Was North Korea Behind The IoT DDoS Attack?

Uploaded on 2016-11-09 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, INTELLIGENCE-Hot Spots-North Korea, INTELLIGENCE--International, GOVERNMENT-National, FREE TO VIEW

Early in the morning on Oct. 21, multiple big-name sites, including Twitter, Spotify and GitHub, experienced slowdowns as an attack against Domain Name System (DNS) services took shape.

DNS (Domain Name System) is the weakest part of the Internet because it doesn't have much redundancy at the top level and therefore cannot respond to an overwhelming purposeful traffic attack.

In many ways, the internet attack is a wakeup call for organisations to configure DNS for optimal resiliency. More specifically, that means using two (or more) DNS providers and listing multiple name-servers for added resiliency. It's also yet another wakeup for IoT security as the risk of default passwords and unsecured devices is no longer a theoretical one.

Whenever a major security incident takes place in the tech world, you can be certain that US intelligence official, John McAfee, will weigh in with his opinion. The anti-virus pioneer has just revealed who he believes was behind the recent attacks on popular DNS provider Dyn.

A Distributed Denial of Service (DDoS) attack is an attempt to make an online service unavailable by overwhelming it with traffic from multiple sources.

A senior US intelligence official told CNBC that the attacks did not appear to be state-sponsored, but a classic case of internet vandalism. McAfee’s sources disagree. A spokesman told CSO online that the Dark Web is “rife with speculation that North Korea is responsible for the Dyn hack.” Specifically, he claims Bureau 21, the country’s cyber-warfare agency that reportedly consists of over 2000 hackers, launched the assaults.

McAfee added that if Bureau 21 really was responsible, the forensic analysis would point to either China, Russia, or a US group being behind the DDoS attacks. The one-time presidential candidate told social media week that the North Korean group left a false trail pointing toward US DDoS protection company BackConnect Inc. “If all evidence points to this American company [BackConnect], then, with 100% certainty, it is not them,” he said.

Bloomberg reports that Dyn’s director of Internet analysis, Doug Madory, gave a presentation about BackConnect’s alleged questionable practices, such as BGP hijacking, the day before the attacks took place.

One computer security firm claims last week’s attacks involved Mirai, the malware used in the record-breaking 620 Gbps attack on researcher Brian Krebs website last month. Mirai’s source code was subsequently posted on hacking community Hackforums, which Krebs said “virtually guarantees” the internet will be “flooded with attacks from many new botnets powered by insecure routers, IP cameras, digital video recorders and other easily hackable devices.” Looks as if he was right.

Krebs, incidentally, helped Madory with his research into BackConnect.

As large as the attacks were, McAfee believes those responsible have merely been probing the defenses before launching a much bigger assault.

While McAfee has fabricated claims in the past for no other reason than publicity, he admitted his team of “super-hackers” that could break into the San Bernardino iPhone was made up, North Korea will probably be one of the prime suspects in this case.

These attacks have escalated

Unfortunately, such attacks have escalated dramatically over time. The problem started with unsecured computers. Many people (almost certainly including readers of this article) are bad at keeping their computer operating systems updated, with the result that their computers have been quietly subverted and made part of ‘botnets’ made up of thousands of enslaved machines. These computers can then be turned against a target system, repeatedly bombarding it with demands until it is effectively taken off the Internet. Criminals have herded botnets to blackmail the owners of gambling websites by threatening to keep them offline with DDoS attacks until a ransom is paid.

Recently, however, the stakes have escalated. What’s called the “Internet of Things”, the many consumer products connected to the Internet, has created opportunities for botnet herders because these products tend to be badly secured and are usually never updated.

The US attack used the same ‘Mirai’ system, which was recently released into the wild so that anyone with moderate technical skills could use it to compromise and set up their own network of devices.

And unless the perpetrators are found, more attacks do seem likely.

TechSpot:     eWeek:     MatthewWaid.com:     Hackers 'weaponised' Malware To Mount Massive Assault:


 

« Where The Money Is: Bank Robbers Blow Up 492 ATMs
Connected-Cars Could Cost Your Privacy »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

FT Cyber Resilience Summit: Europe

FT Cyber Resilience Summit: Europe

27 November 2024 | In-Person & Digital | 22 Bishopsgate, London. Business leaders, Innovators & Experts address evolving cybersecurity risks.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

DTEX Systems

DTEX Systems

DTEX Systems is the global leader for insider risk management. We empower organizations to prevent data loss by proactively stopping insider risks from becoming insider threats.

Cyber Exec

Cyber Exec

Cyber Exec is an executive search firm dedicated to global talent acquisition in Cyber Security, Information Technology, Defense...

National Security Agency (NSA)

National Security Agency (NSA)

NSA is a US intel agency responsible for the protection of government communications and information systems against penetration and network warfare.

One Identity

One Identity

One Identity delivers identity governance, access management, and privileged account management solutions that facilitate and secure your digital transformation.

DG Technology

DG Technology

DG Technology is a customer-centric technology expert and business consultant that delivers services and products to minimize your information security, compliance, and business risks.

Centurion Information Security

Centurion Information Security

Centurion Information Security is a consulting firm based in Singapore that specialises in penetration testing and security assessment services.

Wotan Monitoring

Wotan Monitoring

Wotan Monitoring is the software solution for fully automatic process monitoring, infrastructure monitoring and end-to-end monitoring.

astarios

astarios

astarios provide near-shore software development services including secure software development (DevSecOps), quality assurance and testing.

Open Raven

Open Raven

Open Raven is the cloud native data security platform that prevents breaches driven by modern speed and sprawl. Restore full visibility and regain control within minutes, without agents.

Allied Telesis

Allied Telesis

Allied Telesis delivers the secure, flexible, and agile solutions needed to meet the expectations of any industry’s critical mission.

Cyber7

Cyber7

CYBER7 is a National Cyber Security Innovation community initiated by Israel National Cyber Directorate, Ministry of Economy and Israel Innovation Authority led by Tech7 – Venture Studio.

Advent One

Advent One

Advent One are recognised for solving intricate dilemmas, not only making technology work but building foundations that customers can grow upon in an effective and secure way.

WheelHouse IT

WheelHouse IT

WheelHouse IT secures, manages, and advances businesses with innovative, cost-effective IT solutions.

Klarytee

Klarytee

Protect your data wherever it goes. Klarytee is a SaaS platform that builds security into sensitive content to enable granular control in AI, public cloud and SaaS.

Arsen Cybersecurity

Arsen Cybersecurity

Arsen is a French cybersecurity startup, dedicated to enhancing human behaviors in cybersecurity.

Anch.AI

Anch.AI

Anch.AI is an Ethical AI Governance platform that helps you comply with EU regulations and avoid risks and penalties when developing and using AI as part of your business.