I.e. No More Netflix??
DefenseOne has the story:
So as we are now all at home with our dogs, cats and families. Are we more or less susceptible with a massive DDOS attack from Russia?
DDOS = Distributed Denial Of Service
We have discussed DDOS attacks before “New DDOS Attacks Changes Likelihood in Risk Assessments” 10/24/2016
“IoT botnet can DDOS your webserver” 6/27/2016
from the post:
KerneronSecurity³ wrote about this in March 22, 2016. 70 CCTV vendors have a remote code execution bug. And apparently this has been going on since 2014.
Looking at the old posts, this is not a new problem, in fact we have been hit by IoT botnets before.
Does the DefenseOne story require us to change our risk assessment? It looks like Russia has been working on new tools to make attacks (Fronton) for several years as Fronton was started near 2017. This should not be a surprise to anyone in the Cybersecurity industry. Russia and most other ‘state actors’ like China, Iran, and N Korea are _always_ creating more tools.
So Russia created a tool in 2017 and it is being discussed now as it is a newer version. The DDOS potential is always at a certain point and can get worse as the vendors ignore their hardware and allow for vulnerabilities not to be patched.
As IoT devices get vulnerabilities they will need patches, and the user has to be technically savvy to upload the patch.
And now we know how the state-actors have hundreds and thousands of potential reflector targets for their bidding.
The state-actors are always getting better at their craft. You have to improve also. It may not be a “new problem” but it is a problem.
So one has to make a determination – how much of a target are you? Would you be ‘interesting’ to the state actors? NKorea has to make money somehow… they took down Sony at one point a few years ago “Still discussing Sony Attack … but why?”
Sony was an unusual attack since the suspected attacker (NKorea) deleted data and performed DOS(Denial Of Service) attacks.
Every business has to make its own determination on how susceptible one may be to a DOS attack.
The famous kevin Mitnick attack used a DOS attack as a diversion to attack the target he wanted to make.
Mitnick attack outlined in this mcmaster.ca website.
Noticed more articles on this Russia attack angle, ZDnet article:
“Digital Revolution” is the hacker group leaking details about ‘Fronton’ IoT botnet developed by a Russian contractor.
Fronton — the FSB’s IoT botnet
According to screenshots shared by the hacker group, which ZDNet asked security researchers to analyze, and based on BBC Russia’s report from earlier this week, we believe the Fronton project describes the basics of building an IoT botnet.
The above paragraph is an important point from the Digital revolution’s posted information (as one has to translate first). the are on Twitter, and one can see their posts right now (03/24/2020).
This news just confirms the points made elsewhere, and the true meaning of this depends on what you have to hide/protect in your network. A good DDOS attack may stop you from running on the Internet, or at least certain servers. Your network may not go down completely – it depends. You can also spend more money building capacity and make the FSB’s life more difficult. SO it depends on what you are trying to accomplish.
You should contact me to discuss what prevention or risk determination to perform.