Resultados 1 a 3 de 3
  1. #1
    WHT-BR Top Member
    Data de Ingresso
    Dec 2010

    [EN] Dyn foi atacado por molecada

    A bunch of kids probably pulled off the biggest DDoS-hack ever

    David Gilbert
    Nov 4, 2016

    Millions of people in the eastern U.S. woke up on a Friday morning in October to find large parts of the internet not working. No Twitter. No Netflix. No Spotify. The issue, as we later learned, was an ominous new kind of cyberattack, where “smart” household devices were marshaled into a zombie army capable of choking critical infrastructure of the web. It was the biggest distributed denial of service (DDoS) attack in history.

    We were also told that given the ubiquity of these internet-connected devices — web cameras and “smart” household items of all sorts, largely made in China and shipped to the States by the boatload — this type of attack would only grow worse and more frequent.

    Since then, the world’s leading cybersecurity experts have been following clues to track who is responsible. They’ve come to a disturbing conclusion: the biggest DDoS attack in history was probably not caused by a state-sponsored actor, organized crime, terror groups, or anyone with a geopolitical or financial motive. So who’s left?

    “Kids,” said Mikko Hypponen, chief research officer with security firm F-Secure. “Kids who have the capability and don’t know what to do with it.”

    “The source code that was released could have been written by a high school student, a smart high school student, but a high school student nonetheless,” security expert Rob Graham said after examining the malware used in the attacks. “It wasn’t particularly sophisticated.”

    The attack was carried out using the Mirai malware — a malicious piece of software designed to hack hardware — that had been posted on a hacking forum for anyone to use. The hackers were able to infect millions of smart devices to work together as an army of zombie computers — known as a botnet — capable of firing huge amounts of internet traffic at servers, which overwhelmed them and knocked them offline.

    The target this time was Dyn, one of the world’s leading Domain Name System (DNS) providers. These companies operate as the phonebooks of the internet, connecting users to the servers hosting the websites they visit. Despite the critical nature of Dyn’s infrastructure, the attack was so huge — reportedly 1.2 terabits per second — the company was unable to prevent its customers from being affected.

    What set this attack apart from other DDoS attacks is the apparent ease with which it was carried out and the critical importance of the service it knocked offline.

    Dyn said it cannot reveal details about the source of the attack or the identity of the attackers because of an ongoing law enforcement investigation.

    But Flashpoint, a security company which has been monitoring this attack from the start, agreed with Hypponen and Graham.

    “The technical and social indicators of this attack align more closely with attacks from the Hackforums community than the other type of actors that may be involved, such as higher-tier criminal actors, hacktivists, nation-states, and terrorist groups,” the director and two other employees wrote on their site.

    Hackforums is an online community where hackers chat, share tools, and offer their services in exchange for money. It was here that a hacker known as Anna Senpai posted the source code to the malware used to compromise hundreds of thousands of “Internet of Things” (IoT) devices across the globe.

    As a demonstration of just how powerful these attacks can be, security researcher Kevin Beaumont revealed that the people behind these botnets have been attempting to knock an entire country offline this week.

    Liberia has a single submarine cable connecting it to the internet, and one of the botnets created with the Mirai malware has been consistently flooding it with traffic to repeatedly knock it offline for short periods of time.

    Beaumont calls the group behind the Liberia attack Shadow Kills, in reference to a mocking message the attackers sent to the researcher.

    While financial gain can motivate script kiddies, typically selling access to their botnets, just as often, they execute attacks such as these to show off or cause disruption and chaos for sport.

    That happened two years ago, when a group of hackers called Lizard Squad attacked the PlayStation Network and Xbox Live, causing a lot of problems for Sony and Microsoft by knocking the networks offline for long periods.

    Just this week in the U.K., a teenager who, at just 15, created a tool to easily carry out DDoS attacks on any website, pled guilty after the police claimed the tool had been used in 1.7 million attacks.

    While security experts may call the method of attack on Dyn unsophisticated, the company holds a different view. Chief Strategy Officer Kyle York said the attack was “complicated, multi-layered, unprecedented, and more distributed than your average attack.”

    In fact, he called that Friday “the proudest day in the company’s history” because of the way the engineers mitigated an attack of this size.

    The success of the attack also took many in the industry by surprise. “I think it is remarkable that the attack was so successful against Dyn, considering the track record the company has,” Hypponen said.

    Aside from the outcome, the fact that the attack leveraged the power of millions of unsecured devices connected directly to the internet — products like CCTV cameras, routers, and DVRs — is part of a worrying trend.

    In September a similar but separate army of zombie devices created by the Mirai malware attacked the website of Brian Krebs, an investigative journalist. Since then, others have used the source code multiple times to create their own botnets, some of which were used in the attack on Dyn.

    In the wake of the high-profile attack on Krebs, multiple members of Hackforums offered access to Mirai botnets for as little as $3 a time. Anyone who hires the botnet can name their target, and the hacker will turn his zombie army in that direction, with the aim of knocking the website offline for a period of time.

    Hackforums administrator Jesse LaBrocca, worried about the negative attention the attack brought on his website, shut down the section selling those services.

    “Unfortunately once again the few ruin it for the many,” LaBrocca wrote.

    The problem facing those who control the backbone of the internet is that if a group of script kiddies can knock large portions of the web offline with such a simple attack, what’s next?

    Unfortunately, there’s no easy fix for the problem. The vulnerable devices contain little to no security, often using default usernames and passwords hardwired at the factory. And the companies that make them — mostly based in China — have little incentive to make them more secure because of a lack of regulation forcing them to do so. Lastly, consumers, typically concerned with price, design, and color when buying a new product, don’t care enough about security to ask the salesman if their shiny new fridge is secure — even though the device may connect to their Wi-Fi and pose a significant security risk.

    Just this week, another major flaw in IoT devices was revealed when researchers showed how a vulnerability in wireless technology used in smart devices like lights, switches, locks, and thermostats could be exploited to take control of those devices.

    “This means that the vendors building these things invest the minimum amount of money possible because it is not a selling point, and this is unlikely to change,” Hypponen said.

    With millions of these devices connected to the internet every week, the problem will only grow. And while it may make for lots of fun for script kiddies, for the rest of us, it’s very worrying.

  2. #2
    WHT-BR Top Member
    Data de Ingresso
    Dec 2010

    Did the Mirai Botnet Really Take Liberia Offline?

    Brian Krebs
    04 Nov 16

    KrebsOnSecurity received many a missive over the past 24 hours from readers who wanted to know why I’d not written about widespread media reports that Mirai — a malware strain made from hacked “Internet of Things” (IoT) devices such as poorly secured routers and IP cameras — was used to knock the entire country of Liberia offline. The trouble is, as far as I can tell no such nationwide outage actually occurred.

    First, a quick recap on Mirai: This blog was taken offline in September following a record 620 Gpbs attack launched by a Mirai botnet. The source code for Mirai was leaked online at the end of September. Since then, the code has been forked several times, resulting in the emergence of several large Mirai-based botnets. In late October, many of the Internet’s top destinations went offline for the better part of a day when Mirai was used to attack Internet infrastructure firm Dyn.

    Enter Kevin Beaumont, a security architect from Liverpool, England who on Thursday published a piece on about an attack by Mirai against Liberia. Beaumont had been researching the output of an automated Twitter account set up by security researchers to monitor attacks from these various Mirai botnets. That Twitter account, @MiraiAttacks, burps out a tweet with each new Mirai attack, listing the targeted Internet address, the attack type, and the observed duration of the attack.

    Beamont’s story noted that a botnet based on Mirai was seen attacking the telecommunications infrastructure in the West African nation of Liberia. Citing anonymous sources, Beaumont said transit providers confirmed an attack of more than 500 Gpbs targeting Liberia’s lone underseas large-transit Internet cable, which Beaumont said “provides a single point of failure for internet access.”

    “From monitoring we can see websites hosted in country going offline during the attacks,” Beaumont wrote. “Additionally, a source in country at a Telco has confirmed to a journalist they are seeing intermittent internet connectivity, at times which directly match the attack. The attacks are extremely worrying because they suggest a Mirai operator who has enough capacity to seriously impact systems in a nation state.”

    Not long after Beamont’s story went live, a piece at The Hacker News breathlessly announced that hackers using Mirai had succeeded in knocking Liberia off the Internet. The Hacker News piece includes nifty graphics and images of Liberia’s underseas Internet cables. Soon after, ZDNet picked up the outage angle, as did the BBC and The Guardian and a host of other news outlets.

    The only problem that I can see with these stories is that there does not appear to have been anything close to a country-wide outage as a result of this Mirai attack.

    Daniel Brewer, general manager for the Cable Consortium of Liberia, confirmed that his organization has fielded inquiries from news outlets and other interest groups following multiple media reports of a nationwide outage. But he could not point to the reason.

    “Both our ACE submarine cable monitoring systems and servers hosted (locally) in LIXP (Liberia Internet Exchange Point) show no downtime in the last 3 weeks,” Brewer said. “While it is likely that a local operator might have experienced a brief outage, we have no knowledge of a national Internet outage and there are no data to [substantiate] that.”

    Yes, multiple sources confirm that Mirai was used to launch an attack exceeding 500 Gbps against a mobile telecom provider in Liberia, but those sources also say the provider in question had a denial-of-service attack mitigation plan in place that kicked into action shortly after the attack began.

    This was confirmed in a tweet on Thursday by Dyn. The company said in a separate tweet that routing in Liberia has been stable for days.

    Akamai, a company with a global Internet presence and visibility, said it saw a dip in traffic levels from Liberia. Akamai tweeted a graphic Thursday evening that indicated traffic to Liberia was lower than normal as compared to traffic patterns from previous days this week. But there was nothing to indicate a nationwide outage, and the dip in traffic may just as well have to do with the fact that the first Thursday of November in Liberia is Thanksgiving, a public holiday there.

    “Neither @dynresearch nor @akamai_soti have data supporting the assertion that Liberia suffered a national outage,” tweeted Dyn’s Doug Madory.

    To recap: Did a Mirai botnet attack an infrastructure provider in Liberia? No question. Is the IoT problem bad enough that we have to worry about entire countries being knocked offline? Quite possibly. Was there an outage that knocked the country of Liberia offline this week? I have yet to see the evidence to support that claim.

  3. #3
    WHT-BR Top Member
    Data de Ingresso
    Dec 2010

    Akamai Revenue Jumps Thanks to Demand for Cloud Security

    Akamai Stock Reaches 12-Month High As It Becomes Less Reliant on Apple & Netflix

    Akamai's strong quarter rested on newfound traction in the data security market, as the company's content delivery services have turned out to be useful for preventing so-called distributed denial of service (DDoS) attacks.

    The company's cloud security business was its largest source of growth, contributing $95 million in revenue, a 46 percent year-over-year increase.

    The company's leadership is not shy about pursuing this revenue-generation strategy.

    "Enterprises need solutions capable of defending against massive botnets that are exploiting millions of online devices," said CEO Tom Leighton in a prepared statement. "This is an area where Akamai's unique architecture and ongoing investments in global scale and security innovation continue to make a critical difference."

    Dylan Martin

    Wall Street is rallying around Akamai Technologies after the Cambridge-based security and cloud performance company beat analysts' expectations on earnings and revenue in the company's third quarter financial report on Tuesday.

    As of early Wednesday afternoon, Akamai's stock price was up more than 15 percent to over $68 per share, the highest it's been since October of last year.

    It's the largest recovery Akamai has made after its stock had a steady decline for nearly four months starting in October 2015 after the company gave soft guidance on revenue and net income for the fourth quarter last year. At the time, the company said it was the result of an expected revenue drop from large media accounts — largely believed to be Netflix and Apple, which are building their own content distribution networks and, consequently, becoming less reliant on Akamai.

    For this year's third quarter, Akamai posted a revenue of $584 million, a 6 percent increase over the previous year and $12 million above the analysts' consensus estimate. Its earnings was 68 cents per share, seven cents above Wall Street expectations. The company's cloud security business was its largest source of growth, contributing $95 million in revenue, a 46 percent year-over-year increase. Its performance and security business remained the largest piece of the pie, with $345 million in revenue.

    Tom Leighton, Akamai's CEO, said in the company's Q3 earnings call Tuesday that Akamai is becoming less vulnerable to companies developing their own content distribution networks as it diversifies its revenue streams. Excluding the impact of what he called the "do-it-yourself" efforts of Amazon, Apple, Facebook, Google, Microsoft and Netflix, he said the company's revenue this quarter was $526 million, up 15 percent year-over-year.

    "It's important to note that our future exposure to DIY on these accounts is now more limited than in prior quarters, since these six companies collectively accounted for 10 percent of our total revenue in the third quarter, down from 17 percent in Q3 of last year," he said.

Permissões de Postagem

  • Você não pode iniciar novos tópicos
  • Você não pode enviar respostas
  • Você não pode enviar anexos
  • Você não pode editar suas mensagens