New DDOS Attacks Changes Likelihood in Risk Assessments

The hacker must have a method in starting an attack like Dynamic Denial of Service (DDOS). in the last few days. the one which used hacked cameras and DVRs (Brian Krebs story) in attacking many Internet properties.

l3outage-580x330

 

Im sure you have seen the many media stories about this DDOS attack on various media (including Computerworld)

chinesefirmsbehindddosattack

Moneyquote from Computerworld article: Hangzhou Xiongmai Technology, a vendor behind DVRs and internet-connected cameras, said on Sunday that security vulnerabilities involving weak default passwords in its products were partly to blame.”

The hackers used the weak default passwords of these devices (cameras and DVRs – IoTs) to create a program that controlled many of these devices to then create an attack using the simplest method of all – just ask for a connection.

Asking for a connection might be innocuous but when a hundred thousand devices do it then it becomes a traffic jam. And pretty soon it is not a regular traffic jam, but the monster trucker traffic jam.

We have discussed this IoT powder keg before in our “Hidden hacks in Network”  Also “IoT Botnet can DDOS Your Webserver”

 

ddos-reflectorattacks1

What does this new DDOS attack mean for the foreseeable future?

we have to figure out Risk in our compliance-IT departments.

Risk assessment:

Risk = Impact * Likelihood

The interesting thing of  security is that Likelihood can change with the latest occurrences  in the world.

So now all of our Risk calculations are changed.

riskanalysis

In the past many vulnerabilities are downplayed when they consist of some kind of DOS (Denial of Service)

As usual this means that it depends on your impact from a DOS event. If you are using a webserver to accept sales orders and you are getting attacked by these DOS events your Risk has now increased.

What can you do? It may be hard to differentiate the traffic from standard traffic, but that is what we would have to do. Figure out what this malware does and filter the traffic.  Here is where you have to have competent Network Operations Center (NOC)  . The source code to the Mirai malware which was purported to be behind the DDOS attacks  was placed up on GitHub (by James Gallagher) and looks to be still there https://github.com/James-Gallagher/Mirai

What if there is no major impact because there are no sales on the web(Internet)  then there would be no appreciable affect BUT

As Amazon, Twitter and other Internet properties had problems due to the nature of the DDOS as it affected DNS servers providing addresses to the general public.

This particular attack was an indirect attack, as your own servers were not targeted only DNS servers which may or may not have translated  your name to IP addresses across the world. So ‘it depends’ on whether you would have an impact or not.  One thing is for sure if you are creating IoT devices and have lax security default passwords and the like which are vulnerable to these types of attacks, in the future you may be liable  for any damages.

In any case this is a great example for re-evaluating your Internet exposure and updating your risk analysis.

Contact Us to discuss.

 

 

Advertisements