main

Attack Types & VectorsSecurity

BrickerBot only attacks compromised devices

May 18, 2017 — by Pascal Geenens0

brickerbot-research-update-960x540.jpg

BrickerBot uses a network of globally distributed devices that are passively detecting exploit attempts from devices infected with IoT bots such as Mirai and Hajime. BrickerBot reacts to an exploit attempt by scanning the source of the exploit for a set number of ports, trying to secure the device (assumption based on Janit0r statements) and if not able to, ultimately attempting to brick the device using exactly 90 brick sequences over the telnet session.

As long as IoT devices stay clean from any of the known IoT bots, there is no reason to fear the BrickerBot. While Hajime might have the best of intentions and is trying to proactively protect IoT devices from known malicious bots, it inadvertently will trigger the wrath of BrickerBot.

Attack Types & VectorsSecurity

The offspring of two comic book giants bring us the Bot Squad! Super freaky!

May 9, 2017 — by Carl Herberger0

Radware_The_Bot_Squad-960x960.png

To state the obvious, two well-known comic book giants have lit the imaginations of generations of children. They brought to life the fantasy that humans could be ‘super’ or immortal, or somehow infallible.

Each in their own way combined fantastical combinations of humans with unreal, unbelievable and incredible skills.

In the category of vision enhancement alone, there are legions of characters who have developed themselves in a surreal way, for example, through X-Ray vision, or super-acute vision (something akin to a hawk). Other superheroes were gifted with night vision or even eyes that fired deadly laser beams. However, did you know that these characters dreamt up in comic books all have somewhat real world equivalents? Well, maybe not in people, but clearly in video surveillance systems of the future.

Attack Types & VectorsSecurity

From BrickerBot to Phlashing, Predictions for Next-Level IoT Attacks.

May 2, 2017 — by David Hobbs0

iot-predictions-960x394.jpg

When BrickerBot was discovered, it was the first time we’ve seen a botnet that would destroy an IoT device, making it unusable. We’ve had cameras in the lab for our research on the Mirai botnet, so one was volunteered to be the guinea pig. Watching our beloved research lab’s IP-enabled camera turn into a useless paperweight was somewhat bittersweet. We knew BrickerBot v1 aimed to destroy insecure IoT gear, and this was validation. We had to either take it apart and solder a serial connection to it to re-flash it, or just spend the $60 on a new one to continue our IoT botnet research.

Attack Types & VectorsSecurity

Hajime – Sophisticated, Flexible, Thoughtfully Designed and Future-Proof

April 26, 2017 — by Pascal Geenens0

hajime-botnet-960x540.jpg

A glimpse into the future of IoT Botnets

On Oct 16th, Sam Edwards and Ioannis Profetis from Rapidity Networks published a report on a new malware they discovered and named “Hajime.” The report came in the aftermath of the release of the Mirai source code and Mirai’s attacks on Krebs and OVH. Before Hajime was able to make headlines, Mirai was attributed to the attacks that took down Dyn on Oct 21st and lead to a large array of Fortune 500 companies such as Amazon, Netflix, Twitter, CNN, and Spotify being unreachable most of that day. Hajime evaded the attention but kept growing steadily and breeding in silence.

SecurityService Provider

The Economics of Cyber-Attacks

April 4, 2017 — by Mike O'Malley0

economics-of-cyber-attacks-960x640.jpg

How to Provide State of the Art Protection against Real World Threats

We live in a world where increasing numbers of complex cyber breach tools are available on the Darknet. But what is the Darknet and how do we protect against it? The Darknet is an anonymous and obfuscated section of the internet where criminals can exchange information, tools and money to carry out attacks with little or no traceability. The Darknet provides a service marketplace where criminals can do many of the same things that law-abiding citizens do every day. Criminals search the internet (anonymously). They exchange emails with other criminals and prospective customers, they read news on the latest opensource tools available to perform effective attacks. They even have an online marketplace where cyber-attack services can be ordered and placed into your online shopping cart. In fact, a Darknet marketplace recently advertised $7,500 to rent the now notorious Mirai botnet – the same botnet used to generate a several hundred gigabit multi-vector attack that took down the services of Amazon, BBC, HBO, Netflix, PayPal, Spotify, and many others in October 2016.

Security

IoT Threats: Whose problem is it?

March 16, 2017 — by Ron Winward0

iot-whose-problem-is-it-960x608.jpg

If you think about it 2016 was a year that will forever change the way many people think about cyber security and some fundamental best practices. After the attacks on Dyn shook the internet in October, many organizations will forever deploy redundant DNS services or providers. Further, people now use 1 Tbps as their high watermark for DDoS protections and more organizations are adopting hybrid DDoS protections.

Security

Open-Source Attack Tools Open Pandora’s Box

February 9, 2017 — by Zeev Ravid1

mirai-source-code-960x701.jpg

The act of leaking or flat-out releasing source code of advanced hacking tools isn’t new. It has happened numerous times, especially with high-profile and advanced malware families, such as Zeus, Citadel, Carberp and SpyEye, which have been responsible for losses measuring in the hundreds of millions of dollars. Once dangerous tools are released to the public, they can be downloaded—and modified and enhanced—by anyone.