As 2017 comes to a close, we decided to take a look back at a number of new attack types and threats that we saw throughout the year. Our team took a deep dive into researching and testing many of these threats to find out how they operate and how big of a threat they really were, through setting up honeypots, intentionally bricking a colleague’s device, and setting up IoT chatbots. Below are some of the highlights from our year:
The following is a Q&A with Daniel Smith, an information security researcher for Radware’s Emergency Response Team. He focuses on security research and risk analysis for network and application based vulnerabilities. Daniel’s research focuses in on Denial-of-Service attacks and includes analysis of malware and botnets. As a white-hat hacker, his expertise in tools and techniques helps Radware develop signatures and mitigation attacks proactively for its customers.
It’s difficult to have missed the headlines on the new IoT botnet threat that is forming and the storm that might come with it. Why is the world under the spell of this new threat? What makes it different from Mirai? Why could it potentially become the most threatening botnet ever seen?
In early April, we identified a new botnet designed to comprise IoT devices and corrupt their storage. Over a four-day period, our honeypots recorded 1,895 PDoS attempts performed from several locations around the world. Its sole purpose was to compromise IoT devices and corrupt their storage. Besides this intense, short-lived bot (BrickerBot.1), our honeypots recorded attempts from a second, very similar bot (BrickerBot.2) which started PDoS attempts on the same date – both bots were discovered less than one hour apart –with lower intensity but more thorough and its location(s) concealed by TOR egress nodes.
How to Provide State of the Art Protection against Real World Threats
We live in a world where increasing numbers of complex cyber breach tools are available on the Darknet. But what is the Darknet and how do we protect against it? The Darknet is an anonymous and obfuscated section of the internet where criminals can exchange information, tools and money to carry out attacks with little or no traceability. The Darknet provides a service marketplace where criminals can do many of the same things that law-abiding citizens do every day. Criminals search the internet (anonymously). They exchange emails with other criminals and prospective customers, they read news on the latest opensource tools available to perform effective attacks. They even have an online marketplace where cyber-attack services can be ordered and placed into your online shopping cart. In fact, a Darknet marketplace recently advertised $7,500 to rent the now notorious Mirai botnet – the same botnet used to generate a several hundred gigabit multi-vector attack that took down the services of Amazon, BBC, HBO, Netflix, PayPal, Spotify, and many others in October 2016.
If you think about it 2016 was a year that will forever change the way many people think about cyber security and some fundamental best practices. After the attacks on Dyn shook the internet in October, many organizations will forever deploy redundant DNS services or providers. Further, people now use 1 Tbps as their high watermark for DDoS protections and more organizations are adopting hybrid DDoS protections.
Radware’s Pascal Geenens walks us through 10 questions regarding the cyber security threat landscape, trends in the Darknet, motivations for attacks, and much more.
The act of leaking or flat-out releasing source code of advanced hacking tools isn’t new. It has happened numerous times, especially with high-profile and advanced malware families, such as Zeus, Citadel, Carberp and SpyEye, which have been responsible for losses measuring in the hundreds of millions of dollars. Once dangerous tools are released to the public, they can be downloaded—and modified and enhanced—by anyone.
Unless you have been living under the proverbial rock, you probably heard about a number of Internet of Things (IoT) attacks this fall, beginning with KrebsOnSecurity, then OVH, then the DDoS attack on Dyn DNS. All of this started with a bot called Mirai, and involved IoT devices. Why is this important? By 2020, it is estimated that the number of connected devices is expected to grow exponentially to 50 billion. A survey by HP indicates that about 70% of these devices have vulnerabilities, making them the perfect targets for botnets like Mirai.
The holidays are almost upon us. All around the globe, people are purchasing the latest and greatest gadgets as gifts. Consumers will be linking their new of Internet of Things (IoT) thermostats, doorbells, baby monitors, security cameras, home appliances and even GPS pet trackers to the internet in droves.
On the heels of the holiday season, the International Consumer Electronics Show will take place in Las Vegas, Nevada, where device manufacturers reveal a whole new crop of IoT devices set to hit the market in 2017. Amazon.com now has a team of “Smart Home” consultants who come to your house to help you wade through automation, Wi-Fi, ZigBee, Alexa and a sea of other “things” for your homes.