Education, freedom and knowledge. These are the pillars for higher learning, but have often been used to describe some open source projects and services that have the potential to be abused by those that are not so innocent. Over the last two years, tools like stressers, Remote Administration Tools (RAT) and ransomware have been published under these pretenses, but do they serve a legitimate purpose? These projects have set off an international debate in the information security community and many wonder if they should be available to the public. Often the justification for these projects is that they are intending to show the potential risks so they can be used to prevent infections or reduce potential damage. With stressers, they claim that the services are to be used to improve and test security products and to understand attack behavior targeting their network. But are they?
Earlier this month my colleague Carl Herberger wrote a blog post regarding how the internet was rolling back our freedoms. I would agree with him. As time moves forward, we are seeing more situations where no one can hide from their government as the internet closes around them. An open internet as we know it may be coming to an end as several countries begin moving towards the idea of a centralized gateway that is controlled by their government.
2016 has been an eventful year when it comes to denial of service attacks. This year the industry as a whole has seen the largest attacks ever, and new attack vectors designed to test and challenge modern day defenses. Every year Radware’s ERT sees millions of attacks and our ERT Researchers throughout the year are constantly reviewing and analyzing these attacks to gain further insight into trends and changes in the attack vector landscape.
This year, two of the most common trends among attackers were burst attacks, aka “hit and run”, and advanced persistent denial of service (ApDoS) campaigns. Throughout the year we have observed a number of attackers using short bursts of high volume attacks in random intervals, and attacks that have lasted weeks, involving multiple vectors aimed at all network layers simultaneously. These types of attacks have a tendency to cause frequent disruptions in a network server’s SLA and can prevent legitimate users from accessing your services.
First, what is Bitcoin and where did it come from?
Bitcoin (BTC) is a cryptocurrency payment system based off of the blockchain, a core component of the digital currency. The blockchain was introduced by a pseudonymous creator, Satoshi Nakamoto, in 2008 and open sourced for the currency in 2009. The blockchain serves as a public ledger that records all Bitcoin transactions. One of Bitcoin’s main features is the fact that the system is a decentralized peer-to-peer payment network with no central authority, which means that it provides a certain level of anonymity with no central point of failure, though most services and business that use Bitcoin are centralized in one way or another. While there are numerous legitimate uses for Bitcoin like investing, paying friends or shopping, a number of criminals have adopted the currency for selling services and deploying ransom campaigns due to its level of anonymity.
Social Engineering is a process of psychological manipulation, more commonly known in our world as human hacking. The sad reality behind Social Engineering is it is very easy to do. In fact, it’s so easy that even a teenager can do it and destroy your company, all on a Friday night. The goal is to have the targeted victim divulge confidential information or give you unauthorized access because you have played off their natural human emotion of wanting to help. Being nice is a human trait and everyone wants to be kind and helpful. If you give someone the opportunity to save the day or to feel helpful, they will most likely divulge the information required. Most of the time the attacker’s motives are to either gather information for a future attack, to commit fraud or to gain system access for malicious activity.
As the hacktivist community continues to grow and evolve, so do the tools and services at a hacker’s disposal. The digital divide between skilled and amateur hackers continues to grow. This separation in skill is forcing those with limited knowledge to rely solely on others who are offering paid attack services available in marketplaces on both the Clearnet and Darknet. While most hacktivists still look to enlist a digital army, some are discovering that it’s easier and more time efficient to pay for an attack service like DDoS-as-a-Service. Cyber criminals that are financially motivated market their attack services to these would-be hacktivists looking to take down a target with no knowledge or skill.
On the morning of October 21st Dyn began to suffer from a denial of service (DoS) attack that interrupted their Managed DNS network. As a result, hundreds of thousands of websites became unreachable to most of the world including Amazon’s EC2 instances. This problem intensified later in the day when the attackers launched a second round of attacks against Dyn’s DNS system. Dyn’s mitigation of the attack can be viewed on RIPE’s website where a video illustrates the BGP switches.
Denial of Service (DoS) attacks have come a long way since the days of LOIC and other GUI-based tools. Today, potential hackers do not have to know the first thing about conducting such an attack. They can simply purchase attack services to carry one out for them. Just a few years ago, attackers would have had to download simple GUI-based tool to launch a DoS attack. As time moved on, hackers started to combine their efforts and tools in distributed group attacks. Today, attackers are now abandoning GUI and script tools and opting to pay for attack services via stresser services.
Hackers all over the internet today are slowly adapting to the changes in the attack marketplace. Many notorious DDoS groups like Lizard Squad, New World Hackers and others have already entered the DDoS as a Service business, monetizing their capabilities in peace-time by renting out their powerful stresser services. But it’s not just DDoS. It’s all attack services including application-based attacks. These marketed services are now allowing novice hackers with little know-how to launch attacks via affordable tools that are available on the Clearnet. This growth is healthy for any market but has forced vendors to take on more of a traditional marketing strategy.
As the 2016 Summer Olympics approach, the cyber community turns its attention to the crowds and target-rich environment created by this high profile sporting event. Over 500,000 attendees to Rio De Janeiro are expected to consume record breaking connectivity volumes. This enormous demand will pose a security challenge for service providers as the 2016 Summer Olympics have the potential to be one of the most vulnerable sporting events in modern history and will provide cyber criminals with numerous opportunities.
Cyber criminals focus on identity theft by deploying malicious software designed to harvest and steal personal information. Technologies designed to enhance the spectator experience also poses challenges. Internet Service Providers (ISP), sponsors, online merchandise stores, gambling websites, hotels, and even federal and city administration networks are potential targets. Each has a different threat scenario based on the vector of attack.