Author Archives: Enurrendy

Assessing The Massive Security Vulnerability Of The Internet Of Things

The increase in connected devices could make 2017 a banner year for cyber attacks. A report by global professional services company Deloitte said that Distributed Denial of Service (DDoS) attacks will grow in size and scale in 2017, thanks in part to the growing multiverse of connected things. According to Deloitte’s annual Technology, Media and Telecommunications Predictionsreport, DDoS attacks will be more frequent, with an estimated 10 million attacks in total over the next 12 months. DDoS attacks are no new phenomena. The potential impact on an organization from this category of cyber threat should never be underestimated, Deloitte said. The report said that the size of DDoS attacks has increased year-on-year. Between 2013 and 2015, the largest attacks did not exceed 500 gigabits per second. In 2016, there were two attacks that exceeded one terabit per second. Over the next 12 months, the average attack size is forecast to be between 1.25- and 1.5 GBs per second, with at least one per month exceeding 1 TB per second. On a basic level, the success of DDoS attack is focused on making a website or network resource—a server, for example—unusable. This scenario is achieved by creating a flood of Internet traffic from multiple sources that are launched simultaneously. The website or resource is then overwhelmed, resulting in a suspension of service or access. For example, an ecommerce website that is hit by a DDoS attack would be unable to sell its products until the attack was contained. At the same time, any exposed vulnerabilities could produce a knock-on effect and take other organizations or websites down with it. “DDoS attacks are the equivalent of hundreds of thousands of fake customers converging on a traditional shop at the same time,” the report said. “The shop quickly becomes overwhelmed. The genuine customers cannot get in and the shop is unable to trade as it cannot serve them.” Connected Devices Are An Easy Target There are several methods for creating this type of chaos but the most common are botnets and amplification attacks. A DDoS attack generated through a botnet accesses hundreds of thousands of connected devices that have been told to act in disruptive manner via malicious code. An amplification attack also uses malicious code by instructing a server to generate multiple fake IP addresses that are then sent to a website—known as “spoofing”—which then overwhelm that service. Both of these approaches are widely known, although it is the botnet that has become more prevalent. Irrespective of how widespread the impact is on an organization or network, Deloitte said that three concurrent trends will escalate the potential for DDoS attacks in 2017—the Internet of Things, widely available malware and high bandwidth speeds. The prime culprit will be the Internet of Things. Connected devices are notoriously insecure and ripe for being taken over by a third party. The standard way to gain remote access to a device is through a user ID or password, but some people may not be aware that a device’s firmware offers hackers a way in, Deloitte said. Deloitte said: The majority of users are familiar with the need to change user ID and passwords before using a device for the first time, and at regular intervals thereafter. But approximately half a million of the billions of IoT devices worldwide—a small proportion of the total, but a relatively large absolute number—reportedly have hard-coded, unchangeable user IDs and passwords. In other words, they cannot be changed, even if the user wants to. Hard-coded user IDs and passwords are not an issue provided that a third party doesn’t know what they are. The problem is that they can be easy to find. The Internet Of Things Is Always Exploitable Anyone with a degree of programming knowledge can sift through a device’s firmware to discover what these IDs and passwords are, the report said. In addition, a compromised Internet of Things device may not show any signs of being compromised to its owner, especially if there is no obvious deterioration in performance. Theoretically, millions of devices could be affected without their owners having any idea that the device was part of a botnet, Deloitte said. Consumer confidence in the Internet of Things is aligned with how secure a connected device is, confidence that can be shattered if that device can be exploited with little effort. For example, the cyber attack on October 21, 2016, that affected the Dyn network was attributed to a botnet that used Internet-connected devices to take down numerous high-profile services that included Twitter, Amazon.com, Spotify, Comcast, Fox News and PayPal. Thousands of connected devices were used in this attack, which is now accepted as one of the largest of its kind to date. Any company or organization that has a presence on the Internet should be aware that DDoS attacks are not going to stop anytime soon. The report cited several sectors that should be alert to the impact that a successful DDoS attack could have including (but not limited to) retailers with a high proportion of online revenue, video streaming services, financial or professional service companies and online video games providers. “Some organizations may have become a little blasé about DDoS attacks, however these attacks are likely to increase in intensity in 2017 and beyond, and the attackers are likely to become more inventive,” said Deloitte. “Unfortunately, it may never be possible to relax about DDoS attacks. The DDoS genie is out of the bottle, and is unlikely to pop back in.” Source: https://arc.applause.com/2017/01/27/ddos-iot-vulnerability-asssessment/

Taken from:
Assessing The Massive Security Vulnerability Of The Internet Of Things

Hong Kong securities brokers hit by cyber attacks, may face more: regulator

HONG KONG (Reuters) – Hong Kong’s securities regulator said brokers in the city had suffered cyber attacks and warned of possible further incidents across the industry. Regulators in Hong Kong have been stepping up efforts over the past year to combat the growing menace of cyber attacks on companies. A survey in November showed the average number of such attacks detected by firms in mainland China and Hong Kong grew a whopping 969 percent between 2014 and 2016. [nL4N1DU35T] In a circular to licensed firms late on Thursday, the Securities and Futures Commission (SFC) said it had been informed by the Hong Kong police that brokers had encountered so-called “distributed denial of service” (DDoS) attacks targeting their websites and received blackmails from criminals. “The DDoS attacks have caused service disruption to the brokers for a short period. It is possible that similar cyber security incidents would be observed across the securities industry,” the SFC said in the notice. Distributed denial of service (DDoS) attacks, among the most common on the Internet, involve cyber criminals using hijacked and virus-infected computers to target websites with data requests, until they are overwhelmed and unable to function. The SFC urged firms in the financial center to implement protective measures, including reviews of the IT systems and DDoS mitigation plans. Source: https://www.yahoo.com/tech/hong-kong-securities-brokers-hit-cyber-attacks-may-043353386–sector.html

See more here:
Hong Kong securities brokers hit by cyber attacks, may face more: regulator

South Korean authorities worry about DDoS attacks ahead of elections

A new report from a South Korean government agency, the country is at risk of DDoS attacks ahead of the country’s possible election. South Korean authorities are reportedly worried about ramped up attacks from the country’s hostile northern neighbour. A recently released report predicted DDoS attacks, leveraging IoT botnets, would be used to attack government ministries. Authored by the state-run Korea Internet & Security Agency (KISA), the report warns of DDoS attacks just before the country’s upcoming elections. The attacks, which leverage widely insecure IoT devices, could be launched against government ministry, national infrastructure or social bodies to destabilise South Korea. Jeon Kil-soo, from KISA told South Korean news agency, Yonhap, that “there is the possibility that huge DDoS attacks could occur by using IoT devices from both home and abroad”. Kil-soo added that such attacks could be deployed against presidential candidates. Current president Park Geun-hye is currently faced with an impeachment motion, which, if adopted by Korea’s Constitutional Court, will trigger another election. The decision is expected to be made in the next two months. According to KISA’s report, such an occasion would be ripe for exploitation by, some expect, North Korea. South Korea are not the only country bracing themselves for cyber-interference in upcoming elections. Against a backdrop of accusation of Russian interference in the American election, top government officials from Germany, France and other countries have expressed fears about such threats. North Korea’s cyber-offensive activities have long been suspected. The North Korean government was reported to be behind the attacks on Sony Pictures on the eve of the 2014 release of The Interview, a comedy which satirised the country’s leader Kim Jong Un. In November 2014, Sony Pictures Entertainment was breached by a group calling itself the “Guardians of Peace”. The hackers released a slew of emails, personal information and other data from inside the company, prompting sanctions against the country. North Korean agents are also suspected to be behind the heist on the Bangladesh Central Bank. In early 2016, hackers stole US$81 million (£65 million) by impersonating legitimate money orders. The money was then laundered through Sri Lanka and the Philippines into the coffers of, some suspect, the North Korean government. This kind of activity takes on a new light when applied to South Korea. South and North Korea have technically been at war since the middle of the twentieth century. Split in two against the backdrop of the Cold War, the countries fought a war between 1950 and 1953. The war never technically ended and the countries remain separate with a Chinese backed opaque dictatorship under the Kim Jong family in the north and a liberal democratic regime in the south. The two countries exist in a state of formal hostility, and while not effectively at war are believed to regularly meddle in each other’s societies, the cyber-realm included. James Hoare, an associate fellow at Chatham House and the man formerly charged with setting up a British embassy in North Korea, “the report is all very speculative, with nothing much in the way of hard facts.” There are many such claims about North Korean cyber-attacks, “including claims of interference with aircraft landing at Inchon airport – though having watched the behaviour of people on flights into and from Inchon, I would not be surprised if some of the alleged attacks were in reality people on their mobile devices while the planes are taking off and landing.” These kinds of claims are common but “tend to be somewhat unspecific, but on at least one recent occasion, the North Korean released information that indicated that they had been approached to stage some sort of diversion at the time of an election.” Source: https://www.scmagazine.com/south-korean-authorities-worry-about-ddos-attacks-ahead-of-elections/article/633651/

See original article:
South Korean authorities worry about DDoS attacks ahead of elections

Global concern over distributed denial-of-service attacks

Arbor Networks has released its 12th Annual Worldwide Infrastructure Security Report (WISR). The report covers a range of issues from threat detection and incident response to managed services, staffing and budgets. But the main focus is on the operational challenges internet operators face daily from network-based threats and the strategies adopted to address and mitigate them. The largest distributed denial-of-service (DDoS) attack reported this year was 800 Gbps, a 60% increase over 2015’s largest attack of 500 Gbps. According to Arbor, DDoS attacks are not only getting larger, but they are also becoming more frequent and complex. Darren Anstee, chief security technologist with Arbor Networks, says survey respondents have grown accustomed to a constantly evolving threat environment with steady increases in attack size and complexity over the past decade. “However, IoT botnets are a game changer because of the numbers involved – there are billions of these devices deployed and they are being easily weaponised to launch massive attacks,” he says. “Increasing concern over the threat environment is reflected in the survey results, which show significant improvements in the deployment of best practice technologies and response processes. The report also found that the emergence of botnets that exploit inherent security weaknesses in IoT devices and the release of the Mirai botnet source code have increased attacker ability to launch extremely large attacks. According to the company, the massive growth in attack size has been driven by increased attack activity on all reflection/amplification protocols, and by the weaponisation of IoT devices and the emergence of IoT botnets. Because of this, Arbor say the consequences of DDoD attacks are becoming clear – DDoS attacks they have successfully made many leading web properties unreachable – costing thousands, sometimes millions, of dollars in revenue. However, the company does point out that this year’s survey results indicate a better understanding of the brand damage and operational expense of successful DDoS attacks. Source: https://securitybrief.asia/story/global-concern-over-distributed-denial-service-attacks/

Original post:
Global concern over distributed denial-of-service attacks

Review: DNS Security

About the authors Allan Liska is a Consulting Systems Engineer at FireEye, and Geoffrey Stowe is an Engineering Lead at Palantir Technologies. Inside DNS Security: Defending the Domain Name System DNS security is a topic that rarely comes up, and when it does, it’s usually after an attack or breach disruptive enough to merit a mention in the news. Last year’s DDoS attack against US-based DNS provider Dyn was one of those, but it isn’t … More ?

Originally posted here:
Review: DNS Security

Innovation and exploitation fuel DDoS attack landscape

Arbor Networks released its 12th Annual Worldwide Infrastructure Security Report offering direct insights from network and security professionals at global service providers, cloud/hosting and enterprise organizations. The stakes have changed for network and security teams. The threat landscape has been transformed by the emergence of IoT botnets. As IoT devices proliferate across networks, bringing tremendous benefits to businesses and consumers, attackers are able to weaponize them due to inherent security vulnerabilities. The largest DDoS attack … More ?

Read More:
Innovation and exploitation fuel DDoS attack landscape

Defeating DDoS attacks in the Cloud: Why hosting providers need to take action

DDoS attacks have become such a significant threat that hosting providers need to actively protect against them or risk their own reputations. In the first few days of the New Year, hosting provider 123-reg was once again hit by a distributed denial of service (DDoS) attack, leaving customers unable to access their websites and email accounts. Even though the magnitude and strength of the attack weren’t as immense as the 30Gbps attack on the website in August last year, it still raises availability and security concerns and emphasises the importance of using effective DDoS mitigation systems. 123-reg reacted with remediation procedures and was able to get services back up and running within a couple of hours, but not after customers experienced service outages and latency issues. Successful DDoS attacks hit more than just network infrastructure, brand reputation and bottom line suffer greatly. For many providers, just a handful of customers make up a significant portion of their revenue stream. Losing one or more of these key accounts would be detrimental to the business. With no shortage of DDoS attacks hitting the news headlines, many businesses that operate in the cloud or plan to move their business applications to the cloud, are beginning to review their DDoS protection options, and the capabilities of their providers. Hosting Providers and DDoS Threats The sheer size and scale of hosting provider network infrastructures and their massive customer base presents an incredibly attractive attack surface due to the multiple entry points and significant aggregate bandwidth that acts as a conduit for a damaging and disruptive DDoS attack. As enterprises increasingly rely on hosted critical infrastructure or services, they are placing themselves at even greater risk from these devastating cyber threats – even as an indirect target. The Domino Effect The multi-tenant nature of cloud-based data centres can be less than forgiving for unsuspecting tenants. For example, a DDoS attack that targets one organisation within the data centre can have disastrous repercussions for other tenants, causing a domino effect of latency issues, service degradation and potentially damaging and long-lasting service outages. The collateral damage associated with successful DDoS attacks can be exponential. When providers lack proper protection mechanisms to defeat attacks in real-time, the costs associated with the outages are wide ranging and the impact to downstream or co-located customers can be devastating. Therefore, if hosting providers are not protected and do not provide effective DDoS mitigation as a part of their service offering, they may inadvertently send useless and potentially harmful traffic across their customers’ networks. Traditional Defences Do Not Work Traditional techniques of defence such as black-hole routing are a crude response to DDoS attacks. Using this method, a hosting provider blocks all packets of website traffic destined for a domain by advertising a null route for the IP address under attack. The most notable issue with this approach, is when multiple tenants share a public IP address. In this situation, all customers associated with the address under attack will lose all service, regardless of whether they were a specific target of the attack. In effect, by using this method, the data centre operator is carrying out the wishes of the attacker, by taking their customers offline. Black-hole routing is not an approach that most operators prefer – since it completely took their customers offline. A more sophisticated approach was then introduced; instead of injecting a null route when an operator observed a large spike, they would inject a new route instead. That action redirected all good and bad traffic through an appliance or bank of appliances that inspected traffic and attempted to remove the attack traffic from the good traffic flows. This approach spawned the existence of DDoS scrubbing-centers with DDoS scrubbing-lanes commonly deployed today. However this approach still required a considerable amount of human intervention. A DDoS attack would have to be detected (again by analyzing NetFlow records) then an operator would have to determine the victim’s destination IP address(s). Once the victim was identified, a BGP route update would have to take place to inject a new route to “turn” the victim’s incoming traffic to where a scrubbing lane was deployed. The appliances in the scrubbing lane would attempt to remove the DDoS traffic from the good traffic and forward it to the downstream customer. Effective DDoS Defence The weaknesses of old methods – being slow to react, expensive to maintain and unable to keep up with shifting and progressive threats – tell us that solutions appropriate for today need to be always-on and remove the attack traffic in real-time, without damaging other customers, or dropping good user traffic. It’s clear they also need to be adaptable and scalable so that defences can be quickly and affordably updated to respond to the future face of DDoS threats – whatever those may be. The increasingly popular method of fulfilling these aims is through real-time DDoS mitigation tools installed directly at the peering point, meaning customer traffic can be protected as it travels across an organisation’s entire network. Such innovations mean providers are better positioned than ever before to offer effective protection to their customers, so that websites and applications can stay up and running, uninterrupted and unobstructed. Hosting providers are starting to deploy this technology as part of their service package to protect their customers. This maximises efficiency due to the fact that defences can be constantly on, with no need for human intervention. Providers can tune these systems so that customers only get good traffic, helping their sites run far more efficiently. It’s a win-win for both sides, as providers’ services become more streamlined and reliable, protecting their reputation, and attracting more customers in the process. Hosting providers have a golden opportunity to modernise their services in this way, and generate new channels for revenue – or else, they risk a slow shrinking of their customer base. Source: http://www.itproportal.com/features/defeating-ddos-attacks-in-the-cloud-why-hosting-providers-need-to-take-action/

More:
Defeating DDoS attacks in the Cloud: Why hosting providers need to take action

DDoSing has evolved in the vacuum left by IoT’s total absence of security

Botnets’ power level over 9,000 thanks to gaping vulnerabilities IoT botnets have transformed the threat landscape, resulting in a big increase in the size of DDoS attacks from 500Gbps in 2015 up to 800Gbps last year.…

See the original article here:
DDoSing has evolved in the vacuum left by IoT’s total absence of security

Furby Rickroll demo: what fresh hell is this?

Toy-makers, please quit this rubbish, you’re NO GOOD at security Here’s your future botnet, world: connected kids toys that will Rickroll their owners while hosing big servers and guessing the nuclear codes.…

Original post:
Furby Rickroll demo: what fresh hell is this?