Category - DDoS Attack Specialist

1
Discord was down due to Cloudflare outage affecting parts of the web
2
Ecuador Claims It Suffered 40 Million Cyber Attacks Since Julian Assange?s Arrest
3
How HTML5 Ping Is Used in DDoS Attacks
4
Man charged over Cheshire and Greater Manchester Police cyber-attacks
5
New Mirai Variant Comes with 27 Exploits, Targets Enterprise Devices
6
7 Misconceptions About DDoS Attacks That Could Jeopardize Your Business
7
What is shadow IoT? How to mitigate the risk
8
Booter Owner Pleads Guilty in Federal Court
9
IoT and DDoS attacks dominate cybersecurity space
10
DoJ Charges Hackers with Staging Computer Attacks

Discord was down due to Cloudflare outage affecting parts of the web

Popular chat service Discord experienced issues today due to network problems at Cloudflare and a wider internet issue. The app was inaccessible for its millions of users, and even Discord?s website and status pages were struggling. Discord?s problems could be traced to an outage at Cloudflare, a content delivery network. Cloudflare started experiencing issues at 7:43AM ET, and this caused Discord, Feedly, Crunchyroll, and many other sites that rely on its services to have partial outages.

Cloudflare says it?s working on a ?possible route leak? affecting some of its network, but services like Discord have been inaccessible for nearly 45 minutes now. ?Discord is affected by the general internet outage,? says a Discord statement on the company?s status site. ?Hang tight. Pet your cats.?

?This leak is impacting many internet services including Cloudflare,? says a Cloudflare spokesperson. ?We are continuing to work with the network provider that created this route leak to remove it.? Cloudflare doesn?t name the network involved, but Verizon is also experiencing widespread issues across the East Coast of the US this morning. Cloudflare notes that ?the network responsible for the route leak has now fixed the issue,? so services should start to return to normal shortly.

Cloudfare explained the outage in an additional statement, commenting that ?Earlier today, a widespread BGP routing leak affected a number of Internet services and a portion of traffic to Cloudflare. All of Cloudflare?s systems continued to run normally, but traffic wasn?t getting to us for a portion of our domains. At this point, the network outage has been fixed and traffic levels are returning to normal.?

Source: https://www.theverge.com/2019/6/24/18715308/discord-down-outage-cloudflare-problems-crunchyroll-feedly

Ecuador Claims It Suffered 40 Million Cyber Attacks Since Julian Assange?s Arrest

Five days ago, Ecuador revoked Julian Assange?s 7-year long asylum and turned him over to the UK authorities, which promptly arrested the Wikileaks chief.

Since then, Ecuador claims to be under siege from Assange supporters and ?groups linked? to him.

Patricio Real, Ecuador?s deputy minister for information and communication technology, said in a statement that the webpages for his country?s public institutions experienced 40 million cyber-attacks.

Among the hardest hit were pages for the central bank, the foreign ministry and the president?s office.

?During the afternoon of April 11 we jumped from 51st place to 31st place worldwide in terms of the volume of cyber attacks,? he said.

The deputy minister said that the attacks ?principally come from the United States, Brazil, Holland, Germany, Romania, France, Austria and the United Kingdom,? but that countries from South America also show up on the list.

No major hacking groups were named in Ecuador?s statement, though famed Anonymous apparently made a threat.

Real also didn?t specify what type of attacks Ecuador?s website experience. He mentioned that no hacker managed to steal government data but that the attacks prevented some employees and citizens from accessing their accounts.

As Real called the attacks ?volumetric,? he most likely referred to a type of DDoS attack in which hackers send a lot of traffic to a website hoping to overwhelm it.

While this is a serious threat to a network, the attack itself can be perpetrated even by those without a lot of technical knowledge.

Ecuador will receive cybersecurity support from Israel to handle the incidents. It has also made motions to arrest a suspect, Swedish citizen close to Assange.

Right now, Julian Assange is in the UK authorities? hands and waiting to see if he will be extradited to the US to face conspiracy charges.

He was also stripped of his Ecuador citizenship, which was granted in 2017 under a different Ecuadorian regime.

Source:?https://techthelead.com/ecuador-claims-it-suffered-40-million-cyber-attacks-since-julian-assanges-arrest/

How HTML5 Ping Is Used in DDoS Attacks

A new type of distributed denial-of-service (DDoS) attack is abusing a common HTML5 attribute to overwhelm targeted victims.

Security firm Imperva reported on April 11 that it has discovered a campaign where hackers abused the <a> tag ping HTML5 attribute in a DDoS attack that generated 70 million requests in four hours. The ping attribute is intended to be used by websites as a mechanism to notify a website if a user follows a given link on a page. Typically, a ping is a single action, but Imperva discovered that hackers have found a way to amplify the ping into a more persistent data flow, triggering the DDoS attack.

“The attacker, probably using social engineering, forced users to visit a website that contained malicious JavaScript,” Vitaly Simonovich, security researcher at Imperva, told eWEEK. “This script generated links with the target site in the ‘ping’ attribute and clicked it without personal involvement of the user. Auto-generated clicks reflected as ping back to the victim, continuously, the entire time the user stayed on the webpage.”

Imperva’s analysis of the attack explained that when the user clicks on the hyperlink, a POST request with the body ?ping? will be sent to the URLs specified in the attribute. It will also include headers ?Ping-From,? ?Ping-To? and a ?text/ping? content type.

“We observe DDoS attacks daily,” Simonovich said. “We discovered this attack?last month. However, when we looked back in our logs, we noticed that the first time the attack occurred on our network in December 2018, it was using the ping feature.”

The attack that Imperva found was able make use of 4,000 user IPs, with a large percentage of them from China. The campaign lasted four hours, with a peak of 7,500 requests per second (RPS), resulting in more than 70 million requests hitting the target victim’s website.

How the Ping Attack Overwhelms a Server

A simple ping on its own is not enough to disturb a web server and, in fact, for basic availability web servers are regularly hit with ping requests. Ping requests are also low bandwidth and would not likely be able to constitute a volumetric DDoS attack, which aims to overwhelm the available bandwidth of a target server.

The DDoS attack discovered by Imperva, however, was not a basic ping and, according to Simonovich, could impact a web application server in a couple ways:

  1. Targeting the web server using high RPS, the server will be forced into processing the DDoS attack and not handle legitimate traffic.
  2. Targeting the web application by finding an injection point will cause a high resource consumption. For example, the login form will cause a query to the database.

“The attack is performed on the application layer aimed to clog server resources by processing several HTTP requests,” Simonovich explained. “As such, attack bandwidth is not the weakest resource in the chain, but CPU or memory of the server.”

He added that 7,500 RPS is far from the most powerful application DDoS attack, which can reach 100,000 RPS and more, but it is enough to deny availability for a midsize website.

Defending Against Ping DDoS

There are several things that organizations can do to minimize the risk of a Ping DDoS attack.

Imperva recommends that organizations that do not need to receive ping requests on a web server block any web requests that contain ?Ping-To? and/or ?Ping-From? HTTP headers on the edge devices (firewall, WAF, etc.). DDoS services, including the one that Imperva offers, also can be employed to help limit risk.

“Attackers are constantly looking for new and sophisticated methods to abuse legitimate services and bypass mitigation mechanisms,” Simonovich?said. “Utilization of the ping functionality is a good example of this, especially since most of the browsers by default support it. The challenge that attackers are facing is how to force legitimate users to visit the malicious page and stay on this page as long as possible to make the attack run longer.”

Source:?https://www.eweek.com/security/how-html5-ping-is-used-in-ddos-attacks

Man charged over Cheshire and Greater Manchester Police cyber-attacks

A man has been charged over cyber-attacks which targeted the websites of two police forces.

Liam Reece Watts, 19, of Stratford Road in Chorley, Lancashire, faces two counts of unauthorised acts with intent to impair operation of or prevent access to a computer.

The charges relate to deliberate denial of service (DDoS) attacks on the Greater Manchester and Cheshire forces.

He is due to appear at Chester Magistrates’ Court later.

DDoS attacks involve flooding a target’s service with extremely high volumes of traffic in an effort to overwhelm them.

Source:?https://www.bbc.com/news/uk-england-lancashire-47708237

New Mirai Variant Comes with 27 Exploits, Targets Enterprise Devices

A new Mirai variant comes with?eleven new exploits, the enterprise WePresent WiPG-1000 Wireless Presentation system and the?LG Supersign TV being the most notable new devices being targeted.

A previous report by Palo Alto Networks’ Unit 42 from September saw a strain?of the?Mirai?botnet switching targets to attack?Apache Struts servers using an exploit also employed during last year’s Equifax breach, while a?new Gafgyt?version was observed while assailing?SonicWall?firewalls, as part of a larger move against enterprise assets.

In both those instances, the Unit 42 security researchers saw exploits of older and already patched?vulnerabilities used in the attacks, hinting at the threat actors trying to make their work easier by compromising unpatched devices impacted by severe security flaws such as the?CVE-2017-5638?for Apache Struts.

Mirai?attacks against enterprise devices mounting up

This time, as previously mentioned, the researchers found that, besides its usual marks represented by routers, network video cameras, modem routers, and wireless controllers, the Mirai?version detected during January 2019 is now also scanning for and exploiting LG Supersign TVs and WePresent WiPG-1000 Wireless Presentation systems present in enterprise environments.

On top of that, with the 11 new exploits added by its masters?to be used in the attacks, the total now reaches 27. As further discovered by Unit 42, the botnet’s malicious?payload is hosted on a Colombian company’s server which, ironically,?provides “electronic security, integration and alarm monitoring” services.

“These new features afford the botnet a large attack surface. In particular, targeting enterprise links also grants it access to larger bandwidth, ultimately resulting in greater firepower for the botnet for DDoS attacks,” according to Unit 42.

Vulnerability Affected Devices
CVE-2018-17173 LG Supersign TVs
WePresent WiPG-1000 Command Injection WePresent WiPG-1000 Wireless Presentation systems
DLink DCS-930L Remote Command Execution DLink DCS-930L Network Video Cameras
DLink diagnostic.php Command Execution DLink DIR-645, DIR-815 Routers
Zyxel P660HN Remote Command Execution Zyxel P660HN-T routers
CVE-2016-1555 Netgear WG102, WG103, WN604, WNDAP350, WNDAP360, WNAP320, WNAP210, WNDAP660, WNDAP620 devices
CVE-2017-6077, CVE-2017-6334 Netgear DGN2200 N300 Wireless ADSL2+ Modem Routers
Netgear Prosafe Remote Command Execution Netgear Prosafe WC9500, WC7600, WC7520 Wireless Controllers

? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?Newly added exploits

The new Mirai?variant spotted by Unit 42 also comes with a handful of new features:

Mirai is a self-propagating botnet created by?Paras Jha, Josiah White, and Dalton Norman, originally?designed to?target?Internet of Things (IoT) devices such as routers,?digital video recorders, and IP cameras, transforming them into “bots” upon successful compromise?which can later be used as sources for large-scale Distributed Denial of Service attacks.

During 2016, some malicious actors were advertising huge Mirai botnets of hundreds of thousands of infected devices capable of DDoS attacks over 650Gbps?and managing?to impact hundreds of thousands of devices?[1, 2] during a single campaign.

Mirai?still going strong despite creators’ getting caught

It all started after Jha posted the Mirai’s source code on a hacking forum during 2016 and, since then, other bad actors have used to create numerous other botnets?using the code he shared as a starting point,?most of them being on at least the same level of sophistication but, once in a while, adding newer and more complex?attack tools [1, 2, 3, 4, 5, 6].

While their “masterpiece”?was and is being improved by others and it still going strong as proven by?Unit 42’s newest report on the new Mirai?variant,?Jha, White, and Norman were indicted and pleaded guilty for their role in the creation of the malware during December 2018, after?Jha was first questioned by the FBI?in January 2017?and the US authorities charged all three of them?in May 2017.

Paras Jha was sentenced during October and ordered “to pay $8.6 million in restitution and serve six months of home incarceration” according to?a?DoJ release?from?October 26, 2018.

?The group behind Mirai?was?sentenced?to serve a five-year period of probation and do 2,500 hours of community service, as well as?pay $127,000 as restitution while also having to abandon?the cryptocurrency seized during the?investigation. Jail time was removed from the sentence after they assisted the FBI in other cybercriminal investigations.
Source:?https://www.bleepingcomputer.com/news/security/new-mirai-variant-comes-with-27-exploits-targets-enterprise-devices/

7 Misconceptions About DDoS Attacks That Could Jeopardize Your Business

Most organizations understand that DDoS attacks are disruptive and potentially damaging. ?But many are also unaware of just how quickly the DDoS landscape has changed over the past two years, and underestimate how significant the risk from the current generation of attacks has become to the operation of their business. Here, I?m going to set the record straight about seven of the biggest misconceptions that I hear about DDoS attacks.

  • There are more important security issues than DDoS that need to be resolved first.

When it comes to cyber-attacks, the media focuses on major hacks, data breaches and ransomware incidents. DDoS attacks are growing rapidly in scale and severity: the number of attacks grew by 71% in Q3 2018 alone, to an average of over 175 attacks per day, while the average attack volume more than doubled according to the Link11 DDoS Report. The number of devastating examples is large. In late 2017, seven of the UK?s biggest banks were forced to reduce operations or shut down entire systems following a DDoS attack, costing hundreds of thousands of pounds according the UK National Crime Agency. ?And in 2018, online services from several Dutch banks and numerous other financial and government services in the Netherlands were brought to a standstill in January and May. These attacks were launched using Webstresser.org, the world?s largest provider of?DDoS-on-demand, which sold attack services for as little as ?11. ?It costs a criminal almost nothing and requires little to no technical expertise to mount an attack, but it costs a company a great deal to fix the damage they cause.

What?s more, DDoS attacks are often used as a distraction, to divert IT teams? attention away from attempts to breach corporate networks. ?As such, dealing with DDoS attacks should be regarded as a priority, not a secondary consideration.

  • I know that DDoS attacks are common, but I?ve never been affected before

Many companies underestimate the risk of being hit by DDoS because they have never been hit before. The truth is that oftentimes only one attack is already more than enough to cause severe damage in the value chain. This potentially affects any company that is connected to the Internet in any way. Overload attacks not only affect websites, but also all other web services such as e-mail communication, intranet, customer connections, supplier and workflow systems, and more. ?Today, customers and partners expect 100% availability. Besides the business interruption due to production loss and recovery costs, reputational damage is a common consequence. Total costs for the incidents can quickly go into the millions. On the other hand, the costs for proactive protection against these kinds of attacks are comparably negligible.

  • There are many providers offering a solution, so DDoS is an easy problem to fix

DDoS is not a new topic, which means that many of the available solutions are outdated. Only a few provider deliver up-to-date, real-time protection that secures against all types of attacks on all network layers. Only a handful of providers can react immediately in an emergency, i.e. if the attack has already taken place, and quickly provide the right protection to organizations.

  • Reacting to an attack within a few minutes is sufficient

Ideally, the use of intelligent defence systems and always-on protection should prevent a failure in the first place. However, if a new attack pattern appears, the first 30 seconds are crucial. Even if an attack is mitigated after just one minute, subsequent IP connections will already be interrupted (for example, collapsing an IPSec tunnel) and it may take several hours until availability is restored. Although this prevents follow-up actions that can lead to infiltration and data theft, the economic costs of lost revenue, loss of productivity and damage to reputation can still be immense. Therefore, it is vital for organizations to implement a solution that guarantees mitigation in a matter of seconds.

  • We have our own 24/7 Security Operations Center (SOC), so we are immune

In the flood of security alerts in the SOC it is likely that some events are overlooked or not brought into context with other activities. Furthermore, the sheer amount of necessary analyses and measures is not feasible with people. Only a fully automated process that works based on intelligent and globally networked systems, and which precludes human errors in the process chain can ensure comprehensive security. Industrial-scale attacks can only be countered with industrial-scale defences.

  • I am already in the cloud and am automatically protected by my cloud provider

The major cloud providers offer some basic DDoS protections. But this is not aimed at preventing targeted, mega-scale attacks. In late 2016, the massive Dyn DDoS attack caused global disruption to public cloud services. ?In addition, cloud applications are easily attacked by other applications from within the same cloud. Therefore, when running business-critical applications in the cloud, it is important to consider deploying additional DDoS protections to those applications.

  • I have invested in hardware that offers protection

Although these systems ensure high infrastructure performance, they only provide static protection against DDoS attacks. This means that the DDoS protection there can only be as good as the current version of the filtering software ? which is already outdated as soon as it is released. This approach might have worked a couple of years ago. Nowadays, however, with ever more complex and powerful attacks that combine several vectors and target multiple layers at the same time, this kind of protection is unsufficient. Effective protection is only possible via intelligent and networked systems which use advanced machine-learning techniques to analyse traffic and build a profile of legitimate traffic.

In conclusion, DDoS protection needs to be seen as an essential part of the IT security infrastructure. Considering effective solutions in the event of an attack is too late. Through educating about misconceptions in this context and implementing the measures listed in this text, companies can position themselves sustainably in terms of their business continuity strategy.

Source:?https://www.informationsecuritybuzz.com/articles/7-misconceptions-about-ddos-attacks-that-could-jeopardize-your-business/

What is shadow IoT? How to mitigate the risk

When someone in your organization starts using internet-connected devices without IT?s knowledge, that?s shadow IoT. Here’s what you need to know about its growing risk.

Shadow IoT definition

Shadow IoT refers to internet of things (IoT) devices or sensors in active use within an organization without IT?s knowledge. The best example is from before the days of bring your own device (BYOD) policies when employees used personal smartphones or other mobile devices for work purposes. ?Shadow IoT is an extension of shadow IT, but on a whole new scale,? says Mike Raggo, CSO at 802 Secure. ?It stems not only from the growing number of devices per employee but also the types of devices, functionalities and purposes.?

Employees have been connecting personal tablets and mobile devices to the company network for years. Today, employees are increasingly using smart speakers, wireless thumb drives and other IoT devices at work as well. Some departments install smart TVs in conference rooms or are using IoT-enabled appliances in office kitchens, such as smart microwaves and coffee machines.

 

In addition, building facilities are often upgraded with industrial IoT (IIoT) sensors, such as heating ventilation and air conditioning (HVAC) systems controlled by Wi-Fi-enabled thermostats. Increasingly, drink machines located on company premises connect via Wi-Fi to the internet to accept, say, Apple Pay payments. When these sensors connect to an organization?s network without IT?s knowledge, they become shadow IoT.

How prevalent is shadow IoT?

Gartner predicts that 20.4 billion IoT devices will be in use globally by 2020, up from 8.4 billion in 2017. Shadow IoT has become widely prevalent as a result. In 2017, 100 percent of organizations surveyed reported ?rogue? consumer IoT devices on the enterprise network, and 90 percent reported discovering previously undetected IoT or IIoT wireless networks separate from the enterprise infrastructure, according to a 2018 report from 802 Secure.

One-third of companies in the U.S., U.K. and Germany have more than 1,000 shadow IoT devices connected to their network on a typical day, according to a 2018 Infloblox report on shadow devices. Infoblox?s research found that the most common IoT devices on enterprise networks are:

  • Fitness trackers such as Fitbits, 49 percent;
  • Digital assistants such as Amazon Alexa and Google Home, 47 percent
  • Smart TVs, 46 percent
  • Smart kitchen devices such as connected microwaves, 33 percent
  • Gaming consoles such as Xboxes or PlayStations, 30 percent.
shadow iot infographic v3.0

What are shadow IoT?s risks?

IoT devices are often built without inherent, enterprise-grade security controls, are frequently set up using default IDs and passwords that criminals can easily find via internet searches, and are sometimes added to an organization?s main Wi-Fi networks without IT?s knowledge. Consequently, the IoT sensors aren?t always visible on an organization?s network. IT can?t control or secure devices they can?t see, making smart connected devices an easy target for hackers and cybercriminals. The result: IoT attacks grew by 600 percent in 2018 compared to 2017, according to Symantec.

Vulnerable connected devices are easily discoverable online via search engines for internet-connected devices such as Shodan, Inflobox?s report points out. ?Even when searching simple terms, Shodan provides details of identifiable devices, including the banner information, HTTP, SSH, FTP and SNMP services. As identifying devices is the first step in accessing devices, this provides even lower-level criminals with an easy means of identifying a vast number of devices on enterprise networks that can then be targeted for vulnerabilities.?

Why aren?t most shadow IoT devices secure?

When PCs were first released decades ago, their operating systems weren?t built with inherent security, Raggo observes. As a result, securing PCs against viruses and malware remains an ongoing struggle.

In contrast, the iOS and Android mobile operating systems were designed with integrated security, such as app sandboxing. While mobile devices aren?t bullet-proof, they?re typically more secure than desktops and laptops.

With today?s IoT and IIoT devices, ?It?s like manufacturers have forgotten everything we?ve learned about security from mobile operating systems,? Raggo says. ?There are so many IoT manufacturers, and the supply chain for building the devices is scattered all over the world, leading to a highly fragmented market.?

Because IoT devices tend to be focused on just one or two tasks, they often lack security features beyond basic protocols such as WPA2 Wi-Fi, which has its vulnerabilities. The result: Billions of unsecured IoT devices are in use globally on enterprise networks without IT?s knowledge or involvement.

?I bought 10 or 15 IoT devices a few years ago to check out their security,? says Chester Wisniewski, principal research scientist at Sophos. ?It was shocking how fast I could find their vulnerabilities, which means anyone could hack them. Some devices had no process for me to report vulnerabilities.?

Have criminal hackers successfully targeted shadow IoT devices?

Yes. Probably the most famous example to date is the 2016 Mirai botnet attack, in which unsecured IoT devices such as Internet Protocol (IP) cameras and home network routers were hacked to build a massive botnet army. The army executed hugely disruptive distributed denial of service (DDoS) attacks, such as one that left much of the U.S. east coast internet inaccessible. The Mirai source code was also shared on the internet, for criminal hackers to use as building blocks for future botnet armies.

Other exploits are available that enable cybercriminals to take control of IoT devices, according to the Infoblox report. ?In 2017, for example, WikiLeaks published the details of a CIA tool, dubbed Weeping Angel, that explains how an agent can turn a Samsung smart TV into a live microphone. Consumer Reports also found flaws in popular smart TVs that could be used to steal data as well as to manipulate the televisions to play offensive videos and install unwanted apps.?

Along with amassing botnet armies and conducting DDoS attacks, cybercriminals can also exploit unsecured IoT devices for data exfiltration and ransomware attacks, according to Infoblox.

In one of the oddest IoT attacks thus far, criminals hacked into a smart thermometer inside a fish tank in a casino lobby to access its network. Once in the network, the attackers were able to steal the casino?s high-roller database.

The future potential of IoT-enabled cyberattacks is enough to give CSOs and other IT security professionals concern. ?Consider the damage to vital equipment that could occur if someone connected into an unsecured Wi-Fi thermostat and changed the data center temperature to 95 degrees,? Raggo says.?In 2012, for instance, cybercriminals hacked into the thermostats at a state government facility and a manufacturing plant and changed the temperatures inside the buildings. The thermostats were discovered via Shodan, a search engine devoted to internet-connected devices.

To date, the impact of IoT device exploits hasn?t been hugely negative for any particular enterprise, says Wisniewski, in terms of exploiting sensitive or private data. ?But when a hacker figures out how to make a big profit compromising IoT devices, like using a brand of smart TVs for conference room spying, that?s when the shadow IoT security risk problem will get everyone?s attention.?

3 ways to mitigate shadow IoT security risks?

  1. Make it easy for users to officially add IoT devices. ?The reason you have shadow IT and shadow IoT is often because the IT department is known for saying ?no? to requests to use devices like smart TVs,? says Wisniewski. Instead of outright banning IoT devices, fast-tracking their approval whenever possible and feasible?within, say, 30 minutes after the request is made?can help reduce the presence of shadow IoT.

    ?Publish and circulate your approval process,? Wisniewski adds. ?Get users to fill out a brief form and let them know how quickly someone will get back to them. Make the process as flexible and as easy for the requester as possible, so they don?t try to hide something they want to use.?

  2. Proactively look for shadow IoT devices. ?Organizations need to look beyond their own network to discover shadow IoT, because much of it doesn?t live on the corporate network,? Raggo says. ?More than 80 percent of IoT is wireless-enabled. Therefore, wireless monitoring for shadow IoT devices and networks can allow visibility and asset management of these other devices and networks.?

    Traditional security products list devices by a media access control (MAC) address or a vendor?s organizationally unique identifier (OUI), yet they are largely unhelpful in an environment with a plethora of different types of devices, Raggo adds. ?IT really wants to know ?what is that device?? so they can determine if it?s a rogue or permitted device. In today?s world of deep-packet inspection and machine learning, mature security products should provide human-friendly categorizations of discovered assets to ease the process of asset management and security.?

  3. Isolate IoT. Ideally, new IoT and IIoT devices should connect to the internet via a separate Wi-Fi network dedicated to such devices that IT controls, says Wisniewski. The network should be configured to enable IoT devices to transmit information and to block them from receiving incoming calls. ?With the majority of IoT devices, nothing legitimate is ever transmitted to them,? he says.

Anything shadowy is a problem

?Shadow anything is a problem, whether it?s an IoT device or any other addressable, unmanaged item,? says Wisniewski. ?The key is controlling access to the network from only authorized devices, keeping an accurate inventory of authorized devices, and having clear policies in place to ensure employees know they aren?t allowed to ?bring their own? devices and that HR sanctions will be enforced if they do.?

Source:?https://www.csoonline.com/article/3346082/what-is-shadow-iot-how-to-mitigate-the-risk.html

 

Booter Owner Pleads Guilty in Federal Court

Illinois man offered “DDoS for hire” services that hit millions of victims.

?Sergiy P. Usatyuk, who owned a series of services that collectively launched millions of distributed denial-of-service (DDoS) attacks, has pleaded guilty in federal court to one count of conspiracy to cause damage to Internet-connected computers. The services he owned and offered for use included ExoStress.in (“ExoStresser”), QuezStresser.com, Betabooter.com (“Betabooter”), Databooter.com, Instabooter.com, Polystress.com, and Zstress.net.

The sites were booter services, a class of publicly available, Web-based services that allow cybercriminals to launch DDoS attacks, often for low fees paid by customers who sign up via Web browser and online payment.

According to court documents, Usatyuk ran the network between August 2015 and November 2017. In September 2017, the ExoStresser website advertised that ” … its booter service alone had launched 1,367,610 DDoS attacks, and caused targeted victim computer systems to suffer 109,186.4 hours of network downtime,” one of the documents shows.

No date for sentencing was announced.

Source:?https://www.darkreading.com/attacks-breaches/booter-owner-pleads-guilty-in-federal-court/d/d-id/1333993

IoT and DDoS attacks dominate cybersecurity space

Connected devices often get attacked minutes after being plugged in.

IoT devices are being attacked with greater regularity than ever before, new research has suggested.

According to a new report by NETSCOUT, smart products often come under attack within five minutes of being plugged in, and are targeted by specific exploits within a day.

The Threat Landscape Report says IoT device security is ?minimal to non-existent? on many devices. That makes the IoT sector among the most vulnerable ones, especially knowing that medical equipment and connected cars fall under the IoT category.

DDoS, in general, is still on the rise, the report adds. The number of such attacks grew by a quarter last year. Attacks in the 100-400 Gbps range ?exploded?, it says, concluding a ?continued interest? hackers have in this attack vector.

The global maximum DDoS attack size grew by 19 per cent last year, compared to the year before.

International institutions, such as the UN or the IMF, have never been this interesting to hackers. DDoS attacks against such organisations had risen by almost 200 per cent last year.

Hackers operate similarly to the way legitimate businesses operate. They employ the affiliate model, allowing them to rake up profits quite quickly.

?Our global findings reveal that the threat landscape in the second half of 2018 represents the equivalent of attacks on steroids,? said Hardik Modi, NETSCOUT?s senior director of Threat Intelligence. ?With DDoS attack size and frequency, volume of nation state activity and speed of IoT threats all on the rise, the modern world can no longer ignore the digital threats we regularly face from malicious actors capable of capitalizing on the interdependencies that wind through our pervasively connected world.?

Source:?https://www.itproportal.com/news/iot-and-ddos-attacks-dominate-cybersecurity-space/

DoJ Charges Hackers with Staging Computer Attacks

Federal authorities have arrested two alleged members of a hacking group known as the Apophis Squad on charges of making false threats of violent attacks and staging attacks on multiple computer systems.

According to an announcement from the Department of Justice (DoJ), the two defendants, Timothy Dalton Vaughn, 20, of Winston-Salem, North Carolina, and George Duke-Cohan, 19, of Hertfordshire, United Kingdom, are allegedly part of a global group of hackers suspected of wreaking havoc on the internet for the better part of 2018, including launching distributed-denial-of-service (DDoS) attacks.

Duke-Cohan, who is already serving a three-year sentence in the UK for threatening an airline, which turned out to be a hoax, is believed to go by the names DigitalCrimes?and 7R1D3N7?online.

The defendants face multiple charges, including conducting cyber- and swatting attacks against individuals, businesses?and institutions in the US?and the UK, according to the DoJ.

?Members of Apophis Squad communicated various threats ? sometimes using ‘spoofed’?email addresses to make it appear the threats had been sent by innocent parties, including the mayor of London,” the announcement stated.

?They also allegedly defaced websites and launched denial-of-service attacks. In addition, Vaughn allegedly conducted a DDoS attack that took down hoonigan.com, the website of a Long Beach motorsport company, for three days, and sent extortionate emails to the company demanding a Bitcoin payment to cease the attack.?

If convicted of all charges in the 11-count indictment, Vaughn could be sentenced to a maximum of 80 years in prison. Duke-Cohen, who is facing nine charges, would be sentenced to a maximum of 65 years if found guilty.

?The Apophis Squad also took credit for hacking and defacing the website of a university in Colombia, resulting in visitors to the site seeing a picture of Adolf Hitler holding a sign saying ‘YOU ARE HACKED’?alongside the message ?Hacked by APOPHIS SQUAD,?? the DoJ wrote.

Source:?https://www.infosecurity-magazine.com/news/doj-charges-hackers-with-staging-1/

Copyright © 2013. Created by Meks. Powered by WordPress.