- November 16, 2020
- 2 minute read
The latest DDoS attack against Dyn has had serious consequences, and was only 1.2Tbps in volume. According to several sources, this is just the tip of the iceberg because the attack was launched by amateurs. So what happens when well-funded and sophisticated attackers launch an attack using millions of infected devices? Against these attacks that will happen in the future, Bizety states, not even Akamai stands a chance, which means Akamai is going to have to ramp up their capacity significantly, being the only one who even stands a chance against these future threats.
IoT was supposed to be a boon for humanity, but it has turned out to be a nightmare for the DDoS mitigation industry.
We would not be so pessimistic, after all, we strongly believe that companies should not fight attacks by panicking, rather by developing short and long term strategy to secure their business. Of course, we can help - talk to us to find out how.
Read more: Bizety
At the stroke of midnight UTC on New Year's Eve, an extra second will be introduced, effectivelty causing the last second of the day to last for two seconds. This change has the potential to break software systems and applications. Parallel to this, SHA-1 TLS certificates support will also be abandoned by browsers. Akamai published some suggestions to have a more relaxing New Year's Eve (these are also applicable for other providers):
Make sure you have a leap second plan: either performing complete testing on all software, systems, and infrastructure, or implementing a leap smear.
Make sure you have all sites on Akamai, internally, and elsewhere rotated over to using SHA-256 certificates before getting any further into end-of-year lock-downs.
Make sure applications or devices relying on Akamai's shared certificate can handle SHA-256 certificates when Akamai drops SHA-1 support.
Read more: Akamai Blog
Flashpoint recently published an analysis of the Dyn DDoS attack and has indicated that the likely culprit behind the attack were "script kiddies", amateur hackers with no budget whatsoever. They've analysed the landscape and are confident that these attackers originate from the Hackforums community where the Mirai botnet source code was anonymously released for general availability.
This means Level's 3 CDN business will merge with Limelight Networks. This move caught many off guard, but overall it's a good move. The transaction is valued at around $34 billion and the new combined company will have the ability to offer CenturyLink's larger enterprise customer base the benefits of Level 3's global footprint with a combined presence in more than 60 countries. Bizety states that there are two important things that CenturyLink must avoid and these are: don't get rid of the Level 3 name because CenturyLink has zero brand recognition internationally, while Level 3 has a ton and not to move from Broomfield to Monroe, as there will be a "mass exodus".
HackingThreat.com is a new platform Bizety launched because while doing their research they found multiple sources to find exactly what they needed and they didn't want to publish everything at Bizety because of the "dark side" note of these findings relating to threats, espionage, leaks and cybercrime. Long story short - this will be an interesting blog to follow for cybersecurity enthusiasts.
Link to the new blog: HackingThreat