And break every computer crime law along the way A GitHub user going by Leo Linsky has forked a repo created by researcher Jerry Gamblin to create an anti-worm “nematode” that could help to patch vulnerable devices used in the massive Mirai distributed denial of service attack.…
See the article here:
Boffin’s anti-worm bot could silence epic Mirai DDoS attack army
The Internet of Things: blessing or curse? That depends on how much you value your privacy against the ability of your fridge to order fresh milk. Either way, we are now more vulnerable to hackers. Here’s how. I won’t even attempt to answer the question in my opening gambit. Who can say for sure this early whether the Internet of Things is a blessing or a curse (aside from the fact that clichés are always a curse). For one this is something we all have to decide for ourselves – hopefully, after diligent public debate. We all have to decide what privacy is in the digital era, and whether it’s important to us. We may support more stringent data protection laws, even a global bill of rights. Or we may find ourselves in the “post-privacy” camp and not really care. It also depends on how highly we value our digital security. Unbeknownst to us Take the DDoS (distributed denial-of-service) attack that brought down a litany of popular websites last Friday (21.10.2016). The affected websites included Esty, Github, HBO Now, PayPal, Pinterest, Playstation Network, Recode, Reddit, Spotify, Twitter, Netflix, Yammer, and Yelp. Your fridge, your mom’s webcam, computers at the local school, and a kid’s doll may have all taken part – without your even knowing it. Someone, somewhere launched a piece of malware called Mirai. We’ve known about Mirai – so something was in the wind. And DDoS attacks themselves have been around for ages. Mirai searched for poorly-protected, networked devices. That is, household devices that had little or no password protection. Reports suggest these included DVRs and webcams made by a Chinese company called Hangzhou XiongMai, which has since issued a recall on its webcams in the US. Mirai turned the connected devices into its slaves. They then launched the DDoS attack on servers run by Dyn, a so-called DNS host, and home to all those websites. Usually, when you call up a website, your “request” goes via one of these servers. But when the servers are overloaded with bad requests consisting of incomplete data, or they are bombarded with more requests than they can handle, they basically freak out. And no one is served. That’s what happened on Friday. Your fridge, webcam, toy truck and thousands more emitted a coordinated attack of useless information, bringing down some of the world’s most popular websites. The rest is history… Friday’s Mirai attack may well be history now, but it’s one which will surely repeat itself. Many, many times. The question is, where will it all end? If it’s only Netflix and Spotify you can’t access, you may really not care. Certainly if they are back up and running within a few hours. But what if it’s a vital government website, online access to your local hospital, the police, or the energy grid… and what if the attack lasts for days, weeks even? This is what we mean when we talk about cybersecurity. Private, commercial concerns, even dating apps, shouldn’t come into it. And yet what we do – and allow – at a private level can have a momumental impact on society. We may think it’s just the fridge ordering our milk or Barbie chatting to our kids. But we forget that every electronic device these days – especially those connected to the network – is vulnerable to hackers. And the Mirai attack has reminded us they can all be reprogrammed to do whatever the hackers want. Source: http://www.dw.com/en/how-our-household-devices-get-hacked-and-join-zombie-bot-networks-in-ddos-attacks/a-36181744
More:
How our household devices get hacked and join zombie bot networks in DDoS attacks
There’s no shortage of conspiracy theories when it comes to guessing who’s behind cyber attacks. So when it was announced that a distributed denial of service (DDoS) attack was behind last week’s crash of an Ontario online literacy test for about 190,000 high school students the list was long. –One of the thousands of computer-literate students who want to Get Back At the Education System? (No shortage of them…) –One of the tens of thousands of Ontario high school graduates who want to Get Back At the Education System (Some of whom are reading this right now …) –General mischief makers around the world (Really no shortage of them) –The usual suspects blamed for everything bad (Russia, China). OK, probably not Russia and China. But with DDoS-as-a-service available on the dark web (all you need is Tor and a credit card) and — here’s the tricky part — the right URL — it’s not hard to launch an attack anywhere on the planet. Who had that URL and how they got hold of it is the question. It may not have been that hard because last week’s test was preceded by earlier, smaller ones. What we do know for sure is that on Monday the provincial Education Quality and Accountability Office (EQAO) said the Oct. 20 province-wide trial of the online Ontario Secondary School Literacy Test (OSSLT) had to be terminated because of what it called an “intentional, malicious and sustained” DDoS attack. “An extremely large volume of traffic from a vast set of IP addresses around the globe was targeted at the network hosting the assessment application,” the office said in a statement. No personal or private student information was compromised, it added. According to a statement Thursday from the EQAQ, a third party hosted the application. “We planned for a variety of cyber incidents,” the statement said, “but we are unable to disclose the specifics of this information because of the need to protect our infrastructure’s security. What we can say, however, is that we did not anticipate a DDOS of this magnitude. A forensics firm is investigating. “We were shocked to learn that someone would deliberately interfere with the administration of the online OSSLT,” Richard Jones, the office’s director of assessment, said in a statement. “There will be discussions over the next few weeks to determine how to strengthen the system, and we will continue to work with Ontario’s education community to understand how best to use online assessments to benefit our province’s students.” —Richard Jones, Director, Assessment Last week’s exercise was was a voluntary trial to test the system’s readiness before the regularly scheduled administration of the OSSLT — either online or on paper — in March 2017. The office is determined to keep to that schedule. Source: http://www.itworldcanada.com/article/ontario-literacy-test-abandoned-due-to-ddos-attack/387852
Read More:
Ontario literacy test abandoned due to DDoS attack
Exploit can halt attacks from IoT devices Security researchers have discovered flaws in the Mirai botnet that might be used to mitigate against future attacks from the zombie network.…
Taken from:
Researchers expose Mirai vuln that could be used to hack back against botnet
Recent cyber-attacks using botnet armies of hacked “internet of things” devices highlights the pressing need for improved security.
Read More:
Smart home threat
The nation’s top intelligence official on Tuesday said state-sponsored hackers likely weren’t behind the distributed denial-of-service (DDoS) attacks that disrupted internet access across the United States last week. Weighing in on the outages during an event at the Council on Foreign Relations in Washington, D.C., National Intelligence Director James Clapper said investigators believe a “non-state actor” was likely responsible for the DDoS attacks that made it difficult to access some of the world’s most popular websites Friday. “That appears to be preliminarily the case,” Mr. Clapper said, The Hill reported. “But I wouldn’t want to be conclusively definitive about that, specifically whether a nation state may have been behind that or not.” “The investigation’s still going on,” he added. “There’s a lot of data going on here.” Beyond the Beltway, private sector security researchers like those employed by Flashpoint, a business risk intelligence firm that’s analyzed the attacks, hold a similar opinion. “Despite public speculation, Flashpoint assesses with a moderate degree of confidence that the perpetrators behind this attack are most likely not politically motivated, and most likely not nation-state actors,” its researchers wrote Tuesday. In fact, Flashpoint said its investigation revealed that the same infrastructure used to disrupt access to websites like Twitter and Netflix was also used to attack a well-known video game company — an indication that the culprits of the crippling DDoS weren’t necessarily waging assault on behalf of a foreign power. “While there does not appear to have been any disruption of service, the targeting of a video game company is less indicative of hacktivists, state-actors or social justice communities, and aligns more with the hackers that frequent online hacking forums,” Flashpoint’s researchers wrote. “These hackers exist in their own tier, sometimes called ‘script kiddies,’ and are separate and distinct from hacktivists, organized crime, state-actors, and terrorist groups. They can be motivated by financial gain, but just as often will execute attacks such as these to show off, or to cause disruption and chaos for sport.” “I think they are right,” agreed Mikko Hypponen, chief research officer for security firm F-Secure. “I don’t believe the Friday attackers were financially or politically motivated. It was such an untargeted attack, it’s hard to find a good motive for it. So: kids,” he told TechCrunch. As authorities attempt to identify the culprits responsible for waging last week’s DDoS attacks, investigators have at least found out how the hackers were able to disrupt internet access North America and Europe. Researchers say the outage occurred after hackers compromised millions of internet-connected household devices like video recorders and digital cameras, then used those products to overload a widely used Domain Name System (DNS) — an online directory that enables web users to navigate from site to site. The director of the Department of Homeland Security said Monday that DHS has “been working to develop a set of strategic principles for securing the Internet of Things, which we plan to release in the coming weeks.” Source: http://www.washingtontimes.com/news/2016/oct/26/historic-ddos-attack-likely-waged-by-non-state-act/
See more here:
Historic DDoS attack likely waged by ‘non-state actor’: Intel director
Dyn, the victim of last week’s denial of service attack, said it was orchestrated using a weapon called the Mirai botnet as the ‘primary source of malicious attack’ The cyber-attack that brought down much of America’s internet last week was caused by a new weapon called the Mirai botnet and was likely the largest of its kind in history, experts said. The victim was the servers of Dyn, a company that controls much of the internet’s domain name system (DNS) infrastructure. It was hit on 21 October and remained under sustained assault for most of the day, bringing down sites including Twitter, the Guardian, Netflix, Reddit, CNN and many others in Europe and the US. The cause of the outage was a distributed denial of service (DDoS) attack, in which a network of computers infected with special malware, known as a “botnet”, are coordinated into bombarding a server with traffic until it collapses under the strain. What makes it interesting is that the attack was orchestrated using a weapon called the Mirai botnet. According to a blogpost by Dyn published on Wednesday, Mirai was the “primary source of malicious attack traffic”. Unlike other botnets, which are typically made up of computers, the Mirai botnet is largely made up of so-called “internet of things” (IoT) devices such as digital cameras and DVR players. Because it has so many internet-connected devices to choose from, attacks from Mirai are much larger than what most DDoS attacks could previously achieve. Dyn estimated that the attack had involved “100,000 malicious endpoints”, and the company, which is still investigating the attack, said there had been reports of an extraordinary attack strength of 1.2Tbps. To put that into perspective, if those reports are true, that would make the 21 October attack roughly twice as powerful as any similar attack on record. David Fidler, adjunct senior fellow for cybersecurity at the Council on Foreign Relations, said he couldn’t recall a DDoS attack even half as big as the one that hit Dyn. Mirai was also used in an attack on the information security blog Krebs on Security, run by the former Washington Post journalist Brian Krebs, in September. That one topped out at 665 Gbps. “We have a serious problem with the cyber insecurity of IoT devices and no real strategy to combat it,” Fidler said. “The IoT insecurity problem was exploited on this significant scale by a non-state group, according to initial reports from government agencies and other experts about who or what was responsible. “Imagine what a well-resourced state actor could do with insecure IOT devices,” he added. According to Joe Weiss, the managing partner at the cybersecurity firm Applied Control Solutions and the author of Protecting Industrial Control Systems from Electronic Threats, it is hard to know what Mirai could become. “A lot of these cyber-attacks start out as one particular type of attack and then they morph into something new or different,” he said. “A lot of this is modular software. “I can’t speak for anyone else,” Weiss continued. “[But] I don’t know that we really understand what the endgame is.” Source: https://www.theguardian.com/technology/2016/oct/26/ddos-attack-dyn-mirai-botnet
Original post:
DDoS attack that disrupted internet was largest of its kind in history, experts say
Hangzhou Xiongmai Technology says devices sold in the US before April 2015 will be recalled after attack on Dyn servers. China’s Hangzhou Xiongmai Technology, which has issued a recall for thousands of webcams sold in the US that were used in a massive distributed denial of service (DDoS) attack on the servers of US-based internet company Dyn, said the hacks occurred because customers didn’t change the default password, according to the AP. The attack, which in part came through devices with Xiongmai components, briefly cut access to many sites including Twitter, Netflix, Amazon, and Spotify. Xiongmai’s Liu Yuexin told AP the company did its best to secure the devices. The company, he added, came to know of the weakness in its webcams and digital recorders in April 2015 and had patched the flaws. Vulnerabilities in devices by Xiongmai and video surveillance maker Dahua first came to light after an attack on the website of cybersecurity writer Brian Krebs and has highlighted concerns of security risks from interconnected consumer gadgets. Source: http://www.darkreading.com/attacks-breaches/chinese-firm-defends-webcam-security-after-ddos-attacks/d/d-id/1327298
See more here:
Chinese Firm Defends Webcam Security After DDoS Attacks
Last week assault on Dyn’s global managed DNS services was only the start. Here’s how to fend off hackers’ attacks both on your servers and the internet. We knew major destructive attacks on the internet were coming. Last week the first of them hit Dyn, a top-tier a major Domain Name System (DNS) service provider, with a global Distributed Denial of Service (DDoS)attack. As Dyn went down, popular websites such as AirBnB, GitHub, Reddit, Spotify, and Twitter followed it down. Welcome to the end of the internet as we’ve known it. Up until now we’ve assumed that the internet was as reliable as our electrical power. Those days are done. Today, we can expect massive swaths of the internet to be brought down by new DDoS attacks at any time. We still don’t know who was behind these attacks. Some have suggested, since Dyn is an American company and most of the mauled sites were based in the US, that Russia or Iran was behind the attack. It doesn’t take a nation, though, to wreck the internet. All it takes is the hundreds of millions of unsecured shoddy devices of the Internet of Things (IoT). In the Dyn onslaught , Kyle York, Dyn’s chief strategy officer said the DDoS attack used “tens of millions” devices. Hangzhou Xiongmai Technology, a Chinese technology company, has admitted that its webcam and digital video recorder (DVR) products were used in the assault. Xiongmai is telling its customers to update their device firmware and change usernames and passwords. Good luck with that. Quick: Do you know how to update your DVR’s firmware? The attack itself appears to have been made with the Mirai botnet. This open-source botnet scans for devices using their default username and password credentials. Anyone can use it — China, you, the kid next door — to generate DDoS attacks. For truly damaging DDoS barrages, you need to know something about the internet’s architecture, but that’s not difficult. Or, as Jeff Jarmoc, a Salesforce security engineer, tweeted, “In a relatively short time we’ve taken a system built to resist destruction by nuclear weapons and made it vulnerable to toasters.” That’s funny, but it’s no joke. Fortunately, you can do some things about it. Securing the Internet of Things First, and this unfortunately is a long-term solution, IoT vendors must make it easy to update and secure their devices. Since you can’t expect users to patch their systems — look at how well they do with Windows — patching must be made mandatory and done automatically. One easy way to do this is to use an operating system, such as Ubuntu with Snap, to update devices quickly and cleanly. These “atomic” style updating systems make patches both easier to write and deploy. Another method is to lock down IoT applications and operating systems. Just like any server, the device should have the absolute minimum of network services. Your smart TV may need to use DNS, but your smart baby monitor? Not so much. That’s all fine and dandy and it needs to be done, but it’s not going to help you anytime soon. And, we can expect more attacks at any moment. Defending your intranet and websites First, you should protect your own sites by practicing DDoS prevention 101. For example, make sure your routers drop junk packets. You should also block unnecessary external protocols such as Internet Control Message Protocol (ICMP) at your network’s edge. And, as always, set up good firewalls and server rules. In short, block everything you can at your network edge. Better still, have your upstream ISP block unnecessary and undesired traffic. For example, your ISP can make your life easier simply by upstream blackholing. And if you know your company will never need to receive UDP traffic, like Network Time Protocol (NTP) or DNS, your ISP should just toss garbage traffic into the bit bin. You should also look to DDoS mitigation companies to protect your web presence. Companies such as Akamai, CloudFlare, and Incapsula offer affordable DDoS mitigation plans for businesses of all sizes. As DDoS attacks grow to heretofore unseen sizes, even the DDoS prevention companies are being overwhelmed. Akamai, for example, had to stop trying to protect the Krebs on Security blog after it was smacked by a DDoS blast that reached 620 Gbps in size. That’s fine for protecting your home turf, but what about when your DNS provider get nailed? You can mitigate these attacks by using multiple DNS providers. One way to do this is to use Netflix’s open-source program Denominator to support managed, mirrored DNS records. This currently works across AWS Route53, RackSpace CloudDNS, DynECT, and UltraDNS, but it’s not hard to add your own or other DNS providers. This way, even when a DDoS knocks out a single DNS provider, you can still keep your sites up and running. Which ones will work best for you? You can find out by using Namebench. This is an easy-to-use, open-source DNS benchmark utility. Even with spreading out your risk among DNS providers, DNS attacks are only going to become both stronger and more common. DNS providers like Dyn are very difficult to secure. As Carl Herberger, vice president for security solutions at Radware, an Israeli-based internet security company, told Bloomberg, DNS providers are like hospitals: They must admit anyone who shows up at the emergency room. That makes it all too easy to overwhelm them with massive — in the range of 500 gigabits per second — attacks. In short, there is no easy, fast fix here. One way you can try to keep these attacks from being quite so damaging is to increase the Time to Live (TTL) in your own DNS servers and caches. Typically, today’s local DNS servers have a TTL of 600 seconds, or 5 minutes. If you increased the TTL to say 21,600 seconds, or six hours, your local systems might dodge the DNS attack until it was over. Protecting the internet While the techniques might help you, they don’t do that much to protect the internet at large. DNS is the internet’s single point of total failure. That’s bad enough, but as F5, a top-tier ISP notes, DNS is historically under-provisioned. We must set up a stronger DNS system. ISPs and router and switch vendors should also get off their duffs and finally implement Network Ingress Filtering, better known as Best Current Practice (BCP)-38. BCP-38 works by filtering out bogus internet addresses at the edge of the internet. Thus, when your compromised webcam starts trying to spam the net, BCP-38 blocks these packets at your router or at your ISP’s router or switch. It’s possible, but unfortunately not likely, that your ISP has already implemented BCP-38. You can find out by running Spoofer. This is a new, open-source program that checks to see how your ISP handles spoofed packets. So why wasn’t it implemented years ago? Andrew McConachie, an ICANNtechnical and policy specialist, explained in an article that ISPs are too cheap to pay the small costs required to implement BCP-38. BCP-38 isn’t a cure-all, but it sure would help. Another fundamental fix that could be made is response rate limiting (RRL). This is a new DNS enhancement that can shrink attacks by 60 percent. RRL works by recognizing that when hundreds of packets per second arrive with very similar source addresses asking for similar or identical information, chances are they’re an attack. When RRL spots malicious traffic, it slows down the rate the DNS replies to the bogus requests. Simple and effective. Those are some basic ideas on how to fix the internet. It’s now up to you to use them. Don’t delay. Bigger attacks are on their way and there’s no time to waste. Source: http://www.zdnet.com/article/how-to-defend-against-the-internets-doomsday-of-ddos-attacks/
View article:
?How to defend against the internet’s doomsday of DDoS attacks
China’s Ministry of Justice has threatened legal action against those blaming Chinese firms for botnets.
More here:
Beijing threatens legal action over webcam claims