Mirai has been popping on and off the news and is becoming a commodity resource for large scale DDoS attacks. Although most of the security community have been debating and warning about the IoT threat, there is only evidence for a very specific class of devices being involved in the Mirai attacks. As we came to know the source code and security researchers started to investigate the victimized devices, it was clear that a common class of devices stood out in the list compiled by Krebs: IP cameras, DVRs and a handful of routers. What made them better candidates than your smart toaster or your cloud connected thermostat? The fact that routers are in the list should not be surprising, those devices are per definition connected to the internet and are clearly #1 on the pwning list, which was proven again recently when 900,000 routers from DT where taken offline for service as a result of what is supposed to be an adapted version of Mirai using a remote code execution (RCE) vulnerability through the TR-069 CPE WAN management protocol.
First, what is Bitcoin and where did it come from?
Bitcoin (BTC) is a cryptocurrency payment system based off of the blockchain, a core component of the digital currency. The blockchain was introduced by a pseudonymous creator, Satoshi Nakamoto, in 2008 and open sourced for the currency in 2009. The blockchain serves as a public ledger that records all Bitcoin transactions. One of Bitcoin’s main features is the fact that the system is a decentralized peer-to-peer payment network with no central authority, which means that it provides a certain level of anonymity with no central point of failure, though most services and business that use Bitcoin are centralized in one way or another. While there are numerous legitimate uses for Bitcoin like investing, paying friends or shopping, a number of criminals have adopted the currency for selling services and deploying ransom campaigns due to its level of anonymity.
It was reported that Australia’s census was attacked back in August. The Census Bureau reported on Twitter that they were attacked and their site was down from a DDoS attack. They had to take measures to let people know there would be no fines leveraged from folks unable to complete their online census:
Security executives have a lot on their plate. They’re grappling with a new breed of cyber-attacks, financially-motivated cyber assailants, and a bevy of new, connected devices (both corporate and employee) that bring unintended security risks to their organization.
But it’s not all doom and gloom. C-level executives are relying on new technologies and best practices to fight fire with fire. They’re turning to former enemies for help, getting more bang for the buck, and relying on automation to safeguard their organization’s most critical information assets.
Social Engineering is a process of psychological manipulation, more commonly known in our world as human hacking. The sad reality behind Social Engineering is it is very easy to do. In fact, it’s so easy that even a teenager can do it and destroy your company, all on a Friday night. The goal is to have the targeted victim divulge confidential information or give you unauthorized access because you have played off their natural human emotion of wanting to help. Being nice is a human trait and everyone wants to be kind and helpful. If you give someone the opportunity to save the day or to feel helpful, they will most likely divulge the information required. Most of the time the attacker’s motives are to either gather information for a future attack, to commit fraud or to gain system access for malicious activity.
Hypertext Transfer Protocol (HTTP) is the protocol used primarily for communication between the user’s browser and the websites that users are accessing. Introduced in 1991, with a major revision in 1999 to HTTP 1.1, HTTP protocol has many limitations. In 2009, engineers at Google redesigned the protocol in a research project called SPDY (pronounced “speedy”) to address some of HTTP 1.1 limitations.
Websites in the early 90’s when HTTP was introduced were markedly different from today’s websites. In February 2015 the Internet Engineering Task Force (IETF) introduced a new version, HTTP/2, to keep up with the evolution that internet has undergone since the early 90’s.
This year’s door buster deal might just be a DDoS attack
The luring presence of large bowls of excess Halloween candy laying around my house can only mean one thing: It’s that time of year when retailers are preparing stores (both physical and virtual) for a crush of holiday shoppers on Black Friday.
As the story goes, the term originates from an incident in the late 19th century in Philadelphia. The retailer Wanamaker’s Department Store decided on a deep discount of calico, the most common fabric used for dressmaking at the time. The throngs of shoppers that showed up for the penny-a-yard fabric sale ended up breaking through the glass windows of the front door, forcing the store to close. The closure no doubt cost Wanamaker’s dozens of dollars.
The DDoS world hits new records lately, with the attacks on KrebsOnSecurity.com and later on OVH and Dyn reached a bandwidth of more than 1T of traffic. While the bandwidth numbers are impressive indeed, the numbers themselves were expected. The DDoS security experts expect the previous record (about 450G bps) will be broken soon. This 1 Terabyte throughput record will probably be broken again by the end of this year, or early in the next one. The amazing part of the latest attack was the fact that this was not the reflective attack the DDoS world got used to, which leverages large internet servers amplifying the attacker requests. This time, the attack consisted of many semi-legit HTTP get requests. Such layer 7 attacks, which are aimed at the internet pipe as well as the application server behind it, are much harder to block than a layer 3 and layer 4 attack. Such attacks are also much harder to conduct.
We’re fast approaching the biggest holiday shopping season for retailers. Just how big? According to the National Retail Federation’s annual consumer spending survey, consumers plan to spend an average of $935.58 each this holiday season in 2016. What’s more, 41% of consumers plan to start their shopping this month. Every year, consumers entrust their financial and personal information (everything from credit card data to home addresses) to retailers both big and small. But are these stores doing enough to keep their customers’ data safe?
In three massive DDoS attacks, Mirai botnet dazzled the cyber-security industry who long feared the implications of the exponentially growing number of devices connecting to the internet.
So many speculations, blogs and Op-Eds emerged following the attacks on Krebs, OVH and DynDNS. You couldn’t ignore them as everybody had something to say – speculation on who the attackers were, their motivation, the attack vectors and the traffic volumes. In this blog post, we would like to put an end to the speculation, and discuss facts.