The idea of an Internet of Things (IoT) botnet is nothing new in our industry. In fact, the threat has been discussed for many years by security researchers. It has only now gained public attention due to the release and rampage of the Mirai botnet. Since Mirai broke the 1Tbps mark in late 2016 the IoT threat has become a popular topic of conversation for many industries that utilize connected devices. Not only are companies worried about if their devices are vulnerable but they are also worried if those devices can be used to launch a DDoS attack, one possibly aimed at their own network.
Radware’s Pascal Geenens walks us through 10 questions regarding the cyber security threat landscape, trends in the Darknet, motivations for attacks, and much more.
Education, freedom and knowledge. These are the pillars for higher learning, but have often been used to describe some open source projects and services that have the potential to be abused by those that are not so innocent. Over the last two years, tools like stressers, Remote Administration Tools (RAT) and ransomware have been published under these pretenses, but do they serve a legitimate purpose? These projects have set off an international debate in the information security community and many wonder if they should be available to the public. Often the justification for these projects is that they are intending to show the potential risks so they can be used to prevent infections or reduce potential damage. With stressers, they claim that the services are to be used to improve and test security products and to understand attack behavior targeting their network. But are they?
DDoS attacks can be costly and risky. TierPoint is witnessing a growing trend of using such attacks as the means to another, potentially more devastating, end: stealing sensitive data. Call this new breed of attack the “DDDoS”—deceptive distributed denial-of-service. For two recent examples, look to attacks on Carphone Warehouse and Linode. By bombarding Carphone Warehouse with online traffic, hackers were able to steal the personal and banking details of 2.4 million people. Similarly, cloud provider Linode suffered more than 30 DDoS attacks which appeared to be a ruse to divert attention away from a breach of user accounts.
Ransomware traditionally has used self-replicating and distributing features written into the malware itself to search out, break into, and infect unsecure devices. The benefits of this are clear…fast and wide malware distribution touching thousands of devices.
Enter stage left, Popcorn Time…the first ransomware, which uses the human victim themselves to find and target additional victims to continue distribution of the malware. The idea is straightforward. When your computer becomes infected, you have four options: 1) Pay the ransom and gain back control of your data, 2) Identify personal contacts you will try to infect in order to have your data released, essentially blackmailing the victim, 3) Call law enforcement for help and hope they have the resources to help, or 4) Do nothing. Looking at these, there are really only two options that will help the victim: Pay out, or provide targets.
Unless you have been living under the proverbial rock, you probably heard about a number of Internet of Things (IoT) attacks this fall, beginning with KrebsOnSecurity, then OVH, then the DDoS attack on Dyn DNS. All of this started with a bot called Mirai, and involved IoT devices. Why is this important? By 2020, it is estimated that the number of connected devices is expected to grow exponentially to 50 billion. A survey by HP indicates that about 70% of these devices have vulnerabilities, making them the perfect targets for botnets like Mirai.
In 2015, we made a number of predictions for the upcoming year. One of the bigger predictions was that we would see the continued rise of ransomware and RDoS (ransom-denial-of-service) attacks. When we look back at the year, we were right – 56% of companies we surveyed reported being threatened in this manner.
Because these attacks have become so prevalent, it’s important to understand the motives behind them, and how to protect your organization. Below is a round-up of some of our most popular blog posts to bring you up to speed on this threat:
How much someone is willing to pay in a ransom attack varies greatly by age, with younger consumers likely to pay more.
That’s one of the findings in a new study among over 2,000 U.S. adults conducted online on behalf of Radware by Harris Poll. It’s not a great sign after a year when ransom attacks locked up patient records at hospitals and disabled MUNI ticket machines in San Francisco. The attacks included ransomware, ransom DDoS, and other threats designed to extort money from unprepared organizations. Many variants arose, including Locky and Petya that propagate through spam emails and phishing, respectively; Samas, which exploits webserver vulnerabilities; and Cerber, which imitates an Adobe Flash player update.
Who is to blame when hackers take control of thousands of internet-connected devices to carry out a DDoS attack?
That’s what security researchers have been asking since the Dyn attack hamstrung dozens of major websites in October. Using the Mirai malware, hackers harnessed 100,000 internet-connected devices in a DDoS attack that reportedly reached 1.2 Tbps. Those devices, from cameras to DVRs, are often consumer-owned, and we wanted to see what consumers thought of their devices being co-opted for these attacks.
We asked them where they’d point fingers if their devices are compromised and used as part of an IoT botnet.
2016: What a year! Internet of Things (IoT) threats became a reality and somewhat paradoxically spawned the first 1TBs DDoS—the largest DDoS attack in history. Radware predicted these and other 2016 events in the 2015–2016 Global Application and Network Security Report. Since initiating this annual report, we have built a solid track record of successfully forecasting how the threat landscape will evolve. While some variables stay the course, the industry moves incredibly quickly, and it takes just one small catalyst to spark a new direction that nobody could have predicted.
Let’s take a look back at how our predictions fared in 2016—and then explore what Radware sees on the horizon for 2017.