stephen-gates | DDoSInfo – Information about DDoS and Denial of Service Attacks

Infected vending machines and light bulbs teach establishment a lesson. A PLACE WHERE late stage teenagers go to drink and make arses of themselves has fallen victim to a denial of service (DDoS) attack of, essentially, it’s own making. Yeah, we are talking about a university. We do not know what university it is, but Verizon’s breach report for 2016 tells us that the mysterious educational establishment, probably in the US, was taken to its knees by a DDoS attack that was brought about by its own bloody Internet of Things (IoT) devices. It’s kinda like that Mirai thing, but on a much smaller, and more personally embarrassingly scale. We like to imagine that a connected toaster and a connected fridge had a fallout and that everything when bits up. According to Bleeping Computer, which has had a cheeky look at the Verizon report, it was a bit more pedestrian than that. “The DDoS attack was caused by an unnamed IoT malware strain that connected to the university’s smart devices, changed their default password, and then launched brute-force attacks to guess the admin credentials of nearby devices,” Verizon says as it explained that something fishy went down. “Hacked devices would start an abnormally high level of DNS lookups that flooded the university’s DNS server, which in turn resulted in the server dropping many DNS requests, including legitimate student traffic. The university’s IT team said that many of these rogue DNS requests were related to seafood-related domains.” The university has placed all IoT devices, such as light bulbs and vending machines, on its separate subnet, or perhaps in a bin. The security industry reckons that this is a signal of the kind of unprotected troubles to come. Naturally. “On the surface this appears to be more of a prank than a sophisticated denial of service attack. However, proving that largescale IoT takeovers are possible should be a wakeup call to those who manage networks rife with unsecure IoT devices,” said Stephen Gates, chief research intelligence analyst at NSFOCUS by way of introduction. “Municipal, Industrial, Commercial, and now Educational infrastructures are becoming more and more vulnerable, because organisations often carelessly deploy IoT without understanding the ramifications of weak IoT security. “In this case the damage appears to be limited, and only inconvenienced users on a campus network. Do the same to a transportation system, a chemical plant, a hospital complex, an E911 system, or an ISP, and the damage could be much, much greater.” Source: http://www.theinquirer.net/inquirer/news/3004579/university-suffers-ddos-attack-after-its-schooled-by-own-iot-devices#

Link:
University suffers DDoS attack after it’s schooled by own IoT devices

British security researcher Kevin Beaumont recently reported that a series of massive cyber attacks using the Mirai DDoS botnet periodically disabled all Internet access throughout the country of Liberia. “Liberia has one Internet cable, installed in 2011, which provides a single point of failure for Internet access. … The attacks are extremely worrying because they suggest a Mirai operator who has enough capacity to seriously impact systems in a nation state,” Beaumont wrote. An employee at a Liberian mobile service provider told Network Worldthat the attacks were hurting his business. “It’s killing our revenue,” he said. “Our business has been targeted frequently.” Beaumont said it appears that the attacks, which targeted Liberian telecom operators who co-own the single Internet cable, were being used to test denial of service techniques. Given the volume of traffic, more than 500 Gbps, Beaumont said it appears that the botnet is owned by the same actor who hit the managed DNS provider Dyn on October 21, disabling websites across the U.S. Mikko Hypponen, chief research officer at F-Secure, told VICE News that those actors were probably… kids. “Kids who have the capability and don’t know what to do with it,” he said. Flashpoint director of security research Allison Nixon agreed with that assessment, stating in a blog post, “The technical and social indicators of this attack align more closely with attacks from the Hackforums community than the other type of actors that may be involved, such as higher-tier criminal actors, hacktivisits, nation states, and terrorist groups.” Still, NSFOCUS chief research intelligence analyst Stephen Gates told eSecurity Planet by email that attacks like these could have a real impact on tomorrow’s U.S. presidential election. While U.S. polling machines aren’t connected to the Internet, Gates said, some voter identification systems may be. “In some states, the voter ID must be checked before a voter can proceed,” he said. “If those systems are connected to the Internet to gain access to a database of registered voters, and they were taken offline, then would-be voters could not be verified.” “What that would mean to the election process is anyone’s guess,” Gates added. According to Nexusguard’s Q3 2016 DDoS Threat Report, the number of reflection-based DDoS attacks fell more than 40 percent during the third quarter of the year, while IoT-based botnets reached unprecedented speeds. The U.S. saw the most attack events in the third quarter, followed by China, Russia and the United Kingdom. “Few service providers can sustain the level of malicious traffic we saw in Q3 from IoT botnets, so these DDoS outages are causing companies to completely rethink their cybersecurity strategies,” Nexusguard chief scientist Terrence Gareau said in a statement. “Hackers’ preferences for botnets over reflection attacks are typical of cyclical behavior, where attackers will switch to methods that have fallen out of popularity to test security teams with unexpected vectors,” Gareau added. Source: http://www.esecurityplanet.com/network-security/massive-ddos-attacks-disable-internet-access-throughout-liberia.html

More:
Massive DDoS Attacks Disable Internet Access Throughout Liberia