Why DDoS Just Won’t Die

Distributed denial-of-service attacks are getting bigger, badder, and ‘blended.’ What you can (and can’t) do about that.

Most every organization has been affected by a distributed denial-of-service (DDoS) attack in some way: whether they were hit directly in a traffic-flooding attack, or if they suffered the fallout from one of their partners or suppliers getting victimized.

While DDoS carries less of a stigma than a data breach in the scheme of security threats, a powerful flooding attack can not only take down a company’s network, but also its business. DDoS attacks traditionally have been employed either to merely disrupt the targeted organization, or as a cover for a more nefarious attack to spy on or steal data from an organization.

The April takedown by the UK National Crime Agency and Dutch National Police and other officials of the world’s largest online market for selling and launching DDoS attacks, Webstresser, was a big win for law enforcement. Webstresser boasted more than 136,000 registered users and supported some four million DDoS attacks worldwide.

But in the end, Webstresser’s demise isn’t likely to make much of a dent in DDoS attack activity, experts say. Despite reports that the takedown led to a significant decline in DDoS attacks, Corero Network Security saw DDoS attacks actually rise on average in the second half of the month of April. “Our own evidence is that attack volumes globally and in Europe have, if anything, increased in the week since the Europol take-down action,” said Andrew Lloyd, president of Corero.

Even without a mega DDoS service, it’s still inexpensive to wage a DDoS attack. According to Symantec, DDoS bot software starts as low as a dollar to $15, and less than one-hour of a DDoS via a service can go from $5 to $20; a longer attack (more than 24 hours) against a more protected target, costs anywhere from $10 to $100.

And bots are becoming even easier to amass and in bigger numbers, as Internet of Things (IoT) devices are getting added to the arsenal. According to the Spamhaus Botnet Threat Report, the number of IoT botnet controllers more than doubled last year. Think Mirai, the IoT botnet that in October of 2016 took down managed DNS provider Dyn, taking with it big names like Amazon, Netflix, Twitter, Github, Okta, and Yelp – with an army of 100,000 IoT bots.

Scott Tierney, director of cyber intelligence at Infoblox, says botnets increasingly will be comprised of both traditional endpoints—Windows PCs and laptops—as well as IoT devices. “They are going to be blended,” he said in an interview. “It’s going to be harder to tell the difference” in bots.

The wave of consumer products with IP connections without software or firmware update capabilities will exacerbate the botnet problem, according to Tierney.

While IoT botnets appear to be the thing of the future, some attackers have been waging old-school DDoS attacks: in the first quarter of this year, a long-tail DDoS attack lasted more than 12 days, according to new Kaspersky Lab research. That type of longevity for a DDoS was last seen in 2015.

Hardcore heavy DDoS attacks have been breaking records of late: the DDoS attack on Github recently, clocked at 1.35 terabytes, was broken a week later by a 1.7TB DDoS that abused the Memcached vulnerability against an undisclosed US service provider. “That Github [DDoS] record didn’t even last a week,” Tierney said in a presentation at Interop ITX in Las Vegas last week.

The DDoS attack employed Memcached servers exposed on the public Internet. Memcached, an open-source memory-caching system for storing data in RAM for speeding access times, doesn’t include an authentication feature, so attackers were able to spoof requests and amplify their attack. If properly configured, a Memcached server sits behind firewalls or inside an organization.

“Memcached amplification attacks are just the beginning” of these jacked-up attacks, Tierney said. “Be ready for multi-vector attacks. Rate-limiting is good, but alone it’s not enough. Get ready for scales of 900Mbps to 400Gbps to over a Terabyte.”

Tierney recommended ways to prepare for a DDoS attack, including:

  • Establish a security policy, including how you’ll enact and enforce it
  • Track issues that are security risks
  • Enact a business continuity/disaster recovery plan
  • Employ good security hygiene
  • Create an incident response plan that operates hand-in-hand with a business continuity/disaster recovery plan
  • Have a multi-pronged response plan, so that while you’re being DDoSed, your data isn’t also getting stolen in the background
  • Execute tabletop attack exercises
  • Hire external penetration tests
  • Conduct user security awareness and training
  • Change all factory-default passwords in devices
  • Know your supply chain and any potential risks they bring
  • Use DDoS traffic scrubbers, DDoS mitigation services

Source: https://www.darkreading.com/endpoint/privacy/why-ddos-just-wont-die/d/d-id/1331734

  • 0

From The Internet Of Things To The Internet Of Thoughts

The development of the cyber environment is articulated through new digital scenarios — from the technological development of smartphone apps to the Internet of Things, from the sharing economy to social networks — the circulation of personal data has expanded extensively and rapidly. In particular, I recognize a slow but decisive transition from a material, utilitarian and free sharing typical of the sharing economy, for which self-regulation was sufficient, to today’s atmosphere of social sharing. If the services of the sharing economy technologies seemed to put the privacy of users at risk, the new system seems to be even more saturated with issues. In fact, the social sharing of photographs, thoughts and confidential information risks endangering the privacy of internet users and, considering that much of this personal data is also transported overseas where the discipline and the protection provided is profoundly different, the question becomes extremely complex.

This shift is characterized by the diffusion and horizontal expansion of increasingly sophisticated and integrated social engineering methods and techniques, and through the release and sharing of technologically persuasive applications. These scenarios are found in the profile of cyber ttacks and are significant characterizations in terms of behavioral matrixes and operational creativity.

Inevitably, the concepts of knowledge and information management have been redefined and are now almost completely digitalized, with significant relapses in terms of security. In today’s cyber scenario, a new multidimensional concept of security has emerged, deriving from the interpenetration of the paradigms of social change and digital-media convergence — both understood as multipliers of instances coming in particular from the underground. This underground becomes ever more reticular, competent and cohesive, from a digital point of view, until it’s the “cartilage” of the system exoskeleton, not only in infrastructural terms but also in terms of cultural identity.

As a result, open society, right-to-know and digital info sharing become the pillars of contemporary democratic architecture. It is necessary to explore cyberspace in a deep and scientific way — to understand it as a human space, one which needs to be identified and analyzed dynamically, with scientific rigor, avoiding any reductionist simplicity dictated by the fashions of the moment. The specificities and the socio-cultural differences between activism and hacktivism are also worth examining in the transition process toward fully digital models of politics and diplomacy.

As an example, Bitcoin should not be considered mere virtual currency, but also as an instrument, product and modality of self-construction. It’s an identity-based dissemination of digital exchange communities and an interactive process through which all the subjects involved create information, innovation and resources.

It is essential to direct operational research into the elaboration and anticipation of scenarios that are no longer futuristic or even too far in the future — ones in which we imagine the impact and dynamics of the cybercriminals who use distributed denial of service (DDoS) or botnet attacks. These attacks might be a self-legitimized form of cyber-protest or a revisitation, in a cyber environment, of protest sit-ins that animated most of the 20th century and which often caused paralysis not only of viability but also of the vital functions of important institutions.

The unknown journey that leads humanity toward post-globalization is strongly marked by some pieces of evidence including the conflicts arising from the frictions between the development of the metropolitan institutional environment and the organizational dynamics of transnational digital communities and the advent of new sexual-digital identities.

We are witnessing the progressive emergence of organized and globalized criminals, above all at the level of the media. These criminals are born from the necessity of evolution through the web, pre-existing local and internationalized structures, and by long processes of criminal hybridization. This hybridization has connected them through the web. This evolution requires a resetting of operational missions based on full integration between social sciences and computational technologies in order to uncover qualitative and quantitative strategies that can be used to attain a deep understanding of the organized and now digitized criminal complex.

The triangulation of big data, web intelligence and information assurance turns out to be the key to managing the complexity and the centrality of information, which is now the regulating essence of every aspect of life. Today, it’s important to focus not just on the internet of things but also on the sometimes obscure internet of thoughts, which requires equal amounts of analytical attention. This emphasizes that today cyber can no longer be considered an object external to mankind, and should instead be seen as pervasively connected to it. Therefore, in firmly considering cybersecurity as a dynamic process and not a static product, it is evident that it is not possible to guarantee the security of the globalized citizen in relation to the relationship between freedom and democracy, without using appropriate conceptual tools to understand and manage the complexity that turns out to be unquestionably human, cultural and social.

Source: https://www.forbes.com/sites/forbestechcouncil/2018/05/07/from-the-internet-of-things-to-the-internet-of-thoughts/#67a7651c736f

  • 0

DDoSer Who Terrorized German and UK Firms Gets Off Without Jail Time

A German hacker who launched DDoS attacks and tried to extort ransom payments from German and UK firms was sentenced last month to one year and ten months of probation.

The hacker, identified by authorities only as 24-year-old Maik D., but known online as ZZb00t, was fingered for attacking companies such as eBay.de, DHL.de, billiger.de, hood.de, rakuten.de, DPD.de, EIS.de, ESL.eu, but also some UK firms.

Hacker would launch DDoS attacks and then extort victims

ZZb00t would act following the same pattern. He’d first warn companies via Twitter, and then launch DDoS attacks, taking down services from hours to up to a day.

Maik, who in real life was an IT security consultant, would often criticize companies for their poor security practices.

“Sadly but true @[REDACTED] your servers just sucks,” he wrote in one tweet. “Never thought that [REDACTED] was so extremely poorly protected. It’s more than embarrassing,” he wrote in another.

He’d often claim his actions were only for the purpose of exposing security weakness, claiming he was a vulnerability hunter.

But Maik wouldn’t launch DDoS attacks just out of the kindness of the kindness of his heart so that companies would improve security. The hacker would often send emails promising to stop attacks for a payment in Bitcoin.

Hacker arrested after one company pressed charges

His DDoS and extortion campaigns have been tracked all last year by German blog Wordfilter.de [1, 2, 3, 4]. A recently released Link11 report details the hacker’s tactics.

The hacker was active at the same time as another DDoS extortion team named XMR Squad, and Link11 claims in its report that there was a working relationship and coordination of attacks between ZZb00t and XMR Squad members.

Link11 says it documented over 300 of ZZb00t’s tweets related to attacks he carried out before German authorities arrested the suspect on May 23, last year, putting an end to his attacks.

Source: https://www.bleepingcomputer.com/news/security/ddoser-who-terrorized-german-and-uk-firms-gets-off-without-jail-time/

  • 0

Security Holes Make Home Routers Vulnerable

Security threats abound on the internet, which is why ethical hackers and security researchers spend much of their time in search of these issues. As part of the work that they do to keep the internet safe, researchers at vpnMentor announced that they have found an RCE vulnerability in the majority of gigabit-capable passive optical network (GPON) home routers.

With more than 1 million people using the GPON fiber-optics system, the network is pretty popular. Because so many routers today use GPON internet, the researchers conducted a comprehensive assessment on a number of the home routers and found a way to bypass all authentication on the devices, which is the first vulnerability (CVE-2018-10561).

“With this authentication bypass, we were also able to unveil another command injection vulnerability (CVE-2018-10562) and execute commands on the device,” vpnMentor said.

Through a comprehensive analysis of the GPON firmware, researchers learned that the combination of the two vulnerabilities granted full control of not only the devices but their networks as well.

“The first vulnerability exploits the authentication mechanism of the device that has a flaw. This flaw allows any attacker to bypass all authentication,” they wrote. This critical vulnerability could leave users’ gateways vulnerable to being used for botnets.

The authentication bypass bug could easily be exploited so that the gateways could be accessed remotely. “If verified, these home gateways join the escalating category of botnet-vulnerable IoT devices, and they underscore the growing risk of very large botnet-based DDoS attacks,” said Ashley Stephenson, CEOCorero Network Security.

Because this class of routers is most often directly connected to high-speed broadband internet connections, compromised devices could be covertly herded by a bot master to form a botnet large enough to generate high-impact distributed denial-of-service (DDoS) attacks against victims around the world, said Stephenson.

Source: https://www.infosecurity-magazine.com/news/security-holes-make-home-routers/

 

 

  • 0

DDoS Attacks Go Down 60% Across Europe Following WebStresser’s Takedown

EXCLUSIVE —Link11, a DDoS mitigation firm, says that DDoS attacks fell 60% across Europe following the takedown of WebStresser, the largest DDoS-for-hire portal on the market.

The service was taken down last week, on April 24, when several law enforcement agencies across Europe, under Europol coordination, seized servers, arrested suspects, and shut down the website WebStresser.org, a popular portal where Internet users would go to register, pay for accounts, and launch DDoS attacks against other websites.

Takedowns of DDoS-for-hire services make temporary dents

In a report that Link11 plans to publish later today on its website, the company said that WebStresser’s takedown had a significant impact on DDoS activity, especially across Europe.

“The Link11 Security Operation Center (LSOC), which monitors DDoS attack activity on the internet 24/7, has registered lower attack activity, especially on April 25 and 26, presumably due to [the] elimination of the source,” a Link11 spokesperson says.

“The LSOC has seen a roughly 60% decline in DDoS attacks on targets in Europe, […] down 64% from the peak number recorded,” he said.

Onur Cengiz, Head of the Link11 Security Operation Center, says the slowdown in DDoS attacks is only temporary, and he anticipates attacks to ramp up as new DDoS services rise to fill the gap created by WebStresser’s abrupt demise.

WebStresser was the most popular DDoS-for-hire service

Europol said WebStresser had over 136,000 registered users at the time it was shut down and had been responsible for over 4 million DDoS attacks in recent years. Prices for a WebStresser premium account that had access to the DDoS feature started as low as €15 ($18.25).

The service was by far the most popular DDoS booter (also known as DDoS stresser) service on the market, also receiving top billing in Google searches for “DDoS booter” or “DDoS stresser” keywords.

The service was supposedly run by a Serbian 19-year-old named Jovan “m1rk” Mirkovic.

According to the Link11 DDoS Report for Q4 2017, Europe had seen approximately 13,452 DDoS attacks in the last three months of 2017, totaling 1,675 hours combined, with the largest reaching 70.1 Gbps. The Link11 report cited a 116% rise in DDoS attacks.

Source: https://www.bleepingcomputer.com/news/security/ddos-attacks-go-down-60-percent-across-europe-following-webstressers-takedown/

  • 0

FOI Request Rings Alarm Bells on Critical Infrastructure Security

With just eight days to go until the EU’s Network and Information Systems (NIS) Directive becomes legally enforceable, a Freedom of Information (FOI) request to 312 critical infrastructure providers across the UK is ringing industry alarm bells.

The FOI requests, submitted by DDoS attack solutions provider Corero Network Security, found that 70% of these institutions – ranging from police forces to NHS trusts, energy suppliers and water authorities – have had service outages in their IT systems within the last two years; many blamed on cyberattacks.

The implication for these institutions under the new directive would be the enforcement of hefty fines. Under the NIS directive – which aims to raise levels of the overall security and resilience of network and information systems across the EU – these outages need to be reported and addressed.

Penalties Could be Severe

Failure to do so could result in financial penalties of up to £17 Million being imposed. Corero estimates that if the NIS directive was in place two years ago the financial penalties faced by critical UK infrastructure would have amounted to over £2.5 billion.

Out of the 221 critical infrastructure organisations that responded to the FOI, 155 reported that they had suffered a downtime in their IT network leading to loss of services in the last two years. Worryingly over a third of the reported incidents are suspected to be caused by cyber-attacks.

However due to the nature of these critical institutions the real concern is the loss of services to the public and the state.

Andrew Lloyd President of Corero Network Security who undertook the FOI request stated that: “Service outages and cyber-attacks against critical infrastructure have the potential to inflict significant, real-life disruption by preventing access to essential services such as power, transport and the emergency services. The fact that so many infrastructure organisations have suffered from service outages points to an alarming lack of resilience within organisations that are critical to the functioning of UK society.”

Not a Just a Tick Box Exercise

This information comes on the back of the National Audit Office’s investigation into the WannaCry cyber-attack last year which attacked NHS organisations. The investigation found that much of the damage by the ransomware attack could have been negated if a software patch available two months prior to the attack had been implemented into NHS IT systems.

Corero fears that only the basic NIS requirements will be enacted to ensure compliance. Andrew Lloyd said: “As things stand, there is genuine risk that the legislation may be viewed as a mere ‘tick-box’ exercise which requires the bare minimum to be done, rather than fulfilling its promise for the UK to set world-leading standards in this area.”

In the UK the National Cyber Security Centre is the lead contact point for EU partners on NIS, and is acting as a key source of technical expertise. Its guidance on NIS compliance can be found here.

Source: https://www.cbronline.com/news/nis-critical-infrastructure

  • 0

Nine Things That Are Poised To Impact Cybersecurity

One important step every business should take to protect their sensitive customer data is invest in the latest security solutions. This means staying educated and up to date on what technology is available and what it does to keep you safe.

According to members of Forbes Technology Council, here are the next big trends in encryption and cybersecurity that businesses should pay attention to.

1. Biometrics

Biometrics will become a critical part of cybersecurity and encryption going forward because it’s nearly impossible to replicate. – Chalmers Brown, Due

2. IoT Device Security

The next wave of cybersecurity attacks will come from the internet-of-things (IoT) devices like appliances, lights and cameras. These types of devices are cheap, easy to hack, can be found in large numbers and are geographically distributed, making them ideal targets for a hacker to commandeer and launch a distributed-denial-of-service (DDoS) attack on an unsuspecting enterprise. – Mark Benson, Exosite

3. Multi-Factor Authentication And SSO Technologies

Utilize multi-factor authentication and SSO technologies to get a handle on authentication. Integrating this with Hashicorp Vault or an HSM solution can bring about encryption key management, encryption key rotation and administration of all your data. For sensitive information within databases, consider field-level encryption so that even with the breach, any data that is leaked is encrypted. – Venkat Rangan, Clari

4. Decentralization Of Data

Decentralizing data used for authentication is here and doing it for more PII is next. Firms are abandoning storage of biometrics, PINs, and passwords and now secure them on endpoints like mobile devices. Users authenticate on-device and swap public keys with their service provider. This reduces the attack surface, lowers IT costs and gives firms more control than legacy centralized systems. – Bojan Simic, HYPR Corp.

5. Increased Monitoring And Visibility

Highly publicized cyberattacks of the past few years have all had a common thread — no one noticed the issue until it was far too late. From private files left in public cloud storage to intrusions into legacy systems, lack of visibility has been a killer. Attacks are unavoidable, but detailed monitoring and proactive exfiltration scanning can prevent an unnoticed breach from making the news. – Jason Gill, The HOTH

6. Multi-Layered Approaches To Encryption 

In many cases, encryption may be augmented with blockchain technology, which is harder to compromise. The model of distributed data storage, cryptographic security and synchronized validation provides multiple layers of protection that are more secure than simple encryption. Data and storage architectures will need to be re-architected to provide the same levels of usability we have today. – Brian NeSmith, Arctic Wolf

7. Automated Breach Detection

Right now, many companies do penetration testing on their own, and they have logs and may have internal tools to detect breaches. That said, given the frequency of breaches occurring and the amount of time and energy it requires to be on top of them, it’s likely that there are many vendors that will enter this space to offer automated solutions for companies to get help both in finding and preventing breaches. – David Murray, Doctor.com

8. Simplified And Integrated Security Models

Layering reactive, signature-based tools still leaves security gaps. Encryption helps, but it does not solve this problem. First, a new, simplified, integrated model is needed and should focus on internal network, communications and endpoint monitoring. Second, defenders need to move away from the known signatures and IOCs to focus on the core network behaviors that all adversaries engage in. – Joseph Polverari, Versive

9. Blockchain And Mesh Networking

With the rise in popularity of blockchain and decentralized networking, security concerns need to be rethought. It’s true that these technologies decrease centralized attacks, like DDoS. They also essentially eliminate data tampering. That said, the next big security task is protecting data in decentralized environments. The enterprise will no longer own the hardware layer. – Tom Roberto, Core Technology Solutions

Source: https://www.forbes.com/sites/forbestechcouncil/2018/04/19/nine-things-that-are-poised-to-impact-cybersecurity/#20ceb2001bac

  • 0

DDoS attacks costing UK firms £35,000 per attack

New research highlights the financial and reputational cost of DDoS attacks.

New research has revealed that DDoS attacks can cost enterprises £35,000 per attack though lost revenue is only the fourth most damaging consequence of falling victim to this kind of cyber attack.

Corero Network Security surveyed over 300 security professionals across a range of industries such as financial services, cloud, government and more to shed light on the damage that DDoS attacks are causing to organisations worldwide.

Of those surveyed, 91 per cent said that a single DDoS attack can cost their organisation up to $50,000 in terms of lost business, productivity and the cost of mitigating an attack.  Additionally, 69 per cent noted that their organisation experiences anywhere from 20 to 50 DDoS attack attempts per month which equivalent to roughly one attack per day.

Despite the high cost of dealing with an attack, a vast majority of respondents (78%) cited loss of customer trust and confidence as the single most damaging effect on businesses that have suffered a DDoS attack.  The second highest threat was the risk of intellectual property theft followed by the threat of malware infection associated with a DDoS attack, making lost revenue the fourth most damaging consequence.

Corero Network Security’s CEO, Ashley Stephenson offered further insight on the research, saying:

“DDoS attacks can have an immediate and damaging impact on a company’s bottom line, both in terms of lost revenue and the costs incurred in terms of manpower required to mitigate attacks. Not all DDoS attacks will cost an organisation $50,000, but having your website taken offline can damage customer trust and confidence. It will also impact the ability of sales teams to acquire new customers in increasingly competitive markets. These attacks cause lasting damage to a company’s reputation and could have negative consequences for customer loyalty, churn and corporate profits.”

The organisation’s research also pointed out that cybercriminals have begun to use DDoS attacks as a distraction for more serious network incursions with 85 per cent of those surveyed of the belief that DDoS attacks are often used by attackers as a precursor for data breach activity.

Source: https://www.itproportal.com/news/ddos-attacks-costing-uk-firms-pound35000-per-attack/

  • 0

What Security Risks Should MSPs Expect in 2018

As IT operations are becoming more complex and require both advanced infrastructure and security expertise to increase the overall security posture of the organization, the managed service provider (MSP) industry is gaining more traction and popularity.

Estimated to grow from USD $152.45 billion in 2017 to USD $257.84 billion by 2022, at a CAGR of 11.1%, the MSP industry offers greater scalability and agility to organizations that have budget constraints and opt for a cloud-based IT deployment model.

“The cloud-based technology is the fastest-growing deployment type in the managed services market and is expected to grow at the highest CAGR during the forecast period from 2017 to 2022,” according to ResearchandMarkets. “IT budget constraints for installation and implementation of required hardware and software, limited IT support to manage and support managed services, and need for greater scalability are major factors that are likely to drive the adoption of cloud managed services in the coming years. The cloud-based deployment model offers higher agility than the on-premises deployment model.”

However, MSPs are expected to also become more targeted by threat actors than in the past. Supply chain attacks are becoming a common practice, as large organizations have stronger perimeter defenses that increase the cost of attack, turning MSPs into “low-hanging fruit”
that could provide access into infrastructures belonging to more than one victim. In other words, MSPs hold the keys to the kingdom.

Since MSPs are expected to provide around-the-clock security monitoring, evaluation, and response to security alters, they also need to triage and only escalate resources when dealing with advanced threats.

1. Wormable military-grade cyber weapons

Leveraging leaked, zero-day vulnerabilities in either operating systems or commonly deployed applications, threat actors could make the WannaCry incident a common occurrence. As similarly-behaving threats spread across infrastructures around internet-connected endpoints – both physical and virtual – MSPs need to quickly react with adequate countermeasures to defend organizations.
While MSPs may not be directly targeted, their role in protecting organizations will become far more important as they’ll need to reduce reaction time to new critical threats to a bare minimum, on an ongoing basis. Consequently, network security and threat mitigation will become commonplace services for MSPs.

2. Next-Level Ransomware

The rise of polymorphism-as-a-service (PaaS) will trigger a new wave of ransomware samples that will make it even more difficult for security solutions to detect. Coupled with new encryption techniques, such as leveraging GPU power to expedite file encryption, ransomware will continue to plague organizations everywhere. Backup management and incident response that provides full data redundancy need to be at the core of MSP offerings when dealing with these new ransomware variants.

While traditional ransomware will cause serious incidents, threat actors might also hold companies at gunpoint by threatening to disrupt services with massive distributed-denial-of-service (DDoS) attacks performed by huge armies of IoT botnets.

3. OSX Malware

The popular belief that Apple’s operating system is immune to malware was recently put to the test by incidents such as the ransomware disseminating Transmission app and advanced remote access Trojans (RATs) that have been spying on victims for years. With Apple devices making their way into corporate infrastructures onto C-level’s desks, managing and securing them is no longer optional, but mandatory.

Security experts have started finding more advanced threats gunning for organizations that have specific MacOS components, meaning that during 2018 threat actors will continue down this alley. Regardless of company size, vertical, or infrastructure, MSPs need to factor in MacOS malware proliferation and prepare adequate security measures.

4. Virtualization-Aware Threats

Advanced malware has been endowed with virtualization-aware capabilities, making it not just difficult to identify and spot by traditional endpoint security solutions, but also highly effective when performing lateral movement in virtual infrastructures. MSPs need to identify and plan to deploy key security technologies that are not just designed from the ground up to defend virtual infrastructures, but also hypervisor-agnostic, offer complete visibility across infrastructures, and detect zero-day vulnerabilities.

Focusing on proactive security technologies for protecting virtual workloads against sophisticated attacks will help MSPs offer unique value to their services.

5. Supply Chain Attacks

MSPs could also become the target of attack for threat actors, which is why deploying strong perimeter defense on their end should also be a top priority. Having access and managing security aspects to remote infrastructures turns MSPs into likely candidates for advanced attacks. Either by directly targeting their infrastructure or by “poisoning” commonly-deployed tools, MSPs should treat the security of their own infrastructure with the utmost scrutiny.

Source: https://securityboulevard.com/2018/04/what-security-risks-should-msps-expect-in-2018/

  • 0

Mirai Open Source IoT Honeypot: New Cymmetria Research Release

Due to development of technology, we live in an era that home and office appliances can be compromised and used to conduct a cyber attack. This was evident in 2016 whereby a cyber attack was launched using Mirai botnet malware. Mirai mostly affects IoT devices by scanning for open SSH ports or Telnet. Eventually, this destroys the entire system. In that case, Cymmetria did extensive research and developed an open source honeypot for Mirai detection.

Let us look at Mirai open source IoT honeypot, a new cymmetria research release.

Development of Mirai Open Source Honeypot

Mirai open source was developed by a specialist in cymmetria research after the DDoS cyber attack in October. It took them awhile since they had to be careful not to crash Mirai and also considering the fact that it is a bit bulky. After a number of test, development, and consultation, they concluded that the best defense against Mirai attack is developing an open source IoT Mirai honeypot. The Mirai honeypot open source is developed in a manner that it is capable of determining Mirai infection before it attacks an internet appliance.

Cymmetria built Mirai Honeypot comes with a number of functionalities.

They include:

  • It is capable of altering parameters so as to identify Mirai in the ports or commands.
  • It can specifically identify the Mirai version including the one used for research based on the request commands on the service.
  • Raises an alarm and report the presence of a syslog server
  • In case, the Mirai has tried to infect the user, it can collect the sample or crash it hence destroying the Mirai.
  • Lastly, it is capable of detecting any incoming connections in any port using telnet. More so, it checks out devices inserted on any of the ports.

How to Access Mirai Open Source IoT Honeypot

The cymmetria designed Mirai IoT honeypot can easily be obtained from the Git in cymmetria website. The Github exhibits different versions of Mirai honeypot, their validity, and the TFTP test. On the site, one can access download and installation instructions. In case, a problem or difficulties emerge as you try to install the program, you can raise its website and get a solution from cymmetria experts. It is easy to use, and it is available to anyone who would consider trying it out. However, like other interaction, low honeypot Mirai open source IoT has some limitations as it tries to emulate its services.

In conclusion, with an increase in cyber attacks, it is good to prevent your appliances to avoid possible disastrous result. This is because “prevention is better than cure.” It is so devastating whenever a business faces a cyber attack like the Mirai attack in 2016. That’s why cymmetria specialist took time to develop a preventive measure. In so doing, they developed Mirai open source IoT honeypot that safeguards any internet appliance against any intrusion by Mirai. It does so by detecting, reporting, taking samples, and crushing the Mirai. This is a great solution to cyber insecurity.

Source: https://www.thelondoneconomic.com/tech-auto/mirai-open-source-iot-honeypot-new-cymmetria-research-release/11/04/

  • 0