23.10.16

DDoS Attack on DYN: An Army of Million Hacked IoT Devices - The Latest IoT Device I Do NOT Want Hacked - Chinese Firm Recalls Webcams Amid DDoS Attack on Dyn

A massive Distributed Denial of Service (DDoS) attack against Dyn, a major domain name system (DNS) provider, broke large portions of the Internet on Friday, causing a significant outage to a ton of websites and services, including Twitter, GitHub, PayPal, Amazon, Reddit, Netflix, and Spotify. But how the attack happened? What's the cause behind the attack? Exact details of the attack remain vague, but Dyn reported a huge army of hijacked internet-connected devices could be responsible for the massive attack. Yes, the same method recently employed by hackers to carry out record-breaking DDoS attack of over 1 Tbps against France-based hosting provider OVH. According to security intelligence firm Flashpoint, Mirai bots were detected driving much, but not necessarily all, of the traffic in the DDoS attacks against DynDNS. Mirai is a piece of malware that targets Internet of Things (IoT) devices such as routers, and security cameras, DVRs, and enslaves vast numbers of these compromised devices into a botnet, which is then used to conduct DDoS attacks. Since the source code of Mirai Botnet has already made available to the public, anyone can wield DDoS attacks against targets.This time hackers did not target an individual site, rather they attacked Dyn that many sites and services are using as their upstream DNS provider for turning internet protocol (IP) addresses into human-readable websites.

The result we all know: Major sites and services including Twitter, GitHub, Reddit, PayPal, Amazon, AirBnb, Netflix, Pinterest, and so on, were among hundreds of services rendered inaccessible to Millions of people worldwide for several hours on Friday. "Flashpoint has confirmed that at least some of the devices used in the Dyn DNS attacks are DVRs, further matching the technical indicators and tactics, techniques, and procedures associated with previous known Mirai botnet attacks," Flashpoint says in a blog post. This type of attack is notable and concerning because it largely consists of unsecured IoT devices, which are growing exponentially with time. These devices are implemented in a way that they cannot easily be updated and thus are nearly impossible to secure. Manufacturers majorly focus on performance and usability of IoT devices but ignore security measures and encryption mechanisms, which is why they are routinely being hacked and widely becoming part of DDoS botnets used as weapons in cyber attacks. An online tracker of the Mirai botnet suggests there are more than 1.2 Million Mirai-infected devices on the Internet, with over 166,000 devices active right now. In short, IoT botnets like Mirai are growing rapidly, and there is no easy way to stop them. According to officials speaking to Reuters, the US Department of Homeland Security (DHS) and the FBI are both investigating the massive DDoS attacks hitting DynDNS, but none of the agencies yet speculated on who might be behind them.

http://thehackernews.com/2016/10/iot-dyn-ddos-attack.html

What if someone hacked this remotely controlled semi-autonomous tractor (vid)?

I am a cybersecurity guy and a huge fan of technology. One of the challenges we are facing in the security industry is the growth of the Internet of Things (IoT). IoT is about connecting everyday ‘things’ to the Internet. It might be a toaster, alarm clock, pressure sensor, valve, security camera, medical pill, or vehicle. The benefits can be tremendous, with remote monitoring, management, and the ability to control something from afar. It can enable machines to do the mundane tasks we want to avoid. This is why the IoT market is exploding. The estimates of IoT devices being connected to the Internet is approximately 25 billion by 2020. But there are risks, because technology is just a tool. One which can be used for noble purposes but also for malicious acts. Every connected device could potentially taken over by someone else, who is not interested in your privacy, security, safety, or prosperity. It can be petty, as with someone who makes your crock pot overcook your dinner. But it can be unnerving and downright dangerous as well. A stalker who hacks your home cameras without you knowing. A terrorist who takes over operation of vehicles on the freeway. A nation state which can undermine an adversaries power grid and water supply. An anarchist who brings down critical equipment in emergency rooms. These are not pleasant situations. Technology can be compromised. So I spend my days looking into such things and pondering the future where technology innovation and security threats intersect.

Here is the latest little gem I am pondering on a lazy Friday afternoon. The benefits of an autonomous tractor, which controlled remotely and with semi-autonomous capabilities, could be great. Taking advantage of narrow harvesting windows and using optimal routes to maximize the crop return. These things could run in packs, doing work 24x7, just stopping for fuel. They might even be able to farm areas we thought impossible. The benefits to the farming output of a nation could be outstanding. But on the other hand, I really don’t want even one of these beasts to be hijacked by some hacker. The damage one could cause would be tremendous. The difficulty of stopping it may prove overwhelming to local law enforcement. A tornado on wheels. This is a good example of the dichotomy of technology and security. There are tremendous potential benefits, but at the same time they are accompanied with grievous potential risks. We as a society, must understand both sides and maneuver in a way which finds a good balance, institutes proper safety measures, and aligns to healthy ethics for the greater community. Security grows more important as we embrace technology.

Read also: Someone Weaponized the Internet of Things

Chinese technology manufacturer Hangzhou Xiongmai has recalled millions of cameras sold in the U.S. after the distributed denial of service (DDoS) attack on DNS provider Dyn on Friday. The attack cut service to major websites, including Twitter, Netflix and Etsy for much the day. Hangzhou Xiongmai provides circuit boards and software for cameras, as well as DVRs and network video recorders.
The Cipher Take: The DDoS attack targeting Dyn, a domain name service (DNS) provider translating human words into code understood by computers (a foundational aspect of the internet’s infrastructure) exploited devices connected to the Internet of Things (IoT). A malicious botnet known as Mirai used brute force to breach IoT devices—like Hangzhou Xiongmai’s webcams—to create networks of bots that amplified the DDoS attack. Hangzhou Xiongmai’s decision to recall their insecure devices signals to other IoT device manufacturers the need to prioritize security in their products—something often recognized only in hindsight.

https://www.thecipherbrief.com/

The ..."Ischys" Take: Chinese made devices are intentionally build to allow backdoors and exploits. Consider the above as a test, a drill. The chinese company was forced to recall their devices as recognized and characterized vulnerable due to the number of them used for the attack.

DHS held an information sharing conference call with 18 major communication services providers the day the distributed denial of service, or DDoS, attack occurred, Johnson said. Friday’s attack targeted Dyn, a company that provides web optimization services to numerous major internet companies. Johnson confirmed security researchers’ reports the Friday attack used a type of malware called Mirai, which targets connected devices such as webcams and entertainment systems, and was earlier used to attack the website of cybersecurity reporter Brian Krebs and a French internet service provider. The DHS cyber operations hub, the National Cybersecurity Communications and Integration Center, is working with law enforcement and private companies on ways to combat the malware, Johnson said. DHS is also working on a set of strategic principles for securing connected devices, known as the internet of things, which will be released in coming weeks, he said.

The internet of things has grown exponentially in recent years but the security of those devices has lagged, Joshua Corman, director of the Atlantic Council’s Cyber Statecraft Initiative, told reporters in a conference call today. Many connected devices carry known software vulnerabilities that can be exploited by hackers, but consumers either don’t know how to patch those vulnerabilities or, in some cases, aren’t able to, he said. On an individual level, those vulnerabilities—a connected refrigerator sending out spam emails, for example—are not particularly dangerous, he said. When those vulnerabilities are taken in aggregate, however, they can do great damage as the Dyn attack showed. “There’s a strong instinct to focus on safety critical [systems] where bits and bytes meet flesh and blood,” Corman said. “The cognitive dissonance from this particular set of attacks is you can’t neglect lower-priority devices.”

http://www.defenseone.com/

No comments :

Print Friendly Version of this pagePrint Get a PDF version of this webpagePDF