Security has become increasingly crucial on the internet due to the growing number of users and online activities. With over 4 billion users engaging in various online activities, organizations are working together to enhance internet safety.
CERT.br, operated by NIC.br, releases yearly statistics on security incident notifications in Brazil since 1997.
In 2017, there were 833,775 security incidents reported, which is 29% more than the previous year. The main types of incidents included scanning, DoS attacks, web server attacks, and fraud, according to CERT’s chart.
To view the complete chart (including the caption), visit the CERT page.
The DoS attack, also referred to as denial of service attack, experienced the most significant growth in the past year, with the number of notifications nearly quadrupling from the previous year to a total of 220,188 occurrences, representing 26.4% of the total incidents.
What does a denial of service attack (DoS) involve?
A DoS attack is an internet-based attack that aims to disrupt the service of specific devices connected to the internet by overwhelming them with more requests than they can handle, causing them to become unresponsive or shut down.
A distributed attack, known as DDoS, occurs when an attack originates from multiple machines or devices, making it challenging to defend against due to its multiple sources.
A DDoS/DoS attack causes the target machine to be rendered unusable without stealing data or infiltrating the system. Motives for such attacks can vary from political or religious disputes to simply enjoying disrupting a website or service.
The Internet of things has led to a rise in cyber attacks.
The rise of such attacks is linked to the growing use of the internet of things (IoT) technology in our daily lives. This term refers to various internet-connected devices like smart TVs, smartwatches, IP cameras, which can all be utilized in a DDoS attack.
Hackers gain access to systems by taking advantage of vulnerabilities in the equipment and using brute force attacks. They then insert programmed scripts that remain dormant until activated by the creator to initiate an attack.
The assault on a specific site or service is carried out through various sources and devices, making it challenging to prevent. In Brazil, a portion of the attacks is traced back to inadequately configured and susceptible broadband modems, in addition to IoT devices. These devices form a network used for botnet DDoS attacks, often referred to as a “zombie network.” It is essential to note that most owners of these devices are unaware that their equipment is being utilized in this manner.
To learn about the intricacies of DoS attacks and ways to safeguard yourself, refer to this NIC page.
Web servers also documented a rise in occurrences.
Web servers and content management systems experienced a roughly 10% rise in targeted attacks in comparison to 2016. The main targets are the hosting servers and the systems, with WordPress being one of the most widely used CMS, found on around 30% of all websites online.
Servers and content management systems are targeted by various methods in cyber attacks to infiltrate systems. When hacked, websites can have their content altered, such as posting fraudulent pages to collect bank information or sharing spam content with ads and links to questionable websites. Sites that display warnings like “this site may have been hacked” in Google search results have probably experienced this type of attack.
Protecting devices and applications: A guide.
Simple steps can be taken to protect oneself from sophisticated attacks and invasions, such as ensuring that personal devices connected to the internet are not unwittingly used for DDoS attacks by using secure usernames and passwords.
Use secure passwords and usernames
When creating logins and users, it is best to avoid default names like “admin” or “user” and opt for longer, more secure passwords that include a combination of random words, letters, numbers, and special characters.
In terms of securing servers and web systems, it is important to focus not only on using strong passwords but also on ensuring the security of the application itself. Following best practices, network administrators should regularly update software to the latest version and only enable essential services for application functionality.
CMSs like WordPress should be regularly updated, including plugins and themes. It is also important to avoid using plugins that have not been updated for more than a year. Additionally, specific security monitoring plugins like Sucuri Security and Wordfence can be utilized to enhance platform security.
Select services that provide defense against DDoS attacks.
Protecting your website from DDoS attacks can be complex, requiring expertise in network administration. Hosting services often provide basic protection against such attacks, but for enhanced security, using a CDN is recommended. CDNs like CloudFlare offer advanced protection features, including the “I am under attack” mode, which adds extra defense layers.
To discover methods of safeguarding your website or web application with a Content Delivery Network (CDN), refer to the article “What is CDN and why is it important for my website.”
Back up your data regularly.
It is important to regularly back up all important files to ensure data security. Creating a backup schedule and utilizing redundant cloud storage are recommended for all users.
For more information on internet security through different methods, refer to the CERT security guide.
Published on 27/03/2018 and revised on 13/07/2018.