Archive - 2018

1
Combating DDoS attacks in Asia Pacific: It’s more than just a defence mechanism
2
Tracking Bitcoin Wallets as IOCs for Ransomware
3
PyeongChang Winter Games hit by cyber attack
4
Europe in the firing line of evolving DDoS attacks
5
Deconstructing a Denial of Service attack
6
Final Fantasy network recovers after losing health points to DDoS attack
7
SUSPECT ARRESTED FOR CYBER ATTACKS ON DUTCH TAX SERVICE; BUNQ
8
JenX botnet using video game to recruit IoT devices
9
A Head For Hacker-nomics
10
Fridge Attack – Hackers Use it to Mine Bitcoin!

Combating DDoS attacks in Asia Pacific: It’s more than just a defence mechanism

Imagine going to the frontlines of a battlefield wielding a sword and shield only to come face to face with fighter jets from the opponent instead. The crackdown against DDoS attacks is like an arms race enterprises have to face by evolving their weapons and defences against a cyber felon. As attack rates have grown, so has their impact. Despite an increase in DDoS defence spend, Neustar’s recent study found that 90 percent of organisations were hit by breaches that stemmed from DDoS offensives.

IoT as a DDoS attack tool

Just like the hallmarks of a fighter jet are its speed and manoeuvrability, the emergence of cloud computing and IoT devices has streamlined the infrastructure of today’s connected world. As IoT progressed from a stage of nascence to an enterprise driver capable of maintaining inventory levels, delivering real-time metrics on shipments and powering autonomous vehicles, organisations are left with their hands full in attempts to secure the enterprise value chain.

This year was inevitably a watershed moment in IoT security; headlined in the form of IoT botnet Reaper or IoT Troop. The perpetrators infected over a million organisations worldwide by infiltrating routers and smart devices – far more sophisticated than the 2016 Mirai IoT botnet that exploited weak passwords and infected major websites across the U.S. such as Twitter, Netflix and the New York Times.

What’s more dangerous is that some of these attacks were used as smokescreens to disarm an organisation’s cybersecurity shield while simultaneously causing a temporary relaxation of networking defences to alleviate the effects of the DDoS. Neustar found that more than half (51 percent) of Asia Pacific organisations reported falling prey to viruses stemming from DDoS attacks. As IoT adoption increases, the number of IoT-driven botnets is only set to escalate, presenting attackers with more opportunities to elude detection.

The IoT Culprit

In Asia Pacific, IoT devices remain a tempting target for DDoS attacks – more than 78 percent of enterprises experienced attacks while their IoT devices were in operation. To make matters worse, once attackers get hold of vulnerable IoT devices and exploit the security deficiency, it becomes nearly impossible to prevent infection without issuing a security update or recalling the affected devices. With 89 percent of organisations suffering a breach, including data theft, dangerous ransomware, and network compromise with DDoS attacks, the dream of a connected world might be a disaster in the waiting.

True to its name, the IoT botnet Reaper spreads through the security gaps in IoT software and hardware causing massive destruction at one go – amassing more than 20,000 devices and affecting 2 million hosts that have been identified as potential botnet nodes.

Better Detection = Greater Protection

As attacks scale in complexity, organisations need to prime themselves to be at the vanguard in the fight against cyberattacks. The average organisation needs a couple of hours to definitively detect a DDoS attack with reaction times getting longer – translating to greater vulnerability.

Through an Asia Pacific lens in Singapore, organisations in the financial services sector could be staring at revenue losses upwards of US$15.2m when six hours is taken to respond to a DDoS attack. In Hong Kong, the figure stands at US$29.9m for breaches in the public sector. This threat represents a new reality where the strikes have morphed beyond standard and commonplace into dangerous and continuous. The financial risks alone can exceed far beyond a quarter of a billion dollars and drives home the point that speed in detection and response is an ally to risk mitigation practices.

Neustar found the top three organisational motivations behind DDoS defense investments, namely: preserving customer confidence, prevention of associated attacks including ransomware and proactively strengthening existing protection. It should come as no surprise that those who seek to harm companies use DDoS as a weapon.

There is however, a silver lining. Businesses are acknowledging this threat by deploying Web Application Firewalls (WAF) that filter, analyse and isolate HTTP traffic stemming from web application security flaws. In fact, 53 percent of respondents have added WAF to their combat arsenals against DDoS – tripling in numbers since March 2017.

The future ahead will offer opportunities for bad actors to devise craftier ways to launch far more dangerous DDoS attacks capable of distracting IT teams and stymieing forensics. Understanding the right combination of defences is crucial and this can be achieved by working with security consultants to develop strategies and law enforcement bodies to provide maximum protection for stakeholders, only then will we be able to remain ahead of the curve on the battlefield and defeat the attackers.

Source: https://www.networksasia.net/article/combating-ddos-attacks-asia-pacific-its-more-just-defence-

Tracking Bitcoin Wallets as IOCs for Ransomware

By understanding how cybercriminals use bitcoin, threat analysts can connect the dots between cyber extortion, wallet addresses, shared infrastructure, TTPs, and attribution.

Cryptocurrency, particularly bitcoin, has captured the attention of Wall Street and Silicon Valley over the past few months. It seems like everybody wants to talk about bitcoin as if it is something brand new.

The truth is that cryptocurrencies have been the norm on the Dark Web for quite some time. Bitcoin has been payment method of choice for ransomware and cyber extortion because it allows bad actors to operate under a cloak of anonymity. But that could be changing. Threat intelligence analysts are beginning to incorporate bitcoin wallet addresses into their investigations, and we’ll soon be able to recognize attack patterns and track attribution. One thing we’ve noticed is the ability to track, to some degree, the correlations and connections between cyberattacks by following bitcoin transactions.

In order to understand why tracking bitcoin wallet addresses as indicators of compromise (IOCs) is so valuable, we need to understand why cybercriminals use bitcoin in the first place. There are three primary reasons.

Anonymity: Bitcoin provides anonymity when payments are received and when they are cashed out. That’s because bitcoin accounts and money transfers are difficult to trace and depend largely on the cybercriminal being sloppy with operations security.

Global Currency: Hackers typically prey on out-of-country targets and need a fast, untraceable method to transfer funds across nations without worrying about account freezes. Bitcoin is used as a global currency because you don’t need to worry about the exchange rates between your home country’s currency and US dollars.

Ease of Payments: In the past, hackers used to rely on gift cards for payment. This was troublesome on many levels — for instance, gift cards can’t be used globally, and criminals needed to come up with a mailing addresses that can’t be traced. Bitcoin and the higher profile of cryptocurrency have contributed to the rise in ransomware, as well as hackers’ ability to use extortion to elicit payments. One example occurred after the Ashley Madison website breach, when hackers threatened some users with a bitcoin ransom or have their identities revealed as adulterers. Another tactic involved using malicious emails to threaten a distributed denial-of-service attack on an organization’s network unless a bitcoin payment was made.

By tracking bitcoin wallet addresses as an IOC, we’ve been able to connect the dots between ransomware, wallet addresses, and shared infrastructure, TTPs (tactics, techniques, and procedures), and attribution.

Here is an example of how bitcoin is used in a ransomware campaign: A new piece of ransomware gives you a bitcoin address for payment. You can then make correlations that connect across sectors, like retail, energy, or technology groups based on the blockchain and/or reuse of the same address. With WannaCry, there were hard-coded bitcoin addresses that made it easy to correlate what you are dealing with and which sectors were being affected. The more bitcoin addresses are shared, the more you can identify addresses to which bitcoins are forwarded.

The ability to track transactions through the blockchain allows you to connect different ransomware campaigns. Cybercriminals don’t typically share bitcoin wallets as they might share the same exploit kit, but by tracking blockchain transactions, analysts have another investigation point from which they can pivot and dig for more.

Bitcoin Addresses Reported by Multiple Sectors

Addresses are often unique to each target or a small set of targets, but you can track where the money goes by looking at the blockchain (the transactions) to see which addresses deliver funds to the same final addresses before being cashed out.

Addresses are often unique to each target or a small set of targets, but you can track where the money goes by looking at the blockchain (the transactions) to see which addresses deliver funds to the same final addresses before being cashed out.

Why is it important to be able to track bitcoin wallets as IOCs? With the ability to track payments, you can determine if bitcoins are going to specific wallet addresses, and then narrow that down to determine if they are the same two or three addresses over time. This will give you some idea of where and when cybercriminals are cashing out.

The value of the metadata as an indicator for malicious activity is because, although there are many variants of ransomware, the number of variants does not necessarily represent separate campaigns or cybercriminal groups. If you can follow the transactions through the blockchain, you can see how or if these variants are connected, and identify specific campaigns.

There is a well-known saying that if you want to know where trouble is coming from, follow the money. It’s hard to follow bitcoins, but all of those bitcoin wallets can help you see how ransomware is connected.

This research was provided by the TruSTAR Data Science Unit.

Source: https://www.darkreading.com/threat-intelligence/tracking-bitcoin-wallets-as-iocs-for-ransomware-/a/d-id/1331016?

PyeongChang Winter Games hit by cyber attack

Although critical operations were not affected by the incident, event organisers at the PyeongChang Winter Olympics had to shut down servers and the official games website to prevent further damage.

The ongoing Winter Olympics in South Korea was hit by a cyber attack that affected internet and TV services last Friday, according to the International Olympic Committee (IOC).

After the attack was detected, event organisers had to shut down servers and take the official PyeongChang Winter Olympics website offline to prevent further damage.

During a press briefing on the sidelines of the global sporting event, IOC spokesperson Mark Adams declined to reveal the source of the attack, noting that the issue had been resolved the next day, according to a Reuters report.

“We are not going to comment on the issue. It is one we are dealing with. We are making sure our systems are secure and they are secure,” he told reporters.

Cyber security experts had warned of an increase in cyber attacks on the Winter Games using spear phishing e-mails loaded with suspicious links to lure victims into downloading malware in targeted campaigns, such as GoldDragon which took place in December 2017.

According to threat analysts from McAfee, GoldDragon – directed at organisations affiliated with the Winter Olympics – lets attackers access end-user systems and collect data stored on devices and the cloud. The data may include customer and employee financial or personal data, Winter Games related details and trade secrets.

Although critical operations were not affected by last week’s incident, similar attacks had been launched against critical and non-critical systems in past Olympics games.

During the summer Olympics in London, there were reportedly six major cyber attacks against critical systems, including distributed denial of service attacks on power systems that lasted for 40 minutes. Hacktivists also made calls on social media to launch similar attacks at specific times.

And during the Rio Olympics in 2016, the IOC said it was under regular attack. Phishing emails were also sent to athletes in attempts to steal credentials that could be used to access a World Anti-Doping Agency database.

Japan is already bracing itself for more cyber attacks aimed at the Tokyo Olympics in 2020. For one, the Tokyo 2020 organising committee has been conducting cyber security exercises to simulate potential attacks, both in cities and rural areas.

Cyber security drills would be conducted up to six times a year, rising to 10 in the run-up to Tokyo 2020. The drills, which involve local governments, would also include simulated attacks on mock ticketing websites. Between 300 and 500 people took part in similar exercises in Rio and London.

Source: http://www.computerweekly.com/news/252434847/PyeongChang-Winter-Games-hit-by-cyber-attack

Europe in the firing line of evolving DDoS attacks

The Europe, Middle East and Africa region accounts for more than half the world’s distributed denial of service attacks, a report from F5 Labs reveals.

The past year has seen a 64% rise in distributed denial of service (DDoS) attacks and greater tactical diversity from cyber criminals, according to customer data from F5’s Poland-based Security Operations Center (SOC).

However, more than 51% of attacks globally were targeted at organisations in Europe, the Middle East and Africa (Emea), and 66% involved multiple attack vectors, requiring sophisticated mitigation tools and knowledge, the report said.

The F5 report comes less than two weeks after several waves of powerful DDoS attacks hit banks and other organisations in the Netherlands.

Reflecting the spike in activity, F5 reported 100% growth for Emea customers deploying web application firewall (WAF) technology in the past year, while the adoption of anti-DDoS technology increased by 58%.

A key discovery was the relative drop in power for single attacks. In 2016, the F5 SOC logged multiple attacks of over 100Gbps, with some surpassing 400Gbps.

In 2017, the top attack stood at 62Gbps. This suggests a move towards more sophisticated Layer 7 (application layer) DDoS attacks that are potentially more effective and have lower bandwidth requirements.

“DDoS threats are on the rise in Emea and we’re seeing notable changes in their scope and sophistication compared with 2016,” said Kamil Wozniak, F5 SOC manager.

“Businesses need to be aware of the shift and ensure, as a matter of priority, that the right solutions are in place to halt DDoS attacks before they reach applications and adversely impact on business operations. Emea is clearly a hotspot for attacks on a global scale, so there is minimal scope for the region’s decision-makers to take their eyes off the ball,” he said.

Disruptive attacks

Last year started with a bang, the report said, with F5 customers facing the widest range of disruptive attacks recorded to date in the first quarter of 2017.

User Diagram Protocol (UDP) floods stood out, representing 25% of all attacks. Attackers typically send large UDP packets to a single destination or random ports, disguising themselves as trustworthy entities before stealing sensitive data. The next most common attacks were DNS reflection (18%) and SYN flood attacks (16%).

The first quarter of 2017 was also the peak for Internet Control Message Protocol (ICMP) attacks, whereby cyber criminals overwhelm businesses with rapid “echo request” (ping) packets without waiting for replies. In stark contrast, the first-quarter attacks in 2016 were evenly split between UDP and Simple Service Discovery Protocol (SSDP) floods.

The second quarter of 2017 proved equally challenging, the report said, with SYN floods moving to the front of the attack pack (25%), followed by network time protocol and UDP floods (both 20%).

The attackers’ momentum continued into the third quarter, the report said, with UDP floods leading the way (26%). NTP floods were also prevalent (rising from 8% during the same period in 2016 to 22%), followed by DNS reflection (17%).

The year wound down with more UDP flood dominance (25% of all attacks). It was also the busiest period for DNS reflection, which accounted for 20% of all attacks (compared to 8% in 2016 during the same period).

“Attack vectors and tactics will only continue to evolve in the Emea region. It is vital that businesses have the right systems and services in place to safeguard apps wherever they reside”

Kamil Wozniak, F5 SOC

Another key discovery during the fourth quarter of 2017, and one that underlines cyber criminals’ capacity for agile reinvention, was how the Ramnit trojan dramatically extended its reach. Initially built to hit banks, F5 Labs found that 64% of Ramnit’s targets during the holiday season were US-based e-commerce sites.

Other new targets included sites related to travel, entertainment, food, dating and pornography. Other observed banking trojans extending their reach included Trickbot, which infects its victims with social engineering attacks, such as phishing or malvertising, to trick unassuming users into clicking malware links or downloading malware files.

“Attack vectors and tactics will only continue to evolve in the Emea region,” said Wozniak. “It is vital that businesses have the right systems and services in place to safeguard apps wherever they reside. 2017 showed that more internet traffic is SSL/TLS encrypted, so it is imperative that DDoS mitigation systems can examine the nature of these increasingly sophisticated attacks.

“Full visibility and greater control at every layer are essential for businesses to stay relevant and credible to customers. This will be particularly important in 2018 as the EU General Data Protection Regulation comes into play,” he said.

Source: http://www.computerweekly.com/news/252434746/Europe-in-the-firing-line-of-evolving-DDoS-attacks

Deconstructing a Denial of Service attack

Denial of service attacks present a major threat to the world, but we may be set to see it get much worse as IoT devices continue to flood the consumer market.

The term denial of service will strike fear into the hearts of many organisations and individuals that have been targeted by this kind of attack. Whether permanent or temporary disruption is caused by the attack, denial of service is when a hacker forces an internet-connected host to be unable to function.

A more high-profile variation of this form of attack is the distributed denial of service; a hacker channels an overwhelming volume of traffic toward its target from as many sources as possible.

This bombardment ultimately incapacitates the victim, left unable to barricade itself against the multitude of entry points, with customers or users of the target’s services also prevented from gaining access.

DoS and DDoS attacks are made all the more troubling by the fact that they are purely destructive, meaning that malicious intent is commonly behind the attacks. Over the years there have been examples of activism, blackmail and revenge as driving factors behind the launching of this kind of cyberattack.

CBR is setting out to look inside the world of denial of service attacks, to find out how they are orchestrated, the damage they have been known to do, and what we can expect from this fearsome form of attack in the near and more distant future.

 

How to launch one

You might think that the planning stages behind these attacks are extensive, but really not a great deal of forethought is required to launch a dangerous denial of service attack.

Once you have honed in your target system, locating open ports or vulnerabilities in the target is the next important step in the process. Prime targets could be email servers, DNS servers or Web servers, given the likelihood that incoming connection requests will be accepted.

Now that these basics have been established, just a pure brute force approach to drowning the target with traffic remains, but this step is not always quite that simple. For success, the attacker must be able to summon up enough traffic to hit the target with to deny it of service.

Deconstructing a Denial of Service attack

Making complex DNS queries at an extremely high rate could be enough to make weaker systems suffer and fall into the hands of your attack, but many targets will be able to stand up to this simplistic method.

This is not the only option however, especially if you are able to tap into the destructive power of an army of zombies. In this sense, a zombie is a device enslaved by a hacker to be used as part of the attack, a single device is not enough to generate a sizeable enough attack on its own to cause a denial of service. Here we have touched on a deadly combination, entering into the world of botnets, a network of hijacked devices that can be used in sync to deliver a crushing blow with an unstoppable torrent of traffic.

The botnet

This army of devices brought together by an attacker to generate overwhelming traffic is not comprised solely of computers. In fact, mobile devices, servers, PCs or internet of things devices can be enslaved for malicious purposes, but it is this last example that is set to be the harbinger of a new era of powerful DDoS attacks.

IoT devices are flooding into the consumer market while also being used increasingly within industry, and while manufacturers gleefully tend to the demand for everything to be connected, security professionals shudder at the prospect of the tinderbox scenario.

IT security experts are often highly concerned by the negligence of manufacturers when equipping these mass produced devices with security that can stand up to modern threats, meaning that hackers can go unchecked as they secretly harness more and more devices.

Towards the end of 2017, researchers claimed to have discovered a frightening behemoth of a botnet that they believed at the time could have infected over a million IoT devices. Cameras stood out among the devices involved, and perhaps more worrying were the similarities it bore to the notorious Mirai botnet.

The massive botnet has been given the name ‘Reaper’, an apt name given that it does not rely on subtlety for attacks, instead working by hijacking and using its vast power directly against its victims. Not yet slowed or defeated, the Reaper botnet is a glimpse of the monster we may be creating by excitedly connecting devices to the internet; some professionals have even considered this botnet big enough to kill the internet.

 

How to defend against it

You will stand a vastly improved chance of avoiding the destructive power of a denial of service attacks by leveraging these methods of defence. Firstly, it could prove very beneficial to use statistical patterns and filter illegitimate traffic.

Honeypots are also a way of protecting your organisation that are increasing in popularity as it becomes harder and harder to guarantee that you have not been breached. As the name suggests, these attack rely on dummy servers to give away the presence and activity of an attacker, with the honeypot inaccessible to customers. This form of defence is included in the Gartner top strategic trends prediction for 2018, looking at this method as a key to better protection in 2018.

Safer Internet Day 2018: Why it cannot be ignored
Data Privacy Day 2018: Four predictions for the future of data protection
GCHQ stops 54m cyberattacks with ‘Great British Firewall’

Another reliable form of mitigation is throttling, this allows an organisation to control a maximum level of traffic flow, preventing a system being forced to its limits by a sudden violent spike to traffic. Also known as rate-limiting, the method could also prove useful for identifying attacks for heightened protection in the future.

Source: https://www.cbronline.com/in-depth/deconstructing-denial-of-service-attack

Final Fantasy network recovers after losing health points to DDoS attack

The network hosting the role-playing video game Final Fantasy XIV experienced significant disruptions for three hours yesterday as the result of a distributed denial of service (DDoS) attack.

A Feb. 5 posting on developer Square Enix’s online forum informed players that the company was able to fully restore the network and also reinforced its anti-DDoS defensive measures following the incident, which caused technical difficulties between 6:49 a.m. and 9:40 a.m. Eastern Time that day.

Earlier that same day, Square Enix acknowledged that gamers could be experiencing disconnections from and difficulties logging in to JP data center Worlds, as well as difficulties accessing, sending and receiving data from JP data centers.

In June 2017, Final Fantasy XIV was notably impacted by a multi-day DDoS attack campaign targeting the game’s North American data center.

“Online gaming companies are constantly under the barrage of DDoS attacks; sometimes there are dozens of attacks per day that range in size and scale,” said Stephanie Weagle, vice president of DDoS protection and mitigation company Corero Network Security. “Regardless of the motivation, or techniques used to execute the attacks, these cyber events lead to downtime, latency and availability issues… Any service downtime equates to drop-in visitors and a corresponding loss of revenue.”

Source: https://www.scmagazine.com/final-fantasy-network-recovers-after-losing-health-points-to-ddos-attack/article/742432/

SUSPECT ARRESTED FOR CYBER ATTACKS ON DUTCH TAX SERVICE; BUNQ

The police arrested an 18-year-old man from Oosterhout in connection with multiple DDoS attacks on the Tax Authority, tech site Tweakers and internet provider Tweak last week, as well as on online bank Bunq in September last year. The man was arrested on Thursday, February 1st, the police said in a statement on Monday.

In a DDoS attack large amounts of data is sent to the targeted site, overloading the site’s server and thereby crashing the site.

The police worked closely with Tweakers and security company Redsocks in this investigation. “With this arrest we show that people who commit DDoS attacks do not go unpunished. Investigation must show whether he acted alone or not”, Gert Ras, head of the police’s High Tech Crime team, said. The police are also investigating whether this man is linked to other DDoS attacks on Dutch banks last week. ABN Amro, ING and Rabobank were all hit by multiple attacks.

Redsocks has indication that the man was also behind the attacks on ING and ABN Amro, investigator Ricky Gevers said to NOS. “We shared information about this with the police.”

Tweakers reports that the the tech site tracked down the Oosterhout man after he claimed responsibility for several DDoS attacks online. “The suspect claims that he bought 40 euros of capacity from a ‘stresser’, an online service that can be used by companies to test their DDoS resistance, but can just as easily be used for an actual DDoS.” Tweakers writes. The suspect hid his identity with a so-called VPN connection, but based on IP addresses Tweakers found out that he had a Tweakers account. The tech site handed over his account details to the police on Thursday, and the police arrested him later that day.

The police also searched the suspect’s home and confiscated his computer and other data carriers for further investigation. The suspect will be arraigned on Tuesday.

Source: https://nltimes.nl/2018/02/06/suspect-arrested-cyber-attacks-dutch-tax-service-bunq

JenX botnet using video game to recruit IoT devices

Security researchers have found a new botnet that uses flaws connected to the Satori botnet and uses hosting services running multiplayer versions of Grand Theft Auto to infect IoT devices.

Security researchers have found a new botnet that uses flaws connected to the Satori botnet and uses hosting services running multiplayer versions of Grand Theft Auto to infect IoT devices.
According to a blog post by Radware researcher Pascal Geenens, the botnet uses the vulnerabilities CVE-2014-8361 and  CVE-2017-17215, which affect certain Huawei and Realtek routers.
Both exploit vectors are known from the Satori botnet and based on code that was part of a recent public Pastebin post by the “Janit0r,” author of “BrickerBot.”
Geenens said the malware also uses similar techniques as seen in the recently discovered PureMasuta, which had its source code published in an invite-only dark forum as of late.
“Our investigation led us to a C2 server hosted under the domain ‘sancalvicie.com’ of which the site provides GTA San Andreas Multi-Player mod servers with DDoS Services on the side,” he said.
One service is called Corriente Divina (“divine stream”) and described as “God’s wrath will be employed against the IP that you provide us.” It provides a DDoS service with a guaranteed bandwidth of 90-100Gbps and attack vectors including Valve Source Engine Query and 32bytes floods, TS3 scripts and a “Down OVH” option which most probably refers to attacks targeting the hosting service of OVH, a cloud hosting provider that also was a victim of the original Mirai attacks back in September 2016, according to Geenens.
A short time later, Geenens returned to the site and discovered that the DDoS attack service description had changed with an “upgrade” of services to a guaranteed DDoS volume of 290-300Gbps.
This San Calvicie-hosted botnet is “untypical” for IoT botnets Geenens has seen as it uses servers to perform the scanning and the exploits.
“Nearly all botnets, including Mirai, Hajime, Persirai, Reaper, Satori and Masuta perform distributed scanning and exploiting. That is, each victim that is infected with the malware will perform its own search for new victims. This distributed scanning provides for an exponential growth of the botnet but comes at the price of flexibility and sophistication of the malware itself,” he said.
Geenens said that unless someone frequently plays GTA San Andreas, people will probably not be directly impacted.
“There is nothing that stops one from using the cheap US$ 20 (£14) per target service to perform 290Gbps attacks on business targets and even government related targets. I cannot believe the San Calvicie group would oppose to it,” he added.
Since the discovery, some European providers took down the exploit servers hosted in their datacenters but there are active servers still operational.  He warned that JenX can be easily concealed and hardened against takedowns.
“As they opted for a central scan and exploit paradigm, the hackers can easily move their exploit operations to bulletproof hosting providers who provide anonymous VPS and dedicated servers from offshore zones,” he said. “These providers do not care about abuse. Some are even providing hosting services from the Darknet. If the exploit servers would be move to the Darknet, it would make it much more difficult to track down the servers’ location and take them down.”
Tony Hart, chief architect at Corero Network Security told SC Media UK that this new JenX Botnet is a standard variant of the Mirai/Satori virus with one major difference and that is that it does not self-propagate and is able to recruit new Botnet members through central services.
“This botnet is designed to specifically target gaming providers and is leveraging two known vulnerabilities. Hackers are offering this botnet as DDoS service with a guaranteed bandwidth of 290 to 300 Gbps so anyone can easily buy the services and add any other payloads for maximum impact,” he said.
David Kennerley, director of threat research, Webroot, told SC Media UK that if JenX has the capabilities it boasts then it has the potential to cause havoc upon being directed towards any target entity.
“Every botnet has the potential to stop employees reaching the internet and/or stopping customers from visiting a merchant’s site.  Botnets primary goal is disruption, whether for perceived revenge upon a person or organisation or for blackmail purposes.  Within industry it’s usually about costing the target money,” he said.
“There are two sides to protection.  The first is making sure your equipment doesn’t become part of the botnet.  Keep all devices, especially those “set up and forget” IoT devices, up-to-date and keep abreast of the latest vulnerabilities reported. Importantly, understand which devices need to be internet facing, and correctly configure defensive equipment, like firewalls, and actively monitor all aspects of your IT setup.”
Adam Brown, manager – security solutions at Synopsys, told SC Media UK that IoT software like any other software needs a software security initiative as part of the development cycle making software secure by design. “Surely the future will see IoT device certification, much as we have for hardware today with the addition of a software focus,” he said.
Source:https://www.scmagazineuk.com/jenx-botnet-using-video-game-to-recruit-iot-devices/article/741884/

A Head For Hacker-nomics

Unraveling the economics of cyberattacks is just as important as grasping the technologies that hackers use to launch them, says SMU Assistant Professor Wang Qiuhong.

AsianScientist (Feb. 5, 2018) – By Sim Shuzhen – Just as a thief planning a bank heist must figure out how to open locks, bypass security cameras and make a quick getaway, a hacker must also devise ways of cracking passwords, circumventing intrusion detection systems and concealing his electronic traces. The difference is that while the thief’s reach is limited in physical space, the hacker can inflict damage across international boundaries from a computer in a remote location.

Virtual in nature and global in reach, cybercrime is a very different beast from crime in the physical world, and fighting it has proved to be an uphill battle. Still, the good news is that cybercriminals are not a completely unknown quantity—just like their counterparts in the real world, their actions are often rational and motivated by economic incentives. Therefore, looking at cybersecurity through the lens of economics could help researchers come up with better countermeasures against online threats.

Taking this very approach is Assistant Professor Wang Qiuhong of the Singapore Management University (SMU) School of Information Systems, who uses tools from economics to study a range of public policy and business issues related to cybersecurity.

“I think cybersecurity is not just a technical issue, but also a business and economics issue. We need researchers who can cross disciplines, and who deeply understand the technology as well as the economics and social science,” she says. “They can then bring these disciplines together and gain insights that will facilitate decision making.”

A punishment that fits the crime

To deter conventional criminals, governments pass laws and impose penalties on those who flout them. But due to the unique, transboundary nature of cybercrime, it is unclear whether or not legislation actually deters hackers from launching attacks, says Professor Wang.

Together with her collaborators, Professor Wang has used economic modelling to assess how effective the Convention on Cybercrime (COC) has been at deterring distributed denial of service (DDOS) attacks. Introduced in 2001 and now signed by more than 50 countries, the COC is the world’s first piece of international legislation against cybercrime.

Using data from real attacks in 106 countries, the researchers showed that enforcement of the COC was associated with a nearly 12 percent decrease in DDOS attacks; this effect, however, disappeared when the enforcing countries were unwilling to fully engage in international cooperation. Professor Wang and her collaborators published their results in a 2017 paper in MIS Quarterly, titled ‘Cybercrime deterrence and international legislation: Evidence from distributed denial of service attacks’.

“Whether legislation can deter cyberattacks may seem like a very intuitive question, but it can have a very important impact on the government’s decision making,” says Professor Wang.

Her study not only provides evidence that legislation, international collaboration and enforcement can indeed deter cyberattacks; more importantly, it also shows that the effectiveness of the same piece of legislation can vary from country to country depending on the details of how it is implemented, she explains.

But the picture can get even more complicated. Despite its impact on overall cybercrime rates, legislation seems to be less effective at deterring hackers who are intent on acquiring the capability to launch cyberattacks on a large scale, says Professor Wang.

“In this scenario, hackers are compromising a computer not for the purpose of destroying a system, but to leverage its computing power, storage capacity and connectivity to launch more serious attacks targeting other networks and computers,” she explains.

Thus, cybercrime countermeasures should not be limited to reducing the frequency of attacks or to protecting the targets of these attacks, says Professor Wang.

“It is equally important to reduce the severity of attacks and to weaken the attackers’ acquisition of capabilities to launch attacks,” she explains.

Location, location, location

In the real world, a country has geographical neighbours; in cyberspace, it has what Professor Wang calls topological neighbours—countries through which its data packets are routed as they make their way around the World Wide Web.

This brings a fundamental economic principle into play: that of externalities. When a country and its topological neighbours have made comparable efforts to implement cybersecurity legislation, they are likely to experience positive externalities that reinforce the effectiveness of that legislation, leading to a reduced risk of cyberattacks for all parties. On the other hand, if one country implements effective legislation while its topological neighbors let hackers run riot, this mismatch in cybersecurity capabilities may result in negative externalities, leading to an increased risk of cyberattacks, explains Professor Wang.

“When addressing issues of deterrence, we have to be aware of how our [topological] location will affect our cybersecurity countermeasures, and also how our countermeasures will affect other countries,” says Professor Wang.

These relationships, she adds, could be very different from conventional geographical, political or economic ties. One of her current projects is therefore to understand the connections between cyberattacks and the structure of the internet; this, she hopes, will help countries and businesses devise strategies to position themselves in more secure topological locations.

The fight against cybercrime looks set to be a long-term struggle, says Professor Wang.

“Digitisation and the internet have made everything easier. But when we open these doors to legitimate businesses and day-to-day activities, it also opens doors for hackers and criminals,” she muses. “The need for cybersecurity is a by-product of our technological advancement.”

Thus, rather than simply reacting to the latest malware attack, authorities would do better to seek an in-depth understanding of the fundamental nature of cybercrime from a longitudinal perspective, says Professor Wang.

“It is always important to ask where we are, where we are going, whom we will impact and who will impact us, and to constantly review cybersecurity policy in light of that information.”

Asian Scientist Magazine is a media partner of the Singapore Management University Office of Research & Tech Transfer.

Source: http://www.asianscientist.com/2018/02/features/cybersecurity-smu-wang-qiuhong/

Fridge Attack – Hackers Use it to Mine Bitcoin!

It’s 2018 folks, where everything has to be high-tech and the internet of things grows by the day. And where there is IoT, there is malware. Cyber criminals can use your smart home appliances and turn them into craptocurrency miners. First world problems, am I right? Cybersecurity expert and VP of tactical analysis for Stratfor, Scott Stewart said that homes with a high amount of IoT appliances could be at a high risk. Just imagine, your toaster, oven, washing machine, dryer AND fridge – all being hijacked for their processing power to mine some suckers Bitcoin and you’re left with slow, useless utilities.

Mr. Scott was quoted saying this while giving a run down on some potential security threats that may be arising in 2018; “The concern is when you have a centralised home assistant device like a Google Home or an Alexa, that connects to many other devices, whether its lights, thermostats, refrigerators, dishwashers, other appliances, we’re really concerned that provides a central node for an attack.” and “We believe we’re going to see this year hackers starting to use new tools and new approaches to grab a hold of those.”

And it also appears that botnets are already running on owners home appliances to be used for denial of service attacks. Not only are you being coined out of your craptocurrency, now you’re helping scriptkiddies around the world take their Xbox enemies offline! How appliances have advanced! He was also quoted mentioning “We’re also concerned though not only for use in DDoS and the ransomware application, but also Bitcoin mining and other coin mining.” and “So people could take over your appliances and use them to make Bitcoin, which is crazy. But it is what it is”. Imagine if within years, you have a fully automated “IoT” styled house, just for everything to become infected and for your home to be turned into a literal “mine”.

He was also saying how hackers will be looking for new malicious ways in 2018 to present themselves as threats to cybersecurity. And how he recommends that users make sure they are using a secured network to make sure that they aren’t put at a higher risk to attack. IoT have already caused a lot of issues concerning privacy, interoperability and standards, legality and rights and the ever evolving development of them. However one thing that hasn’t always been at the front line is the fact that the security of these things are at a lot higher risk than just using them to eaves drop on your “good morning” conversations.

The impeding message too the public when being sold these “smart” appliances is how there is risk of infection software wise and what the signs are. Someone could be sitting at home, happily using their “smart” appliances while they’re not operating at max capabilities because some hacker is using majority of the processing power to mine craptocurrency for them. People need to think about the cybersecurity of not just there computers and phones now, they also have to think about any “smart” appliances that in my opinion are just about to become dumb.

Source: http://seczine.com/technology/2018/02/fridge-attack-hackers-use-it-to-mine-bitcoin/

Copyright © 2014. DoS Protection UK. All Rights Reserved. Website Developed by: 6folds Marketing Inc. | Demo Test