Security Central: DDoS Attack Threatens Inauguration, CompTIA’s 2017 IT Industry Outlook Bright

Well folks, it’s here. Tomorrow, January 20, 2017 is inauguration day. Ever since the election, stories have been swirling about regarding protests, marches and boycotts of various kinds. These protests are reportedly set to happen in nearly every state and even several other countries, but a good chunk – hundreds of thousands – of people are flocking to Washington D.C. to express their displeasure with the inauguration of Donald Trump. For those not able to make the trek to our nation’s capital to protest in person, Juan Soberanis has a solution.

Those who can’t make the marches on Washington DC to protest the inauguration have been invited to take part in a protest in cyberspace by way of a DDoS style attack. A web page launched by Soberanis, a San Francisco bay area software engineer and founder of Protester.io reads, “If you can’t make it to Washington, D.C. on inauguration day to protest Trump’s presidency, you can still fight for the cause by helping to take down WhiteHouse.gov as a show of solidarity for the lives impacted by Trump’s policy agenda. It’s simple, by overloading the site with visitors we will be able to demonstrate the will of the American people.”

Soberanis’ “attack” plan, which he claims is completely legal, involves overloading the White House website with too much traffic, essentially crippling it and rendering it completely useless. How does one accomplish this? Soberanis is calling for Americans to load WhiteHouse.gov on inauguration day and essentially just refresh it over and over, with the goal of causing the site to become so inundated it eventually buckles and falls. 

While this could easily be considered a DDoS attack against the U.S. government, Soberanis, who launched the campaign, states that there is nothing illegal about this plan because users are simply loading the website and exhaustively refreshing it, not utilizing hacking tools to take the website down. Hackers launching true DDoS attacks, the illegal sort, use dedicated tools and multiple servers that simulate traffic and eventually cause overloading.

Even with these claims of legitimacy, Soberanis’s plan is causing quite a few head tilts among experts and officials, as it highlights the issue of whether DDoS attacks should be made a legitimate form of protest. According to an article by PCWorld, under the Computer Fraud and Abuse Act, sending a command to a computer or server with the intent to cause damage can be judged a criminal offense. But this hasn’t stopped “hacktivists” and straight up cyber criminals from launching DDoS attacks to take down websites. 
 
Amichai Shulman, CTO and co-founder of web security firm Imperva, provided his insight on the matter. “This is certainly not a new issue. One of the prominent precursors of this trend was the Anonymous hacker collective who used to promote such protest campaigns circa 2010 / 2011,” says Shulman. “If I’m not mistaken, they actually had their own #opwhitehouse campaign back at the time. We see such campaigns directed at official organizations as well as commercial organizations in the past few years, and it does look like they are the cyber equivalent of marching the streets.”

Schulman goes on to say that the success of this type of campaign is not measured by whether a site went down for an hour or two – much like street marching or protests – but whether some change was driven by the public attention. “This trend is very different from professional DDoS attacks carried by cyber criminals with the intent of impairing competition (mainly in the gaming industry) or racketeering (across all industries).”

Regardless of the intent of these DDoS attacks and who’s orchestrating them, we’ve seen this trend grow in the recent months. This means that DDoS protection should be top of mind for customers across every single industry, if it’s not already. This of course means that there’s a giant opportunity here for the channel, as many, if not most, businesses are still poorly protected and ill-equipped to ward off such attacks. There are many reasons for this: old infrastructure devices, single layers of protection, etc. With this weird, new type of cyberthreat gaining more and more popularity, it’s imperative to educate customers and talk about sound infrastructures and multi-layered defense systems.

Our next story examines a few key bits from tech industry analyst firm CompTIA’s just released annual IT Industry Outlook. The overall forecast? 2017 is looking quite bright and sunny. 

“With the groundwork of cloud, mobility, data and connectivity laid, the year ahead will see evolutionary advances on many fronts,” said Tim Herbert, senior vice president for research and market intelligence at CompTIA. “Digital business transformation remains a driving force for small and large enterprises alike. Organizations will have the opportunity to explore advances in virtual reality, artificial intelligence, advanced analytics, the Internet of things, and inevitably, a few unexpected breakthroughs. Those playing catch-up will face growing and potentially new forms of competitive pressures.”

Here are a few key takeaways from the report that pertain directly to the channel:

One of the biggest things to keep in mind is that confidence is at an overall high heading into 2017, a fact that shouldn’t be ignored given the significant blows dealt last year. CompTIA’s IT Industry Business Confidence Index for Q1 reached a new high, signaling an economy on solid footing and a positive outlook among tech executives and business owners. Not too shabby, eh? Maybe there’s hope for us yet.

Our last story takes a look at Microsoft’s latest version of Windows, which has been beefed up to make it more secure than previous editions. But, according to an article by TechNewsWorld, the strongest protections will be available only to those willing to pay a pretty hefty price.

The Windows 10 Anniversary Update has brought about quite a few mitigation techniques in core Windows components and the Microsoft Edge browser that are designed to protect customers from many different types of exploits for very recent and even undisclosed vulnerabilities.

Thwarting unidentified vulnerabilities, or “zero day” vulnerabilities, is particularly vital due to the fact that they are an extremely powerful tool used by hackers to breach systems and steal data. Scary thought when you consider the hackers working for nation-states.  “These mitigation techniques are significantly reducing attack surfaces that would have been available to future Zero-Day exploits,” wrote Matt Oh and Elia Florio of Microsoft’s Windows Defender ATP Research Team in a post last week.

Forgetting the rather steep price for a moment, the security improvements in the new Windows 10 Anniversary Update are actually proving worthwhile for consumers. “This is great news for users,” said Jerome Segura, a senior security researcher for Malwarebytes. “Microsoft is addressing zero days and exploits in general by sandboxing a lot of the components in the operating system,” he told TechNewsWorld.

Something to keep an eye on for sure.

The views expressed in this column do not necessarily reflect the views of Penton Media or The VAR Guy editorial staff.