Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
SECURITYUPDATE<br />
INTERNET STRESSORS<br />
STEPHEN GATES, CHIEF RESEARCH INTELLIGENCE ANALYST AT<br />
NSFOCUS IB EXPLAINS WHY AN EVOLVED CYBERCRIMINAL<br />
APPROACH WILL RESULT IN INCREASING INTERNET INSTABILITY<br />
DURING 2017<br />
This year is set to be one of the most<br />
interesting and tumultuous so far in<br />
terms of cyber security. The Internet<br />
will be rattled by a host of factors<br />
including global financial instability,<br />
worldwide refugee migrations, and<br />
increases in social protest and unrest,<br />
through to the rise and fall of government<br />
powers. Every one of these global issues<br />
could increase cybercrime on a scale not<br />
previously seen. The instability of the<br />
Internet in 2017 means that we will see<br />
increased DDoS attacks with criminals<br />
and protesters taking advantage of the<br />
Internet of Things (IoT) and looking to<br />
profit from DDoS for hire and DDoS<br />
extortion campaigns.<br />
RANSOMWARE AND BEYOND<br />
Ransomware was without a doubt the<br />
exploit of choice in 2016, but recent<br />
reports have indicated a slight move away<br />
from the traditional ransomware<br />
technique. Victims now have the option to<br />
opt-in to the exploit process with Tech<br />
Support Scams (TSS) having become<br />
incredibly advanced and dangerous over<br />
the last few years. This essentially gives<br />
the victim a chance at becoming the<br />
attacker and able to receive a percentage<br />
of the proceeds if they choose to become<br />
involved.<br />
Additionally, with the rise in popularity<br />
of smart cars and vehicles, which now<br />
may fall into the classification of an IoT<br />
device with an IP address, it will not be<br />
unrealistic to imagine that ransomware<br />
can be deployed through means of<br />
firmware updates and network<br />
connectivity. As we witnessed with the<br />
Tesla Man-in-the-Middle (MitM) attack,<br />
cars that require firmware updates via<br />
satellite communications are susceptible<br />
to various vulnerabilities, including<br />
ransomware, as well as other exploits<br />
delivered by different malware families.<br />
Following the recent release of the Mirai<br />
DDoS malware source code, both black<br />
and white-hat hackers worldwide now<br />
have access to the exploit code. Slight<br />
modifications of the code make it very<br />
difficult to recognise and its simplicity<br />
enables even the novice user to<br />
successfully deploy it.<br />
NEW STRESSORS<br />
A new trend has begun to emerge where<br />
DDoS Booters, also referred to as DDoS<br />
Stressors, allow users globally to<br />
participate in DDoS attacks. Netspoof,<br />
Dejabooter, Vexstresser and<br />
Refinedstresser are a few of the wellknown<br />
DDoS Stressors that have recently<br />
been taken out of circulation by Interpol<br />
and other law enforcement agencies.<br />
Government agencies, gaming<br />
industries, technology firms, education<br />
outlets and financial moguls have<br />
suffered from the impact of DDoS<br />
Stressors, often causing significant<br />
financial losses. Moreover, children<br />
playing online games are now being<br />
coerced into participating in DDoS-for-<br />
Hire attacks, where their computer can be<br />
used to serve as a bot in a DDoS attack.<br />
RECOMMENDATIONS<br />
Organisations that rely on the Internet for<br />
their very existence must realise that when<br />
their web presence is no longer<br />
accessible (due to DDoS, Ransomware<br />
and the like) the consequences will be<br />
tremendous in terms of financial loss. All<br />
organisations who rely on the Internet<br />
must develop a DDoS response plan and<br />
put that plan into action, sooner rather<br />
than later. The plan must include<br />
defences that can not only defeat the<br />
largest DDoS attacks on record, but also<br />
detect and eliminate the smaller attacks<br />
that can quickly escalate.<br />
Ransomware impact must be minimised,<br />
and we should strive to ensure that it has<br />
no impact at all. With good backup and<br />
restoration tactics, techniques and<br />
procedures (TTP) in place, organisations<br />
can be confident they won't have to pay<br />
hackers to restore their data.<br />
Protection measures once employed to<br />
defend network infrastructures may prove<br />
to be inadequate in efficacy and<br />
protection. New defences are needed<br />
that can incorporate automated learning<br />
and allow self-configuration on the fly.<br />
The next evolution of these defences will<br />
possess AI capabilities that will enable<br />
complete contextual and environmental<br />
awareness and substantially improve<br />
protection. NC<br />
30 NETWORKcomputing JULY/AUGUST 2017 @NCMagAndAwards<br />
WWW.NETWORKCOMPUTING.CO.UK