Tag Archives: management

The next generation of cyber attacks — PDoS, TDoS, and others

2016 was a landmark year in cyber security. The cyber landscape was rocked as Internet of Things (IoT) threats became a reality and unleashed the first 1TB DDoS attacks — the largest in history. Security experts had long warned of the potential of IoT attacks, and a number of other predictions also came true; Advanced Persistent Denial of Service (APDoS) attacks became standard, ransom attacks continued to grow and evolve and data protection agreements dominated privacy debates. So what’s coming in 2017? Well, for years there have been theories about how a cyber attack could cripple society in some way. So what would this look like, and how could it come to fruition in 2017? An attack type that has been largely ignored that could prove to be key in a major cyber attack is the Permanent Denial of Service (PDoS) attack. This attack type is unique as rather than collecting data or providing some on-going nefarious function its only aim is to completely prevent its target’s device from functioning. PDoS, or Phlashing PDoS, also known as “phlashing”, often damages its target to such an extent that replacement or reinstallation of hardware is usually required. Although the attack type itself has been around for some time now, but it’s easy to imagine how much damage they could do it today’s connected world, and therefore it could quickly gain momentum in 2017. For example, one method PDoS leverages to accomplish its damage is remote or physical administration on the management interface of the victim’s hardware, such as routers, printers, or other networking hardware. In the case of firmware attacks, the attacker may use vulnerabilities to replace a device’s basic software with a modified, corrupt, or defective firmware image. This “bricks” the device, rendering it unusable for its original purpose until it can be repaired or replaced. Other attacks include overloading the battery or power systems. We’ve already seen the potential harm that a PDoS attack could cause, when in November last year an attack on residential apartments in Finland targeted the building management system. The attack took the system offline by blocking its Internet connection, causing it to keep rebooting itself in order to reconnect. As a result, the system was unable to supply heating at a time when temperatures were below freezing. Fortunately, the facilities service company were able to relocate residents while the system was brought back online. You only have to consider devices like Samsung’s Note 7 to see the safety hazards that the devices we all carry around with us can potentially harbor. There have been numerous test cases of malware and bots overheating devices, causing them to physically distort or worse. These attacks, bundled into a cyber attack, could have devastating and lasting effects beyond what we commonly think about in the world of the “nuisance” DDoS attack. Another attack type that has flown under the radar is Telephony Denial of Service (TDoS). This attack type will likely rise in sophistication and become a key tool in cyber attackers’ arsenals, particularly those who are more interested in wreaking havoc than having financial gain as a motivator. The rise of the Darknet Just imagine an attacker with the ability to cut off communications during a crisis period. This would hinder first responders, exacerbate suffering and in some situations it could potentially increase loss of life. A physical attack, such as a terror attack, followed by a targeted TDoS attack on communication systems could be devastating. Like PDoS, TDoS has been around for some time but again, as we depend more and more on these connected systems the impact of a targeted attack becomes magnified. One prediction that has come true in the past few years is the rise of the Darknet. However, in 2017 it could go a step further and become a mainstream tool that almost anyone can use to launch attacks or manipulate data. The Darknet offers easy and affordable access to attacks that can terrorize or otherwise alter someone’s personal details for financial or other benefits. The scope of the Darknet is also reaching further than ever thanks to the huge increase in connected devices that the general public has at their disposal. Examples include the ability to rent compromised surveillance systems, access to legal information including lawyers’ emails and the ability to view and manipulate medical or educational records. 2017 could see a frightening scenario develop where the definitive source of who we are and how our details are recorded and accessed is unknown. Just imagine being in a job interview and your CV doesn’t match your online school records. Who will the potential employer trust? This analogy can be extended to numerous scenarios, but the common thread is that your online records require high security and fidelity in order for you to function properly in society. In light of that, one of the single most personalized acts of terror that can occur is a wide-scale loss, alteration or deletion of records — with no reconstitution capability. This should strike fear in us all. Source: https://betanews.com/2017/02/09/the-next-generation-of-cyber-attacks-pdos-tdos-and-others/

View article:
The next generation of cyber attacks — PDoS, TDoS, and others

Russian telecom giant repels DDoS attacks on country’s 5 largest financial institutions

Russian telecom giant Rostelecom has thwarted DDoS-attacks on the five largest banks and financial institutions in the country, the company said in a statement. All the attacks were recorded on December 5, 2016, the longest of them lasting for over two hours, Rostelecom said on Friday. “The analysis of the attack sources carried out by Rostelecom specialists revealed that the traffic was generated from the home routers of users who are usually referred to IoT devices,” Muslim Medzhlumov, director of the Cybersecurity Center for Rostelecom, said in a statement , published on the company’s website. “A distinctive feature of the attacks was that they were organized with the help of devices that support the CWMP Management Protocol (TR-069). A few weeks ago, a serious vulnerability was revealed in the implementation of this protocol on a number of devices from different manufacturers, which allows attackers [to] organize DDoS-attacks. At the beginning of last week, the largest German operator Deutsche Telecom was subjected to an attack on users’ home devices, as well as the Irish provider Eircom,” he explained. The Russian Federal Security Service (FSB) reported on December 2 that it had received intelligence of foreign intelligence services preparing large-scale cyber-attacks in Russia in the period starting from December 5, 2016, aimed at destabilizing Russia’s financial system and the activities of a number of major Russian banks. A RIA Novosti source close to the Central Bank reported that the Bank of Russia recorded several attacks on December 5 on the site of VTB Bank Group. On Tuesday, Russian President Vladimir Putin signed into effect an updated doctrine on information security. It states that the limitless flow of information has a negative impact on international security, as it can be employed to pursue geopolitical and military goals, thus favoring organized crime, extremists and terrorists. The doctrine notes that Russian government agencies, scientific centers, and military industries are being targeted by foreign intelligence services by means of electronic and cyber surveillance. To counter threats and challenges in the information environment, Russia will build “strategic deterrents” and step up efforts to “prevent armed conflicts that stem from the use of IT.” The doctrine also instructs government agencies to strengthen critical information infrastructure to protect against cyber and computer network attacks. Source: https://www.rt.com/news/369738-ddos-attacks-russia-banks/

Excerpt from:
Russian telecom giant repels DDoS attacks on country’s 5 largest financial institutions

DDoS defenses have been backsliding but starting a turnaround

Distributed denial-of-service attacks have been getting bigger and lasting longer, and for the past few years defenses haven’t kept pace, but that seems to be changing, Gartner analysts explained at the firm’s Security and Risk Management Summit. Gartner tracks the progress of new technologies as they pass through five stages from the trigger that gets them started to the final stage where they mature and are productive. The continuum is known as the Hype Cycle. DDoS defense had reached the so-called Plateau of Productivity – the final stage – in 2012, but then has moved backwards in the Hype Cycle in the past few years into the previous stage – the Slope of Enlightenment – says Gartner analyst Lawrence Orans. That fall, DDoS attacks were 10 times as large as any then seen hit Bank of America, JPMorgan Chase, Wells Fargo, U.S. Bank and PNC Bank using botnets of compromised servers to generate high volumes of traffic against not only HTTP and HTTPS but DNS as well. They also went after protocols including TCP, UDP, and ICMP. That was followed up in 2013 by the use of NTP amplification attacks that used Network Time Protocol servers to swamp networks with responses to requests made from spoofed IP addresses in the target network. “That set DDoS back on its heels,” Orans says. But security vendors and service providers that offer DDoS protection have caught up, and Gartner’s Hype Cycle rating for DDoS defenses will shift again back toward the maturity end of the scale, he says. That’s encouraging because the number of DDoS attacks from the first quarter of 2015 to the first quarter of 2016 more than doubled, according to Akamai’s latest State of the Internet Security report, and mega attacks hit hundreds of gigabits per second. Attacks of 300Gbps and above can be handled by leading DDoS vendors, Orans says, and given the ready availability of DDoS attack kits, it’s important for corporations to pay for this type of protection. Competition among DDoS mitigation providers is increasing, so prices have dropped, he says. Flat fees per month were the norm for DDoS protection services, but now there are more flexible plans. Protection can come in three models. Providers sell access to scrubbing centers, where traffic during a DDoS attack is redirected to a provider’s network where the attack traffic is dropped and only good traffic returned to the customer network. This can cost $5,000 per month and up. Some providers he mentioned: Akamai, Arbor, F5, Neustar, Nexusguard, Radware and Verisign. Some ISPs offer this type of service at a 15% to 20% premium over bandwidth costs, he says. Some ISPs are better at it than others, so customers should check them carefully, particularly newer and regional ones. Many businesses have multiple ISPs, so they should do the math to see if it makes sense to use this option, he says. Some ISPs he mentions: AT&T, CenturyLink, Level 3 and Verizon. Content-delivery networks can also help mitigate DDoS attacks, he says, by virtue of their architecture. CDNs distribute customer Web content around the world so it’s as close as possible to end users. That distribution makes it harder for attackers to find the right servers to hit and diffuses their capabilities. This option isn’t for everyone, he says. It’s not as effective as the others and it doesn’t make sense unless a business needs a CDN anyway to boost its response time. Web application firewalls can help mitigate those DDoS attacks that seek to disrupt use of Web applications. They can be deployed on premises with gear owned by the customer, but internet-hosted and cloud-based WAF services are emerging, Orans says. Cloud-based WAF is fastest growing for mobile devices that must be deployed quickly, he says. Source: http://www.networkworld.com/article/3083797/security/gartner-ddos-defenses-have-been-backsliding-but-starting-a-turnaround.html

See the original article here:
DDoS defenses have been backsliding but starting a turnaround

Linode forces password reset for all users due to suspected breach

New Jersey-based virtual private server provider Linode can't seem to catch a break. After being repeatedly hit with DDoS attacks from December 24 to early January, the company announced on Tuesday th…

Continue Reading:
Linode forces password reset for all users due to suspected breach

Patch NOW: VMware vCenter, ESXi can be pwned via your network

Remote-code execution danger on VM hosts VMware is urging users of its vCenter Server and ESXi software to install its latest patches to plug vulnerabilities that can allow remote-code execution and denial of service.…

View article:
Patch NOW: VMware vCenter, ESXi can be pwned via your network

Companies expects others to protect them against DDoS attacks

One in five businesses surveyed believe that their online services should be protected against DDoS attacks by their IT service providers (in particular, network providers). However, this responsibili…

More:
Companies expects others to protect them against DDoS attacks

VPN providers urged to update OpenVPN due to critical DoS bug

The OpenVPN Project has issued a new version of its popular open source software of the same name and is urging users to implement it, as it solves a critical denial of service security vulnerability …

View post:
VPN providers urged to update OpenVPN due to critical DoS bug

Webmin hole allows attackers to wipe servers clean

No RCE, but lots of Unix DDoS fun Holes in the Webmin Unix management tool – thankfully since patched – could allow attackers to delete data on servers, says security researcher John Gordon of the University of Texas.…

Visit site:
Webmin hole allows attackers to wipe servers clean

Nude celeb pics wrongly blamed for DDOS at New Zealand’s largest ISP

Actual culprit appears to be silly router configurations and Euro-nasties New Zealand’s largest ISP, Spark, has spent the weekend fighting off a DDOS incorrectly assumed to have a connection with last week’s nude celebrity picture scandal.…

Read this article:
Nude celeb pics wrongly blamed for DDOS at New Zealand’s largest ISP