Internet-of-Things botnet attack felt across the Internet

Post Reply
User avatar
Pigeon
Posts: 18055
Joined: Thu Mar 31, 2011 3:00 pm

Internet-of-Things botnet attack felt across the Internet

Post by Pigeon » Sat Oct 22, 2016 1:44 am

Focused on Dyn

But this second wave of attacks appears to be affecting even more providers. According to Dan Drew, the chief security officer at Level 3 Communications, the attack is at least in part being mounted from a "botnet" of Internet-of-Things (IoT) devices.

Drew explained the attack in a Periscope briefing this afternoon. "We're seeing attacks coming from a number of different locations," Drew said. "An Internet of Things botnet called Mirai that we identified is also involved in the attack."

The botnet, made up of devices like home Wi-Fi routers and Internet protocol video cameras, is sending massive numbers of requests to Dyn's DNS service. Those requests look legitimate, so it's difficult for Dyn's systems to screen them out from normal domain name lookup requests.

Earlier this month, the code for the Marai botnet was released publicly. It may have been used in the massive DDoS attack against security reporter Brian Krebs. Marai and another IoT botnet called Bashlight exploit a common vulnerability in BusyBox, a pared-down version of the Linux operating system used in embedded devices. Marai and Bashlight have recently been responsible for attacks of massive scale, including the attack on Krebs, which at one point reached a traffic volume of 620 gigabits per second.

Link


User avatar
Royal
Posts: 10562
Joined: Mon Apr 11, 2011 5:55 pm

Re: Internet-of-Things botnet attack felt across the Interne

Post by Royal » Sat Oct 22, 2016 7:23 pm

Cool. I wonder if the manufacturers and engineers of all this chaos know what they are creating.

Appears to be a test on non-essential services.

Spooky.

User avatar
Pigeon
Posts: 18055
Joined: Thu Mar 31, 2011 3:00 pm

Re: Internet-of-Things botnet attack felt across the Interne

Post by Pigeon » Sun Oct 23, 2016 1:15 am

They do now and don't care as long as people buy the product.

User avatar
Royal
Posts: 10562
Joined: Mon Apr 11, 2011 5:55 pm

Re: Internet-of-Things botnet attack felt across the Interne

Post by Royal » Tue Oct 25, 2016 12:43 am

Chinese Company Recalls Cameras, DVRs Used In Last Week's Massive DDoS Attack

Brian Krebs notes that the lion's share of these devices were manufactured by a Chinese company named XiongMai Technologies, which almost instantly found a huge swath of its product line contributing to the attack:

"It’s remarkable that virtually an entire company’s product line has just been turned into a botnet that is now attacking the United States,” Nixon said, noting that Flashpoint hasn’t ruled out the possibility of multiple botnets being involved in the attack on Dyn. At least one Mirai [control server] issued an attack command to hit Dyn,” Nixon said. “Some people are theorizing that there were multiple botnets involved here. What we can say is that we’ve seen a Mirai botnet participating in the attack."

For what it's worth, XiongMai was quick to issue a statement announcing that it would be recalling some of its products (mostly webcams), while strengthening password functions (Mirai often depends on default usernames and passwords) and sending users a patch for products made before April of last year. It also issued a poorly translated statement on its role in bringing the U.S. Internet to a crawl for much of Friday:

"Security issues are a problem facing all mankind. Since industry giants have experienced them, Xiongmai is not afraid to experience them once, too," the company statement said.

And while that's all well and good, that's just one company. There are dozens upon dozens of companies and "IoT evangelists" that refuse to acknowledge that they put hype and personal profit ahead of security, by proxy putting the entire internet at risk. Not only do most of these devices lack even the most fundamental security, they usually provide no functionality to help users determine if they're generating traffic or participating in attacks. And these devices are often sitting behind consumer-grade routers on the network that have equally flimsy security while using default username and password combinations.

So while it's nice to see at least one company almost admit culpability, this really is little more than a small drop in a very deep ocean of dysfunction. It's going to take a lot more naming and shaming of the companies that pushed "smart" but idiotic and poorly-secured technologies on consumers if we're to avoid significantly worse (and potentially fatal) attacks.

https://www.techdirt.com/articles/20161 ... tack.shtml


User avatar
Royal
Posts: 10562
Joined: Mon Apr 11, 2011 5:55 pm

Re: Internet-of-Things botnet attack felt across the Interne

Post by Royal » Tue Oct 25, 2016 12:48 am

How Hackers Wrecked the Internet Using DVRs and Webcams
The potential problem has been bubbling up for months, but reached a peak earlier this month when the source code for something called the "Mirai" botnet was released onto the web. Designed to target the Internet of Things specifically, Mirai can scoop up connected devices and add them to a botnet simply by attempting to log into them with their factory-default username and password. Have you changed the password on your smart fridge lately? I thought not.

...


Last month, security researcher Bruce Schneier started sounding the alarm that someone or something was carefully probing the internet for weakness. A scary prospect on its own, and one followed shortly thereafter by the full release of the Mirai code for any ne'er-do-well to use. Today's attack, it would seem, is a confluence of these two events: An attacker who has been carefully surveying the internet for weak points is now openly wielding one of the most capable blunt weapons we've ever seen blast the web.

The most terrifying part: This is probably only the beginning.

http://www.popularmechanics.com/technol ... os-attack/


User avatar
Pigeon
Posts: 18055
Joined: Thu Mar 31, 2011 3:00 pm

Re: Internet-of-Things botnet attack felt across the Interne

Post by Pigeon » Tue Oct 25, 2016 2:43 am

I had read Bruce's and others stuff on the probing. Many didn't put much stock in it. The net is a rising battle front.

Too many people are too lazy to change a password.

Post Reply