main

Attack Types & VectorsSecurity

Hajime – Sophisticated, Flexible, Thoughtfully Designed and Future-Proof

April 26, 2017 — by Pascal Geenens0

hajime-botnet-960x540.jpg

A glimpse into the future of IoT Botnets

On Oct 16th, Sam Edwards and Ioannis Profetis from Rapidity Networks published a report on a new malware they discovered and named “Hajime.” The report came in the aftermath of the release of the Mirai source code and Mirai’s attacks on Krebs and OVH. Before Hajime was able to make headlines, Mirai was attributed to the attacks that took down Dyn on Oct 21st and lead to a large array of Fortune 500 companies such as Amazon, Netflix, Twitter, CNN, and Spotify being unreachable most of that day. Hajime evaded the attention but kept growing steadily and breeding in silence.

Attack Types & VectorsSecurity

BrickerBot.3: The Janit0r is back, with a vengeance

April 21, 2017 — by Pascal Geenens1

brickerbot-4-featured-1-960x540.jpg

In early April, we identified a new botnet designed to comprise IoT devices and corrupt their storage. Over a four-day period, our honeypots recorded 1,895 PDoS attempts performed from several locations around the world. Its sole purpose was to compromise IoT devices and corrupt their storage. Besides this intense, short-lived bot (BrickerBot.1), our honeypots recorded attempts from a second, very similar bot (BrickerBot.2) which started PDoS attempts on the same date – both bots were discovered less than one hour apart –with lower intensity but more thorough and its location(s) concealed by TOR egress nodes.

Security

5 Recommendations for IoT Manufacturers

January 25, 2017 — by Pascal Geenens6

recommendations-iot-manufacturers-960x640.jpg

As devices get more connected, they potentially get smarter and provide richer functionality. The internet of things (IoT) describes a world where just about anything can be connected, from routers, smart thermostats, smart light bulbs, and door locks to intelligent fridges, or even cars.

In recent events, devices with less than desirable security states were taken over by massive botnets consisting of hundreds of thousands of devices that were able to launch an impressive DDoS attack that crippled several online services.

DDoSSecurityWAF

WAF and DDoS Help You on the Road to GDPR Compliancy

January 19, 2017 — by Pascal Geenens0

gdpr-compliance-960x539.jpg

Data is the currency of today’s digital economy, the oil of the 21st century. Personal data is considered our economical asset generated by our identities and our behavior and we trade it for higher quality services and products. Online platforms act as intermediaries in a two-sided market collecting data from consumers and selling advertising slots to companies. In exchange for our data being collected, we get what appears to be a free service.

The growth and the market capitalization of social platform providers like Facebook and search engines such as Google demonstrate the value of personal data. Personal data also provides new ways to monetize services as news organizations are finding it difficult to charge ‘real’ money for digital news, but leverage our willingness to pay for a selection of ‘free’ news with our personal data. Every 3 out of 4 persons prefer free registration with selective access over a paid registration with full access.

Security

The Shadow Brokers went dark, the NSA weakened and exposed in the cyber war

January 17, 2017 — by Pascal Geenens0

the-shadow-brokers-1-960x638.jpg

On January 12th, the Shadow Brokers announced they are ‘going dark’ by leaving a farewell: “So long, farewell peoples. TheShadowBrokers is going dark, making exit. Continuing is being much risk and b*******, not many bitcoins. … Despite theories, it always being about bitcoins for TheShadowBrokers. Free dumps and b******* political talk was being for marketing attention. There being no bitcoins in free dumps and giveaways. You are being disappointed? Nobody is being more disappointed than TheShadowBrokers.”

Security

DevSecOps and Continuous Security Delivery

January 3, 2017 — by Pascal Geenens0

devsecops-960x640.jpg

The success of an online business depends in large part on the user experience. After all, competitors are only a single click away. There is a broad spectrum of services that impact user experience from an infrastructure and application perspective. Think about page load times, availability, and feature richness. Agility in the delivery infrastructure and continuous delivery of applications have become ubiquitous to the success of an online business. Hyper scale cloud providers such as Google, Amazon, eBay, and Netflix have been leading on highly scalable, agile infrastructure and continuous delivery of applications and are considered the golden standards for the practice of online business.

DDoSHacksSecurity

Is Heat Your Thermostat’s First Priority?

December 1, 2016 — by Pascal Geenens0

Radware_Thermostat_Hack_Cartoon-960x960.png

Mirai has been popping on and off the news and is becoming a commodity resource for large scale DDoS attacks. Although most of the security community have been debating and warning about the IoT threat, there is only evidence for a very specific class of devices being involved in the Mirai attacks. As we came to know the source code and security researchers started to investigate the victimized devices, it was clear that a common class of devices stood out in the list compiled by Krebs: IP cameras, DVRs and a handful of routers. What made them better candidates than your smart toaster or your cloud connected thermostat? The fact that routers are in the list should not be surprising, those devices are per definition connected to the internet and are clearly #1 on the pwning list, which was proven again recently when 900,000 routers from DT where taken offline for service as a result of what is supposed to be an adapted version of Mirai using a remote code execution (RCE) vulnerability through the TR-069 CPE WAN management protocol.

DDoSHacksSecurity

The deplorable state of IoT security

October 20, 2016 — by Pascal Geenens2

internet-of-things-960x640.jpg

Following the public release of the Mirai (You can read more about it here) bot code, security analysts fear for a flood of online attacks from hackers. Mirai exposes worm-like behavior that spreads to unprotected devices, recruiting them to form massive botnets, leveraging factory default credentials and telnet to brute and compromise unsuspecting user’s devices.

Soon after the original attacks, Flashpoint released a report identifying the primary manufacturer of the devices utilizing the default credentials ‘root’ and ‘xc3511’. In itself, factory default credentials should not pose an enormous threat, however combined with services like Telnet or SSH enabled by default and the root password being immutable, the device could be considered a Trojan with a secret backdoor, a secret that now has become public knowledge.