Hackers 'weaponised' Malware To Mount Massive Assault

Uploaded on 2016-10-25 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, FREE TO VIEW

The huge attack on global Internet access on Friday 21st October, which blocked some of the world’s most popular websites, is believed to have been unleashed by hackers using common devices like webcams and digital recorders.

Among the sites targeted recently were Twitter, PayPal and Spotify. All were customers of Dyn, an infrastructure company in New Hampshire in the US that acts as a switchboard for Internet traffic.

Outages were intermittent and varied by geography, but reportedly began in the eastern US before spreading to other parts of the country and Europe.

Users complained they could not reach dozens of Internet destinations, including Mashable, CNN, the New York Times, the Wall Street Journal, Yelp and some businesses hosted by Amazon.

Hackers used hundreds of thousands of internet-connected devices that had previously been infected with a malicious code – known as a “botnet” or, jokingly, a “zombie army” – to force an especially potent distributed denial of service (DDoS) attack.

The aim of a DDoS attack is to overwhelm an online service with traffic from multiple sources, rendering it unavailable. Dyn said attacks were coming from millions of Internet addresses, making it one of the largest attacks ever seen.

Dyn said it had resolved one attack, which disrupted operations for about two hours, but disclosed a second a few hours later that was causing further disruptions. By the evening it was fighting a third.

At least some of the malicious traffic was coming from connected devices, including webcams and digital video recorders. 

Security researchers working with Dyn to investigate the attack have linked it to a network of web-enabled CCTV cameras made by a single Chinese company, XiongMai Technologies.

Allison Nixon, director of research at the security firm Flashpoint, said its web-enabled CCTV cameras and digital video recorders were forcibly networked together using the sophisticated malware program Mirai to direct the crushing number of connection requests to Dyn’s customers. “It’s remarkable that virtually an entire company’s product line has just been turned into a botnet that is now attacking the United States,” she told security researcher Brian Krebs.

The same Mirai malware was used in September to launch what was then described as the biggest DDoS attack ever on Krebs’ website, Krebs on Security. His reporting on cybercrime has made him a target in the past.

Hackers released the source code for Mirai earlier this month, inspiring a significant number of copycats. Experts had warned of increasingly sophisticated botnets, in essence, a weaponised combination of malware and as many as 100,000 hijacked individual devices, just days before the attack.

Researchers at Level 3 Communications, a global communications company focused on managed security, warned earlier this week that “the threat from these botnets is growing” as more and more devices were connected to the web.
The US Department of Homeland Security had issued a warning the previous week.

Mirai was the most sophisticated botnet malware Level 3 had seen yet, able to rotate the IP addresses (likely to avoid detection) about three times as often as had been observed with other botnets. More worryingly still, it was “becoming still more sophisticated”.

Mirai targeted household and everyday devices, such as DVRs, cameras and even kettles, that were connected to the internet, a concept of connectivity commonly referred to as “the internet of things” (IoT). Many were devised without particular mind to security.

Level 3 researchers said the majority, as many as 80%, of botnets were networked DVRs, with the rest routers and other miscellaneous devices such as IP cameras and Linux servers. “The devices are often operated with the default passwords, which are simple for bot herders to guess.”

Michael Mimoso, of cybersecurity research group Kaspersky Lab, estimated that the number of compromised devices had reached 493,000, with most in the US. “But Brazil and Colombia are also high on the list”. 

Dyn categorized the attack as “resolved” shortly after 6pm New York time, but it is still not known who deployed the botnet, and why. “The complexity of the attacks is what’s making it very challenging for us,” the company’s chief strategy officer, Kyle York, told Reuters. Homeland Security and the Federal Bureau of Investigation said they were investigating.

A tweet from WikiLeaks implied that its supporters were behind the attack. “Mr. Assange is still alive and WikiLeaks is still publishing. We ask supporters to stop taking down the US Internet. You proved your point.”  

Security researcher Bruce Schneier caused waves when he wrote in September that someone, probably a country, was “learning how to take down the Internet”. He wrote that “a large nation state” (“China or Russia would be my first guesses”) had been testing increasing levels of DDoS attacks against unnamed core Internet infrastructure providers in what seemed like a test of capability. 

Guardian
 

« FBI Using Big Data To Predict Terrorism
Media Vulnerable To Election Night Cyber-Attack »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

FireEye

FireEye

FireEye delivers unmatched detection, protection and response technology through an extensible and flexible cloud-based XDR platform.

QTS

QTS

QTS Realty Trust, Inc. is a leading provider of secure, compliant data center, hybrid cloud and managed services.

ContentKeeper

ContentKeeper

ContentKeeper provides Web Threat Protection solutions to secure today’s Web 2.0 and mobile centric business environments.

Telecommunications & Digital Government Regulatory Authority (TDRA) - UAE

Telecommunications & Digital Government Regulatory Authority (TDRA) - UAE

TDRA focuses on regulating the telecommunications sector and enabling government entities in the field of smart transformation. It is responsible for the overall digital infrastructure in the UAE.

Data Eliminate

Data Eliminate

Data Eliminate provide data destruction, secure end-of-life IT asset disposal, and data protection consultancy services.

Pentera Security

Pentera Security

Pentera (formerly Pcysys) is focused on the inside threat. Our automated penetration-testing platform mimics the hacker's attack - automating the discovery of vulnerabilities.

Civic Technologies

Civic Technologies

Civic’s Secure Identity Platform (SIP) uses a verified identity for multi-factor authentication on web and mobile apps without the need for usernames or passwords.

Quantifind

Quantifind

Quantifind enables financial crimes/fraud analysts and investigators to make better decisions, faster, with intelligent automation.

ValueMentor

ValueMentor

ValueMentor is a leading cyber security service provider in the Middle East. We enable clients to reduce risk by taking a strategic approach to cybersecurity.

PrivacySavvy

PrivacySavvy

PrivacySavvy's mission is to provide you with all the information that you need to ensure that your internet privacy is intact, your devices are secure, and that any time you step online, you’re safe.

Deft

Deft

Deft (formerly ServerCentral Turing Group) is a trusted provider of colocation, cloud, and disaster recovery services.

Open Data Security (ODS)

Open Data Security (ODS)

Open Data Security is a market leader in the information security sector, offering services to companies, governments and individuals, helping them shield from hackers and cyber attacks.

Prancer

Prancer

Prancer is the industry's first cloud-native, self-service SAAS platform for automated security validation and penetration testing in the cloud.

Gravitee

Gravitee

Gravitee helps organizations manage and secure their entire API lifecycle with solutions for API design, management, security, productization, real-time observability, and more.

GTT Communications

GTT Communications

GTT are a global network provider that serves thousands of multinational and national enterprise, government and carrier customers with a portfolio of advanced connectivity and security services.

Radix Technologies

Radix Technologies

Radix offer end-to-end device management solutions, consolidating all the organization devices, processes and stakeholders into one easy-to-use management platform.