The Indian IT Ministry has ordered VPN companies to collect and store users data for a period of at least five years, as per a new report published last week. CERT-in, or the Computer Emergency Response Team has also asked data centers and crypto exchanges to collect and store user data for the same period to coordinate response activities and emergency measures related to cyber security in the country.

Failing to meet the Ministry of Electronics and ITs demands could lead to imprisonment of up to a year, as per the new governing law. Companies are also required to keep track of and maintain user records even after a user has canceled his/her subscription to the service.

Many resort to VPN services in India to maintain a layer of privacy. VPNs or virtual proxy networks allow users to stay free of website trackers that can keep track of data like a users location. Paid VPN services and even some good free ones, often offer a no-logging policy. This allows users to have full privacy as the services themselves operate on RAM-only servers, preventing any storage of user-data beyond a standard temporary scale.

If the new change is implemented, companies will be forced to switch to storage servers, which will allow them to log in user-data and store it for the set term of at least five years. Switching to storage servers will also mean higher costs for the companies.

For the end-user, this translates to lesser privacy and perhaps, higher costs. With data being logged, it would be possible to track your browsing and download history. Meanwhile, paid VPN services may increase cost of subscription plans to cover expenses of the new storage servers that they must now use.

The new laws are expected to come into action from 60 days of being issued, which means they could kick in from July 27, 2022.

CERT-in will reportedly require companies to report a total of twenty vulnerabilities including unauthorised access of social media accounts, IT systems, attacks on servers and more. Check a full list of the twenty vulnerabilities below.

1. Targeted scanning/probing of critical networks/systems.

2. Compromise of critical systems/information.

3. Unauthorised access of IT systems/data.

4. Defacement of website or intrusion into a website and unauthorised changes such as inserting malicious code, links to external websites etc.

5. Malicious code attacks such as spreading of virus/worm/Trojan/Bots/Spyware/Ransomware/Cryptominers.

6. Attack on servers such as Database, Mail and DNS and network devices such as Routers.

7. Identity Theft, spoofing and phishing attacks,

8. Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks.

9. Attacks on Critical infrastructure, SCADA and operational technology systems and Wireless networks.

10. Attacks on Application such as E-Governance, E-Commerce etc.

11. Data Breach.

12. Data Leak.

13. Attacks on Internet of Things (IoT) devices and associated systems, networks, software, servers.

14. Attacks or incident affecting Digital Payment systems.

15. Attacks through Malicious mobile Apps.

16. Fake mobile Apps.

17. Unauthorised access to social media accounts.

18. Attacks or malicious/ suspicious activities affecting Cloud computing systems/servers/software/applications.

19. Attacks or malicious/suspicious activities affecting systems/ servers/ networks/ software/ applications related to Big Data, Block chain, virtual assets, virtual asset exchanges, custodian wallets, Robotics, 3D and 4D Printing, additive manufacturing, Drones.

20. Attacks or malicious/ suspicious activities affecting systems/ servers/software/ applications related to Artificial Intelligence and Machine Learning.

See the rest here:
VPN services in India to store user-data for 5 years: All you need to know - The Indian Express

CenterServ offers a wide range of managed web server systems that provides their customers with exceptional performance. Read More

CenterServ offers to CDN Companies in need of global presence servers and connectivity everywhere including the most remote areas in the world. Read More

While it seems cloud computing is everywhere and anywhere, the fact is it is still only the early stages of its advance into the cores of enterprises. Read More

While maintaining the company's reputation for stability and performance in the field of web server solutions, they work continuously to offer their clients the latest and most advanced technologies. Read More

The newest cloud computing company to come out of Silicon Valley, has a very different approach to business solutions in the cloud. Read More

CenterServ offers a wide range of managed web server systems that provides their customers with exceptional performance.

CenterServ offers a wide range of managed web server systems that provides their customers with exceptional performance.

CenterServ offers a wide range of managed web server systems that provides their customers with exceptional performance.

CenterServ offers a wide range of managed web server systems that provides their customers with exceptional performance.

CenterServ offers a wide range of managed web server systems that provides their customers with exceptional performance.

See the original post:
Centerserv - International Cloud and Web Servers

serg3d/iStock Editorial via Getty Images

Microsoft (MSFT) and Alphabet (GOOG) (GOOGL) this week both told investors that their cloud businesses continued to see strength in their most recent quarters. And with that trend expected to continue, several chip companies may stand to benefit, according to Bank of America analyst Vivek Arya.

In a new research report, Arya noted that spending on cloud computing has been "resilient" so far, despite global worries over a resurgence in COVID cases in China, a broader economic slowdown and rising inflation. As such, stocks like Nvidia (NASDAQ:NVDA), Marvell Technology (NASDAQ:MRVL), Advanced Micro Devices (NASDAQ:AMD) and Broadcom (NASDAQ:AVGO) could show similar strength when they report quarterly results.

"[W]e believe strong employment trends and needs for secure [and] high-speed hybrid work environments globally are boosting enterprise demand, while the tight supply situation provides strong pricing support to chip vendors," Arya wrote.

Amazon (AMZN) also posted strong cloud results this week, as its Amazon Web Services [AWS] revenue grew 37% year-over-year to $18.4 billion, up from $13.5 billion in the year-ago period.

Delving further, Arya noted that AMD (AMD) was recently selected by Meta Platforms (FB) as a new CPU vendor for its servers late last year.

Additionally, Meta (FB) selected Nvidia to build its AI Research SuperCluster using Nvidia's GDX A100 systems for a number of tasks, including training artificial intelligence models.

Arya has per-share price targets of $153 on AMD (AMD), $780 on Broadcom (AVGO), $100 on Marvell (MRVL) and $320 on Nvidia (NVDA), respectively.

In addition to the data points provided by both Microsoft's (MSFT) and Alphabet's (GOOG) (GOOGL) cloud results, Taiwan Semiconductor (TSM) saw high-performance computing wager sales rise 26% sequentially, accounting for 41% of demand, surpassing smartphone chips for the first time. Texas Instruments (TXN) also saw strength in the enterprise, up 35% year-over-year, building off the same trends from Marvell and Broadcom, Arya explained.

With companies needing to boost infrastructure spending as employees increasingly opt for a hybrid work week, areas such as networking, Wi-Fi [and] Bluetooth and storage "could see elevated spending," the analyst explained.

Earlier this month, investment firm New Street Research upgraded Nvidia (NVDA), nothing its attractive valuation and likelihood for a strong outlook for its datacenter business.

Originally posted here:
Nvidia, Marvell, AMD and Broadcom may benefit from strong cloud results - Seeking Alpha

Cloudflare published a report of a massive DDOS attack, naming several well known cloud hosting data centers as the origins of the attack. The attack appeared to follow a trend of attacks increasingly being launched from data centers instead of the traditional residential botnets.

The attack was described as among the largest ever seen:

Earlier this month, Cloudflares systems automatically detected and mitigated a 15.3 million request-per-second (rps) DDoS attack one of the largest HTTPS DDoS attacks on record.

A Distributed Denial-of-Service (DDoS) attack is when thousands of Internet-connected devices make page requests at a rapid rate, which can result in the website server being unable to process requests for web pages from, a condition known as a denial of service.

DDOS attacks generally come from whats referred to as botnets.

A botnet is a network of Internet-connected devices like routers, IoT devices, computers, websites and web hosting servers that are infected and put under control of hackers.

The Cloudflare report noted that DDOS attacks are increasingly coming from cloud-based data centers instead of residential ISP botnets. This represents a change in tactics.

According to the Cloudflare DDOS attack report:

Whats interesting is that the attack mostly came from data centers. Were seeing a big move from residential network Internet Service Providers (ISPs) to cloud compute ISPs.

Cloudflare named several cloud-based data centers as origins of the attack, two of which are already well known in the publishing community as common sources of spam and unwanted bot visitors.

The two biggest sources of this DDOS attack, according to Cloudflares data, were OVH and Hetzner.

Cloudflare offered these details:

the attack originated from over 1,300 different networks. The top networks included the German provider Hetzner Online GmbH (Autonomous System Number 24940), Azteca Comunicaciones Colombia (ASN 262186), OVH in France (ASN 16276), as well as other cloud providers.

In addition to being origins of DDOS attacks, OVH and Hetzner are known to be sources of spam-related attacks.

According to SaaS spam protection service CleanTalk data, spam bots originating from OVH comprise 10.97% of detected activity from IP addresses associated with OVH.

Spam activity originating from Hetzner that was detected by CleanTalk, out of 213,621 IP addresses detected as a source of traffic, 14,997 (7.02%) of those IP addresses were associated with spam attacks.

While DDOS and spam attacks are two different things, these statistics are cited to show how both of those cloud data centers are used for a variety of malicious activity, not just for DDOS attacks.

A publisher over at WebmasterWorld Forum recently observed that they were experiencing bot traffic from OVH that was greater than from legitimate human traffic from known ISPs.

The WebmasterWorld member wrote in a forum post:

Over the past 24 months, the web server logs across a dozen websites I manage have a high percentage of traffic coming from the OVH data center.

This traffic is coming in via numerous IP addresses assigned to OVH. Since the volume of traffic is dramatically larger than the traffic coming from legitimate ISPs (ATT, Verizon, Charter, Comcast, Shaw, etc), I have the impression that the traffic from OVH is due to bots/scrapers hosted at the OVH data center cloud servers.

Unwanted bot traffic from OVH is such a common problem that when an OVH datacenter in France burned down a WebmasterWorld member practically applauded the event by posting:

Looking on the bright side, our websites will have less bot traffic now.

The question maybe that needs asking is, why is there so much rogue bot traffic originating from OVH and Hetzner?

This isnt something new, either. Webmaster and publisher complaints about bot traffic from OVH go back a long time.

These are examples of discussions on WebmasterWorld involving OVH:

The above are forum discussions going back as far as 2013 where publishers and webmasters are complaining about rogue bot traffic from OVH.

In a WebmasterWorld forum discussion from 2015 titled Botnet sources, one forum member posted:

RE: botnets, Im more concerned with those who are false-clicking my advertisers (hosted, 3rd party & AdSense.)

However Im sure there is a significant crossover to both categories, so those linked Spamhaus articles are a good read, thanks. Small surprise that OVH leads the pack!

Given the long history of unwanted bot traffic from OVH and Hetzner, its not entirely surprising to see that they are now cited by Cloudflare as origins of a DDOS attack.

Its well-documented by Saas spam blocking services that OVH and Hetzner are sources of spam. Now we have documentation from Cloudflare that OVH and Hetzner cloud hosting services serve as origins of DDOS attacks.

Cloudflare identified the attacks as coming from a botnet on those cloud hosts. So that may mean that various servers were compromised.

Cloudflare blocks 15M rps HTTPS DDoS attack

Read the original here:
Cloudflare Names OVH and Hetzner as Origins of DDOS Attack - Search Engine Journal

Typically, DDoS (Distributed Denial of Service) attacks use massive traffic such as HTTP, DNS, TCP, and other methods to allow attackers to disrupt even the most well-defended networks or servers. But Yo-Yo DDoS is an entirely different animal.

They are a much more innovative way to attack public cloud infrastructure resources. In today's cloud architecture, almost every resource can scale quickly. It could be nodes, Kubernetes Pods, load balancers, etc. You have unlimited resources when it comes to scaling in the public cloud. The cyber attackers use those cloud auto-scaling capabilities against you and hurt you financially. It literally could destroy small organizations that have limited cloud budgets. This article will shed more light on these types of attacks to help you increase your cyber readiness.

This is a simulation of how it looks:

Yo-Yo DDoS attacks can be tricky to identify because these attacks are brief and dont necessarily result in denial-of-service (DOS) conditions. When carrying out a yo-yo attack, hackers flood their targets with so much traffic that it automatically scales cloud resources such as load balancers, front-end services, and other cloud resources. Then they suddenly halt traffic so that the application is over-provisioned and automatically scales down again. Once the autoscaler decides that traffic volume has decreased, it scales down its resources. The attacker turns on the DDoS traffic anew, and the cycle repeats, hence the name Yo-Yo attack.

Constantly scaling up and down can be a financial drain on the applications owners, who must pay a lot of money to the hyperscalers. In some cases, this behaviour can be difficult or impossible to differentiate from legitimate requests. Unlike other forms of DDoS attacks, Yo-Yos have no centralized sourcethey often originate from many different machines across the Internet.

You should control your cloud scaling behaviour by setting limitations for every cloud resource you scale to avoid large financial spending. If you dont set a max scaling limitation, you could waste a lot of cloud computing resources and cloud-native services. Monitor your compute autoscaling groups and use anomaly detection to recognize unusual scaling patterns automatically. Then you will be able to create alerts for unusual scaling patterns and further investigate your infrastructure scaling and spending.

Although theyre difficult to detect, Yo-Yo attacks can be mitigated by hiding traffic scaling configuration. Attackers need to know how much scaling has taken place to stop the DDoS attack and eventually turn it on again once the traffic goes to a predetermined average level. If the website or service owner can hide scaling information, this would help mitigate any preparations attackers might have made before launching the attack.

To improve the security of your cloud against such attacks, its worth exploring third-party solutions made by specialized security companies such as AWS Shield and Google Armor that can help you mitigate complex attacks. They are Hyperscalers security cloud-native services, but you can pick third-party solutions such as Cloudflare or Incapsula.

Another way to mitigate against Yo-Yo DDoS attacks is to not use the default values for downscaling and upscaling when it comes to the cloud service providers load balancing mechanism. Doing so also disrupts any plan attackers might have made of when to stop sending extra junk traffic and when to start again.

The general tips to guard against DDoS attacks include keeping everything on the system updated. Fix all the security issues and bugs and quickly develop a plan to identify such problems. Its also important to emphasize that Yo-Yo DDoS attacks are a relatively recent development, and mitigation is generally available only within the best web security platforms. For example, the native security tools included in the top-tier cloud platforms are usually not adequate for defeating these attacks.

Some of the more common Yo-Yo mitigation techniques include:

Quick Takeaways to Defend Against Yo-Yo DDoS Cyber Attacks

DDos and Yo-Yo DDoS attacks happen all the time, and the attacks are getting more innovative and more frequent. In general, Yo-Yo DDoS attacks are meant to hurt companies and countries financially.

In the end, the best way to beat a Yo-Yo DDoS attack is to stay vigilant. You dont want to be the next victim of such an attack. To ensure that doesnt happen, use multiple layered defences against attack, keep your systems up-to-date, and stay on top of threats.

Written by Ido Vapner, CTO and Chief Architect at Kyndryl

More:
Yo-Yo DDoS Cyber Attacks; What they Are and How You Can Beat Them - Geektime