Category - Denial of Service

1
Nokia: IoT Botnets Comprise 78% of Malware on Networks
2
The CoAP protocol is the next big thing for DDoS attacks
3
60 Cybersecurity Predictions For 2019
4
Universities seeing rise in DDoS attacks
5
81.5M Voter Records For Sale On Dark Web Ahead Of Midterm Elections
6
Man Ordered to Pay $8.6 Million for Launching DDoS Attacks against Rutgers University
7
This botnet snares your smart devices to perform DDoS attacks with a little help from Mirai
8
In Blockchain, There is no Checkmate
9
DDoS Attacks Target Multiple Games including Final Fantasy XIV, Assassin’s Creed
10
‘Torii’ Breaks New Ground For IoT Malware

Nokia: IoT Botnets Comprise 78% of Malware on Networks

Nokia is warning of a deluge of IoT malware after revealing a 45% increase in IoT botnet activity on service provider networks since 2016.

The mobile networking firm’s Threat Intelligence Report for 2019 is is based on data collected from its NetGuard Endpoint Security product, which it says monitors network traffic from over 150 million devices globally.

It revealed that botnet activity represented 78% of malware detection events in communication service provider (CSP) networks this year, more than double the 33% seen in 2016.

Similarly, IoT bots now make up 16% of infected devices on CSP networks, a near-five-fold increase from 3.5% a year ago.

“Cyber-criminals are switching gears from the traditional computer and smartphone ecosystems and now targeting the growing number of vulnerable IoT devices that are being deployed,” said Kevin McNamee, director of Nokia’s Threat Intelligence Lab. “You have thousands of IoT device manufacturers wanting to move product fast to market and, unfortunately, security is often an afterthought.”

This is a threat that first came to light with the Mirai attacks of 2016, when the infamous IoT malware sought out and infected tens of thousands of smart devices protected only by factory default passwords.

That ended up launching some of the largest DDoS attacks ever seen, although Nokia also called out crypto-mining as a potential new use of IoT botnets made up of compromised smartphones and web browsers.

“Cyber-criminals have increasingly smart tools to scan for and to quickly exploit vulnerable devices, and they have new tools for spreading their malware and bypassing firewalls. If a vulnerable device is deployed on the internet, it will be exploited in a matter of minutes,” McNamee warned.

IoT adoption is expected to accelerate with 5G, potentially exposing even more devices to cyber risk, Nokia claimed.

Yossi Naar, co-founder at Cybereason, argued that attackers can also use compromised IoT endpoints to move into corporate networks and high-value servers.

“Simply put, security needs to be a primary design consideration, as fundamental as any other measure of performance,” he added. “There should be a focus on tight mechanisms for strong authentication and the minimization of the potential attack surface. It’s a fundamental design philosophy that responsible companies have, but it’s not a reflex for all companies — yet.”

Source: https://www.infosecurity-magazine.com/news/iot-botnets-78-of-malware-on/

The CoAP protocol is the next big thing for DDoS attacks

CoAP DDoS attacks have already been detected in the wild, some clocking at 320Gbps.

RFC 7252, also known as the Constrained Application Protocol (CoAP), is about to become one of the most abused protocols in terms of DDoS attacks, security researchers have told ZDNet.

If readers don’t recognize the name of this protocol that’s because it’s new –being formally approved only recently, in 2014, and largely unused until this year.

WHAT IS COAP?

CoAP was designed as a lightweight machine-to-machine (M2M) protocol that can run on smart devices where memory and computing resources are scarce.

In a very simplistic explanation, CoAP is very similar to HTTP, but instead of working on top of TCP packets, it works on top of UDP, a lighter data transfer format created as a TCP alternative.

Just like HTTP is used to transport data and commands (GET, POST, CONNECT, etc.) between a client and a server, CoAP also allows the same multicast and command transmission features, but without needing the same amount of resources, making it ideal for today’s rising wave of Internet of Things (IoT) devices.

But just like any other UDP-based protocol, CoAP is inherently susceptible to IP address spoofing and packet amplification, the two major factors that enable the amplification of a DDoS attack.

An attacker can send a small UDP packet to a CoAP client (an IoT device), and the client would respond with a much larger packet. In the world of DDoS attacks, the size of this packet response is known as an amplification factor, and for CoAP, this can range from 10 to 50, depending on the initial packet and the resulting response (and the protocol analysis you’re reading).

Furthermore, because CoAP is vulnerable to IP spoofing, attackers can replace the “sender IP address” with the IP address of a victim they want to launch a DDoS attack against, and that victim would receive the blunt force of the amplified CoAP traffic.

The people who designed CoAP added security features to prevent these types of issues, but as Cloudflare pointed out in a blog post last year, if device makers implement these CoAP security features, the CoAP protocol isn’t so light anymore, negating all the benefits of a lightweight protocol.

That’s why most of today’s CoAP implementations forgo using hardened security modes for a “NoSec” security mode that keeps the protocol light, but also vulnerable to DDoS abuse.

THE RISE OF COAP

But because CoAP was a new protocol, a few hundreds of vulnerable devices here and there would have never been a problem, even if all were running in NoSec modes.

Unfortunately, things started to change. According to a talk that Dennis Rand, founder of eCrimeLabs, gave at the RVAsec security conference over the summer (19:40 mark), the number of CoAP devices has exploded since November 2017.

Rand says the CoAP device count jumped from a lowly 6,500 in November 2017 to over 26,000 the next month. Things got even worse in 2018 because by May that number was at 278,000 devices, a number that today is hovering at 580,000-600,000, according to Shodan, a search engine for Internet-connected devices.

coap-shodan.png

Rand suggests the reason for this explosion is CoAP’s use as part of QLC Chain (formerly known as QLink), a project that aims build a decentralized blockchain-based mobile network using WiFi nodes available across China.

But this sudden rise in readily available and poorly secured CoAP clients hasn’t gone unnoticed. Over the past few weeks, the first DDoS attacks carried out via CoAP have started to leave their mark.

A security researcher who deals with DDoS attacks but who couldn’t share his name due to employment agreements told ZDNet that CoAP attacks have happened on an occasional basis over the past months, with increasing frequency, reaching 55Gbps on average, and with the largest one clocking at 320Gbps.

The 55Gbps average is an order of magnitude superior to the average size of a normal DDoS attack, which is 4.6Gbps, according to DDoS mitigation firm Link11.

Of the 580,000 CoAP devices currently available on Shodan today, the same researcher told ZDNet that roughly 330,000 could be (ab)used to relay and amplify DDoS attacks with an amplification factor of up to 46 times.

Of the attacks the researcher has recorded, most have targeted various online services in China, but also some MMORPGs platforms outside of mainland China.

It is unclear if CoAP has been added as an attack option to DDoS-for-hire platforms, but once this happens, such attacks will intensify even more.

Furthermore, CoAP’s use in the real world has exploded this year but was mainly restricted to China. It is safe to assume that once CoAP has already become popular in China, today’s main manufacturing hub, vulnerable devices will also spread to other countries as devices made in the communist state are sold overseas.

WE’VE BEEN WARNED

Just like with the case with most protocols developed with IoT in mind, the issue doesn’t seem to reside in the protocol design, which includes some basic security features, but in how device makers are configuring and shipping CoAP in live devices.

Sadly, this isn’t something new. Many protocols are often misconfigured, by accident or intentionally, by device makers, which often choose interoperability and ease of use over security.

But the thing that will annoy some security researchers is that some predicted this would happen even before CoAP was approved as an official Internet standard, way back in 2013.

This was a totally avoidable disaster if only countries around the world had more stringent rules about IoT devices and their security features.

On a side note –and coincidentally– as CoAP DDoS attacks are now beginning to get noticed, Federico Maggi, a security researcher with Trend Micro, has also taken a look at CoAP’s DDoS amplification capabilities, research which he’s set to present at the Black Hat security conference this week in London.

The same research also looked at a fellow M2M protocol, MQTT, also known to be a mess, and in which the researcher has identified several vulnerabilities.

Source: https://www.zdnet.com/article/the-coap-protocol-is-the-next-big-thing-for-ddos-attacks/

60 Cybersecurity Predictions For 2019

I’ve always been a loner, avoiding crowds as much as possible, but last Friday I found myself in the company of 500 million people. The breach of the personal accounts of Marriott and Starwood customers forced us to join the 34% of U.S. consumers who experienced a compromise of their personal information over the last year. Viewed another way, there were 2,216 data breaches and more than 53,000 cybersecurity incidents reported in 65 countries in the 12 months ending in March 2018.

How many data breaches we will see in 2019 and how big are they going to be?

No one has a crystal ball this accurate and it’s difficult to make predictions, especially about the future. Still, I made a brilliant, contrarian, and very accurate prediction last year, stating unequivocally that “there will be more spectacular data breaches” in 2018.

Just like last year, this year’s 60 predictions reveal the state-of-mind of key participants in the cybersecurity industry (on the defense team, of course) and cover all that’s hot today. Topics include the use and misuse of data; artificial intelligence (AI) and machine learning as a double-edge sword helping both attackers and defenders; whether we are going to finally “get over privacy” or see our data finally being treated as a private and protected asset; how the cloud changes everything and how connected and moving devices add numerous security risks; the emerging global cyber war conducted by terrorists, criminals, and countries; and the changing skills and landscape of cybersecurity.

It’s the data, stupid

“While data has created an explosion of opportunities for the enterprise, the ability to collaborate on sensitive data and take full advance of artificial intelligence opportunities to generate insights is currently inhibited by privacy risks, compliance and regulation controls. The security challenge of ‘data in use’ will be overcome by applying the most universal truth of all-time—mathematics—to facilitate data collaboration without the need for trust from either side. For example, ‘zero-knowledge proof’ allows proof of a claim without revealing any other information beyond what is claimed. Software that is beyond trust and based on math will propel this trend forward”—Nadav Zafrir, CEO,Team8

“IT security in 2019 is no longer going to simply be about protecting sensitive data and keeping hackers out of our systems. In this day and age of big data and artificial intelligence—where cooperation on data can lead to enormous business opportunities and scientific and medical breakthroughs—security is also going have to focus on enabling organizations to leverage, collaborate on and monetize their data without being exposed to privacy breaches, giving up their intellectual property or having their data misused. Cybersecurity alone is not going to be enough to secure our most sensitive data or our privacy. Data must be protected and enforced by technology itself, not just by cyber or regulation. The very technology compromising our privacy must itself be leveraged to bring real privacy to this data-driven age”—Rina Shainski, Co-founder and Chairwoman, Duality Technologies

AI is a dual-use technology

AI-driven chatbots will go rogue. In 2019, cyber criminals and black hat hackers will create malicious chatbots that try to socially engineer victims into clicking links, downloading files or sharing private information. A hijacked chatbot could misdirect victims to nefarious links rather than legitimate ones. Attackers could also leverage web application flaws in legitimate websites to insert a malicious chatbot into a site that doesn’t have one. In short, next year attackers will start to experiment with malicious chatbots to socially engineer victims. They will start with basic text-based bots, but in the future, they could use human speech bots to socially engineer victims over the phone or other voice connections”—Corey Nachreiner, CTO, WatchGuard Technologies

“While next-gen technology like Artificial Intelligence (AI) and Machine Learning (ML) are transforming many enterprises for the better, they’ve also given rise to a new breed of ‘smart’ attacks. The ability to scale and carry out attacks is extremely enticing to cybercriminals, including use of intelligent malware. The rise in next-gen threats means that security professionals must be extra vigilant with detection and training against these threats, while also adopting new methods of automated prevention methods”—John Samuel, Senior Vice President and Global Chief Information Officer, CGS

“Cyber defenders have been researching and working on their machine learning/AI/deep Learning for a long time. We expect over the next 5 years that these technologies will also empower adversaries to create more powerful and elusive attacks through a new generation of tools, tactics and procedures. While AI/ML-savvy offensive cybercriminals are in their infancy, this is like any other business. They will invest in whatever provides them the greatest return. Unlike defenders, those on the offense are willing to collaborate and share innovation freely, which could increase rapid development and innovation”—David Capuano, CMO and VP Sales, BluVector

“Automation is the name of the game in security and machine learning is here to help. AI is all about automating expert systems, and security is all about experts answering some form of the question: ‘Does this matter? Does this alert matter? Is this vulnerability risky?’ Machine learning will help filter out the noise, so that the limited number of practitioners out there can use their time most efficiently”—Michael Roytman, chief data scientist, Kenna Security

“Recent updates to exploit kits, specifically natural language and artificial intelligence capabilities, has made the automation of highly convincing and unique social engineering emails a very simple process. Meaning, an attacker can upload a file with one million email addresses and can automate the creation of effective and unique phishing messages to send out to victims”—Brian Hussey, VP of Cyber Threat Detection and Response, Trustwave SpiderLabs

When it comes to using AI in cybersecurity, be wary. AI offers companies huge potential, but it is a largely untapped area. If you do plan to implement it, do a proof of concept to make sure that it integrates into your company’s environment, ensuring that you’re getting the maximum value”—Joan Pepin, CISO and VP of Operations, Auth0

“The focus on artificial intelligence in cybersecurity has led to an arms war, with vendors ratcheting up claims about the number of models or features to sensational levels. In 2019, the focus will shift from quantity to quality of features. Both vendors and their users will recognize that fewer, more precise features, can improve threat detection rates, while ensuring virtually zero false positives”—Adrien Gendre, North American CEO, Vade Secure

As AI-enabled apps continue to proliferate, companies will face a rise in accidental vulnerabilities. Expect to hear about more breaches that aren’t a result of a hack, but can be mapped back to developers leaving large data pools (which power AI-enabled applications) accidentally unprotected. Companies need to be vigilant when working with large data pools, especially customer data, that feed AI in services like Amazon, Facebook and Google, and always double check their configurations”—Alex Smith, Director of Security Products,Intermedia

“With fraud attack rates expected to continue to increase in 2019, costing e-commerce retailers billions of dollars, AI is poised to play a huge role in stopping bad actors in real-time before they strike. Artificial intelligence and machine learning, enhanced by human research, have the ability to protect online merchants from abuse at both the account level and the point of transaction.  AI-driven solutions are becoming a necessity because they instantly prevent fraud, enabling retailers to scale and keep up with the e-commerce giants without sacrificing the consumer experience. Finally, fraud prevention models that use AI can be personalized based on a nuanced understanding of each merchant’s specific pain points and historical data”—Michael Reitblat, Co-Founder and CEO, Forter

The emerging global cyber war

Terrorist-related groups will attack population centers with crimeware-as-a-service. While terrorist-related groups have been tormenting organizations and individuals for years, we anticipate more potentially destructive attacks in 2019. Instead of breaking systems with ransomware, adversaries will leverage new tools to conduct harmful assaults on targeted subjects and organizations. From attacks on data integrity that essentially kill computers to the point of mandatory hardware replacements, to leveraging new technology for physical assaults such as the recent drone attack in Venezuela, attack surfaces are growing and enemies will take advantage. To combat this, organizations must take inventory of their attack landscape to identify and mitigate potential threats before they are exploited. Malcolm Harkins, Chief Security and Trust Officer, Cylance

“We expect nation-state threats to increase significantly in 2019, particularly targeting critical infrastructure. Critical infrastructure systems are extremely vulnerable to both cybersecurity and physical security risks. State-sponsored threats and high-level hackers are constantly looking to gain access to the critical infrastructure of nations worldwide, with the intent of hitting some of our most valuable systems (national security, public health, emergency communications, and more)”—Mike McKee, CEO, ObserveIT

“The nature of cyberwarfare is changing. Russia has led the way in the use of targeted cyber actions as part of larger objectives, and now other nation states are looking to follow the same playbook. While a direct cyberwar is not on the horizon, there will continue to be smaller proxy cyber wars as part of regional conflicts where larger nation state actors provide material support to these smaller conflicts. These regional conflicts will be testing grounds for new tactics, techniques and procedures as larger nation states determine how cyber warfare integrates into their larger military objectives. Nation states will also start experimenting more this year in adding ‘disinformation’ campaigns as part of their cyber warfare efforts. These kinds of attacks will make true attribution more difficult”—Sean McNee, Senior Data Scientist, DomainTools

“As the cyber threat landscape intensifies, adversaries will continue to discover new avenues for attacks. Although satellites aren’t the most common attack surface, it is important for industry professionals to acknowledge the capabilities that threat actors hold over them. Security concerns continue to grow within the satellite industry, with execs even forming a government-backed clearinghouse to share information on cyber threats to space assets. From military satellites to GPS technology and even communication satellites, adversaries are able to conduct targeted attacks to gain access to these crucial systems—some of which are highly classified networks. As these threat actors refine their skills, we anticipate major attacks on satellite systems as a new form of nation-state warfare”—John Cassidy, CEO and Co-Founder, King & Union

The year of protected privacy, finally?

Managing privacy will be the new normal, like securing data or paying taxes. Privacy will continue on a similar path as the evolution of cybersecurity. The number of breaches and privacy-related incidents will continue to rise, up and to the right. This rise will be comprised of peaks and valleys. Like with security, a standard of constant privacy will become the new normal. For example, while many organizations treated GDPR as a project, with a finite end, compliance is a continuous exercise that requires the same focus and vigilance as security or taxes”—Chris Babel, CEO, TrustArc

Consumers will start to reclaim control and monetize their data. Ownership of customer data will transition away from businesses and back toward customers themselves, and new services will emerge that empower customers to even monetize their own personal data and rent it back to companies. Data is the fuel that powers AI, and customers will realize they have the power to drive their own AI-based experiences by reclaiming data control”—Dr. Rob Walker, vice president, decision management and analytics, Pegasystems

“GDPR was a great first step, but global regulation and governance still remain a complex web. The United States will continue to fall further and further behind in competency and international relations as our federal compliance efforts simply aren’t moving fast enough to meet worldwide requirements. Countries where privacy is prioritized and seamlessly integrated will see the most optimal growth”—Tomas Honzak, Chief Information Security Officer, GoodData

“Data protection legislation will continue to influence societal expectations on security, which will trickle down to companies and their supply chains.  Consumers have always felt protective of their data, but with new legislation redefining the data landscape, consumers have grown more confident in demanding their data be treated with respect, that its uses are kept visible and clear, and that it is used only as they agreed. The pressure these new societal expectations will exert cannot be overstated, both on public-facing companies and through them all the way down their supply chains. Make no mistake, security and data handling are seen now by all successful companies to be as critical to business and contracts as confidentiality and liability limits have always been”—Geoff Forsyth, CTO, PCI Pal

There will be a lot more focus on privacy and security of connected cars. The information from the connected car is arguably more sensitive than our credit card information – where do we go, when do we go there, when are we home, where do we shop and work, where do our kids go to school and what locations do we go to at what time. There will be breaches of this personal information and bad things that happen as a result. There will be more of the takeover scenarios where an external (bad) actor can take over the technology. This too will result in backlash and involvement of political and legal entities to begin to make laws and precedents. What can law enforcement access and discover to use for investigation purposes?”—Todd Walter, chief technologist, Teradata

“As privacy concerns grow, there will be an increasing interest in privacy-preserving machine-learning techniques that are able train accurate models without compromising privacy”—Prasad Chalasani, Chief Scientist, MediaMath

The global regulatory environment will become more challenging as regulators and governments worldwide continue to strive to implement better data privacy protection as was done with GDPR. While this is a great progress, we’re going to see these governments counter to gain more access to information”—Phil Dunkelberger, CEO, Nok Nok Labs

“As governments implement new data privacy regulations, enterprises will increasingly adopt a ‘Privacy First’ approach to data management. However, the challenges these enterprises will face as they seek to integrate data privacy best practices into their existing applications, as well as new mobile, IoT and other applications, will be significant. Enterprises will need AI-powered, automated, outcome-driven data management solutions to address these challenges if they hope to implement strong data privacy policies without sacrificing productivity or agility”—Don Foster, senior director of worldwide solutions marketing, Commvault

“In 2019, the US government will NOT adopt any new digital privacy policies despite the recent congressional hearings with Twitter, Facebook, Google, etc.”—Kevin Lee, Trust and Safety Architect, Sift Science

The Cloud changes everything and everything is connected… and vulnerable

“Your smart fridge will start scamming you. IoT-connected appliances such as refrigerators and washing machines already produce unattended payments that the user cannot personally verify. Fraudsters see this vulnerability now and will begin to take advantage of it”—Uri Rivner, Chief Cyber Officer, BioCatch

“In 2019, the two main targets for cyber-attackers will be the cloud and user devices. Operating systems on user devices provide more functionality than ever before, making them more vulnerable and an easy target for attackers. At the same time, users will expect more flexibility and the ability to work with any OS, any application, and on any device. As organizations look provide security, privacy, and productivity, they will have to shift to a new, ‘zero trust’ device architecture”—Tal Zamir, CEO, Hysolate

“IoT, in its current state, is not secure. There are secure devices out there, but they are the exception rather than the rule. Perhaps more concerning is that there are no revolutions in IoT security on the horizon. IoT will continue to be vulnerable in 2019”—Erez Yalon, Head of Security Research, Checkmarx

“A marked shift from network security towards identity-based application security will take place next year. The cloud causes traditional control planes to become obsolete. From firewalls and IPS’s to host-based security tools, current technologies cannot be implemented in an effective and constructive manner. Application identities, in a similar process that user identity underwent in the last couple of years, will conquer the main stage”—Ran Ilany, CEO, Portshift

“With Waymo, Cruise, Uber and other autonomous vehicle industry players rushing to the market and expanding previously limited pilots to wider scale public deployments, we predict that a self-driving car used ‘in production’ will be hacked. The immediate implications are unlikely to be life-threatening, however, they will only strengthen concerns about a potential nightmare scenario like car ransomware”—Nir Gaist, CTO and co-founder, Nyotron

Teams will shift to prioritizing cloud-delivered security solutions over traditional appliance-based point products. In addition, teams will shift to simplifying security architectures by prioritizing solutions that provide consolidated feature sets that would have traditionally required numerous separate point products. This will be driven by a vastly expanded attack surface and necessary operational efficiency for understaffed teams”—Gene Stevens, CTO & Co-Founder, ProtectWise

“From Windows to IoTs, Apple and Microsoft have invested colossal amounts in information security to make it very difficult for attackers to enter. In addition, due the accelerated growth in the number of IoT vendors and a severe lack of regulation, significant investments are now being made in developing breakthrough attack capabilities in this field”—Eilon Lotem, CTO, SAM Seamless Network

IoT-enabled device innovation will continue to outpace the security built into those devices and Federal government regulation will continue to inadequately define the laws and fines required to affect change. State-level regulations will be enacted to improve the situation, but will likely fall short in impact, and in many cases, only result in a false sense of consumer confidence with respect to the security of these devices”—Carolyn Crandall, Chief Deception Officer, Attivo Networks.

Cyber breaches will have increased impacts on corporate stock prices, especially in the technology and cyber security sector. The rate at which we’re seeing attacks, and the breadth of the impact is alarming but as of yet haven’t had a large impact on stock prices. However, this will soon change as organizations complete their digital transformation and move to the cloud. Once this happens, a breach is going to have a larger impact on their revenue and as a result a detrimental effect on stock price. Another impact of companies moving operations and revenue to the cloud is we’re going to see more criminal and state organizations going after cybersecurity companies to infiltrate code in their distribution base or take them offline to get to the corporations themselves”—Stan Lowe, Global CISO, Zscaler

“Consumers and legislators alike are increasingly aware of the cyber risks facing the automotive industry as vehicles become increasingly connected.Due to the growing number of susceptible entry points in today’s connected cars, it is only a matter of time before the automotive industry experiences further significant cyber-related product recalls. Moving into 2019, it is imperative that OEM and Tier 1 suppliers ensure robust cyber security protections over the course of the vehicle lifespan. A multi-layered, end-to-end security solution that enables over the air system update capabilities will become the norm. Now is the time for automakers to be proactive and take the wheel in deploying effective solutions for automotive cyber security”—Yoni Heilbronn, CMO, Argus Cyber Security

“Cloud and DevOps transformations will rapidly gain pace in 2019, increasing the risk at the web application layer for enterprises. The reason for this increase is simple: the application layer used to be mostly static assets like marketing websites, but flash forward to today, it is now often the primary way an enterprise interacts with their customers (via full featured web applications or APIs that back mobile apps). This massive shift in functionality comes an equally massive shift in risk. The number one lesson for CISOs is that the transformation to cloud and DevOps will be successful if you can shift your security program from being a blocker to an enabler and focus on making your application and DevOps teams security self-sufficient”—Zane Lackey, Co-Founder and CSO, Signal Sciences

Endpoint security will be redefined by detection and response features (EDR), plus managed detection and response (MDR) services. Endpoint prevention (EPP) has been king of the hill for years, now more than 80% of these solutions fall behind on requirements to provide a combined prevention, detection, investigation, response, system management, and security hygiene as a solution set via a single agent for Windows, macOS and Linux systems. Less than 20% of organizations have the resources and skills for mature EDR solutions which will drive the need for MDR services to the majority of companies, even more so for 24/7 coverage”—Tom Clare, Senior Product Manager, Fidelis Cybersecurity

“With IoT growth posing huge unknown risks to enterprises with the introduction of 5G, businesses will increasingly need to invest in both technology and employee training in order to prepare for the next generation threat landscape. What’s more is that 5G will not only give rise to new threats, but it will also provide cyber criminals with new opportunities to carry out attacks that we have seen grow in popularity over the years with greater force and impact. With this in mind, even an organization that ‘does everything right’ to combat threats posed by 5G could still be impacted just as easily as those that are less security savvy”—James Willett, Vice President of Technology, Neustar

“As IoT innovation continues to blossom, more and more IoT devices will continue to get involved in DDoS attacks in 2019. Routers and cameras are the major types of IoT devices involved in DDoS attacks, with routers making up 69.7% of IoT devices exploited to launch DDoS attacks, and 24.7% of cameras in 2017. This is because a great number of routers and web cameras have been introduced into production and living environments, with no sufficient security measures enforced. We have every reason to believe that attacks leveraging the IoT will become more diverse in the future”—Guy Rosefelt, Director of Product management for Threat Intelligence & Web Security, NSFOCUS

“With the number of IoT technologies in the workplace beginning to outnumber conventional IT assets, there is an ever-increasing probability that these devices will be used as entry point by malicious actors to further compromise corporations for data breaches. Expect in 2019 to see this come to reality and several breaches will be directly tied to installed IoT technology”—Deral Heiland, IoT Research Lead, Rapid7

Industrial control systems are the wild-west of cybersecurity at the moment. These systems control factories, buildings, utilities, etc.  Most systems have little-to-no protection, and best practices are still being adopted very slowly. They also represent extremely high-value targets, especially from a strategic point of view.  A few new companies have entered the landscape, but it is still an extremely young industry”—Bryan Becker, application security researcher, WhiteHat Security

“At a time where nearly every device is connected to the internet, vendors should be taking security seriously. Too many of these products, toys, and phone apps that connect to the cloud in an insecure or unencrypted fashion and are at risk. Security issues have been plaguing the IoT market from the very beginning and it will only continue to exacerbate in 2019. IoT manufacturers will continue to race to introduce new products before their competitors bypassing secure coding practices resulting in products that add risk to corporate environments”—Karl Sigler, Threat Intelligence Manager, Trustwave SpiderLabs

“It’s important to consider the role of certificates in a world of connected devices. Nations (and more U.S. states) will follow California’s lead and enact legislation requiring security for IoT networks. This is particularly important for the healthcare, transportation, energy, and manufacturing sectors, which face the highest risk. The legislation stops short of prescribing strong forms of authentication—but thankfully, consortium groups such as the Open Connectivity Foundation and AeroMACS have championed the use of strong certificate-based authentication in their best practice standards for IoT—Damon Kachur, Vice President of IoT, Sectigo

“It may not seem like a big deal for an attacker to compromise your smart-lights, but those can connect to your smart home management device (e.g., Google Home, Amazon Echo), and from there propagate throughout both your physical and notional personal networks. And those networks can be tied to even larger ones that could result in high-profile DDoS attacks. Every added device is an added attack surface, and we’re in for a very rude awakening in the near future”—Ken Underhill, Master Instructor, and Joe Perry, Director of Research, Cybrary

Cybersecurity skill set transformation

“As IT organizations embrace public cloud environments, the threat of cyber-attacks and malicious attempts is a growing phenomenon. However, a gap still exists between the industry’s needs and what can be achieved with the available workforce. As cloud increasingly becomes a part of every IT environment, 2019 will be a key year for re-skilling the workforce, educating new talent and making the right moves to face the cyber challenge”—Avishai Sharlin, General Manager, Amdocs Technology

The role of CISO will become intertwined with CTO. Security will need to integrate into the operations of a business if it is to become an enabler rather than a blocker of innovation. The same can be said for the blurred lines between the roles of the CISO and CTO. We have seen time and again the c-suite take the brunt of the fallout following high-profile security breaches – where the buck used to stop long before the CEO, the fallout from a security breach increasingly takes senior management along with the security and teaching teams. As a result, the distinction between the traditional roles of the CISO and CTO will become yet more gray next year”—Ivan Novikov, CEO, Wallarm

“Security is increasingly starting at the developer level, a trend that will only grow next year. As an industry, we’ve realized that security should lie at the heart of any digital transformation initiative and should never be an afterthought but built-in by design. The code should be secure, as well as the design and processes. DevSecOps should be applied for applications as well as the cloud, infrastructure and work with partners. Organizations will look to create more security ambassadors at the developer level next year who can advocate for employee awareness around the individual’s role in overall security”—Brent Schroeder, CTO Americas, SUSE

“In 2018, cybersecurity was more widely accepted as a board level topic and senior executives became more aware about its impact on achieving business goals and brand protection. Looking toward 2019, boards will want to see objective measurement and validation of program effectiveness, and will continue to bring on independent cybersecurity advisors or add team members with experience in cybersecurity, putting more pressure on CISOs. As a result, the effectiveness of cybersecurity programs will rely more and more on CISOs and their ability to partner with the board and communicate security needs to them. CISOs that can communicate a clear strategy and a measurable plan will have increased support, as well as funding for key initiatives”—Andrew Howard, CTO, Kudelski Security

“It’s no surprise that we are currently in a massive deficit of qualified cybersecurity talent. In 2019, we will see a more modern approach to recruiting and retention in the cybersecurity workforce to fill this void and create more diversity. We will see an uptick in apprenticeship programs, more diverse training, recruiting practices and federal funding to help bridge the enormous talent and diversity gap the industry has today“—Jason Albuquerque, CISO, Carousel Industries

The ever-evolving cybersecurity landscape

“The security industry tends to look at future trends as monumental shifts in attack methodologies, security technologies, or predictions. In reality, shifts in attack methodologies, security technologies, and observations tend to be incremental. Spending 20% of your time enhancing controls on the security essentials can easily yield 80% of your security improvements. The remaining time should be spent on exploring more advanced technologies that can help fill some of the more niche gaps in your security program. In the coming year, shifts in attacks will be incremental if the same old attacks continue to work as they have in the past”—Jason Rebholz, Senior Director at Gigamon

In 2019, we will see advances in mobile biometric sensors. The industry has dipped its toe in the water in regards to fingerprint sensors being placed underneath phone screens as a solution to eliminate the “home button,” expect to see these screen sensors cannonball into becoming the norm. We may even see Samsung extend their capability with Iris beyond phone unlock and Samsung apps. There will be a battle as to which biometric is best, face or fingerprint, with focus on usability rather than performance rates, ultimately this will come down to user preference as to which is more convenient for individuals and fits better with their use cases”—John Callahan, CTO, Veridium

The demand for affordable, managed security service providers will increase dramatically in 2019 due to a rise in attacks on small and medium sized businesses as a result of successful monetization of ransomware, crimeware and extortion by criminal organizations. With the shortage of available security professionals in the workforce, one of the only places SMB’s will be able to turn to in 2019 are MSSPs”—Sharon Reynolds, Chief Information Security Officer, Omnitracs

”In 2019, healthcare organizations will be the number one target for attackers. The evolution of attacks has made it much harder to secure the industry, creating and growing an entire ecosystem that lends itself to multiple forms of fraud that the attacker can profit off of. For example, in healthcare, when protected health information (PHI) is stolen, attackers are able to steal identities, gaining access to medical information, which the attacker either uses or sells to then obtain prescriptions to be traded or sold illegally”—Bob Adams, cybersecurity specialist, Mimecast

“New, high-profile breaches will push the security industry to finally solve the username/password problem. The ineffective username/password conundrum has plagued consumers and businesses for years. There are many solutions out there—asymmetric cryptography, biometrics, blockchain, hardware solutions, etc.—but so far, the security industry has not been able to settle on a standard to fix the problem. In 2019, we will see a more concerted effort to replace the password solution all together”—Marcin Kleczynski, Founder and CEO,Malwarebytes

“In 2019 we will see an evolution in the two-factor authentication (2FA) process that directly addresses some of the most discussed fraud attacks. It’s a documented fact that the use of 2FA to stop unauthorized account access has exponentially decreased account takeover fraud around the globe, but as fraudsters have evolved, so too must the techniques used to combat them. The increasing prevalence of SIM swap fraud and porting fraud (where attackers take over an end-user phone number so they can intercept one-time passcodes) has led to more collaboration between online businesses and mobile network operators, who can tell those businesses (in real-time) when a SIM swap or porting change has occurred. What we will see as 2019 unfolds is the use of that data to augment 2FA, which will ultimately ensure the continued growing adoption of this important security step by both businesses and their users”—Stacy Stubblefield, Co-Founder and Chief Innovation Officer, TeleSign

“Year-end cyber predictions often focus on specific threat categories and whether or not to expect an increase or decrease in their activity. 2019, however, promises a more fundamental shift in the cyberthreat landscape, for example the impact of social media as an exploding vector for malicious activities and the implications for businesses protecting their assets. Cybersecurity is not an IT problem, it is far wider than just ‘computers’ and the threats ahead in 2019 will make this painfully obvious”—Raj Samani, Chief Scientist and McAfee Fellow, McAfee

“Fraud attacks continue to rise, and we can expect to see them increase in volume up to 2-3X in the coming year. In addition to an increase number of attacks, we anticipate cyber criminals will leverage new tactics to fool retailers and consumers. We will continue to see them utilizing compromised data obtained from data breaches, but beyond that we can anticipate the use of account take over efforts like attacking small and medium-sized online merchants that don’t have proper eCommerce fraud risk technologies, and attacking online merchants with high speed velocity, identity takeover, and brute force high volume attempts”—Steven Gray, Head of Payments, Tax and Fraud, Radial

In 2019, there will be continued consolidation of companies in the security sector, especially for those that have developed technologies that relate to Digital Identities (DIs), including the on-boarding of individuals behind the DIs, the authentication of the individuals behind the DIs (MFA), and the continual management of privileges and access (IAM)”—Todd Shollenbarger, Chief Global Strategist, Veridium

“Small organizations are finally realizing that they need to be as prepared as large organizations when it comes to cybersecurity, making it no longer an IT problem but a larger business challenge within every organization. Additionally, we will see small businesses’ approach to cybersecurity impacting larger organizations through the supply chain vector. Hackers will take advantage of smaller organizations, which often fuel larger business’ supply chains, because they typically have security vulnerabilities that can be more readily exploited than larger ‘targeted’ companies”—Brian NeSmith, CEO and co-founder, Arctic Wolf Networks

“Because security has not been built into established industries like utilities, these sectors are an easy target across the globe and a prime mark for attackers looking to engage in cyber warfare. While their vulnerability has been well-documented, I believe the industry won’t take the threat seriously until something significant occurs—but by then, it will be too late. As we head into 2019, expect this threat to intensify until it finally boils over and results in action. By 2023, Threat X predicts there will be a major attack on a US utility that will finally force the industry to address these vulnerabilities”—Bret Settle, CEO, Threat X

“Risk management is going to become an extremely critical topic for both the public and private sector next year.  As a nation, we are facing complex geopolitical issues and state-sponsored attacks targeting our businesses and government on an enormous scale. Large financial institutions and Silicon Valley companies have already experienced billions of dollars in losses due to decisions being made without effective Enterprise Risk Management. Data is both an asset and a liability and next year we are going to see the regulatory environment become even more complex around data governance, which will see Enterprise Risk Management become a huge priority for the c-suite and board”—David Pigott, Chief Compliance Officer, Neustar

Source: https://www.forbes.com/sites/gilpress/2018/12/03/60-cybersecurity-predictions-for-2019/#57c3994b4352

Universities seeing rise in DDoS attacks

Kaspersky Lab has noticed an overall decline in the number of DDoS attacks this year, which may be due to many bot owners reallocating the computing power of their bots to a more profitable and relatively safe way of making money: cryptocurrency mining.

However, there is still a risk of DDoS attacks causing disruption, despite attackers not seeking financial gain.

The Kaspersky Lab DDoS Q3 report marked a continued trend in attacks aimed at educational organisations, as they open their doors after a long summer and students head back to school.

Attackers were most active during the third quarter in August and September, proven by the number of DDoS attacks on educational institutions increasing sharply at the start of the academic year.

This year, the most prominent attacks hit the websites of one of the UK’s leading universities – the University of Edinburgh – and the US vendor Infinite Campus, which supports the parent portal for numerous city public schools.

Analysis from Kaspersky Lab experts has found that the majority of these DDoS attacks were carried out during term time and subsided during the holidays.

More or less the same result was obtained by the British organisation Jisc.

After collecting data about a series of attacks on universities, it determined that the number of attacks fell when students were on holiday.

The number of attacks also decreases outside of study hours, with DDoS interference in university resources mainly occurring between 9am and 4pm.

Overall, between July and September, DDoS botnets attacked targets in 82 countries.

China was once again first in terms of the number of attacks.

The US returned to second after losing its place in the top three to Hong Kong in Q2.

However, third place has now been occupied by Australia – the first time it’s reached such heights since Kaspersky Lab DDoS reports began.

There have also been changes in the top 10 countries with the highest number of active botnet C&C servers.

As in the previous quarter, the US remained in first place, but Russia moved up to second, while Greece came third.

Kaspersky DDoS protection business development manager Alexey Kiselev says, “The top priority of any cybercriminal activity is gain.

“However, that gain doesn’t necessarily have to be financial. The example of DDoS attacks on universities, schools and testing centres presumably demonstrates attempts by young people to annoy teachers, institutions or other students, or maybe just to postpone a test.

“At the same time, these attacks are often carried out without the use of botnets, which are, as a rule, only available to professional cybercriminals, who now seem to be more concerned with mining and conducting only well-paid attacks.

“This sort of ‘initiative’ shown by students and pupils would be amusing if it didn’t cause real problems for the attacked organisations which, in turn, have to prepare to defend themselves against such attacks,” Kiselev says.

Source: https://datacentrenews.eu/story/universities-seeing-rise-in-ddos-attacks

81.5M Voter Records For Sale On Dark Web Ahead Of Midterm Elections

The quarterly incident response (IR) threat report from Carbon Black isn’t usually such an exciting read, aggregating as it does data from across a number of partners in order to provide actionable intelligence for business leaders. The latest report, published today, is a politically charged exception. Not only does it reveal that nation-state politically motivated cyberattacks are on the up, with China and Russia responsible for 41.4% of all the reported attacks, but that voter databases from Alabama to Washington (and 18 others) are for sale on the dark web. These databases cover 21 states in all, with records for 81,534,624 voters that include voter IDs, names and addresses, phone numbers and citizenship status. Tom Kellerman, Carbon Black’s chief cybersecurity officer, describes the nation-state attackers as not “just committing simple burglary or even home invasion, they’re arsonists.” Nobody relishes their house burning down, even figuratively speaking. Which is why, according to another newly published report, this time from Unisys, suggests one in five voters may stay at home during the midterms as they fear their votes won’t count if systems suffer a cyberattack.

Amongst the key findings of the Carbon Black report, however, is the fact that China and Russia were responsible for 41.4% of the investigated attacks analyzed by researchers. The two also lead the pack when it comes to which countries incident response teams are seeing cyberattacks originating from. China was top of the table on 68% with Russia second on 59%. While the continent of North America (the report does not contain statistics that break this down to attacks from the United States alone) was third on 49%$, Iran, North Korea and Brazil were next in line. Earlier this year, Venafi surveyed security professionals with regards to election infrastructure risk. That research revealed that 81% of them thought threat actors will target election data as it is transmitted by voting machines. Worryingly, only 2% were ‘very confident’ in the capability of local, state and federal government to detect such attacks and only 3% thought the same about their abilities to block those attacks.

It’s just as well, then, that it has been reported the United States Cyber Command has now started what is believed to be the first cyber-operation to protect against election interference from Russia. “The attack surface in the US is incredibly broad and fragmented making security highly challenging” says Simon Staffell, head of public affairs at Nominet, who continues “but the response that has taken place in the US is also of an entirely different magnitude to anything seen before.” Yet this response does not appear to target Chinese threat actors. Some may find this omission a surprise, considering that Vice President Pence stated earlier this month that “what the Russians are doing pales in comparison to what China is doing across this country” and suggested that China wants to turn Trump voters against the administration.

Fraser Kyne, EMEA CTO at Bromium, would not be amongst the surprised though. He tells me that Bromium researchers have been working with Dr Mike McGuire to look into the impact of fake news on the US midterms. Early indications appear to suggest accusations against China are most likely unfounded. “Whilst China is funding local campaigns like the advertising taken out in US newspapers to promote US-Chinese trade” Kyne says “there is little evidence at the moment to suggest China is attempting to subvert democracy and influence the midterm elections.”

Meanwhile, some 68% of respondents to the Carbon Black report, representing a cross-section of some of the leading cybersecurity professionals across the globe, believe that cyberattacks will influence the midterms. This isn’t any kind of surprise when you take in the amount of election hacking and meddling resources that those same researchers found to be on sale through the dark web. These range from the aforementioned voter databases, through to social media election influence kits to target thousands of Instagram, Facebook, Twitter and YouTube accounts as well as the services of freelance hackers for hire who are offering to target government entities “for the purposes of database manipulation, economic/corporate espionage, DDoS attacks and botnet rentals.”

So, what kind of cyberattacks can we expect to see from state-sponsored actors as far as the midterms are concerned? Tony Richards, group CISO at Falanx Group, expects there will be some minor and likely not state sanctioned hacking attempts on electronic voting machines. “The fallout if a nation state was identified as the perpetrator would be considerable” Richards told me “so this would have to be a deniable operation.” It would also have to be done by someone with physical access to the voting machines in order to exploit many of the vulnerabilities that have been identified by researchers. “Voting machines are not usually connected to the Internet” explains Rafael Amado, senior strategy and research analyst at Digital Shadows, which means “the ability for attackers to tamper with voting ballots and results is greatly hindered.”

Some go as far as suggesting that to take the hacking concern out of the equation, elections should look back rather than forwards. The ‘right’ solution, according to Ryan Kalember, senior vice-president, Cybersecurity Strategy at Proofpoint, is paper. “An election system can be extremely resilient to fraud if there are paper records for registration and the votes themselves” Kalember insists, agreeing that this “may seem anti-modern, but is where we find ourselves in 2018.” Other cybersecurity experts suggest that the focus, when it comes to mitigating risk of interference in the midterm elections, simply needs to extend beyond voter registration and voting machine security altogether. “It’s important to take a look at the entire digital voting system” says Cindy Provin, CEO at Thales eSecurity, “how citizens register, how they find their polling places, how they check in, how they cast their ballots and how they find out who won.” This is an argument that is also made by Joseph Carson, chief security scientist & advisory CISO with Thycotic, who told me that the biggest challenge is that cybersecurity is only taken seriously in the voting infrastructure “when it is lacking in candidate campaigns, leaving the US open to serious cyber influence from foreign nation states.”

Maybe the notion of cyberattacks during the election process itself is something of a red-herring altogether? Especially given that there is such a global media appetite for Russian meddling stories, which will surely lead to this being such a high risk maneuver that it’s unlikely to be executed in any meaningful way. “The main effort will likely be in attempting to generate genuine conversations with organizations and individuals that have influence over a significant audience” says James Monckton, strategic communications director at Verbalisation, who thinks that the ‘influencing the influencers’ approach would be a highly effective method with a low level of attribution risk. The idea of shaping the debate by amplifying a particular viewpoint isn’t new news, but it is the most obvious meddling methodology we will see. Or rather, not see. “In the long term, it spreads mistrust as it becomes harder to distinguish the true from the fake” concludes Emily Orton, co-founder and director at Darktrace, “and has profound effects on democratic societies…”

One thing is for sure, according to Michael O’Malley, vice president of marketing with Radware, and that’s the threat of election interference will continue unabated until the US moves from the current fragmented state-by-state model to a nationwide election system. “We need a one person one vote approach and the US must make the necessary security upgrades to prevent voter fraud, foreign influence campaigns and hacking of our election infrastructure” O’Malley insists, warning that “Federal legislation needs to be introduced to make this happen…”

Source: https://www.forbes.com/sites/daveywinder/2018/10/30/81-5m-voter-records-for-sale-on-dark-web-ahead-of-midterm-elections/#1dca850f2a0c

Man Ordered to Pay $8.6 Million for Launching DDoS Attacks against Rutgers University

A New Jersey man received a court order to pay $8.6 million for launching a series of distributed denial-of-service (DDoS) attacks against Rutgers University.

On October 26, the U.S. Attorney’s Office for the District of New Jersey announced the sentence handed down by U.S. District Judge Michael Shipp to Paras Jha, 22, of Fanwood, New Jersey.

According to court documents, Jha targeted Rutgers University with a series of DDoS attacks between November 2014 and September 2016. The attacks took down the education institution’s central authentication server that maintains the gateway portal used by staff, faculty and students. In so doing, the DDoS campaigns disrupted students’ and faculty members’ ability to exchange assignments and assessments.

The FBI assisted Rutgers in its investigation of the attacks. In August 2015, the university also hired three security firms to test its network for vulnerabilities.

Jha’s criminal efforts online didn’t stop at Rutgers. In the summer and fall of 2016, Jha created the Mirai botnet with Josiah White, 21, of Washington, Pennsylvania and Dalton Norman, 22, of Metairie, Louisiana. The trio spent the next few months infecting more than 100,000 web-connected devices. They then abused that botnet to commit advertising fraud.

In December 2017, the three individuals pleaded guilty in the District of Alaska for conspiring to violate the Computer Fraud & Abuse Act by operating the Mirai botnet. It was less than a year later that a federal court in Alaska ordered the men to serve five-year probation periods, complete 2,500 hours of community service, pay restitution in the amount of $127,000 and voluntarily relinquish cryptocurrency seized by law enforcement during an investigation of their crimes.

Judge Shipp passed down his sentence to Jha within a Trenton federal court. As part of that decision, Jha must serve six months of home incarceration, complete five years of supervised release and perform 2,500 hours of community service for violating the Computer Fraud & Abuse Act.

Source: https://www.tripwire.com/state-of-security/security-data-protection/man-ordered-to-pay-8-6-million-for-launching-ddos-attacks-against-rutgers-university/

This botnet snares your smart devices to perform DDoS attacks with a little help from Mirai

Chalubo is a new botnet which is targeting poorly-secured Internet of Things (IoT) devices and servers for the purpose of distributed denial-of-service (DDoS) attacks.

Researchers from cybersecurity firm Sophos said this week that the botnet is becoming “increasingly prolific” and is ramping up efforts to target Internet-facing SSH servers on Linux-based systems alongside IoT products.

The main Chalubo bot is not only adopting obfuscation techniques more commonly found in Windows-based malware but is also using code from Xor.DDoS and Mirai, the latter of which was responsible for taking down Internet services across the US and Europe three years ago.

Chalubo contains a downloader, the main bot — which runs on systems with an x86 processor architecture, and a Lua command script. The downloader is the Elknot dropper, which has previously been linked to the Elasticsearch botnet.

Different versions of the bot have been uncovered by the researchers which operate on other processors — such as 32- and 64-bit ARM, x86, x86_64, MIPS, MIPSEL, and PowerPC — which the team suggests “may indicate the end of a testing period.”

Attacks began in late August, and one assault registered at a Sophos honeypot on September 6 gave the firm an insight into the new bot’s capabilities.

Chalubo attempted to brute-force attack and secure the credentials of the honeypot, and while the attackers believed they were able to gain a shell through root admin, the researchers silently recorded how they used commands to ‘stop’ firewall protections and install malicious components.

The main bot component and the corresponding Lua command script are encrypted using the ChaCha stream cipher, and when the attack against the honeypot was launched, one particular command — libsdes — stood out.

Upon execution, libsdes creates an empty file to prevent the malware accidentally executing more than once. The botnet then attempts to copy itself with a random string of letters and numbers in /usr/bin/, forking itself to create multiple points of persistence to survive a reboot.

A script is then dropped and executed for additional persistence, which Sophos says is close to a carbon copy of how the Xor.DDoS family operates.

“This bot demonstrates increased complexity compared to the standard Linux bots we typically see delivered from these types of attacks,” Sophos says. “Not only are the attackers using a layered approach to dropping malicious components, but the encryption used isn’t one that we typically see with Linux malware.”

The bot itself contains snippets of Mirai but the majority of the code is new. The Lua command script communicates with the botnet’s command-and-control (C2) server and will download, decrypt, and execute any additional script it finds.

The sample of Lua Sophos obtained was designed to prompt the bot to perform an SYN flood attack, a kind of DoS which sends SYN packets at high packet rates in an attempt to overwhelm a system.

In this case, a single Chinese IP address was targeted.

Sophos expects that as the botnet appears to be reaching the end of a testing phase, we may expect more widespread attacks from this botnet in the future. However, Chalubo is far from the only botnet menace out there.

In September, researchers from Avast revealed the existence of Torii, a botnet which is considered “a level above anything we have seen before” — including Mirai.

Source: https://www.zdnet.com/article/this-botnet-snares-your-smart-devices-to-perform-ddos-attacks/

In Blockchain, There is no Checkmate

During my time as a Chairman of NATO’s Intelligence Committee and advising government and private companies on cybersecurity, I have noticed the same hacker-shaped hole in the industry. For the past 35 years, huge companies, organizations, charities and nation states have succumbed to cyber-criminals. Let me explain why.

In a game of chess, you can win by either taking out all of your opponent’s pieces one-by-one, or by trapping the opposing side’s king in a checkmate. This is true of today’s cybersecurity model. One piece, in the wrong place at the wrong time could cost the entire game. Not just that, but any device in a network, whether it be a phone or a smart fridge, is a “king” that can be trapped and cost the integrity of an entire network. In this way, the “king” is a weakness.

A weakness that costs companies and countries millions, a weakness that could mean loss of life in the healthcare industry or military systems – indeed, cybersecurity is not a game.

Fighting cyber-criminals whilst being constrained by the rules of this chess match means we’ll never win. The centralized model where the hacking of a single device could compromise a network is categorically flawed. This needs to change: we don’t need to play a better game against cyber-criminals, we need to play a different game.

Blockchain technology is arguably one of the most significant innovations for decades, and it extends beyond the vestiges of crypto currencies. At its core, the Blockchain is immutable, transparent, encrypted and fragmented (decentralized). As such, Blockchain and cybersecurity seem like a match made in heaven and for the most part, they are.

For instance, right now, all the data of our personal or business devices – passwords, applications, files etc. – are stored on a centralized data server. Blockchain decentralizes the systems by distributing ledger data on many systems rather than storing them on one single network.

There is no single point of failure, one central database or middleman that could potentially serve as a source of leaks or compromised data.

The underpinnings of Blockchain architecture are based on time-stamped cryptographic nodes (the computer and servers that create blocks on a chain). Every time our data is stored or inserted into Blockchain ledgers, a new block is created. Each block has a specific summary of the previous block in the form of a secure digital signature.

More sophisticated systems combine Blockchain and AI technologies to confirm each other based on previous signatures. If there is a discrepancy, threat, or a device steps outside of a set of pre-determined rules, the surrounding nodes will flag it for action. Since these blocks are linked in the form of a chain sequence, the timing, order and content of transactions cannot be manipulated.

Just like crypto transactions, the Blockchain operates upon a democratic consensus. Any transfer of data would require a majority approval of the network participants; therefore, attackers can only impact a network by getting control of most of the network nodes. However, the nodes are random and the number of them stored on a given network can be in the millions.

In the metaphorical game of chess, “the collective” Blockchain has an advantage. Imagine if team hackers could not eliminate a single piece, not a pawn nor rook, unless they could eliminate all million pieces on the entire board at once. If they fail to do that, all of the pieces remain untouchable – including the “king”. There is no checkmate, and no hope for hackers.

Even still, since domain editing rights are only verified through nodes, hackers won’t get the right to edit and manipulate the data even after hacking a million of systems.

As all transactions are cryptographically linked, the modification or tampering of the data at any given time would alert all those with access to the ledger, exposing the infected dataset near-instantaneously.

The Blockchain does not linger or rely on any central point of failure to command changes; that allows for fixes to occur before attacks have time to spread. In other words, hacking a Blockchain with any scale is virtually impossible.

For instance, in the case of DDoS attacks that crash large data servers, Blockchain technology would disrupt this completely by decentralizing the DNS (Domain Name Systems) and distributing the content to a greater number of nodes.

The idea is clearly an attractive one. It can help save the billions that are being spent on developing arenas in which cybersecurity firms are fighting the hacker’s fight, especially in hard to defend environments.

We have already seen a number of companies utilize Blockchain technology to safeguard networks. Companies such as Naoris bring this consensual Blockchain technology and link devices as blocks on a chain so that no single end-point or terminal exists in a silo.

Current structures with multiple devices each act as a point of entry for a hacker into the network, however, as we know, the more nodes a network possesses on the Blockchain, the harder it becomes to infiltrate. Therefore, as the network expands and more devices are connected, the network becomes increasingly more resilient.

This is only the beginning for Blockchain. As it develops, it’s only going to get smarter and better. New technologies have the potential to provide a robust and effective alternative way of ensuring that we evolve to compete with concerns surrounding our security. With the Blockchain, such concerns can be a thing of the past.

Source: https://www.infosecurity-magazine.com/opinions/blockchain-no-checkmate/

DDoS Attacks Target Multiple Games including Final Fantasy XIV, Assassin’s Creed

A set of DDoS attacks plagued a series of gaming publishers including Final Fantasy XIV’s creator Square Enix and Assassin’s Creed publisher Ubisoft, respectively on the day of the Assassin’s Creed Odyssey launch on Friday.

Ubisoft began experiencing connectivity issues around Oct. 4 when the officials first tweeted an alert to users informing them of issues and actual attacks began surfacing around 7:48 am CT on Oct. 5, 2018 and affected Ubisoft games such as Rainbow Six Siege and For Honor.

​​We’re currently experiencing a series of DDoS attacks, which unfortunately are a common occurrence for almost all online service providers,” Ubisoft posted on an official forum addressing the incident. “This may impact connections to our games as well as server latency, and we are taking steps to mitigate this issue.”

Later that day Square Enix announced that it was also fighting off an attack aimed towards its popular MMORPG, Final Fantasy XIV although it is unclear if the attacks are connected or not.

In response to the high-profile incident, Corero Network Security’s Director of Product Management Sean Newman said it was “somewhat bemusing why some providers of online gaming platforms appear to still accept a certain air of inevitability when it comes to suffering as the result of DDoS attacks,” Newman said.

“With solutions available which can protect against DDoS automatically, and in real-time, help is at hand to keep games online, avoid lag, and ensure that player confidence and bottom lines, are preserved,” he continued.

Overall, many gamers noted that 2018 has been a relatively peaceful year for the online gaming community compared to previous years that were plauged by rampant DDoS attacks carried out by the Lizard Squad and other threat actors.

Source: https://www.scmagazine.com/home/news/ddos-attacks-target-multiple-games-including-final-fantasy-xiv/

 

 

‘Torii’ Breaks New Ground For IoT Malware

Stealth, persistence mechanism and ability to infect a wide swath of devices make malware dangerous and very different from the usual Mirai knockoffs, Avast says.

A dangerous and potentially destructive new IoT malware sample has recently surfaced that for the first time this year is not just another cheap Mirai knockoff.

Researchers from security vendor Avast recently analyzed the malware and have named it Torii because the telnet attacks through which it is being propagated have been coming from Tor exit nodes.

Besides bearing little resemblance to Mirai in code, Torii is also stealthier and more persistent on compromised devices. It is designed to infect what Avast says is one of the largest sets of devices and architectures for an IoT malware strain. Devices on which Torii works include those based on x86, x64, PowerPC, MIPS, ARM, and several other architectures.

Interestingly, so far at least Torii is not being used to assemble DDoS botnets like Mirai was, or to drop cryptomining tools like some more recent variants have been doing. Instead it appears optimized for stealing data from IoT devices. And, like a slew of other recent malware, Torii has a modular design, meaning it is capable of relatively easily fetching and executing other commands.

Martin Hron, a security researcher at Avast says, if anything, Torii is more like the destructive VPNFilter malware that infected some 500,000 network attached storage devices and home-office routers this May. VPNFilter attacked network products from at least 12 major vendors and was capable of attacking not just routers and network attached storage devices but the systems behind them as well.

Torii is different from other IoT malware on several other fronts. For one thing, “it uses six or more ways to achieve persistence ensuring it doesn’t get kicked out of the device easily on a reboot or by another piece of malware,” Hron notes.

Torii’s modular, multistage architecture is different too. “It drops a payload to connect with [command-and-control (CnC)] and then lays in wait to receive commands or files from the CnC,” the security researcher says. The command-and-control server with which the observed samples of Torii have been communicating is located in Arizona.

Torii’s support for a large number of common architectures gives it the ability to infect anything with open telnet, which includes millions of IoT devices. Worryingly, it is likely the malware authors have other attack vectors as well, but telnet is the only vector that has been used so far, Hron notes.

While Torii hasn’t been used for DDoS attacks yet, it has been sending a lot of information back to its command-and-control server about the devices it has infected. The data being exfiltrated includes Hostname, Process ID, and other machine-specific information that would let the malware operator fingerprint and catalog devices more easily. Hron says Avast researchers aren’t really sure why Torii is collecting all the data.

Significantly, Avast researchers discovered a hitherto unused binary on the server that is distributing the malware, which could let the attackers execute any command on an infected device. The app is written in GO, which means it can be easily recompiled to run on virtually any machine.

Hron says Avast is unsure what the malware authors plan to do with the functionality. But based on its versatility and presence on the malware distribution server, he thinks it could be a backdoor or a service that would let the attacker orchestrate multiple devices at once.

The log data that Avast was able to analyze showed that slightly less than 600 unique client devices had downloaded Torii. But it is likely that the number is just a snapshot of new machines that were recruited into the botnet for the period for which Avast has the log files, the security vendor said.

Source: https://www.darkreading.com/attacks-breaches/-torii-breaks-new-ground-for-iot-malware/d/d-id/1332930

Copyright © 2014. DoS Protection UK. All Rights Reserved. Website Developed by: 6folds Marketing Inc. | Demo Test