Tuesday, July 23, 2024

Russia, Routers, and Why Virtually Everyone is part of the DDoS Problem

Every day, the vast majority of us do our best to not contribute to major global problems. We recycle. We bring our cars in for emissions testing. We stop ourselves from spending $120 on a pair of fake Yeezys and bolstering the counterfeit goods industry. Yes, we are heroes.

However, DDoS attack have become a veritable worldwide epidemic, and it would seem a lot of people either don’t know enough or don’t care enough to do anything about the fact that DDoS attacks would not be as widespread and successful as they are without the help of our many connected devices.

This is what’s happening, as well as what needs to be done.

Basics and Beyond

For all the innovative attack methods and impressive record-setting numbers that have cropped up in the last few years, at its core a distributed denial of service attack hasn’t mutated much from the standard DDoS definition: it’s a popular cyber attack that uses the resources of a botnet to overwork a target network or server with the aim of rendering the target service or website unavailable to its users and customers. In a nutshell, it’s an attack that aims to cause downtime.

What have hugely mutated in the DDoS landscape are the botnets forming the weaponry of these damaging attacks. Botnets have evolved from networks of malware-infected computers, with attackers lucky to put together botnets with thousands of computers thanks to anti-virus programs, to networks of an Internet of Things devices, with attackers easily putting together botnets with hundreds of thousands or even millions of devices thanks to lax security.

Not only has this had major implications on the size of attacks possible, with 1.7 Tbps currently reigning as the record-holder, but it’s also opened up the potential for a world of hurt beyond the internet.

Ten years ago it may have been unimaginable for a law enforcement agency like the FBI to issue a worldwide directive concerning computer attacks, but these days it would be dangerous for the FBI to stay out of it.

DDoS Attacks From Russia without love 

It used to be that if the FBI asked you for help in stopping a Russian plot, it was probably because you were some sort of secret agent. Now all you have to be is someone who owns a router.

In an unprecedented move earlier this year, the FBI asked everyone, absolutely everyone with a home router to reboot it in order to try and weaken a Russian botnet by setting the malware behind it back a step.

If your router is infected, rebooting it will prevent the malware from downloading the second stage of the attack as the FBI now has control over a command portion of the network and infected routers are set to communicate with the federal agency instead of Russian hackers.

The botnet in question had amassed over 500,000 infected routers by the time the FBI issued its warning. The botnet was built by the allegedly state-sponsored Russian hacking group Fancy Bear, famed for a 2016 breach of the Democratic National Committee.

This is a very famous example of a majorly pervasive problem. Connected devices of all kinds have been recruited into IoT botnets of staggering sizes – routers, DVRs, cameras, wearables, household appliances if it has connectivity it can be infected.

And while you may know DDoS attacks for the havoc they wreak on, say, online gaming platforms and businesses, they’ve been effectively leveraged as a cyberwar weapon, with concerted attacks on financial institutions and other essential services throwing regions and even entire nations into states of unrest.

These attacks have even gone so far as to turn off the power for over 230,000 people in Ukraine for periods ranging from one to six hours. With this jump into real-world infrastructure, DDoS attacks officially have the potential to be deadly.

Exiting the Botnets

Think of your connected devices. Your smartwatch, your smart thermostat, your next-gen fridge, your router. When you set them up, did you secure them? Change those default credentials? When was the last time you updated the firmware?

If your answers to those questions are not good, you’re not alone. In fact, you are in a highly populated club. However, a few simple steps will help you get your devices out of those botnets and keep them that way.

Firstly, if you haven’t rebooted your router as requested by the FBI, do so now. Whether you’ve seen your router brand on the list of infected devices or not, take 30 seconds to turn off the power, unplug it, plug it back in and power it back up.

Secondly, change all the default security credentials on your devices that you can. Dig out those instruction manuals (or find them online) and get to work creating strong passwords. Thirdly, go to the manufacturer websites for your devices and check to see if there are updates to the firmware.

If updates are issued, most of the time it is because there is a security issue or vulnerability that needs to be patched, so these really are essential updates. (Never mind that this has otherwise not been communicated to you.)

It isn’t solely on end users to slay the botnet beast, mind you. Devices need to be developed with stronger security, infrastructure providers need to take a more proactive and cooperative approach to emerging and evolving threats and law enforcement agencies need better cooperation with each other and with the cybersecurity industry to better detect, prevent and manage threats.

However, if you’re already doing your part for the environment and working hard to keep ugly fake Yeezys off the streets, you should do your part to slow the relentless march of DDoS attacks.


Latest articles

Beware Of Dating Apps Exposing Your Personal And Location Details To Cyber Criminals

Threat actors often attack dating apps to steal personal data, including sensitive data and...

Hackers Abusing Google Cloud For Phishing

Threat actors often attack cloud services for several illicit purposes. Google Cloud is targeted...

Two Russian Nationals Charged for Cyber Attacks against U.S. Critical Infrastructure

The United States has designated Yuliya Vladimirovna Pankratova and Denis Olegovich Degtyarenko, two members...

Threat Actors Taking Advantage of CrowdStrike BSOD Bug to Deliver Malware

Threat actors have been found exploiting a recently discovered bug in CrowdStrike's software that...

NCA Shut’s Down the Most Popular “digitalstress” DDoS-for-hire Service

The National Crime Agency (NCA) has successfully infiltrated and dismantled one of the most...

Play Ransomware’s Linux Variant Attacking VMware ESXi Servers

A new Linux variant of Play ransomware targets VMware ESXi environments, which encrypts virtual...

SonicOS IPSec VPN Vulnerability Let Attackers Cause Dos Condition

SonicWall has disclosed a critical heap-based buffer overflow vulnerability in its SonicOS IPSec VPN....
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Free Webinar

Low Rate DDoS Attack

9 of 10 sites on the AppTrana network have faced a DDoS attack in the last 30 days.
Some DDoS attacks could readily be blocked by rate-limiting, IP reputation checks and other basic mitigation methods.
More than 50% of the DDoS attacks are employing botnets to send slow DDoS attacks where millions of IPs are being employed to send one or two requests per minute..
Key takeaways include:

  • The mechanics of a low-DDoS attack
  • Fundamentals of behavioural AI and rate-limiting
  • Surgical mitigation actions to minimize false positives
  • Role of managed services in DDoS monitoring

Related Articles