Tag Archives: krebs

The new age of DDoS – And we ‘joked’ that toasters would one day take down our banks

The size of DDoS attacks has increased exponentially thanks to hackers and cyber criminals making use of the IoT. A few years ago, just as the ‘Internet of Things’ (IoT) was starting to form as a concept, some of us in the cyber security community joked that in future our toasters would be able to take down our banks. Within the last few months that joke has started to become a reality. In September 2016, US security researcher Brian Krebs had his website, Krebs on Security, taken offline by the largest Distributed Denial of Service (DDoS) attack yet seen. A short while later OVH, a French internet hosting company, was struck by an even bigger attack. Then, in October, Domain Name Server (DNS) company Dyn – essentially a part of the ‘internet phone book’ which directs users to websites – also fell victim to an attack in which tens of millions of different internet addresses bombarded the company’s servers with excessive data, causing popular sites like Twitter, Spotify and Reddit to go offline. The size of attacks has increased exponentially thanks to hackers and cyber criminals making use of the IoT. These devices – including the likes of webcams Digital Video Recorders, and even fridges, toasters and pressure cookers – are typically designed to be quick and cheap to produce, and inherently have very poor levels of security. The majority run variants of the Linux operating system and many have very simple or default administrator username and password combinations, or use standard encryption tools where the ‘key’ is widely available on the internet. There are some with no security features at all. Worryingly, the end user can do little to prevent their use by cyber criminals and hackers, even if they were to become aware that their device has been compromised. Other than turning it off and disconnecting it from any internet connection – which would pretty much leave the device as ‘dumb’, and remove the features they bought it for – there’s very little scope to prevent it from being recruited by hackers. The risk posed stems from a piece of malware called ‘Mirai’ (Japanese for ‘the future’). Developed by a coder who goes under the pseudonym of ‘Anna-senpai’, Mirai turns computer systems running Linux into remotely controlled ‘bots’ that can be used as part of a ‘botnet’ in large-scale network attacks. Mirai was first unleashed on September 20, 2016, with attacks on the Krebs website reaching up to 620 Gbps. Soon after, OVH was hit with an attack which reached a staggering 1 Tbps. Both these attacks used in the region of 150,000 infected IoT devices, and produced volumes of traffic in DDoS attacks never seen before. It is thought Krebs was targeted as he has exposed an Israeli group called ‘vDOS’ operating on the ‘Dark Web’ that rented out DDoS attacks (known as ‘DDoS-as-a-Service’). Soon after these attacks, the source code for Mirai was released on the Dark Web. This now gave other hackers and cyber criminals the opportunity to undertake massive DDoS attacks,which resulted in the Dyn incident. In a change of tactic, the hackers attempted to take down part of the key infrastructure of the internet rather than just focusing on a single website. This begs the question: Just how will DDoS attacks develop in 2017 and what will the future hold for internet security? Source: http://www.itproportal.com/features/the-new-age-of-ddos-and-we-joked-that-toasters-would-one-day-take-down-our-banks/

Read the original post:
The new age of DDoS – And we ‘joked’ that toasters would one day take down our banks

Expect ‘Flood’ of DDoS Attacks After Source Code Release

The source code behind the massive distributed denial of service attack against security researcher Brian Krebs’s website has been released online. In a blog post over the weekend, Krebs wrote that the so-called Mirai source code’s release pretty much guarantees that “the Internet will soon be flooded with attacks from many new botnets powered by insecure routers, IP cameras, digital video recorders, and other easily hackable devices.”  Krebs knows all too well what Mirai is capable of. Last month, the “Internet of Things” botnet launched a “historically large” 620Gbps DDoS attack against his well-known and respected site KrebsOnSecurity, inundating it with so much spam traffic that DDoS protection provider Akamai dropped the site to protect other subscribers. The Mirai source code leak came to light on Friday via the Hackforums community, Krebs said. A user with the alias “anna-senpai” posted the code there for anyone to use, likely to avoid getting caught. “It’s an open question why anna-senpai released the source code for Mirai, but it’s unlikely to have been an altruistic gesture: Miscreants who develop malicious software often dump their source code publicly when law enforcement investigators and security firms start sniffing around a little too close to home,” Krebs wrote. “Publishing the code online for all to see and download ensures that the code’s original authors aren’t the only ones found possessing it if and when the authorities come knocking with search warrants.” The malware spreads by “continuously scanning the Internet for [vulnerable] IoT systems” that are using default or hard-coded usernames and passwords. Vulnerable devices are then turned into bots, which together can be used to launch DDoS attacks designed to send so much traffic to a website that it’s knocked offline. “My guess is that (if it’s not already happening) there will soon be many Internet users complaining to their ISPs about slow Internet speeds as a result of hacked IoT devices on their network hogging all the bandwidth,” Krebs wrote. “On the bright side, if that happens it may help to lessen the number of vulnerable systems.” Source: http://www.pcmag.com/news/348404/expect-flood-of-ddos-attacks-after-source-code-release

See the article here:
Expect ‘Flood’ of DDoS Attacks After Source Code Release

Renowned blog KrebsOnSecurity hit with massive DDoS attack

The 620 Gbps DDoS attack was built on a massive botnet. The security blog KrebsOnSecurity has been hit with one of the largest distributed denial of service (DDoS) attacks of all time. The site, which is run by security expert Brian Krebs, was hit by a DDoS attack of around 620 Gbps on 20 September. KrebsOnSecurity managed to stay online during the attack, due to defences from content delivery network provider Akamai. The largest attack of this kind Akamai had previously defended was one of 336 Gbps earlier this year. Previous large-scale DDoS attacks, including the 336 Gbps attack, used well-known methods to amplify a smaller attack such as using unmanaged DNS servers. Apart from being much larger in terms of scale, the attack on KrebsOnSecurity also differed in that it seemed to instead use a very large botnet of hacked devices. This could have involved hundreds of thousands of systems. “Someone has a botnet with capabilities we haven’t seen before,” Martin McKeay, Akamai’s senior security advocate, said to KrebsOnSecurity. “We looked at the traffic coming from the attacking systems, and they weren’t just from one region of the world or from a small subset of networks — they were everywhere.” Brian Krebs said that there were some signs that the attack had used a botnet that had captured a large number of Internet of Things (IoT) devices. During a DDoS attack, the targeted website is flooded with traffic, designed to overwhelm the resources of the site to crash or suspend its services. “It seems likely that we can expect such monster attacks to soon become the new norm,” wrote Krebs. He suggested that the attack on his site might have been in retaliation for a series he had done on the takedown of a DDoS-for-hire service vDOS, a theory supported by text included in the strings of the DDoS attack referencing the vDOS owners. Source: http://www.cbronline.com/news/cybersecurity/business/renowned-blog-krebsonsecurity-hit-with-massive-ddos-attack-5012622

Excerpt from:
Renowned blog KrebsOnSecurity hit with massive DDoS attack