Tag Archives: million-devices

Last month’s botnet DDoS happened because a gamer was mad at PSN

Remember last month, when a Mirai botnet attack brought down half the internet? On October 21, a Distributed Denial of service attack that employed swarms of unsecured “Internet of Things” devices was laser focused on a global DNS provider, making much of the internet unusable for many. Here’s what Dyn, the targeted DNS provider, said of the attack then: “At this point we know this was a sophisticated, highly distributed attack involving 10s of millions of IP addresses. We are conducting a thorough root cause and forensic analysis, and will report what we know in a responsible fashion. The nature and source of the attack is under investigation, but it was a sophisticated attack across multiple attack vectors and internet locations. We can confirm, with the help of analysis from Flashpoint and Akamai, that one source of the traffic for the attacks were devices infected by the Mirai botnet. We observed 10s of millions of discrete IP addresses associated with the Mirai botnet that were part of the attack.” 10 million devices, flooding networks with garbage traffic. Why? According The Wall Street Journal, it’s because one angry gamer was pissed about Sony’s PlayStation Network. Says Dale Drew, CSO of Level 3 Communications: “We believe that in the case of Dyn, the relatively unsophisticated attacker sought to take offline a gaming site with which it had a personal grudge and rented time on the IoT botnet to accomplish this.” While Drew hasn’t said which gaming site, The Wall Street Journal has, saying that the entire outage was brought about because somebody was mad at Sony. According to Forbes, all it took was buying the attack on the deep, dark web for $7500. The attack lasted for less than a full day. Is that worth over R100 000? That’s money that could have been spent on – materialistically – moving to another platform. Source: http://www.lazygamer.net/gaming-news/last-months-botnet-ddos-happened-gamer-mad-psn/

Visit site:
Last month’s botnet DDoS happened because a gamer was mad at PSN

BlackNurse Attack Lets Lone Computers Take Down Whole Networks

DDoS attacks generally rely on big numbers to get results. Hundreds of thousands of devices, millions of IP addresses all unleashing coordinated blasts of data at another device to bring it to its knees. A BlackNurse denial-of-service attack doesn’t need a massive army of zombies to be effective. The BlackNurse attack is much more efficient than the DDoS attacks that crippled security researcher Brian Krebs’ website and the DNS servers at Dyn. Some recent DDoS attacks have seen traffic peak at more than 1 Tbps. A BlackNurse attack has the ability to disrupt by sending just a fraction of that volume. As little as 21 Mbps can be enough to take down a firewall, according to security firm Netresec. What’s different about BlackNurse that allows it to inflict so much damage with so little effort? It’s the type of traffic it utilizes. BlackNurse directs Internet Control Message Protocol (ICMP) packets, which have been used in other DDoS attacks in the past. BlackNurse uses a specific type — ICMP type 3 code 3. An attack from a single laptop could, theoretically, knock an entire business offline, though it’s not likely to be a very  large  business. In their blog post, Netresec calls out firewalls made by Cisco, Palo Alto Networks, Sonicwall, and Zyxel as being at risk. Most of the devices Netresec reports as being vulnerable to a BlackNurse attack (like the Cisco ASA 5506 and Zyxel Zywall USG50) were designed for small office or home office use. That said, TDC, a Denmark-based company that offers DDoS protection services to businesses, has seen enterprise-grade gear impacted. “We had expected that professional firewall equipment would be able to handle the attack,” they wrote, adding that they’ve seen around 100 of these attacks launched against their customers. TDC also notes that BlackNurse has the potential to create a lot of havoc. In Denmark’s IP space alone they discovered 1.7 million devices that respond to the ICMP requests that the BlackNurse attack leverages. If even a small percentage of those 1.7 million devices are vulnerable, the effects of a coordinated, large-scale attack could be disastrous. And that’s just Denmark. Source: http://www.forbes.com/sites/leemathews/2016/11/14/blacknurse-attack-lets-lone-computers-take-down-whole-networks/#6d27bd961999

More:
BlackNurse Attack Lets Lone Computers Take Down Whole Networks