Tag Archives: DDoS

The Cost of a DDoS Attack on the Darknet

17 Mar

Distributed Denial of Service attacks, commonly called DDoS, have been around since the 1990s. Over the last few years they became increasingly commonplace and intense. Much of this change can be attributed to three factors:

1. The evolution and commercialization of the dark web

2. The explosion of connected (IoT) devices

3. The spread of cryptocurrency

This blog discusses how each of these three factors affects the availability and economics of spawning a DDoS attack and why they mean that things are going to get worse before they get better.

Evolution and Commercialization of the Dark Web

Though dark web/deep web services are not served up in Google for the casual Internet surfer, they exist and are thriving. The dark web is no longer a place created by Internet Relay Chat or other text-only forums. It is a full-fledged part of the Internet where anyone can purchase any sort of illicit substance and services. There are vendor ratings such as those for “normal” vendors, like YELP. There are support forums and staff, customer satisfaction guarantees and surveys, and service catalogues. It is a vibrant marketplace where competition abounds, vendors offer training, and reputation counts.

Those looking to attack someone with a DDoS can choose a vendor, indicate how many bots they want to purchase for an attack, specify how long they want access to them, and what country or countries they want them to reside in. The more options and the larger the pool, the more the service costs. Overall, the costs are now reasonable. If the attacker wants to own the bots used in the DDoS onslaught, according to SecureWorks, a centrally-controlled network could be purchased in 2014 for $4-12/thousand unique hosts in Asia, $100-$120 in the UK, or $140 to $190 in the USA.

Also according to SecureWorks, in late 2014 anyone could purchase a DDoS training manual for $30 USD. Users could utilize single tutorials for as low as $1 each. After training, users can rent attacks for between $3 to $5 by the hour, $60 to $90 per day, or $350 to $600 per week.

Since 2014, the prices declined by about 5% per year due to bot availability and competing firms’ pricing pressures.

The Explosion of Connected (IoT) Devices

Botnets were traditionally composed of endpoint systems (PCs, laptops, and servers) but the rush for connected homes, security systems, and other non-commercial devices created a new landing platform for attackers wishing to increase their bot volumes. These connected devices generally have low security in the first place and are habitually misconfigured by users, leaving the default access credentials open through firewalls for remote communications by smart device apps. To make it worse, once created and deployed, manufactures rarely produce any patches for the embedded OS and applications, making them ripe for compromise. A recent report distributed by Forescout Technologies identified how easy it was to compromise home IoT devices, especially security cameras. These devices contributed to the creation and proliferation of the Mirai botnet. It was wholly comprised of IoT devices across the globe. Attackers can now rent access to 100,000 IoT-based Mirai nodes for about $7,500.

With over 6.4 billion IoT devices currently connected and an expected 20 billion devices to be online by 2020, this IoT botnet business is booming.

The Spread of Cryptocurrency

To buy a service, there must be a means of payment. In the underground no one trusts credit cards. PayPal was an okay option, but it left a significant audit trail for authorities. The rise of cryptocurrency such as Bitcoin provides an accessible means of payment without a centralized documentation authority that law enforcement could use to track the sellers and buyers. This is perfect for the underground market. So long as cryptocurrency holds its value, the dark web economy has a transactional basis to thrive.

Summary

DDoS is very disruptive and relatively inexpensive. The attack on security journalist Brian Krebs’s blog site in September of 2016 severely impacted his anti-DDoS service providers’ resources . The attack lasted for about 24 hours, reaching a record bandwidth of 620Gbps. This was delivered entirely by a Mirai IoT botnet. In this particular case, it is believed that the original botnet was created and controlled by a single individual so the only cost to deliver it was time. The cost to Krebs was just a day of being offline.

Krebs is not the only one to suffer from DDoS. In attacks against Internet reliant companies like Dyn, which caused the unavailability of Twitter, the Guardian, Netflix, Reddit, CNN, Etsy, Github, Spotify, and many others, the cost is much higher. Losses can reach multi- millions of dollars. This means a site that costs several thousands of dollars to set up and maintain and generates millions of dollars in revenue can be taken offline for a few hundred dollars, making it a highly cost-effective attack. With low cost, high availability, and a resilient control infrastructure, it is sure that DDoS is not going to fade away, and some groups like Deloitte believe that attacks in excess of 1Tbps will emerge in 2017. They also believe the volume of attacks will reach as high as 10 million in the course of the year. Companies relying on their web presence for revenue need to strongly consider their DDoS strategy to understand how they are going to defend themselves to stay afloat.

DNS – A Critical Cog in the Network Machine

27 Feb

Kevin T. Binder - The Product Marketing Guy

Today’s complex computing networks are painstakingly designed with redundancy from top to bottom. For many organizations the network is the lifeline. Every moment of network downtime results in lost revenue and diminished customer confidence.

Last quarter we saw high profile network outages from GoDaddy.com and AT&T that were the result of DNS infrastructure failures. It got me thinking. Too often critical network services like DNS and DHCP are more of an afterthought during the network design process. IT Mangers want to spend precious budget dollars on fancy routers, ADC’s, and switch fabrics. After the big ticket items are purchased DNS/DHCP services are routinely deployed on general purpose servers. Many have learned the hard way that this isn’t a winning strategy.

GoDaddy

While DNS servers can be vulnerable to DDoS attacks GoDaddy.com blamed the outage on human error and corrupted routing tables. Regardless of where they lay blame, the outage proved t…

View original post 1,650 more words

What does LTE mean for Mobile Security

13 Nov

A Dangerous Convergence

The “IPhone Effect” was only an announcement of what it is to come. It was the disruptive innovation that marked a point of no return in modern consumer electronics. Since then, more and more smart devices of all shapes and sizes have been pushed to the market. The long-awaited LTE has already been deployed in many parts of the world, and even some European operators are due to have their first deployments. Some of the first countries will be UK, Germany, France and Romania.

LTE brings a world of change in the way mobile networks function, starting from the radio network propagation mechanisms to the data exchange within the core network. Having a high-capacity IP network ultimately means reaching out with the internet in everyone’s pocket, literally. The mobile device market reached a critical inflection point at the start of 2011: for the first time, more than half the world’s global internet users – roughly 1 billion people – accessed the internet from a mobile device.

This means the market available for mobile devices is huge and has great prospects. Companies are porting their services for mobile applications, with an increasing diversity of traffic coming through the mobile networks. These include accessing business and personal applications that were once housed in more secure PC and corporate computer environments, including corporate messaging, e-mail and Intranet access, conducting personal finance and banking activities and using mobile devices to take advantage of the growing number of new retail mobile payment applications and services.

Femtocells are seen as a solution to the capacity and propagation issues. Giving home users access to your mobile network is risky business, as it will be easier to gain control of the traffic flow at that node and even to create an attack on the mobile network, so their security is a critical aspect.

Pushing Things To The Edge

Moving the entire network to IP packets brings huge benefits, but it does come with one big security drawback: malitious attacks. The end devices are used to collect important information and are the interface of the users with their internet identity, so their security is critical. However, during the rush to be first on the market, many producers disregard this very important aspect. As we were discussing in the previous articles, the number of mobile devices (both tablets and mobile phones, and soon M2M devices) is due to surge in the upcoming years. The sheer number of vulnerable mobile devices can lead to great threats, many of them posessing an open system architecture to encourage the app developers.

Windows is a good example for our case: at the beginning of computing, noone took the aspect of security into account. It took time for both black hat and white hat hackers to learn about the vulnerabilities of the systems and develop exploits. The situation is somewhat similar, but the adoption is different. Computers evolved gradually, starting from those big machines with punch cards to the blazing fast laptops that we see today, from the ’80s till today. The smartphone adoption is taking place10 TIMES faster, and going up.

In these circumstances, the potential for DDoS is incredible. Imagine the magnitude of the distributed attack using this number of potential zombies. The FBI has issued a warning on new trojans for Android, Loozfon and FinFisher, with the ability to steal information and identity (the IMEI and phone number) and to remotely control and monitor the compromised device. This is meant to be taken as a warning, as the evolution of malware for mobile devices is intensifying, with an exponentially-growing number of threats. How great is it to have all your conversations recorded and your geolocation tracked?

One of the big problems of moving to a distributed architecture is the vulnerability of the systems, as the end devices still lack the resources to implement complex security mechanisms. This opens up some vulnerability issues in the system that need to be covered by re-thinking the architecture and increasing the control over the data traffic. As even the technology educated mobile phone users can become victims, this phaenomenon is difficult to control. Therefore, it is up to the telecom operators and the ISP-s to mitigate threats and find security solutions.

Source: http://techmarketwatch.wordpress.com/2012/11/12/247/

4G LTE could spur DDoS, mobile data theft

3 Oct

Hackers can leverage high speed and data capacity of LTE networks to perpetrate distributed denial-of-service attacks on networks, and also target data on mobile devices.

The rise of 4G LTE networks can bring about security incidents such as distributed denial-of-service (DDoS) attacks on corporate and home networks, and data theft on mobile devices, industry watchers say.

According to Michela Menting, cybersecurity senior analyst at ABI Research, hackers can leverage the high speed and increased data capacity of LTE networks, and fast processing capabilities of smartphones to perpetuate DDoS attacks.

Most nations are susceptible to this as they increasingly wire up with LTE networks and smartphone adoption is increasing rapidly worldwide, she observed.

Elaborating, she noted LTE networks use Internet Protocol (IP) based communication in their transport network and base stations. Their core network point of entrance being through femtocells, a base station which acts as a wireless access point for a home or business, she pointed out.

While femtocells are popular among operators because they are a less expensive alternative to upgrade, they also require the exposure of public IP addresses of security gateways to enable communication between the end-user device and the core network, she noted. An increase in femtocell deployment could lead to more exposure to IP-based threats such as denial-of-service attacks, she said.

“Consequently, increasingly aggressive network attacks against subscriber identity management, routing and roaming, can be expected,” she added.

Mobile devices, data potentially more vulnerable Another observer Patrick Lum, senior consultant at Verizon’s risk group, noted hackers can design malware which create botnets, or centrally controlled networks of compromised systems, and they can be used for the purposes of sending spam or participating in DDoS attacks.

With LTE operating as an IP network and providing higher bandwidth, mobile phones will be a “lucrative” target for hackers looking to expand their existing botnets, Lum explained.

This will also result in a significant increase in new IPs, which could lead to hackers to create phishing attacks which can lead to data theft and loss since many users tend to store sensitive data on their mobile phones, he said.

Femtocells will be deployed wherever people and businesses need them, such as inside homes, shopping centers, airports and hospitals, Menting warned. This means it will be much easier for hackers to “wreak havoc” in specifically targeted areas, she said.

Those that provide online services such as e-commerce and Internet banking are more at risk compared to those with just a Web page, because any disruption in the online service will inevitably lead to a loss in revenue or fines from authorities, he said.

Partner telcos, ISPs, have internal DDoS plan Telcos and internet service providers (ISPs) will have to limit and mitigate threats as they happen, and continuously work to patch vulnerabilities once they are exposed, Menting suggested.

Companies can also have agreements and with the hosting provider or the ISPs providing the network service, Lim added.

“These external parties often have the ability to filter or block DDoS attacks within their own network environment before the attack reaches the victim’s networks,” he said.

Internally, companies must devise a DDoS response plan with key processes and procedures for IT personnel to follow in case of a potential attack, he said. Adequate preparation will enable companies to anticipate DDOS attacks or identifying risk, which will go a long way in preventing significant data or revenue loss for a company, he said.

Source: http://www.zdnet.com/4g-lte-could-spur-ddos-mobile-data-theft-7000005106/

%d bloggers like this: