The act of leaking or flat-out releasing source code of advanced hacking tools isn’t new. It has happened numerous times, especially with high-profile and advanced malware families, such as Zeus, Citadel, Carberp and SpyEye, which have been responsible for losses measuring in the hundreds of millions of dollars. Once dangerous tools are released to the public, they can be downloaded—and modified and enhanced—by anyone.
Unless you have been living under the proverbial rock, you probably heard about a number of Internet of Things (IoT) attacks this fall, beginning with KrebsOnSecurity, then OVH, then the DDoS attack on Dyn DNS. All of this started with a bot called Mirai, and involved IoT devices. Why is this important? By 2020, it is estimated that the number of connected devices is expected to grow exponentially to 50 billion. A survey by HP indicates that about 70% of these devices have vulnerabilities, making them the perfect targets for botnets like Mirai.
The holidays are almost upon us. All around the globe, people are purchasing the latest and greatest gadgets as gifts. Consumers will be linking their new of Internet of Things (IoT) thermostats, doorbells, baby monitors, security cameras, home appliances and even GPS pet trackers to the internet in droves.
On the heels of the holiday season, the International Consumer Electronics Show will take place in Las Vegas, Nevada, where device manufacturers reveal a whole new crop of IoT devices set to hit the market in 2017. Amazon.com now has a team of “Smart Home” consultants who come to your house to help you wade through automation, Wi-Fi, ZigBee, Alexa and a sea of other “things” for your homes.
2016: What a year! Internet of Things (IoT) threats became a reality and somewhat paradoxically spawned the first 1TBs DDoS—the largest DDoS attack in history. Radware predicted these and other 2016 events in the 2015–2016 Global Application and Network Security Report. Since initiating this annual report, we have built a solid track record of successfully forecasting how the threat landscape will evolve. While some variables stay the course, the industry moves incredibly quickly, and it takes just one small catalyst to spark a new direction that nobody could have predicted.
Let’s take a look back at how our predictions fared in 2016—and then explore what Radware sees on the horizon for 2017.
In three massive DDoS attacks, Mirai botnet dazzled the cyber-security industry who long feared the implications of the exponentially growing number of devices connecting to the internet.
So many speculations, blogs and Op-Eds emerged following the attacks on Krebs, OVH and DynDNS. You couldn’t ignore them as everybody had something to say – speculation on who the attackers were, their motivation, the attack vectors and the traffic volumes. In this blog post, we would like to put an end to the speculation, and discuss facts.
On Tuesday, September 20th around 8:00PM, KrebsOnSecurity.com was the target of a record-breaking 620Gbps volumetric DDoS attack designed to take the site offline. A few days later, the same type of botnet was used in a 1Tbps attack targeting the French webhoster OVH. What’s interesting about these attacks was that compared to previous record-holding attacks, which were less than half the traffic volume, they were not using amplification or reflection. In the case of KrebsOnSecurity, the biggest chunk of the attack traffic came in the form of GRE, which is very unusual. In the OVH attack, more than 140,000 unique IPs were reported in what seemed to be a SYN and ACK flood attack.