Surprised at Akami. The world knows their limit now. They should have kept him onboard even if a short offline of the host was done to shut down the attack.
The huge distributed denial of service (DDoS) attack which wiped security journalist Brian Krebs' website from the internet came from a million-device-strong Internet of Things botnet. "Attack appears to include numerous IoT devices, including security cameras. Still itemizing them," an Akamai spokesman told El Reg by email. …
That's the problem: besides keeping the firmware up to date, and having non-default passwords, nothing can be done. They have basic configuration security holes you can fly a Deathstar through, and you can't do anything about them, except for not allowing the world+dog to access them through the network.
But most people (vast majority) not only allow world+dog to access them, but the devices don't have the passwords changed or the software updated. And this won't change until the ISPs shut access off until the customers secure the devices.
...not allowing the world+dog to access them through the network.
That! That right there! Some enterprising soul ought to start offering home network security services that start with setting up a router and blocking any attempt to access from outside and move on from there.
An increasing number of cameras seem to, in addition to manufacturer dyndns, have always-on unconfigurable tunnels back to the manufacturer, or some other "cloud" in China, so that the mobile apps will "just work" through quadruple NATs.
My router supports WAN capture and I figured out the external IP the camera connected to with that, and the router also let's me block IPs. Quite a complicated thing to do for most people though!
I made sure I bought wired and kept the box unconnected from our network. If I develop an overwhelming urge for off-site monitoring, well that's what subnets, VPN's, & c. are for. Recording (deliveries anyone?) and bonking when someone comes on-property were my interests.
There are far too may devices out there were you can't change its password or upgrade its firmware. Some of them will have a device-unique password, but is mathematically derived from its MAC address or serial number (Which it'll stuff into every outgoing packet...)
> ... just block the GRE ports and ignore such requests?
Well that would be what the DDoS management service would do. But it needs the ability to divert all the traffic through a site which a) has the bandwidth and b) is able to apply filters to that volume of traffic.
Most ISPs won't have the means to redirect all that traffic AND filter it - even if they have the upstream bandwidth. Trying to filter it at your own site is useless because it's too late then - a few Gbps of traffic down your 10-100Mbps pipe will completely overwhelm everything.
And then there is the issue that dealing with this needs prior planning. It's no good phoning up your ISP and asking them to do it "on the fly" as they won't have anything in place. This is where the DDoD mitigation services come in - what to do when it happens is pre-arranged, so you call them up, they trigger the required changes (typically changing the advertised route), and filter the traffic from their own network before passing it (the filtered :good: traffic) on to you.
Yeah you could. Depending on the router...however even dropped packets could technically cause a DDoS. The router/firewall still has to determine what a packet is before it drops it. A big enough queue of traffic could fill the routers memory up or put a significant load on the processor to prevent other traffic getting through.
Your best bet is to redirect it upstream somewhere.
Whichever has the lowest overhead.
In this case they redirected to a sinkhole.
I generally reserve an IP or two with old crap hardware for this very purpose.
It also helps to have a website that can be shifted easily. This may be part of the reason static content generators are becoming more popular.
In So-IoT Russia they have strong DDoS. Russian DDoS. Covered in bears.
Also, Putin could probably DDoS you by himself. With his shirt off. In the wilderness. Whilst riding a bear that he tamed himself by hypnotising it by waving his massive (and 150% heterosexual) cock and balls.
At least thats what his press team would say.
Seems that IoT is about to bite itself in the ass... if it hasn't already. Add zilch security to basically solutions looking for problems.
As for the cameras... while necessary for many businesses and home security, the manufacturers just don't give a crap as to who has access to them. Pity... security of the device could be a selling point, in my opinion.
The irony of security devices with zilch security shouldn't be lost on anyone.
The way forward is to prosecute a few people for participating in a DDoS.
If they turn around and sue their suppliers, things would change pretty fast. Finding there are liabilities involved is a rapid way of making people aware of the consequences of their negligence.
Are you feeling it now, Mr Krebs?
Seriously though, how long are we going to suffer all this hell of unsecured gadgets and a systems before we get something even remotely secure... (haha, geddit?)
Maybe someone should use such a network and go hit he designers systems, give them a taste of a problem of their own making, methinks?
Cloudflare said it this month staved off another record-breaking HTTPS-based distributed denial-of-service attack, this one significantly larger than the previous largest DDoS attack that occurred only two months ago.
In April, the biz said it mitigated an HTTPS DDoS attack that reached a peak of 15.3 million requests-per-second (rps). The flood last week hit a peak of 26 million rps, with the target being the website of a company using Cloudflare's free plan, according to Omer Yoachimik, product manager at Cloudflare.
Like the attack in April, the most recent one not only was unusual because of its size, but also because it involved using junk HTTPS requests to overwhelm a website, preventing it from servicing legit visitors and thus effectively falling off the 'net.
A Russian operated botnet known as RSOCKS has been shut down by the US Department of Justice acting with law enforcement partners in Germany, the Netherlands and the UK. It is believed to have compromised millions of computers and other devices around the globe.
The RSOCKS botnet functioned as an IP proxy service, but instead of offering legitimate IP addresses leased from internet service providers, it was providing criminals with access to the IP addresses of devices that had been compromised by malware, according to a statement from the US Attorney’s Office in the Southern District of California.
It seems that RSOCKS initially targeted a variety of Internet of Things (IoT) devices, such as industrial control systems, routers, audio/video streaming devices and various internet connected appliances, before expanding into other endpoints such as Android devices and computer systems.
A 33-year-old Illinois man has been sentenced to two years in prison for running websites that paying customers used to launch more than 200,000 distributed denial-of-services (DDoS) attacks.
A US California Central District jury found the Prairie State's Matthew Gatrel guilty of one count each of conspiracy to commit wire fraud, unauthorized impairment of a protected computer and conspiracy to commit unauthorized impairment of a protected computer. He was initially charged in 2018 after the Feds shut down 15 websites offering DDoS for hire.
Gatrel, was convicted of owning and operating two websites – DownThem.org and AmpNode.com – that sold DDoS attacks. The FBI said that DownThem sold subscriptions that allowed the more than 2,000 customers to run the attacks while AmpNode provided customers with the server hosting. AmpNode spoofed servers that could be pre-configured with DDoS attack scripts and attack amplifiers to launch simultaneous attacks on victims.
Wi-Fi 6 and 6E are being promoted as technologies for enabling industrial automation and the Industrial Internet of Things (IIoT) thanks to features that provide more reliable communications and reduced costs compared with wired network alternatives, at least according to the Wireless Broadband Alliance (WBA).
The WBA’s Wi-Fi 6/6E for IIoT working group, led by Cisco, Deutsche Telekom, and Intel, has pulled together ideas on the future of networked devices in factories and written it all up in a “Wi-Fi 6/6E for Industrial IoT: Enabling Wi-Fi Determinism in an IoT World” manifesto.
The detailed whitepaper makes the case that wireless communications has become the preferred way to network sensors as part of IIoT deployments because it's faster and cheaper than fiber or copper infrastructure. The alliance is a collection of technology companies and service providers that work together on developing standards, coming up with certifications and guidelines, advocating for stuff that they want, and so on.
Embedded World AMD is bringing to market a new generation of Ryzen chips for embedded apps promising more CPU cores, enhanced built-in graphics and expanded I/O connectivity to drive kit such as IoT devices and thin clients.
Crucially, AMD plans to make the R2000 Series available for up to 10 years, providing OEM customers with a long-lifecycle support roadmap. This is an important aspect for components in embedded systems, which may be operating in situ for longer periods than the typical three to five-year lifecycle of corporate laptops and servers.
The Ryzen Embedded R2000 Series is AMD's second-generation of mid-range system-on-chip (SoC) processors that combine CPU cores plus Radeon graphics, and target a range of embedded systems such as industrial and robotic hardware, machine vision, IoT and thin client devices. The first, R1000, came out in 2019.
QNAP is warning users about another wave of DeadBolt ransomware attacks against its network-attached storage (NAS) devices – and urged customers to update their devices' QTS or QuTS hero operating systems to the latest versions.
The latest outbreak – detailed in a Friday advisory – is at least the fourth campaign by the DeadBolt gang against the vendor's users this year. According to QNAP officials, this particular run is encrypting files on NAS devices running outdated versions of Linux-based QTS 4.x, which presumably have some sort of exploitable weakness.
The previous attacks occurred in January, March, and May.
The botnet malware EnemyBot has added exploits to its arsenal, allowing it to infect and spread from enterprise-grade gear.
What's worse, EnemyBot's core source code, minus its exploits, can be found on GitHub, so any miscreant can use the malware to start crafting their own outbreaks of this software nasty.
The group behind EnemyBot is Keksec, a collection of experienced developers, also known as Nero and Freakout, that have been around since 2016 and have launched a number of Linux- and Windows-based bots capable of launching distributed denial-of-service (DDoS) attacks and possibly mining cryptocurrency. Securonix first wrote about EnemyBot in March.
A Malaysia-linked hacktivist group has attacked targets in India, seemingly in reprisal for a representative of the ruling Bharatiya Janata Party (BJP) making remarks felt to be insulting to the prophet Muhammad.
The BJP has ties to the Hindu Nationalist movement that promotes the idea India should be an exclusively Hindu nation. During a late May debate about the status of a mosque in the Indian city of Varanasi – a holy city and pilgrimage site – BJP rep Nupur Sharma made inflammatory remarks about Islam that sparked controversy and violence in India.
Canonical's Linux distro for edge devices and the Internet of Things, Ubuntu Core 22, is out.
This is the fourth release of Ubuntu Core, and as you might guess from the version number, it's based on the current Long Term Support release of Ubuntu, version 22.04.
Ubuntu Core is quite a different product from normal Ubuntu, even the text-only Ubuntu Server. Core has no conventional package manager, just Snap, and the OS itself is built from Snap packages. Snap installations and updates are transactional: this means that either they succeed completely, or the OS automatically rolls them back, leaving no trace except an entry in a log file.
Forescout researchers have demonstrated how ransomware could spread through an enterprise from vulnerable Internet-of-Things gear.
The security firm's Vedere Labs team said it developed a proof-of-concept strain of this type of next-generation malware, which they called R4IoT. After gaining initial access via IoT devices, the malware moves laterally through the IT network, deploying ransomware and cryptocurrency miners while also exfiltrating data, before taking advantage of operational technology (OT) systems to potentially physically disrupt critical business operations, such as pipelines or manufacturing equipment.
In other words: a complete albeit theoretical corporate nightmare.
Biting the hand that feeds IT © 1998–2022