Friday, March 29, 2024

Russia, Routers, and Why Virtually Everyone is part of the DDoS Problem

Every day, the vast majority of us do our best to not contribute to major global problems. We recycle. We bring our cars in for emissions testing. We stop ourselves from spending $120 on a pair of fake Yeezys and bolstering the counterfeit goods industry. Yes, we are heroes.

However, DDoS attack have become a veritable worldwide epidemic, and it would seem a lot of people either don’t know enough or don’t care enough to do anything about the fact that DDoS attacks would not be as widespread and successful as they are without the help of our many connected devices.

This is what’s happening, as well as what needs to be done.

Basics and Beyond

For all the innovative attack methods and impressive record-setting numbers that have cropped up in the last few years, at its core a distributed denial of service attack hasn’t mutated much from the standard DDoS definition: it’s a popular cyber attack that uses the resources of a botnet to overwork a target network or server with the aim of rendering the target service or website unavailable to its users and customers. In a nutshell, it’s an attack that aims to cause downtime.

What have hugely mutated in the DDoS landscape are the botnets forming the weaponry of these damaging attacks. Botnets have evolved from networks of malware-infected computers, with attackers lucky to put together botnets with thousands of computers thanks to anti-virus programs, to networks of an Internet of Things devices, with attackers easily putting together botnets with hundreds of thousands or even millions of devices thanks to lax security.

Not only has this had major implications on the size of attacks possible, with 1.7 Tbps currently reigning as the record-holder, but it’s also opened up the potential for a world of hurt beyond the internet.

Ten years ago it may have been unimaginable for a law enforcement agency like the FBI to issue a worldwide directive concerning computer attacks, but these days it would be dangerous for the FBI to stay out of it.

DDoS Attacks From Russia without love 

It used to be that if the FBI asked you for help in stopping a Russian plot, it was probably because you were some sort of secret agent. Now all you have to be is someone who owns a router.

In an unprecedented move earlier this year, the FBI asked everyone, absolutely everyone with a home router to reboot it in order to try and weaken a Russian botnet by setting the malware behind it back a step.

If your router is infected, rebooting it will prevent the malware from downloading the second stage of the attack as the FBI now has control over a command portion of the network and infected routers are set to communicate with the federal agency instead of Russian hackers.

The botnet in question had amassed over 500,000 infected routers by the time the FBI issued its warning. The botnet was built by the allegedly state-sponsored Russian hacking group Fancy Bear, famed for a 2016 breach of the Democratic National Committee.

This is a very famous example of a majorly pervasive problem. Connected devices of all kinds have been recruited into IoT botnets of staggering sizes – routers, DVRs, cameras, wearables, household appliances if it has connectivity it can be infected.

And while you may know DDoS attacks for the havoc they wreak on, say, online gaming platforms and businesses, they’ve been effectively leveraged as a cyberwar weapon, with concerted attacks on financial institutions and other essential services throwing regions and even entire nations into states of unrest.

These attacks have even gone so far as to turn off the power for over 230,000 people in Ukraine for periods ranging from one to six hours. With this jump into real-world infrastructure, DDoS attacks officially have the potential to be deadly.

Exiting the Botnets

Think of your connected devices. Your smartwatch, your smart thermostat, your next-gen fridge, your router. When you set them up, did you secure them? Change those default credentials? When was the last time you updated the firmware?

If your answers to those questions are not good, you’re not alone. In fact, you are in a highly populated club. However, a few simple steps will help you get your devices out of those botnets and keep them that way.

Firstly, if you haven’t rebooted your router as requested by the FBI, do so now. Whether you’ve seen your router brand on the list of infected devices or not, take 30 seconds to turn off the power, unplug it, plug it back in and power it back up.

Secondly, change all the default security credentials on your devices that you can. Dig out those instruction manuals (or find them online) and get to work creating strong passwords. Thirdly, go to the manufacturer websites for your devices and check to see if there are updates to the firmware.

If updates are issued, most of the time it is because there is a security issue or vulnerability that needs to be patched, so these really are essential updates. (Never mind that this has otherwise not been communicated to you.)

It isn’t solely on end users to slay the botnet beast, mind you. Devices need to be developed with stronger security, infrastructure providers need to take a more proactive and cooperative approach to emerging and evolving threats and law enforcement agencies need better cooperation with each other and with the cybersecurity industry to better detect, prevent and manage threats.

However, if you’re already doing your part for the environment and working hard to keep ugly fake Yeezys off the streets, you should do your part to slow the relentless march of DDoS attacks.

Website

Latest articles

How to Analyse .NET Malware? – Reverse Engineering Snake Keylogger

Utilizing sandbox analysis for behavioral, network, and process examination provides a foundation for reverse...

GoPlus’s Latest Report Highlights How Blockchain Communities Are Leveraging Critical API Security Data To Mitigate Web3 Threats

GoPlus Labs, the leading Web3 security infrastructure provider, has unveiled a groundbreaking report highlighting...

Wireshark 4.2.4 Released: What’s New!

Wireshark stands as the undisputed leader, offering unparalleled tools for troubleshooting, analysis, development, and...

Zoom Unveils AI-Powered All-In-One AI Work Workplace

Zoom has taken a monumental leap forward by introducing Zoom Workplace, an all-encompassing AI-powered...

iPhone Users Beware! Darcula Phishing Service Attacking Via iMessage

Phishing allows hackers to exploit human vulnerabilities and trick users into revealing sensitive information...

2 Chrome Zero-Days Exploited at Pwn2Own 2024: Patch Now

Google has announced a crucial update to its Chrome browser, addressing several vulnerabilities, including...
Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Mitigating Vulnerability Types & 0-day Threats

Mitigating Vulnerability & 0-day Threats

Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities.

  • The problem of vulnerability fatigue today
  • Difference between CVSS-specific vulnerability vs risk-based vulnerability
  • Evaluating vulnerabilities based on the business impact/risk
  • Automation to reduce alert fatigue and enhance security posture significantly

Related Articles