Brian Krebs. OVH. Dyn. And the open-sourcing of the code of the botnet that attacked them. Are you DDoS-defending your business? If not, now is the time.<\/p>\n
<\/p>\n
<\/p>\n
The Mirai botnet has been busy lately. In September, it was used for a couple of massive attacks, one against US-based security journalist Brian Krebs, the other against French web host OVH. In October, the network of IoT devices that make up its bot army (some 380,000, according to its purported author) were used to DDoS Dyn and temporarily cripple a large chunk of the internet in the United States.<\/p>\n
<\/p>\n
But, unfortunately, it gets worse\u2026 much worse<\/em>. Security thought-leaders are sounding the alarm bell after a hacker publicly released the source code for Mirai. After all, the scope of the DDoS attacks from Mirai are highly disturbing. The one that hit Krebs measured 620 gigabits per second. The one that hit OVH measured 1.1 terabits per second. If you are having trouble grasping that sheer attack volume, it\u2019s understandable: Mirai delivers almost unimaginable information-overload by our current standards.<\/p>\n <\/p>\n Mirai is getting the press, but Bashlight is the original, explained Dan Goodin of Ars Technica<\/em><\/a>. \u201cUntil now, the botnets created with the newer and technically more sophisticated Mirai have been greatly outnumbered by those based on its rival Bashlight,\u201d he said, \u201cwith about 233,000 infected devices versus 963,000 respectively.\u201d<\/p>\n <\/p>\n The release of Mirai\u2019s code \u2013 via the user Anna-senpai on Hack Forums<\/em> (a site that has since been accused of running a DDoS-for-hire service) \u2013 is troubling to security pros because easy access means proliferation of gigantic DDoS assaults.<\/p>\n <\/p>\n The post on Hack Forums, which included links to the Mirai source code and noted that it was time to \u201cGTFO\u201d (direct quote) of IoT DDoS due to increased attention. (Source: Security Affairs)\n <\/p>\n Goodin noted that there has been an increased focus among those who use botnets to target CCTV cameras, routers, thermostats, webcams, and other vulnerable IoT devices. Once formed, the army of slaves is used to extract ransom from victims (in exchange for halting a DDoS).<\/p>\n <\/p>\n \u201cBoth Mirai and Bashlight exploit the same IoT vulnerabilities,\u201d said Goodin, \u201cmostly\u2026 weakness involving the telnet remote connection protocol in devices running a form of embedded Linux known as BusyBox.\u201d<\/p>\n <\/p>\n One reason Mirai has become more prominent, though, is that it encrypts communications it sends to central command (i.e., the master). Also, some believe that the conversion of some 80,000 of the 963K Bashlight devices to Mirai suggests that the newer malware may be overtaking and then patching devices so that other botnets can\u2019t reclaim them.<\/p>\n <\/p>\n Although the open sourcing of the code is especially troubling, the attack on Dyn should also not be overlooked when we consider the power that is currently in the hands of botnet operators. Mirai successfully sabotaged the DNS provider Dyn and brought its response time to a crawl (or at least a large portion of the attack came from Mirai slaves). According to Michael Kan of Computerworld<\/em>, many in the security community think that the Dyn DDoS (2 attacks of 130 minutes and 70 minutes, divided by a 2 \u00bd hour break) was more of a warning shot than an actual siege: it just leveraged 100,000 devices of the half-million or so devices then available.<\/p>\n <\/p>\n Why are these attacks becoming such a common form of malicious intrusion?<\/p>\n <\/p>\n Reason #1 \u2013 Easy as 1, 2, 100 thousand<\/strong><\/p>\n One reason DDoS is a go-to for hackers is that it\u2019s simple, and it works. The Dyn attack sidelined household-name web giants such as Spotify, Netflix, Airbnb, and Twitter, all of which use Dyn to connect their site to users.<\/p>\n <\/p>\n \u201cIt doesn’t take particularly advanced hacking skills to block access to those sites,\u201d said Emma Hinchliffe<\/a>. \u201cIt just takes a huge network.\u201d<\/p>\n <\/p>\n Well, how do you access a huge network? Even before the open sourcing of Mirai, the simplicity of carrying out a DDoS has been troubling to those who protect networks. Through paid services, anyone is able to rent a botnet. In fact, the criminally oriented can even have a stressor or booter service do the dirty work for them.<\/p>\n <\/p>\n It is often challenging for the security team or law enforcement to track down the booters because they use proxies to assault you from different locations.<\/p>\n <\/p>\n Reason # 2 \u2013 Cash for peace<\/strong><\/p>\n DDoS-for-ransom, a form of extortion, has been on the rise over the last few years. Essentially you get barraged by traffic, see your site go down, and then get a note letting you know that you can regain your smoothly functional site for a certain amount of Bitcoin.<\/p>\n <\/p>\n Security experts recommend never paying the attackers because there is no guarantee they won\u2019t do it again and because it feeds the growth of the problem; however, some site owners feel they have no choice to get their own revenue coming in again.<\/p>\n <\/p>\n Reason #3 \u2013 Slash-and-burn competition<\/strong><\/p>\n What\u2019s one way to outperform the rivals in your industry? Well, you could make it impossible for them to operate.<\/p>\n <\/p>\n \u201cJust small amounts of downtime can end up costing a company thousands [or millions] of dollars,\u201d noted Christian Sager<\/a>. \u201cIt can also promote negative associations with a brand, so that customers no longer trust their services.\u201d<\/p>\n <\/p>\n Reason #4 \u2013 Hacktivism <\/strong><\/p>\n DDoS isn\u2019t always just about pummeling someone for money. It\u2019s also a way that some actors use to voice dissent. South Korea, the U.S., Russia, and Georgia have historically been DDoS targets. Keep in mind that many of these attacks are thought to be perpetrated by other nations \u2013 which makes them more cyberwarfare than citizen protest. However, individuals do sometimes DDoS governments or companies because they disagree with them ethically.<\/p>\n <\/p>\n Reason #5 \u2013 Rise of the “script kiddy”<\/strong><\/p>\n Some of those behind DDoS events have been given the derisive name \u201cscript kiddies,\u201d highlighting the fact that they lack technical skills (instead grabbing a script in a forum) and have what are viewed as immature intentions.<\/p>\n <\/p>\n For instance, game publishers are sometimes DDoSed immediately following an update, because an irritated player believes they \u201cnerfed\u201d the best part.<\/p>\n <\/p>\n \u201cAlso, let’s be honest, being able to take out a company from your bedroom is probably amusingly empowering in a David and Goliath sort of way,\u201d said Sager. \u201cToday’s DDoS is yesterday’s vandalism.\u201d (Note that he made these comments in 2014, when DDoS was much less destructive and economically devastating than it is today.)<\/em><\/p>\n <\/p>\n Reason #6 \u2013 The overpowering decoy<\/strong><\/p>\n A DDoS is certainly more uncontrollable than a fake duck that you can throw in your hunting bag, but it is sometimes a decoy in the sense of a distraction. In these cases, the directness and crudeness of a DDoS is used as a cover for a more technical, surgical hack. A landmark incident of this Ocean\u2019s-11<\/em>-style assault occurred in 2013, when a botnet operator slammed the Bank of the West with fraudulent requests while they entered an account and withdrew $900K.<\/p>\n <\/p>\n Reason #7 \u2013 This is only a test\u2026<\/strong><\/p>\n A company will occasionally force itself offline \u2013 whether by accident or when intentionally resilience-testing their systems.<\/p>\n <\/p>\n Game servers are not exempt from DDoS.\u00a0 It’s an easy way to gain advantage over competing players in player vs player competition.\u00a0 Learn more about the dedicated game servers from KnownHost.<\/a><\/p>\n <\/p>\n In the post-open-sourcing of Mirai, heavyweight DDoS has become more widely available than ever before. And people continue to have various reasons to want to crash websites.<\/p>\n <\/p>\n In this increasingly volatile climate, are you DDoS-defended? At KnownHost<\/a><\/strong>, we offer complimentary DDOS protection on all VPS<\/a><\/strong> and SSD VPS product lines. See how you\u2019re protected.<\/strong><\/a><\/p>\n <\/p>\n","protected":false},"excerpt":{"rendered":" Brian Krebs. OVH. Dyn. And the open-sourcing of the code of the botnet that attacked them. Are you DDoS-defending your business? If not, now is the time. A supercharged botnet 7 reasons DDoS is popular among hackers Action to DDoS-defend your business A supercharged botnet The Mirai botnet has been busy lately. In […]<\/p>\n","protected":false},"author":137,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1424],"tags":[414,243],"class_list":["post-1449","post","type-post","status-publish","format-standard","hentry","category-security","tag-ddos","tag-hackers"],"yoast_head":"\n7 reasons DDoS is popular among hackers<\/strong><\/h3>\n
Action to DDoS-defend your business<\/strong><\/h3>\n