.