Alleged DDOS attack wipes almost $2,000 off Bitcoin price

BTC now trying to stablize around $9,500

Over the past 24 hours, Bitcoin (BTC) has been on a parabolic run all the way from $10,000 up to almost $11,500. Many including myself feared a sharp correction would be due at any moment, as the kind of growth we saw was not sustainable, not even in the crazy world of crypto.
BTC hit a high of $11, 441 on Bitfinex before tumbling quickly all the way down to $9,000 in just a few minutes. Many went to Twitter to voice opinion that the reason for the drop was a DDOS attacked on many of the largest exchanges around the world. While a mass DDOS attacked has not been confirmed yet, it seems likely it was the cause of the sudden crash.

Screen Shot 2017-11-30 at 08.56.57

Approximately $53 billion was wiped off the total cryptocurrency market cap in under an hour, a figure which calculates the value of Bitcoin and other alternative coins combined. At the time of publishing, Bitcoin was trading close to $9600, but appears to be facing resistance heading back to $10,000 and beyond.

Source: https://www.tweaktown.com/news/59992/alleged-ddos-attack-wipes-2-000-bitcoin-price/index.html

  • 0

THIS IS HOW TO PREPARE FOR A CYBER ATTACK

Cybersecurity is only in the spotlight when it fails. After high-profile, large-scale data breaches, it takes a beating. But cybersecurity provides critical layers of infrastructure in our modern, cyber-dependent society. Rehearsing for potential failures is always worthwhile.

Executives tend to relegate cybersecurity to the IT department.

That is a mistake, because cyber incidents affect the entire organisation. We should conduct regular cybersecurity drills, as we do fire and safety drills. That’s where tabletop exercises can play a big role.

At last month’s Cyber3 Conference Tokyo 2017, international stakeholders from academia, industry, government and civil society gathered at Keio University for the third annual conference on cybersecurity.

The meeting was an opportunity for ministries and agencies to align on cybersecurity, and for the private sector to follow suit. Japan’s private sector has the lowest efficiency and productivity in the G7; improving its cybersecurity could change this.

During the two-day conference, a tabletop exercise (or TTX) simulated cyber-attacks on Japan’s forthcoming 2019 Rugby World Cup. The simulation generated insights applicable not only to large-scale sports events such as the 2020 Tokyo Olympic and Paralympic Games, but also to the national cybersecurity infrastructure of Japan and other countries.

HACKING THE RUGBY WORLD CUP

The simulation, dubbed Operation Rugby Daemon, was aimed at helping Japanese government agencies, businesses, and other stakeholders understand, coordinate and better respond to potential cyber threats to information flows and critical infrastructures. It was sponsored by the Sasakawa Peace Foundation USA.

Three types of cyberattacks were simulated between a theoretical date range of 20 September to 2 November, 2019: (1) phishing e-mails to acquire access to critical industrial control systems, (2) disruption of the power grid based on network access gained from these e-mails, and (3) distributed denial of service (DDoS) attacks against the Rugby World Cup website and related internet addresses.

In the TTX, four teams of eight to 10 people from government and industry acted as a public-private task force to ensure security during the World Cup. They were given clues through a series of injects on two dates, with information coming from domestic and foreign sources.

The energy grid penetration and the DDoS attacks occurred simultaneously, emulating the ‘fog’ of cyberwar. The teams were challenged to identify the sources of the attacks and prevent serious consequences. They were also asked to present a five-minute summary of their response to a control team of observers.

In the phishing attack, hypothetical adversaries sent emails to staff at a large Japanese power utility, industrial conglomerates, and Japan’s Ministry of Economy, Trade and Industry (METI). The phishing e-mail contained a description in Japanese that concealed malicious code. In the scenario, a utility worker clicked on the attachment, giving attackers a foothold in the utility’s local area network (LAN).

If team members failed to take effective steps, there would be a power failure at Yokohama Stadium during the World Cup’s final game. If they took remedial steps, a small part of the grid would go down, but the utility would be able to react quickly and compensate.

In the DDoS attacks, websites associated with the Japanese prime minister, the Rugby World Cup, and other public and private entities were hit with more than 700 Gbps of incoming traffic, causing them to go down. A ransom note, purportedly from an anti-whaling group, was sent to the utility’s CEO. The attacks appeared to be foreign botnet operators conducting the DDoS through an overseas address. The scenario included diversion-tactic information sent to Japan’s National Police Agency. Teams that took effective steps were able to mitigate the extent of damage from the DDoS attacks.

LESSON LEARNED

The teams were encouraged to coordinate and act quickly. This tests a very real-world problem of authority’s ability to respond in crises. Aside from the need to coordinate horizontally, government officials must know what they can and cannot do. Otherwise, they will lose precious time sending permission requests to higher-ups, who may then send them further up the chain of command, slowing the response and wasting crucial time.

As Paul Maddinson of the UK National Cyber Security Centre told conference attendees, the most useful thing he could do when managing a team of responders during the WannaCry attack was to order pizza for them. They knew their roles, responsibilities and authority. Mr Maddinson stepped back and let them do their job.

The most effective participants communicated rapidly with domestic and international partners, shared information, and formed conclusions that helped mitigate the DDoS attacks and the power grid disruption. Other teams chose not to make key recommendations to higher authorities because they questioned their legality. Some players tried to send requests directly up the chain of command to lead agencies, instead of sharing horizontally.

Aside from the importance of sharing information and communicating across regulatory jurisdictions, one of the most important lessons gained from the TTX is that participants need to develop situational awareness as events unfold. This involves understanding how the individual pieces fit into the bigger picture, as well as being aware of the timeline of phishing attacks transitioning to power grid disruptions. The same will hold for any large cyber incident.

Operation Rugby Daemon showed that Japan must develop a series of TTXs to raise awareness about cybersecurity for the upcoming sports events. It must develop experienced game veterans who can offer useful recommendations in real-world situations. Japan also needs experts with the ability to make decisions based on incomplete information – a stressful experience that can only be prepared for during TTX exercises like the Rugby World Cup scenario. Book knowledge and checklists are no match for the ability to coordinate, share information and make quick decisions that can have a huge impact in a crisis.

“The fact that we store our wealth and treasure in databases in computers more than banks makes us vulnerable,” Richard Ledgett, former deputy director of the US National Security Agency, told conference attendees after participating in the TTX.

“Cybersecurity underpins our daily existence and democracy. These threats are serious and real. With the tabletop exercises, we highlighted how hard it is to respond. We need to practice, practice.”

Several of the security industry’s leading vendors and academic institutions now offer cyber range centres, which provide testing and training to simulate cyber-attack preparedness and response in much the same way TTX do. Any technology vendor should have a good answer when asked about training resources. Keeping cyber skills sharp can make as much difference during a crisis as any other investment in people, process or technology.

Source: http://ewn.co.za/2017/11/29/this-is-how-to-prepare-for-a-cyber-attack

  • 0

3 Key Questions You Should Be Aware Of When Fighting Off Cyber Crime

Fighting cyber crime is an ongoing task that has only been getting harder and harder to accomplish. DDoS attacks against networks have been getting larger and more complex so it is important to know the right questions to ask when one such attack happens. Of course there are obvious questions like ‘Who is doing the attack?’ ‘How are they doing it?’ ‘Why are they doing it?’ and ‘Where from is the attack coming?’ but here are three other questions you need to have at the front of your mind when preparing for a  cyber-attack.     

1. How Do You Protect Your Networks & Applications Against Modern, Sophisticated DDoS Attacks?

According to a recent report, DDoS attacks of greater than 50Gbps have more than quadrupled and companies experiencing between six and 25 attacks per year has ballooned by more than four times since 2015. Defending against this deluge of DDoS is imperative. To do this you need to make sure to utilise three key weapons, detection, mitigation and analytics, when fighting in this war against modern multi-vector DDoS attacks.

Powerful DDoS detection and mitigation software is a must as an effective one will help to discover encrypted and harmful traffic, then dispose of it. The best way of doing this is by analysing the common traffic trends during peace time and then running those findings to help eliminate anomalous changes. This will prevent any potentially harmful traffic from entering your network.

2. How Do You Eliminate The SSL/TLS Blind Spot?

Recent studies show that roughly 70 percent of all traffic is encrypted. That means if your company is not decrypting and inspecting encrypted traffic, there’s no way of knowing what kind of nefarious files or threats are flowing through unnoticed. It seems what you don’t know really can hurt you!

However, by offloading CPU-intensive SSL decryption and encryption functions from third-party security devices, while ensuring compliance with privacy standards, it is possible to eliminate these blind spots completely. There are some great programs out there that can handle this, just make sure you find one that can decrypt traffic because many do not.

3. How Can You Manage Application Delivery Across Hybrid Clouds & On-Premise?

You’re either already running applications in the cloud, or you plan to in the near future. But the move to the cloud introduces a new set of challenges, one of which is: how do you easily manage your on-premise applications and your cloud applications in a centralised fashion?

Well, the best way is to use a cloud-based controller that can connect to and manage all of your applications. These programs can configure and manage policies for other applications as well as collect performance data and other analytics. Some can even be self-managed and automate the set-up process of new applications you install, improving efficiency and saving precious time.

Those are just three of the questions to be had about cyber-security in the workplace. No doubt there will be many more. Thankfully many of these fixes can be implemented almost immediately with very little assembly required. So if you are worried about how secure your network really is then just answer these three questions. Ask them to your IT team and see if they can give you an answer. It is important that everyone knows what to do so that you can keep your network safe from any kind of nefarious attacker.

Source: http://www.businesscomputingworld.co.uk/3-key-questions-you-should-be-aware-of-when-fighting-off-cyber-crime/

  • 0

Black Friday and Cyber Monday are upon us. Is your network ready?

Dive Brief:

  • Black Friday, Small Business Saturday and Cyber Monday are part of the most popular shopping weekend of the year. To prepare for the influx of traffic, Walmart’s IT department initiates tests for e-commerce year-round “to scale, meet and exceed traffic projections” during the weekend, Paul Antony, senior vice president of global infrastructure and operations for Walmart Labs, told CIO Dive in an email.
  • The big-box retailer launches tests based on traffic trends to best serve the 79% of consumers expected to shop both in-store and online for Black Friday, according to a Deloitte survey of 1,200 U.S. consumers.
  • About 36% of respondents said they are “influenced by deals from a mobile device while in-store,” and brick-and-mortar stores with an e-commerce site should also prepare for the 46% of consumers they stand to lose if they have to wait for a website experiencing technical issues, according to the report

Dive Insight:

The holiday shopping season is like open season for hackers. Because of the influx of online traffic, hackers take full advantage of the financial vulnerability of consumers. Phishing schemes and distributed denial-of-service (DDoS) attacks are some of the most prevalent threats this coming weekend.

The fear of cyberthreats is not only for retailers. Nearly one-third of shoppers won’t shop online this holiday season for fear of a website’s weak security. That’s not to mention that only about 18% of consumers believe a retailer’s cybersecurity efforts are at the status they should be.

But Black Friday and Cyber Monday invite the elevated risk of a DDoS attack. DDoS attacks increased by 380% in quarter one alone this year. This is in part due to DDoS attacks’ low-costs. Hackers only need to spend $5 for a 300-second attack, and a 24-hour attack costs about $400.

While it only costs hackers around $18 an hour, half of the companies targeted could lose up to $100,000 or more per hour during an attack. In 2015, about 73% of enterprises experienced at least one DDoS attack.

Retailers can’t afford to lose customers due to too much traffic or a hacker purposefully flooding their network, so businesses should ensure that redundancy measures are in place for the threats of a DDoS attack or a data breach as Black Friday and Cyber Monday approach.

Source: https://www.retaildive.com/news/black-friday-and-cyber-monday-are-upon-us-is-your-network-ready/511436/

  • 0

DDoS attacks have doubled in six months, up 91% on first quarter

IoT devices in the dock as DDoS stages a resurgence, but stealth and sophistication also on the rise.

Businesses are being hammered by an average of eight DDoS attack attempts per day, an increase of 35 percent compared to Q2 2017, and a massive 91 percent increase over Q1 2017, according to new figures.

The huge increase in volume is partly due to the prevalence of DDoS services online, often marketed as ‘Booters’ ‘Stressers’ and similar tools, as well as the volume of easily-compromised IoT devices, according to the researchers from Correro. One example being the Reaper botnet, which has allegedly compromised more than one million organisations all across the globe, and has been described as “more sophisticated” than Mirai and “the next cyber-hurricane”.

Russ Madley, head of VSMB & channel, Kaspersky Lab UK said: “While DDoS attacks have been a threat for many years, it’s still important that businesses take them seriously as they are one of the most popular weapons in a cyber-criminal’s arsenal. A DDoS attack can be just as damaging to a business as any other cyber-crime, especially if used as part of a bigger targeted attack. The ramifications can be far-reaching as they’re able to reach deep into a company’s internal systems. Organisations must understand that protection of the IT infrastructure requires a comprehensive approach and continuous monitoring, regardless of the company’s size or sphere of activity.”

Unfortunately, while the sheer volume and scale of attacks has risen, their sophistication has too, with fifth of the DDoS attack attempts recorded during Q2 2017 deploying multiple attack vectors to pick apart victim’s defences. The researchers also pointed out that many less sophisticated DDoS attacks are designed to be a distraction and delaying tactic to tie up internal security experts and resources while a more subtle incursion is under way elsewhere.

Stephanie Weagle, VP, Corero Network Security warned that: “Sophisticated multi-vector DDoS attacks are becoming the new normal, with the potential to knock organisations of all types and sizes offline. Often lasting just a few minutes, these quick-fire attacks can be used as a smokescreen, designed not to outright deny service but to distract from an alternative motive, usually data theft and network infiltration. In order to effectively meet the challenge of this rapidly evolving threat landscape, organisations need to adopt modern DDoS defences that will provide both instantaneous visibility into DDoS events, real-time mitigation as well as long-term trend analysis to identify adaptations in the DDoS landscape.”

Source: https://www.scmagazineuk.com/ddos-attacks-have-doubled-in-six-months-up-91-on-first-quarter/article/709147/

  • 0

Securing your APIs

Covering your APIs

Web APIs are not exactly a new technology. You can find an API for almost any service offered online. The reason for the popularity is not surprising, APIs easily and efficiently facilitate integration between applications. This inter-application communication allows partnerships to efficiently share data and resources, allowing the automation of many tasks that would otherwise require human interaction.

This inter-application access is a double-edged sword. By design these APIs allow external systems to access, and often manipulate, data and processes within your application. This exposes far more of your internal systems and operations than a webserver ever could. Yet despite this risk it is surprising how many companies fail to adequately protect their APIs.

Web APIs, at their heart, are just web requests.

They are transmitted via the HTTP protocol just like web pages. They are stateless transactions, just like web pages. It shouldn’t be any surprise then that web APIs need all the same protection that your webapplication does.

Use SSL Encryption:

I can’t think of a single web API use case where encryption is a bad idea. If we were talking about the same access to data, or functional ability on a website form you wouldn’t hesitate to secure the webpage with HTTPS; it shouldn’t be any less for APIs that carry that same data / functionality plus any authentication credentials that are submitted along with every request. Just because there is no browser warning to the user is no reason to skip an essential security step.

Validate parameters

Just like above, if this was a web form, you wouldn’t skip this right? Just like a web form data validation protects you from malicious code, errors and just plain nonsensical results. Unlike the web form the direct submitter isn’t a rational thinking person, any gaps or errors in data on their side can cause an automated process to submit all kinds of interesting requests.

Web APIs are so much more than web requests.

APIs also grant an elevated level of access to your internal systems, above and beyond what is available in a typical webpage. Furthermore,most API calls happen within applications internal mechanisms, which aren’t going to read error messages or apply common sense to their inputs. This means, compared to websites, APIs are an increased risk and need to be protected as such.

Use Strong Authentication / Authorization

Unlike web pages, which are generally published for public consumption, APIs are designed to share information with specifically authorized partners.There is an important distinction to be made between Authentication and Authorization. Typically, APIs will use the same token for both and use the term authentication token and authorization token interchangeably. Authentication proves the identity of the requestor, and authorization deals with the permissions of the requestor. OAuth and Authentication Tokens are two common ways to implement strong authentication.Forauthorization implementations consider using access control protocols like XACML to define what a user or role may access.

Restrict Methods

Web requests typically use GET or POST requests to retrieve or send data respectively. HTTP allows for many other lesser known methods like PUT, DELETE, or TRACE. These methods can have unexpected consequences on APIs if they are not properly handled. Restrict request methods to only those explicitly required by the API.

Lastly your APIs are publicly available, and you need to be aware of what information is being leaked through them.

Provide Error Handling Routines

Mistakes happen, sooner or later your application will have to deal with unexpected inputs or events, some of which can cause errors in your application. The default error messages often contain sensitive information about the internal workings of your system.

Warning: mysql_connect() [function.mysql-connect]: Can’t connect to MySQL server on ‘localhost’ (10013) in /var/local/www/include/dbconfig.php on line 23

Failure to handle and censor these errors delivers sensitive information to the end user.

Employ Anti-fusking

Sequential or predictable IDs allow visitors to easily guess IDs of resources they shouldn’t have access to. Hash IDs or UUIDs obscure this information. By itself this might not seem like much of a risk, but combined with any other misconfiguration it makes an attacker’s job an order of magnitude easier.

How DOSarrest can help protect your API:

Use DOSarrest VIP as API gateway

Most secure systems recommend separating your internal / sensitive systems from public systems via an intermediary perimeter system, sometimes known as DMZ. The DMZ, often protected by firewalls, serves as control point restricting what is exposed from the internal zones.

The core design of DOSarrest VIP services function exactly like API gateways, restricting access only to what is explicitly permitted.

Protect APIs with Threat Detection / Removal

Web APIs by and large are far more computationally expensive than websites. Consequently, application DoS attacks are far more effective when targeting APIs.

DOSarrest is able to deal with DoS attacks and other threats like SQL injection at a scale much greater than any appliance could ever manage.

Use Proven Solutions

If its’s not tested, it’s not secure. One of the basic principles of security is to only use proven, tested solutions. At DOSarrest we have been providing internet security solutions for over 10 years. We are not an add-on service to another existing business. We are not generalists. Since our inception DOSarrest was created to stop attacks.

Sean Power

Security Solutions Architect

DOSarrest Internet Security

Source: https://www.dosarrest.com/ddos-blog/securing-your-apis/

  • 0

DDoS attacks on UK businesses double in six months

Vulnerable IoT devices and DDoS-as-a-service drive surge in attacks

British businesses are under siege from a growing wave of DDoS attacks, as new figures reveal the number of incidents has almost doubled over the past six months.

UK organisations suffered an average of 237 DDoS attacks per month during Q3 2017, equivalent to eight attacks every single day. This figure is up by 35% from the previous quarter, and more than 90% compared to Q1 2017, according to a new report from DDoS mitigation firm Corero, based on data gathered from attack attempts against its customers.

DDoS attacks work by flooding a target server with so much traffic that it falls over, disrupting normal operations and knocking any related systems or services offline. The tactic is a perennial favourite of cyber criminals and malicious pranksters, as it is cheap and easy to execute.

This has become even more true in recent years. The leaking of the Mirai source code, used to take down a DNS firm providing access to high profile sites like Twitter, has led to an explosion in botnets populated by thousands of unsecured IoT devices, and dark web marketplaces now allow non-technical users to cheaply hire DDoS services that can be directed against whomever they choose.

“The growing availability of DDoS-for-hire services is causing an explosion of attacks,” said Corero CEO Ashley Stephenson, “and puts anyone and everyone into the crosshairs. These services have lowered the barriers to entry in terms of both technical competence and price, allowing anyone to systematically attack and attempt to take down a company for less than $100.”

Cyber criminals are also getting smarter about how they deploy DDoS attacks, the research reveals. Rather than simply using sustained, high-volume attacks, criminals are instead targeting multiple layers of a company’s security simultaneously with short bursts of traffic.

“Despite the industry fascination with large scale, internet-crippling DDoS attacks,” said Stephenson, “the reality is that they don’t represent the biggest threat posed by DDoS attacks today.”

“Often lasting just a few minutes, these quick-fire attacks evade security teams and can sometimes be accompanied by malware and other data exfiltration threats. We believe they are often used in conjunction with other cyber attacks, and organisations that miss them do so at their peril.”

Source: http://www.itpro.co.uk/security/29989/ddos-attacks-on-uk-businesses-double-in-six-months

  • 0

Kodi Users on Apple TV at Risk of Getting Hacked

Kodi, the free media player, is pretty popular among those who use Apple TV and it has always been an open-ended approach to streaming. It appears that the software is vulnerable and those who installed it are at risk of being hacked.

TvAddons warns Kodi users to be careful

An anonymous writer posted on TvAddons that Apple TV 2 requires a jailbreak to run Kodi. The Apple TV 2 jailbreak comes with an OpenSSH protocol and the default password “alpine”. Many of those who follow this process do not bother to even change the password and it leaves their device at the mercy of hackers.

How to solve this conundrum?

The easiest solution is to use the nitoInstaller app that jailbroke Apple TV 2 and change your password. To do so, the first step is to connect to your Apple TV and then go to the Advanced bar (on nito’s toolbar). The second and final step is to click on the option Change SSH Password. By changing the password your device might receive some extra security. An unsecured Apple TV could be the victim of DDoS attacks, spam, malware and more.

Apple TV 2 is a little outdated

The latest Kodi update for Apple TV 2 was released in 2015 and it is not a good idea to continue using them together. A good solution would be to buy a newer device or use Nvidia Shield or Amazon Fire TV.

Kodi: a popular open source media player

The software has been developed by XMBC Foundation and it allows those who download it to play and watch streaming media: videos, music, podcasts, internet videos and more. Many Kodi fans like the software because it is very customizable: several skins and plenty of plug-ins. Users can stream media via Amazon Prime Instant Video, Crackle, Spotify, Pandora Internet Radio and more.

Source: https://www.terrorismattacks.com/tech-journal/kodi-users-apple-tv-risk-getting-hacked/3403

  • 0

The Internet of Things could easily be the Internet of Threat

In more devices connecting and communicating to each other, we run the risk of one particular threat on the Internet – that of botnets.

The Internet of Things (IoT), unlike SMAC (Social Mobile Analytics Cloud), moved faster from being an industry buzzword to reality. However, what needs to be examined is whether businesses are prepared to fully leverage IoT.

The McKinsey Quarterly for March of 2010defined IoT as: “sensors and actuators embedded in physical objects—from roadways to pacemakers—are linked through wired and wireless networks, often using the same Internet Protocol (IP) that connects the Internet. These networks churn out huge volumes of data that flow to computers for analysis. When objects can both sense the environment and communicate, they become tools for understanding complexity and responding to it swiftly.”

Essentially, vast volumes of information that, primarily, is exchanged between devices. This has several benefits to organizations. One use case to emphasize this is predictive maintenance.

Machines enabled with sensors and connectivity give businesses real-time capability to measure production equipment, allowing for cost-effective approaches to maintenance that can improve both factory productivity and capacity utilization by avoiding breakdowns. In effect, businesses can now move to a model of predict and prevent from repair and replace.

Predictive maintenance and city-wide systems are just two use cases. There are several more that straddle retail environments, offices, and vehicles.

However, in more devices connecting and communicating to each other, we run the risk of one particular threat on the Internet – that of botnets. A botnet is a group of computers/devices connected in a coordinated fashion for malicious purposes; wherein each node within the botnet is referred to as a bot.

Botnets give rise to DDoS (Distributed Denial of Service) attacks much like the one in 2016 that affected ISPs in India, which was in the range of 200 gigabytes per second. At Akamai, we have successfully defended against DDoS attacks exceeding 620 Gbps. What’s important to focus on is not only the size of the attacks but the prevalence of them. In an age where IoT is supposed to be making things better, scope for equally nefarious applications of useful technology exist.

In India, IoT adoption is growing. According to a NASSCOM report titled IoT in India: The Next Big Wave, the IoT market in India is poised to reach USD 15 billion by 2020 accounting for nearly five percent of the total global market.

As the number of devices connecting with each other increases, so does the attack surface. India is already a prime target (and source of) web application attacks – according to data in our Second Quarter, 2017 State of the Internet / Security Report, India is 2nd in the list of countries in Asia Pacific that sourced the most web application attack traffic with close to 12,000,000 (12 Million) web application attacks attributed as originating from the country after China.

While this is a significant number, India also ranks 8th in the list of target countries for Web Application Attacks, globally.

The growth and use cases in IoT are not all for naught, however. While the threat looms, there are ways out. What’s required is awareness and standardization of processes. Threats and remedies to internet-based vulnerabilities are constantly evolving and at times depend on the individual capabilities within organizations. Going forward, there should be a constant exchange of information across organizations.

At a broad level, organizations do collaborate with CERT-In, the Indian Computer Emergency Response Team. While it’s truly positive to see that there’s increased information sharing between individual organizations and the government entity tasked with the Nation’s cybersecurity effort, what would be more impactful is when organizations come together, as a collective, to address the problem and arrive at approaches on how best to move forward, to safeguard their IP and their users.

Source: https://tech.economictimes.indiatimes.com/news/corporate/the-internet-of-things-could-easily-be-the-internet-of-threats/61671652

  • 0

Distributed-Denial-Of-Service Attacks And DNS

Distributed-denial-of-service (DDoS) attacks have become the scourge of the internet. DDoS attacks use compromised internet devices to generate enormous volumes of data and direct that data at a particular target such as a web server or router. That target either keels over due to some critical resource becoming exhausted, or it finds its connection to the internet saturated by garbage traffic.

DDoS attacks are simultaneously cheap to carry out and expensive to defend against. Almost anyone can order a DDoS attack against any target with no technical knowledge required. All that’s necessary is a website from which to order the attack (yes, such things exist) and some bitcoins with which to pay for it. The attacks generally use botnets with devices that have been compromised and infected with malware. Building internet infrastructure capable of withstanding the volume of data generated by a botnet requires costly over-engineering, commercial DDoS mitigation services or both.

Unfortunately, DDoS attacks have a special relationship to the Domain Name System: DDoS attacks both target and exploit DNS servers. By “target,” I mean that attackers frequently direct DDoS attacks at an organization’s authoritative DNS servers. These are the DNS servers responsible for advertising your DNS data to the rest of the internet; a successful DDoS attack against them will render your customers unable to visit your website or send you email. Every organization with a presence on the internet must have a set of authoritative DNS servers, and given even the most basic information — for example, one of your email addresses or the domain name of your website — a would-be attacker can find the names and addresses of those DNS servers, giving them a list of targets.

A particularly notable DDoS attack on authoritative DNS servers was the attack on Dyn in October 2016.  Attackers used the Mirai botnet to overwhelm Dyn’s DNS servers with a whopping 1.2 terabits per second of traffic. Dyn’s DNS servers couldn’t respond to legitimate DNS queries under the load, which left Dyn’s customers — including the New York Times, Reddit, Tumblr and Twitter — unreachable.

However, DNS servers are not just opportune targets of DDoS attacks. Clever attackers will use DNS servers to make their attacks more effective and to conceal their origins. This is possible for two main reasons: 1) Relatively small DNS queries can elicit large responses, and 2) DNS works over a “connectionless” protocol that’s easily spoofed.

Let’s discuss the first issue: DNS queries are generally small (less than 100 bytes long). However, they can generate much larger responses (4,000 bytes or more). This is what we refer to as amplification. In this case, the amplification factor is 4,000 bytes/100 bytes, or 40x.

Amplification wouldn’t be a problem if DNS responses were always sent back to the source of the query. However, DNS’s use of the User Datagram Protocol (UDP) makes it easy to spoof queries — that is, to send queries that look as though they came from another address. UDP is connectionless: Each UDP “datagram” is independent, like a postcard sent through the postal service rather than a text message in a stream of such messages. All an attacker needs to do is to use the address of his target as the source address in the packet that contains a DNS query — like writing a bogus return address on a postcard — and the DNS server will send the reply to the target rather than the real source of the query.

This makes it easy to enlist DNS servers as unwitting accomplices in a DDoS attack. An attacker can use a botnet to generate a high volume of queries to well-connected DNS servers on the internet, spoofing the source address of their target, and the DNS servers amplify the query traffic into a larger volume of response traffic. Moreover, the traffic that arrives at the target comes from the DNS servers rather than the attacker, making it difficult to trace the attack back to its origin.

Thankfully, there are several mechanisms that can help DNS servers defend against DDoS attacks. One is “anycast,” a configuration technique that lets a distributed group of DNS servers share a single address. The internet’s routing infrastructure directs queries sent to that address to the closest DNS server in the anycast group. This is efficient, of course, but it also implies that an attack launched from one part of the internet can only reach a single DNS server in an anycast group at any time. For example, a DDoS attack using a botnet based in China and targeting the anycast address used by a group of DNS servers would find all of its traffic directed to the closest DNS server in the anycast group. As a result, many organizations, including most DNS hosting companies, use anycast to make their DNS infrastructures resistant to DDoS attacks.

Newer DNS servers also incorporate a mechanism called Response Rate Limiting (RRL) to prevent their use as amplifiers in DDoS attacks. RRL limits the rate at which a particular response is sent to the source of a query. For example, if a DNS server receives too many queries for any records about Infoblox.com from the same address, it will throttle responses to that address. If the source of the query is legitimate, this won’t cause a problem: It will cache the response, making duplicate responses unnecessary. But if the queries are spoofed and the DNS server is being used as an amplifier, this will limit the amplification and therefore the damage it can do.

Companies need to anticipate the possibility that their DNS services could be the target of these attacks. Without DNS, all internet applications and services are unreachable, bringing business to a grinding halt. In fact, recent research from Infoblox found that 24% of companies lost $100,000 or more due to downtime from their last DNS attack. Today, far too many businesses put all their eggs in one basket, relying on a single cloud-based DNS provider, leaving them vulnerable to an attack like we saw on Dyn.

Source: https://www.forbes.com/sites/forbestechcouncil/2017/11/15/distributed-denial-of-service-attacks-and-dns/#54fbe1036076

  • 0