main

Attack Types & VectorsSecurity

Hajime – Sophisticated, Flexible, Thoughtfully Designed and Future-Proof

April 26, 2017 — by Pascal Geenens0

hajime-botnet-960x540.jpg

A glimpse into the future of IoT Botnets

On Oct 16th, Sam Edwards and Ioannis Profetis from Rapidity Networks published a report on a new malware they discovered and named “Hajime.” The report came in the aftermath of the release of the Mirai source code and Mirai’s attacks on Krebs and OVH. Before Hajime was able to make headlines, Mirai was attributed to the attacks that took down Dyn on Oct 21st and lead to a large array of Fortune 500 companies such as Amazon, Netflix, Twitter, CNN, and Spotify being unreachable most of that day. Hajime evaded the attention but kept growing steadily and breeding in silence.

Attack Types & VectorsSecurity

OpIsrael 2017

April 25, 2017 — by Daniel Smith0

opisrael-skyline-960x640.jpg

Ideology, politics and religious differences are at the core of operation OpIsrael. OpIsrael is launched by Anonymous with the stated goal of “erasing Israel from the internet” in protest against the Israeli governments’ conduct in the Israeli- Palestinian conflict. This is a yearly operation and was created in 2012. It starts every year on April 7th and ends on April 20th. This operation sees participants from Anonymous, AnonGhost, Red Cult, Anonymous Lebanon, Mauritania Attackers, Cyber Team Tox, M0oDyPL, MCA DDoS Team and LaResistance Hacking Team along with other independent attackers.

Attack Types & VectorsSecurity

BrickerBot.3: The Janit0r is back, with a vengeance

April 21, 2017 — by Pascal Geenens1

brickerbot-4-featured-1-960x540.jpg

In early April, we identified a new botnet designed to comprise IoT devices and corrupt their storage. Over a four-day period, our honeypots recorded 1,895 PDoS attempts performed from several locations around the world. Its sole purpose was to compromise IoT devices and corrupt their storage. Besides this intense, short-lived bot (BrickerBot.1), our honeypots recorded attempts from a second, very similar bot (BrickerBot.2) which started PDoS attempts on the same date – both bots were discovered less than one hour apart –with lower intensity but more thorough and its location(s) concealed by TOR egress nodes.

Attack Types & VectorsSecurity

Why ISP DDoS Services Typically Fail

April 12, 2017 — by David Monahan0

isp-ddos-protection-960x528.jpg

Over the last couple of years, I wrote about DDoS attacks several times—with good reason. They are increasing in size and intensity. Each year more homes are connected to the Internet; consumers and businesses increase their access connection bandwidth; and more devices are online at each connection. With all these connected devices, many of which have little to no protection, the field is ripe for threat actors to harvest DDoS attack hosts, a.k.a. bots.

Attack Types & VectorsDDoSSecurity

The Expansion of IoT since Mirai.

March 22, 2017 — by Daniel Smith0

iot-mirai-botnet-960x540.jpg

The idea of an Internet of Things (IoT) botnet is nothing new in our industry. In fact, the threat has been discussed for many years by security researchers. It has only now gained public attention due to the release and rampage of the Mirai botnet. Since Mirai broke the 1Tbps mark in late 2016 the IoT threat has become a popular topic of conversation for many industries that utilize connected devices. Not only are companies worried about if their devices are vulnerable but they are also worried if those devices can be used to launch a DDoS attack, one possibly aimed at their own network.

Attack Types & VectorsSecurity

“For Educational Purposes Only”

February 15, 2017 — by Daniel Smith2

educational-purposes-960x634.jpg

Education, freedom and knowledge. These are the pillars for higher learning, but have often been used to describe some open source projects and services that have the potential to be abused by those that are not so innocent. Over the last two years, tools like stressers, Remote Administration Tools (RAT) and ransomware have been published under these pretenses, but do they serve a legitimate purpose? These projects have set off an international debate in the information security community and many wonder if they should be available to the public. Often the justification for these projects is that they are intending to show the potential risks so they can be used to prevent infections or reduce potential damage. With stressers, they claim that the services are to be used to improve and test security products and to understand attack behavior targeting their network. But are they?

Attack Types & VectorsDDoSSecurity

See Through the DDoS Smoke-Screen to Protect Sensitive Data

January 26, 2017 — by Paul Mazzucco0

ddos-as-a-smokescreen-960x640.jpg

DDoS attacks can be costly and risky. TierPoint is witnessing a growing trend of using such attacks as the means to another, potentially more devastating, end: stealing sensitive data. Call this new breed of attack the “DDDoS”—deceptive distributed denial-of-service. For two recent examples, look to attacks on Carphone Warehouse and Linode. By bombarding Carphone Warehouse with online traffic, hackers were able to steal the personal and banking details of 2.4 million people. Similarly, cloud provider Linode suffered more than 30 DDoS attacks which appeared to be a ruse to divert attention away from a breach of user accounts.

Attack Types & VectorsSecurity

Popcorn Time…the First Malware Requiring a Moral Compass

January 18, 2017 — by Jason Engel0

popcorn-time-960x640.jpg

Ransomware traditionally has used self-replicating and distributing features written into the malware itself to search out, break into, and infect unsecure devices. The benefits of this are clear…fast and wide malware distribution touching thousands of devices.

Enter stage left, Popcorn Time…the first ransomware, which uses the human victim themselves to find and target additional victims to continue distribution of the malware. The idea is straightforward. When your computer becomes infected, you have four options: 1) Pay the ransom and gain back control of your data, 2) Identify personal contacts you will try to infect in order to have your data released, essentially blackmailing the victim, 3) Call law enforcement for help and hope they have the resources to help, or 4) Do nothing. Looking at these, there are really only two options that will help the victim: Pay out, or provide targets.