Tag

ddos

Browsing

NBC News discusses denial-of-service attacks against 911 call centers across the country:

The Next Generation 911 systems will have advanced security baked into their foundations, including the ability to instantly identify suspicious activity, immediately shut down in response to intrusions, and simultaneously move incoming calls to other centers in a way that is undetectable to someone dialing for help, officials say.

But the increased connectivity also opens the modern systems to new potential modes of attack, experts say. No matter how sophisticated a defense, all it takes is one overlooked vulnerability to let hackers in, experts say.

That makes it essential to develop sophisticated defense systems run by in-house cybersecurity teams, they say.

In Baltimore’s case, the ransomware attack was discovered and repelled by Baltimore City Information Technology, which maintains defenses across the local government. It determined that the hackers had found access after a technician troubleshooting the computer-aided dispatch system made a change to a firewall and mistakenly left an opening, the city’s chief information officer, Frank Johnson, said in a statement. The FBI is now helping the city investigate.

Howard, in Tennessee, knows how his attacker obtained access to the 911 center — by finding a weak password left by a deceased former system administrator. The FBI told him it looked as if the attack came from Russia. But he still isn’t sure.

The December 2015 attack against a Ukrainian power company, which left over 230,000 people without power for up to six hours, experienced a call center denial-of-service. The attackers purposely targeted the support desk to confuse operators, so they would remain unaware their customers were experiencing an outage. It is a smart tactic from an offensive perspective, and likely a technique most groups will increasingly use in the future. Citizens need to be made aware this is a possibility, especially with Russia targeting the US power grid and other critical infrastructure.

Frankly I am surprised it has taken so long for these attack types to become mainstream news. Nation state attackers will use any means necessary to achieve their goals. Every available technique and tool in their arsenal will be used, and often times they come in shapes we do not normally associate with what is generally considered a traditional cyber attack.

That I even used that phrase – traditional cyber attack – demonstrates a certain level of expectation in cyber warfare. While there are to-date a number of traditional models, cyber attacks do not follow normal kinetic attack patterns. This is not necessarily only because cyber is ethereal, but also because of its infancy, and the sheer number and scale of attack vectors. As cyber warfare continues to age there will be a greater understanding of the techniques, the targets, their effectiveness, and the strategies used by sophisticated nation state actors.

The International Business Times reports on some fallout from their recent bombshell about NL intelligence tracking Cozy Bear:

Several top banks and the national tax authority in the Netherlands were briefly crippled by a series of powerful DDoS attacks targeting their networks. ABN Amro, ING and Rabobank confirmed in separate statements that they were attacked with their online and mobile banking services temporarily knocked offline. The wave of cyber attacks come just days after local media reported that Dutch intelligence agency AIVD spied on Russia-linked hacker group Cozy Bear, also known as APT29, as early as 2014.

Rabobank tweeted on Monday that it was suffering DDoS attacks while ABN AMRO said it experienced three hours-long DDoS attacks on Saturday and Sunday (27 and 28 January). ING said it was targeted on Sunday as well. All three institutions assured customers that their systems were not breached and customer accounts and details were not compromised in the attacks.

The Dutch tax authority also said it was hit by DDoS attacks that temporarily took down its website and online services for about 5-10 minutes on Monday. Later, the Dutch official online signature system DigiD was also reportedly hit.

The slew of cyberattacks come just days after local media reported that Dutch intelligence agency AIVD spied on Russia-linked hacker group Cozy Bear, also known as APT29, as early as 2014.

This should not come as a surprise considering the bombshell intelligence revelations to come out of the Netherlands.

Maria Korolov of CSO Online on DDoS reflection attacks making a comeback but are more difficult to stop this time thanks to a larger attack surface:

These attacks, known as Simple Service Discovery Protocol (SSDP) attacks, are now the single largest attack vector for DDoS attacks, accounting for 21 percent of all attacks, up from 15 percent last quarter, and less than 1 percent at this time last year.

“There are infectable SSDP services all over the Internet,” he said. “As they are discovered, we help work with people to shut them down.”

Although each particular device has just a fraction of the bandwidth available to data center-based servers, there are more of them.

“There’s a fertile ground of home systems,” he said. “A property configured home firewall can block this, but there are many improperly configured home systems connected to the Internet – and there are also industrial systems that can be used to reflect attacks as well.”

This attack source is also harder to shut down, he said.

“It’s easier to go into the data center and have the service providers do the clean-up,” he said.