DNS Geo Blocking
Cybercrime is costly, and data for the last couple of years show a worrisome trend in the figures paid for ransom and those required to get the situation back to the pre-attack stage. In this article we show where most of the attacks are coming from and how the FlashStart DNS Geo Blocking feature can help you avoid inadvertently accessing websites located in the most dangerous cybercrime areas in the world.
1. Cyber threats: recent developments
According to ComplexDiscovery, the cost of cybercrime worldwide has increased sharply over the last decade, rising from 300 billion dollars in 2013 to an astonishing 945 billion dollars in 2020. Also, figures related to cyber threats for the last couple of years have generally worsened, and the cost of cybercrime is no exception.
The article by ClomplexDiscovery provides a detailed overview of the main cyber threats that spread in the world during 2021. The data it reports are taken from a variety of websites, reports and organizations since ComplexDiscovery is an online publication that focuses on cyber security and aims to highlight insights and intelligence findings about cyber security, data breaches and connected legal issues.
The four most frequent types of cyber attacks that they report are:
» Malware attacks;
» Ransomware attacks;
» Phishing attacks;
» DDoS attacks.
1.1 Malware attacks
The term malware is used to refer jointly to all types of malicious software that aim to cause damage to computers and IT infrastructures and that include, but are not limited to, viruses, trojans, worms, ransomware, adware and spyware.
Starting from March 2020, hence shortly after the first news about the pandemic came out, Google detected 600-800 infected websites every week, compared to an overall figure of about 3,000 cases of infected websites discovered during the first three months of that year.
Also, the Sophos threat report of 2021 shows that, among the interviewed 3,500 IT professionals, 34% of them reported having been targeted with malware during 2020.
>> FlashStart protects you from a wide range of threats, including malware and phishing attempts ? Start your free trial now
1.2 Ransomware attacks
As mentioned above, ransomware is one of the malware techniques and it is possibly the one that spread the most during the first stages of the pandemic.
A report by Cybersecurity Ventures published in January 2021 shows how the global cost of ransomware was expected to rise to 20 billion dollars in 2021, up more than 60 times from the 325 million dollars reported for 2015. The prediction for 2021 was that an attack on businesses would take place every 11 seconds, compared to the 40 seconds of 2016.
1.3 Phishing attacks
Phishing attacks are the third most frequent type of attacks mentioned by ComplexDiscovery. Phishing is a fraud technique whereby an attacker tricks an Internet user into providing confidential information, such as private, financial or health data, in order to use them to his own advantage.
Also, the attacks can be spread through malicious attachments, which are not usually checked by the commonly available free services of threat detection, like the one provided by Google. In 2020, Google detected around 2 million websites used for phishing purposes.
1.4 DDoS attacks
Finally, ComplexDiscovery focuses on DDoS attacks, meaning attacks that aim to disrupt the provision of an online service by overwhelming the servers with traffic requests. These attacks became particularly relevant when meetings and classes of all kinds and level started moving online during the spring of 2020. Statistics indicate that they are now becoming less prolonged but more frequent.
>> FlashStart checks all your Internet traffic and prevents you from accessing malicious and dangerous websites ? Check out our offer
2. Where do the attacks come from?
Since the situation between Russia and Ukraine escalated into a full-fledged war, there have been a lot of rumors about Russian hackers hitting Ukrainian infrastructures and about Ukrainians and other supportive groups retaliating against these attacks. We discussed the role of these attacks in the dedicated article available here. But where do attacks come from?
The origin of the attacks has been traced back to a variety of threat actors over the years. There are both private and state-sponsored hacker groups. The two have different aims of course:
» Private hacking groups usually aim to monetize the attacks, either through ransomware or by re-selling on the dark web the data, information and documents they could gain access to;
» State-sponsored actors usually want to cause damage to important infrastructures and systems within a country. We talk in this case about cyberwarfare, a new form of war between states and governments, which we discussed in this dedicated article.
So, where do the attacks come from now?
2.1 Before the pandemic
Before the pandemic started, the origin of the attacks seemed to be a bit clearer. Several statistics report that between 2006 and 2018 most of the attacks came from groups based in Russia or China, as claimed by the Center for Strategic and International Studies. During this period, China was reportedly behind 108 major cyber incidents while Russia was behind 98 attacks.
2.2 Pandemic and war
The spread of the Covid-19 pandemic and, most recently, the Russia-Ukraine war have resulted in an increase in the number of threat actors. Private hacking groups have developed into real businesses, which invest in R&D, issue press releases and make use of the financial systems to launder the money they earn. As we explained in this article, all this requires a business model and individuals with diversified skills, just like in a normal company.
Statistics on the origins of the attacks for 2022 are still not fully available. We could however find data about DDoS attacks that show that, while China is still the top country in terms of origin of this type of attacks, Russia has fallen behind and now ranks seventh. Interestingly enough, the second country where these types of attacks originate from is the United States, which is also the main target for them. Ukraine and India are also in the top 10.
3. The FlashStart web content filter
So, what can you do to lower the chances of being the target of the next cyber attack? Like cyber threats themselves, the measures to counter the attacks have moved online, too. And, since prevention is better than cure, the first thing to do is setting up a web content filter, a tool that scans all the Internet traffic going through your device and blocks access to dangerous websites.
The web content filter offered by FlashStart acts at the DNS level: when the Internet user types the name of the websites he wishes to reach, the search engine looks for the DNS address associated with it and the filter checks the DNS against its cloud. The FlashStart cloud includes a variety of lists of websites that are deemed dangerous since they are linked to malware, ransomware, phishing attempts and other malicious contents, as well as lists of undesired or distracting contents, ranging from porn and violence to online shopping and video streaming platforms.
All these websites are divided into categories. When the user tries to access a website that is part of a blocked category, meaning a category the network administrator or Internet Service Provider (ISP) has deemed dangerous or inappropriate, then an error message will appear, which prevents access to such website.
4. FlashStart’s DNS Geo Blocking
The FlashStart web content filter includes an exclusive feature: DNS Geo Blocking. This allows network administrators and ISPs to block websites and resources depending on the geographical location to which they can be traced back. In particular, FlashStart provides a list of the countries that have a reputation for ransomware, malware and other cyber-related risks, permitting the administrator to set up the security features he deems best for his network.
Setting up the FlashStart DNS Geo Blocking is an easy process. Within the FlashStart Protection Management Panel, the network administrator can choose the Geo Blocking option. A list of areas will appear: FlashStart has divided countries into groups depending on their likelihood of being connected to cyber crime.
For example, Europe is divided in Eastern Europe, the Baltic countries and the rest of the continent. Asia is divided between Russia and its former satellite countries, and the rest of the continent. Each area contains a list of the countries associated with it. In this way, those in charge of the network can decide whether to block a single country or an entire area.
The DNS Geo Blocking feature allows you to block also:
» Access to websites whose origin is unknown because of the use of anonymous proxies ? option “IP not defined”
» Access to websites through satellite providers ? option “Satellite connections”.
Finally, in case you block a country through the DNS Geo Blocking tool but actually need to access a website that can be traced back to it, you can use the Personal Whitelist tool. Indeed, FlashStart allows you to personalize your Internet security as deeply as you wish and to create lists of websites to which access should always be granted, even though they are located in dangerous areas or are part of otherwise blocked categories.
You can install FlashStart easily on all types of routers and end-points and, with just a few steps, enjoy a safe navigation ? Start your free trial now
You can activate the FlashStart® Cloud protection on any sort of Router and Firewall to secure desktop and mobile devices and IoT devices on local networks.