Saturday, November 2, 2024
HomeComputer SecurityRussia, Routers, and Why Virtually Everyone is part of the DDoS Problem

Russia, Routers, and Why Virtually Everyone is part of the DDoS Problem

Published on

Malware protection

Every day, the vast majority of us do our best to not contribute to major global problems. We recycle. We bring our cars in for emissions testing. We stop ourselves from spending $120 on a pair of fake Yeezys and bolstering the counterfeit goods industry. Yes, we are heroes.

However, DDoS attack have become a veritable worldwide epidemic, and it would seem a lot of people either don’t know enough or don’t care enough to do anything about the fact that DDoS attacks would not be as widespread and successful as they are without the help of our many connected devices.

This is what’s happening, as well as what needs to be done.

- Advertisement - SIEM as a Service

Basics and Beyond

For all the innovative attack methods and impressive record-setting numbers that have cropped up in the last few years, at its core a distributed denial of service attack hasn’t mutated much from the standard DDoS definition: it’s a popular cyber attack that uses the resources of a botnet to overwork a target network or server with the aim of rendering the target service or website unavailable to its users and customers. In a nutshell, it’s an attack that aims to cause downtime.

What have hugely mutated in the DDoS landscape are the botnets forming the weaponry of these damaging attacks. Botnets have evolved from networks of malware-infected computers, with attackers lucky to put together botnets with thousands of computers thanks to anti-virus programs, to networks of an Internet of Things devices, with attackers easily putting together botnets with hundreds of thousands or even millions of devices thanks to lax security.

Not only has this had major implications on the size of attacks possible, with 1.7 Tbps currently reigning as the record-holder, but it’s also opened up the potential for a world of hurt beyond the internet.

Ten years ago it may have been unimaginable for a law enforcement agency like the FBI to issue a worldwide directive concerning computer attacks, but these days it would be dangerous for the FBI to stay out of it.

DDoS Attacks From Russia without love 

It used to be that if the FBI asked you for help in stopping a Russian plot, it was probably because you were some sort of secret agent. Now all you have to be is someone who owns a router.

In an unprecedented move earlier this year, the FBI asked everyone, absolutely everyone with a home router to reboot it in order to try and weaken a Russian botnet by setting the malware behind it back a step.

If your router is infected, rebooting it will prevent the malware from downloading the second stage of the attack as the FBI now has control over a command portion of the network and infected routers are set to communicate with the federal agency instead of Russian hackers.

The botnet in question had amassed over 500,000 infected routers by the time the FBI issued its warning. The botnet was built by the allegedly state-sponsored Russian hacking group Fancy Bear, famed for a 2016 breach of the Democratic National Committee.

This is a very famous example of a majorly pervasive problem. Connected devices of all kinds have been recruited into IoT botnets of staggering sizes – routers, DVRs, cameras, wearables, household appliances if it has connectivity it can be infected.

And while you may know DDoS attacks for the havoc they wreak on, say, online gaming platforms and businesses, they’ve been effectively leveraged as a cyberwar weapon, with concerted attacks on financial institutions and other essential services throwing regions and even entire nations into states of unrest.

These attacks have even gone so far as to turn off the power for over 230,000 people in Ukraine for periods ranging from one to six hours. With this jump into real-world infrastructure, DDoS attacks officially have the potential to be deadly.

Exiting the Botnets

Think of your connected devices. Your smartwatch, your smart thermostat, your next-gen fridge, your router. When you set them up, did you secure them? Change those default credentials? When was the last time you updated the firmware?

If your answers to those questions are not good, you’re not alone. In fact, you are in a highly populated club. However, a few simple steps will help you get your devices out of those botnets and keep them that way.

Firstly, if you haven’t rebooted your router as requested by the FBI, do so now. Whether you’ve seen your router brand on the list of infected devices or not, take 30 seconds to turn off the power, unplug it, plug it back in and power it back up.

Secondly, change all the default security credentials on your devices that you can. Dig out those instruction manuals (or find them online) and get to work creating strong passwords. Thirdly, go to the manufacturer websites for your devices and check to see if there are updates to the firmware.

If updates are issued, most of the time it is because there is a security issue or vulnerability that needs to be patched, so these really are essential updates. (Never mind that this has otherwise not been communicated to you.)

It isn’t solely on end users to slay the botnet beast, mind you. Devices need to be developed with stronger security, infrastructure providers need to take a more proactive and cooperative approach to emerging and evolving threats and law enforcement agencies need better cooperation with each other and with the cybersecurity industry to better detect, prevent and manage threats.

However, if you’re already doing your part for the environment and working hard to keep ugly fake Yeezys off the streets, you should do your part to slow the relentless march of DDoS attacks.

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

LightSpy iOS Malware Enhanced with 28 New Destructive Plugins

The LightSpy threat actor exploited publicly available vulnerabilities and jailbreak kits to compromise iOS...

ATPC Cyber Forum to Focus on Next Generation Cybersecurity and Artificial Intelligence Issues

White House National Cyber Director, CEOs, Key Financial Services Companies, Congressional and Executive Branch...

New PySilon RAT Abusing Discord Platform to Maintain Persistence

Cybersecurity experts have identified a new Remote Access Trojan (RAT) named PySilon. This Trojan...

Konni APT Hackers Attacking Organizations with New Spear-Phishing Tactics

The notorious Konni Advanced Persistent Threat (APT) group has intensified its cyber assault on...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

Notorious WrnRAT Delivered Mimic As Gambling Games

WrnRAT is a new malware attack that cybercriminals have deployed by using popular gambling...

ClickFix Malware Infect Website Visitors Via Hacked WordPress Websites

Researchers have identified a new variant of the ClickFix fake browser update malware distributed...

IcePeony Hackers Exploiting Public Web Servers To Inject Webshells

IcePeony, a China-nexus APT group, has been active since 2023, targeting India, Mauritius, and...