February 15, 2017

In collaboration with Wallarm we have presented a report on network security in 2016

Simplification of hacks and attacks down to the tutorial and how-to level of entry

We saw a dramatic drop in the required level of expertise and knowledge needed to become a malefactor. Nowadays, a simple how-to video on YouTube or a Bitcoin-prepaid stresser/ booter is enough to perform an attack successful against even larger websites and applications — something unseen in previous years.

Hacks and malware infections of the IoT and infrastructure, DDoS attacks using botnets of these hacked devices

Brian Krebs is now probably the most demanded cyber security expert in the field: he was among first to tell about the evolution of Mirai and cover some of the security breaches and vulnerabilities. For his many years of hard work as a security journalist, his investigations of computer hacks and paths people take to become cybercriminals he was chosen as a target. Akamai which hosted Krebs’s blog on pro bono basis could not withstand a record-setting 620 Gbps attack by Mirai botnet and shut him off. However, as Brian says, censorship would not work over the internet, as he continues to investigate malicious and criminal activity over the web.

Infrastructure vulnerability, high collateral damage attacks

Late 2016 we witnessed the first, but not last, IoT-based botnet — Mirai. Hundreds of thousands of routers, cameras, DVRs, and other connected devices, even Wi-Fi-enabled coffee-makers, made one the biggest media stories of the year in the professional security community, hunting down Dyn, one of the world’s largest DNS providers. A fast and merciless attack made the world’s most visited websites unavailable for hours, showing extreme collateral damage in a thoughtful infrastructure attack. Before that Mirai raised the bar of a possible threat by performing a 1 Tbps attack on OVH, a French cloud hosting provider, one of the biggest in its class.

And not just quantity of attack rises — the quality too

DNS defenses have evolved, so have the methods, vectors, and tools, used by attackers. So-called ”no such domain” (NXDOMAIN) attacks showed their effectiveness by quickly draining performance out of the cache. Mirai used a “water torture” technique against its target DNS servers. It is different from regular DNS reflection and amplification attacks and allows recursive DNS server perform the attack on the target’s authoritative DNS server.

Full report you will find here