Breach Prevention Futures: Can We Stop DDos Attacks? Yes, here’s how…

Wells Fargo: A Breach of Trust – How to avoid this happening inside your organization…
January 23, 2017
Killing Cortana – Microsoft’s Built-in Spy
January 30, 2017

DDos (Distributed Denial of Service) attacks have become so frequent and due to the massively deployed secret botnets (malware running on computers all over the globe), you can lease a DDoS attack against any target, like Dyn, for a very low cost. In addition, with the exponential power of computing, one can build DoS equipment for less than $300. The only ways to get ahead of these kinds of attacks is to unwind all the botnets running on PCs across America and the globe. Most Antivirus vendors can’t see that the botnet code is on the same endpoint – that’s a huge problem that should be addressed. The second issue is to trace the source (command and control – C&C server) and get it taken down quickly. Both require a more dramatic and proactive effort by INFOSEC vendors and governments in partnership, which has yet to happen.

Today’s Dyn DDos attack? Here’s my summary take.

In more detail, I’m not sure if this group hit Dyn, but it’s being reported in the INFOSEC and hacker circles that someone or a cybercrime group is now targeting infrastructure providers with extortion attacks and invoking the name Anna_senpai. While others like John McAfee are pointing to the DPRK (North Korean) cyber army. Don’t be surprised to hear from the mainstream media that the US thinks its the Russian Government. It’s so hard to trace a DDos attack that you could blame it on Santa in the North Pole just pointing out who is on his naughty list. However, more realistically, according to a discussion thread started Wednesday on Web Hosting Talk, criminals are now invoking the Mirai author’s nickname in a bid to extort Bitcoins from targeted hosting providers.

“If you will not pay in time, DDoS attack will start, your web-services will go down permanently. After that, price to stop will be increased to 5 BTC [bitcoin] with further increment of 5 BTC for every day of attack. NOTE, i?m not joking.

My attack are extremely powerful now – now average 700-800Gbps, sometimes over 1 Tbps per second. It will pass any remote protections, no current protection systems can help.”

It appears that a cyber-criminal group or Nation state cyber-actor(s) are extensively testing the core defensive capabilities of the companies that provide critical Internet services only weeks before the US Presidential elections.

It appears that many cyber criminals have been rewriting botnet code to shift from Windows to “Internet of Things” devices such as refrigerators, internet-connected cameras, digital video recorders and low cost wireless routers to exploit their vulnerabilities and create even larger botnets. Bottom line, audit your devices for CVEs and get a patch or reconfigure them to remove their holes before they become part of botnets. You can learn more at http://nvd.nist.gov at the US Gov’s national vulnerability database and lookup your equipment to see what holes it might have with instructions to fix.

So, it’s a pretty simple, yet nearly impossible solution formula, as follows:

  1. Take down the DDos Command and Control (C&C) servers (easier said than done but with a concerted multi-national effort it can be done);
  2. Convince everyone with vulnerable equipment to remove their vulnerabilities before their devices become part of the botnet infrastructure (again, a big challenge because your IoT refrigerator or baby monitor could be one of the botnet infected devices);
  3. Get Internet Service Providers (ISPs) to better throttle/control bandwidth so that when many devices on their network start suddenly sending outbound requests all to the same place, ratchet back that traffic and look to see if there’s some C&C server triggering the attack by doing trace-routing and packet analysis and/or get Firewall and IDS/IPS vendors to do a better job at automatic botnet detection to throttle infected system traffic to near zero until the infection is remediated.

Ok, I’ll admit, I’m trying to make it sound simple. Maybe someone who cares could write a piece of anti-malware that worms across the internet unwinding botnet code at lightning speed? Codename Project “DDoS Robinhood”?

Meanwhile, expect many more DDos attacks attributable to anyone at anytime with no evidence of the culprit for some time to come. As to US Elections come November 8, 2016, we’re in for a wild ride. Buckle your Internet seat belts.

by Gary S. Miliefsky

 

Gary is the CEO of SnoopWall, Inc. and a co-inventor of the company’s innovative breach prevention technologies. He is a cyber-security expert and a frequent invited guest on national and international media commenting on mobile privacy, cyber security, cyber-crime and cyber terrorism, also covered in both Forbes and Fortune Magazines. He has been extremely active in the INFOSEC arena, most recently as the Editor of Cyber Defense Magazine. Miliefsky is a Founding Member of the US Department of Homeland Security (http://www.DHS.gov), the National Information Security Group (http://www.NAISG.org) and the OVAL advisory board of MITRE responsible for the CVE Program (http://CVE.mitre.org). He also assisted the National Infrastructure Advisory Council (NIAC), which operates within the U.S. Department of Homeland Security, in their development of The National Strategy to Secure Cyberspace as well as the Center for the Study of Counter-Terrorism and Cyber Crime at Norwich University. Previously, Gary has been founder and/or inventor for technologies and corporations sold and licensed to Hexis Cyber, Intel/McAfee, IBM, Computer Associates and BlackBox Corporation. Gary is a member of ISC2.org and is a CISSP®. Email him at ceo@snoopwall.com.

Learn more about SnoopWall’s cybersecurity expert CEO at:http://www.snoopwall.com/media/

For CEO interviews and Press Inquiries Contact:

Brittany Thomas, News & Experts, Tel: 727-443-7115 Ext: 221

Email: brittany@newsandexperts.com