Was North Korea Behind The IoT DDoS Attack?

Uploaded on 2016-11-09 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, INTELLIGENCE-Hot Spots-North Korea, INTELLIGENCE--International, GOVERNMENT-National, FREE TO VIEW

Early in the morning on Oct. 21, multiple big-name sites, including Twitter, Spotify and GitHub, experienced slowdowns as an attack against Domain Name System (DNS) services took shape.

DNS (Domain Name System) is the weakest part of the Internet because it doesn't have much redundancy at the top level and therefore cannot respond to an overwhelming purposeful traffic attack.

In many ways, the internet attack is a wakeup call for organisations to configure DNS for optimal resiliency. More specifically, that means using two (or more) DNS providers and listing multiple name-servers for added resiliency. It's also yet another wakeup for IoT security as the risk of default passwords and unsecured devices is no longer a theoretical one.

Whenever a major security incident takes place in the tech world, you can be certain that US intelligence official, John McAfee, will weigh in with his opinion. The anti-virus pioneer has just revealed who he believes was behind the recent attacks on popular DNS provider Dyn.

A Distributed Denial of Service (DDoS) attack is an attempt to make an online service unavailable by overwhelming it with traffic from multiple sources.

A senior US intelligence official told CNBC that the attacks did not appear to be state-sponsored, but a classic case of internet vandalism. McAfee’s sources disagree. A spokesman told CSO online that the Dark Web is “rife with speculation that North Korea is responsible for the Dyn hack.” Specifically, he claims Bureau 21, the country’s cyber-warfare agency that reportedly consists of over 2000 hackers, launched the assaults.

McAfee added that if Bureau 21 really was responsible, the forensic analysis would point to either China, Russia, or a US group being behind the DDoS attacks. The one-time presidential candidate told social media week that the North Korean group left a false trail pointing toward US DDoS protection company BackConnect Inc. “If all evidence points to this American company [BackConnect], then, with 100% certainty, it is not them,” he said.

Bloomberg reports that Dyn’s director of Internet analysis, Doug Madory, gave a presentation about BackConnect’s alleged questionable practices, such as BGP hijacking, the day before the attacks took place.

One computer security firm claims last week’s attacks involved Mirai, the malware used in the record-breaking 620 Gbps attack on researcher Brian Krebs website last month. Mirai’s source code was subsequently posted on hacking community Hackforums, which Krebs said “virtually guarantees” the internet will be “flooded with attacks from many new botnets powered by insecure routers, IP cameras, digital video recorders and other easily hackable devices.” Looks as if he was right.

Krebs, incidentally, helped Madory with his research into BackConnect.

As large as the attacks were, McAfee believes those responsible have merely been probing the defenses before launching a much bigger assault.

While McAfee has fabricated claims in the past for no other reason than publicity, he admitted his team of “super-hackers” that could break into the San Bernardino iPhone was made up, North Korea will probably be one of the prime suspects in this case.

These attacks have escalated

Unfortunately, such attacks have escalated dramatically over time. The problem started with unsecured computers. Many people (almost certainly including readers of this article) are bad at keeping their computer operating systems updated, with the result that their computers have been quietly subverted and made part of ‘botnets’ made up of thousands of enslaved machines. These computers can then be turned against a target system, repeatedly bombarding it with demands until it is effectively taken off the Internet. Criminals have herded botnets to blackmail the owners of gambling websites by threatening to keep them offline with DDoS attacks until a ransom is paid.

Recently, however, the stakes have escalated. What’s called the “Internet of Things”, the many consumer products connected to the Internet, has created opportunities for botnet herders because these products tend to be badly secured and are usually never updated.

The US attack used the same ‘Mirai’ system, which was recently released into the wild so that anyone with moderate technical skills could use it to compromise and set up their own network of devices.

And unless the perpetrators are found, more attacks do seem likely.

TechSpot:     eWeek:     MatthewWaid.com:     Hackers 'weaponised' Malware To Mount Massive Assault:


 

« Where The Money Is: Bank Robbers Blow Up 492 ATMs
Connected-Cars Could Cost Your Privacy »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

AV Test

AV Test

The AV-TEST Institute is a leading international and independent service provider in the fields of anti-virus research and IT security.

Allen & Overy

Allen & Overy

Allen & Overy is an international law firm. Practice areas include Cybersecurity and Data Protection.

EclecticIQ

EclecticIQ

EclecticIQ is a global provider of threat intelligence, hunting and response technology and services.

Oppida

Oppida

Oppida provides tailored IT security services to help you identify security gaps and assist in finding the most effective remediation.

Cyber Security National Lab (CINI)

Cyber Security National Lab (CINI)

The Cyber Security National Lab brings together Italian academic excellence in Cyber Security research.

SafenSoft (SnS)

SafenSoft (SnS)

SafenSoft delivers high-efficiency, low-impact proactive protection against malware, insider threats, and confidential data leakage.

HudsonCyber

HudsonCyber

HudsonCyber, part of HudsonAnalytix, provides leading cyber risk management services for the global maritime transportation industry.

SensorHound

SensorHound

SensorHound’s mission is to improve the security and reliability of the Internet of Things (IoT).

Enzoic

Enzoic

Enzoic is an enterprise-focused cybersecurity company committed to preventing account takeover and fraud through compromised credential detection.

Blumira

Blumira

Blumira provides comprehensive, hybrid cloud security monitoring and reporting for organizations of all sizes, enabling them to detect and respond to cloud security threats quickly and effectively.

HORNE

HORNE

HORNE is a professional services firm supporting clients in public, private & government sectors nationwide.

Quantum Star Technologies

Quantum Star Technologies

Quantum Star Technologies has developed Starpoint to be a next-next-generation solution to cyber security threats. Our mission is to secure the online world through our patented technology.

Sonet.io

Sonet.io

Sonet.io is built for IT leaders that want a great experience for their remote workers, while enhancing security and observability.

Whitaker Brothers

Whitaker Brothers

Whitaker Brothers data destruction equipment can be found in 115 countries and every single continent in the world, from major military organizations to small offices.

Icon Information Systems (ICONIS)

Icon Information Systems (ICONIS)

ICONIS is an integrated infrastructure and service provider, offering unified Information Technology (IT) solutions globally.

Dream

Dream

Dream is developing an AI platform that enables cyber resilience and protects nations from hostile nation-states cyber attacks.