Response Plan On DoS Attack
Even through companies have concentrate in establishing high security technology, there is still high risks of Denial-of-service attack which disrupt organization operations. Organizations have begun to prepare for DoS attacks through development of a response plan. It is critical for a company to establish a plan for DOS attack response before it occurs.
Response plan enables the business to establish its continuity plan since the DOS attack response lane determine the manner in which the business will continue with its operations even after experiencing certain scenarios. When developing the DoS attack response plan, there is need for the company to consider the breadth and depths of the threats involved. The threat for attack change with time whereby they the company should analyze the existing threats and those they perceive may be encountered so that they prepare on ways of responding to this threats. In the attacks responses preparations there are various factors that should be included which include communication, engagement of the ISP and business continuity plan. The response plan should be based on time so that extended effects are prevented. Therefore, the plan which involve individuals and tools to be used in case of an attack which are kept ready always in a safety place probably outside the organizations in the hosting provider. Timely response lead to potential results in a less downtime for the Web presence enterprise. The Computer Security Incident Response teams should establish a communication plan to be used during attacks whereby they should determine the key decision maker, key stakeholders and people to be consulted during an attack. Preparation enables quick mitigation of an attack.
The preparations plan depends on the internet presence and the type of attack involved. The Technical response involved a variety of activities, such as Web Infrastructure and network such as identification, monitoring and response strategies. Therefore, the company requires being proactive in attacks such that they recognize risk of an attack before it commences.
Techniques Used by Malware developers
There are various techniques used by the malware developers to conceal the code as well as prevent its analysis. These techniques include environmental awareness, Timing based evasion, and Confusing automated tools and Obfuscating internal data.
Environmental awareness
This technique allows the samples of malware to detect the runtime environment underlying in the system being infected. This evasive behavior allows the search of distinguished virtualized, Operating systems artifacts and bare metal environment. In a report published in 2015 indicated that 17 percent of the Carbanak malware samples were analyzed by the Last line whereby they tried to detect the virtual sandbox before it was executed.
Time-based evasion
Malware use this behavior to follow certain action and run during certain times by the users. The behavior include following the initial infections when opening and wait for the users to clicks the link so that the windows can be activated after the systems is reboot whereby it run from a particular period of time.
Confusing Automated tools
This technique allows the malware developer to avoid detection using technologies such as signature-based antivirus software. for instance, Dyre banking Malware hardcode the older versions using their URL when engaging in a communication with the C&C server (Command and Control Server. In the attempts of evading malware blacklist, the company began to change the domain of Malware on daily basis.
Obfuscating internal data
Malware developer uses a variety of tricks to run the codes so that they cannot be detected by the systems analysis. This method used ROM to verse the method if evasion to an extend that the API names are replaced using hashed values, tables and certain process and communicated with C&C server using the 443 port that encrypt the traffic.