Was North Korea Behind The IoT DDoS Attack?

Uploaded on 2016-11-09 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, INTELLIGENCE-Hot Spots-North Korea, INTELLIGENCE--International, GOVERNMENT-National, FREE TO VIEW

Early in the morning on Oct. 21, multiple big-name sites, including Twitter, Spotify and GitHub, experienced slowdowns as an attack against Domain Name System (DNS) services took shape.

DNS (Domain Name System) is the weakest part of the Internet because it doesn't have much redundancy at the top level and therefore cannot respond to an overwhelming purposeful traffic attack.

In many ways, the internet attack is a wakeup call for organisations to configure DNS for optimal resiliency. More specifically, that means using two (or more) DNS providers and listing multiple name-servers for added resiliency. It's also yet another wakeup for IoT security as the risk of default passwords and unsecured devices is no longer a theoretical one.

Whenever a major security incident takes place in the tech world, you can be certain that US intelligence official, John McAfee, will weigh in with his opinion. The anti-virus pioneer has just revealed who he believes was behind the recent attacks on popular DNS provider Dyn.

A Distributed Denial of Service (DDoS) attack is an attempt to make an online service unavailable by overwhelming it with traffic from multiple sources.

A senior US intelligence official told CNBC that the attacks did not appear to be state-sponsored, but a classic case of internet vandalism. McAfee’s sources disagree. A spokesman told CSO online that the Dark Web is “rife with speculation that North Korea is responsible for the Dyn hack.” Specifically, he claims Bureau 21, the country’s cyber-warfare agency that reportedly consists of over 2000 hackers, launched the assaults.

McAfee added that if Bureau 21 really was responsible, the forensic analysis would point to either China, Russia, or a US group being behind the DDoS attacks. The one-time presidential candidate told social media week that the North Korean group left a false trail pointing toward US DDoS protection company BackConnect Inc. “If all evidence points to this American company [BackConnect], then, with 100% certainty, it is not them,” he said.

Bloomberg reports that Dyn’s director of Internet analysis, Doug Madory, gave a presentation about BackConnect’s alleged questionable practices, such as BGP hijacking, the day before the attacks took place.

One computer security firm claims last week’s attacks involved Mirai, the malware used in the record-breaking 620 Gbps attack on researcher Brian Krebs website last month. Mirai’s source code was subsequently posted on hacking community Hackforums, which Krebs said “virtually guarantees” the internet will be “flooded with attacks from many new botnets powered by insecure routers, IP cameras, digital video recorders and other easily hackable devices.” Looks as if he was right.

Krebs, incidentally, helped Madory with his research into BackConnect.

As large as the attacks were, McAfee believes those responsible have merely been probing the defenses before launching a much bigger assault.

While McAfee has fabricated claims in the past for no other reason than publicity, he admitted his team of “super-hackers” that could break into the San Bernardino iPhone was made up, North Korea will probably be one of the prime suspects in this case.

These attacks have escalated

Unfortunately, such attacks have escalated dramatically over time. The problem started with unsecured computers. Many people (almost certainly including readers of this article) are bad at keeping their computer operating systems updated, with the result that their computers have been quietly subverted and made part of ‘botnets’ made up of thousands of enslaved machines. These computers can then be turned against a target system, repeatedly bombarding it with demands until it is effectively taken off the Internet. Criminals have herded botnets to blackmail the owners of gambling websites by threatening to keep them offline with DDoS attacks until a ransom is paid.

Recently, however, the stakes have escalated. What’s called the “Internet of Things”, the many consumer products connected to the Internet, has created opportunities for botnet herders because these products tend to be badly secured and are usually never updated.

The US attack used the same ‘Mirai’ system, which was recently released into the wild so that anyone with moderate technical skills could use it to compromise and set up their own network of devices.

And unless the perpetrators are found, more attacks do seem likely.

TechSpot:     eWeek:     MatthewWaid.com:     Hackers 'weaponised' Malware To Mount Massive Assault:


 

« Where The Money Is: Bank Robbers Blow Up 492 ATMs
Connected-Cars Could Cost Your Privacy »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Orolia

Orolia

Orolia are experts in deploying high precision GPS time through network infrastructure to synchronize critical operations.

TZ-CERT

TZ-CERT

TZ-CERT is the National Computer Emergence Response Team of Tanzania.

Monegasque Digital Security Agency (AMSN)

Monegasque Digital Security Agency (AMSN)

AMSN is the national authority in charge of the security of information systems in Monaco.

Seekurity

Seekurity

Seekurity is an information security consulting firm specialized in all areas of Cyber Security including Penetration Testing, Vulnerability Assessments and Risk Management.

CyberCareers.gov

CyberCareers.gov

CyberCareers.gov is a platform for Cybersecurity Job Seekers, Federal Hiring Managers and Supervisors, Current Federal Cybersecurity Employees, Students and Universities.

Cyber Threat Defense (CT Defense)

Cyber Threat Defense (CT Defense)

CT Defense specialize in penetration testing and security assessments.

New Enterprise Associates (NEA)

New Enterprise Associates (NEA)

As one of the world’s largest and most active venture capital firms, NEA has developed deep domain expertise and insight into our industries of focus - technology and healthcare.

ThreatLocker

ThreatLocker

The ThreatLocker Platform provides a Zero Trust security solution that offers a unified approach to protecting users, devices, and networks against the exploitation of zero day vulnerabilities.

ViewQwest

ViewQwest

ViewQwest is a regional telecommunications & information technology services company. We specialize in providing Connectivity, Managed Network, Managed SD-WAN, and Managed Security solutions.

ZX Security

ZX Security

ZX Security is a New Zealand owned and operated cyber security consultancy.

c0c0n

c0c0n

c0c0n is the longest running conferences in the area of Information Security and Hacking, in India.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Somos

Somos

From voice to messaging to fraud prevention and beyond, Somos are committed to developing innovative solutions that ensure that our ability to maintain trustworthy connections never stops.

PureSoftware

PureSoftware

PureSoftware is a global software products and digital services company that is driving transformation for the world’s top organizations across various industry verticals.

CBIT Digital Forensics Services (CDFS)

CBIT Digital Forensics Services (CDFS)

CDFS is Australia’s premier supplier of digital forensic tools, industry-embedded training and certification to Law Enforcement, Government, and Corporate Enterprise.

CyTwist

CyTwist

CyTwist is an early warning attack detection platform that complement your existing security suite and provides your security teams with unique detection capabilities of stealth targeted attacks.