Was North Korea Behind The IoT DDoS Attack?

Uploaded on 2016-11-09 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, INTELLIGENCE-Hot Spots-North Korea, INTELLIGENCE--International, GOVERNMENT-National, FREE TO VIEW

Early in the morning on Oct. 21, multiple big-name sites, including Twitter, Spotify and GitHub, experienced slowdowns as an attack against Domain Name System (DNS) services took shape.

DNS (Domain Name System) is the weakest part of the Internet because it doesn't have much redundancy at the top level and therefore cannot respond to an overwhelming purposeful traffic attack.

In many ways, the internet attack is a wakeup call for organisations to configure DNS for optimal resiliency. More specifically, that means using two (or more) DNS providers and listing multiple name-servers for added resiliency. It's also yet another wakeup for IoT security as the risk of default passwords and unsecured devices is no longer a theoretical one.

Whenever a major security incident takes place in the tech world, you can be certain that US intelligence official, John McAfee, will weigh in with his opinion. The anti-virus pioneer has just revealed who he believes was behind the recent attacks on popular DNS provider Dyn.

A Distributed Denial of Service (DDoS) attack is an attempt to make an online service unavailable by overwhelming it with traffic from multiple sources.

A senior US intelligence official told CNBC that the attacks did not appear to be state-sponsored, but a classic case of internet vandalism. McAfee’s sources disagree. A spokesman told CSO online that the Dark Web is “rife with speculation that North Korea is responsible for the Dyn hack.” Specifically, he claims Bureau 21, the country’s cyber-warfare agency that reportedly consists of over 2000 hackers, launched the assaults.

McAfee added that if Bureau 21 really was responsible, the forensic analysis would point to either China, Russia, or a US group being behind the DDoS attacks. The one-time presidential candidate told social media week that the North Korean group left a false trail pointing toward US DDoS protection company BackConnect Inc. “If all evidence points to this American company [BackConnect], then, with 100% certainty, it is not them,” he said.

Bloomberg reports that Dyn’s director of Internet analysis, Doug Madory, gave a presentation about BackConnect’s alleged questionable practices, such as BGP hijacking, the day before the attacks took place.

One computer security firm claims last week’s attacks involved Mirai, the malware used in the record-breaking 620 Gbps attack on researcher Brian Krebs website last month. Mirai’s source code was subsequently posted on hacking community Hackforums, which Krebs said “virtually guarantees” the internet will be “flooded with attacks from many new botnets powered by insecure routers, IP cameras, digital video recorders and other easily hackable devices.” Looks as if he was right.

Krebs, incidentally, helped Madory with his research into BackConnect.

As large as the attacks were, McAfee believes those responsible have merely been probing the defenses before launching a much bigger assault.

While McAfee has fabricated claims in the past for no other reason than publicity, he admitted his team of “super-hackers” that could break into the San Bernardino iPhone was made up, North Korea will probably be one of the prime suspects in this case.

These attacks have escalated

Unfortunately, such attacks have escalated dramatically over time. The problem started with unsecured computers. Many people (almost certainly including readers of this article) are bad at keeping their computer operating systems updated, with the result that their computers have been quietly subverted and made part of ‘botnets’ made up of thousands of enslaved machines. These computers can then be turned against a target system, repeatedly bombarding it with demands until it is effectively taken off the Internet. Criminals have herded botnets to blackmail the owners of gambling websites by threatening to keep them offline with DDoS attacks until a ransom is paid.

Recently, however, the stakes have escalated. What’s called the “Internet of Things”, the many consumer products connected to the Internet, has created opportunities for botnet herders because these products tend to be badly secured and are usually never updated.

The US attack used the same ‘Mirai’ system, which was recently released into the wild so that anyone with moderate technical skills could use it to compromise and set up their own network of devices.

And unless the perpetrators are found, more attacks do seem likely.

TechSpot:     eWeek:     MatthewWaid.com:     Hackers 'weaponised' Malware To Mount Massive Assault:


 

« Where The Money Is: Bank Robbers Blow Up 492 ATMs
Connected-Cars Could Cost Your Privacy »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

National Cyber Security Centre Finland (NCSC-FI)

National Cyber Security Centre Finland (NCSC-FI)

The NCSC-FI develops and monitors the operational reliability and security of communications networks and services in Finland.

Concise Technologies

Concise Technologies

Concise Technologies provide specialist IT and telecoms solutions, support services, managed backup, disaster recovery, cyber security and consultancy to SME businesses across the UK and Europe.

Orange Cyberdefense

Orange Cyberdefense

Orange Cyberdefense is the expert cybersecurity business unit of the Orange Group, providing managed security, managed threat detection & response services to organizations around the globe.

National Institute of Information and Communications Technology (NICT) - Japan

National Institute of Information and Communications Technology (NICT) - Japan

NICT is Japan’s sole National Research and Development Agency specializing in the field of information and communications technology.

Crypta Labs

Crypta Labs

Crypta Labs is an Award Winning IOT Security startup that is developing a quantum-based encryption chip to secure the Internet of Things.

Salient CRGT

Salient CRGT

Salient CRGT is a leading provider of health, data analytics, cloud, agile software development, mobility, cyber security, and infrastructure solutions.

ngCERT

ngCERT

ngCERT is the National Computer Emergency Response Team for Nigeria.

Data Destruction London

Data Destruction London

Data Destruction London offers fast, confidential and compliant expert data destruction services to businesses and organisations in London.

Trusona

Trusona

Trusona is a pioneer and leader in passwordless two-factor authentication (2FA).

CybX Security LLC

CybX Security LLC

CybX is the first company of its kind to merge the practice of computer forensics with computer security and information security.

Secura B.V.

Secura B.V.

Secura is an independent specialized cybersecurity expert, providing insights to protect valuable assets and data.

Winbond Electronics

Winbond Electronics

Winbond is a Specialty memory IC company. Product lines include Code Storage Flash Memory, TrustME® Secure Flash, Specialty DRAM and Mobile DRAM.

Spotit

Spotit

Spotit offers a wide-ranging portfolio of technologies and services, from consultancy, assessments and pentesting to the set up of completely new security and network infrastructures.

Resilience Cyber insurance

Resilience Cyber insurance

Resilience helps to improve cyber resilience by connecting cyber insurance coverage with advanced cybersecurity visibility and a shared plan to reinforce great cyber hygiene.

Ampsight

Ampsight

Ampsight specializes in enabling cloud integration, securing data, and navigating complications that drive critical-mission success.

Security Solutions Services (S-3)

Security Solutions Services (S-3)

S-3 specialize in crafting tailored network design, security hardware, software, and storage solutions for businesses of all sizes.