Evil Network Computing: Distributed Denial of Service

Evil Network Computing

  • Lecture Title: Evil Network Computing (Really Distributed Denial of Service!)

  • Course Code: CS3004

Cybersecurity Alerts and Vulnerability Notes

Alert (TA18-331A): 3ve - Major Online Ad Fraud Operation

  • Original Release Date: November 27, 2018

  • Systems Affected: Microsoft Windows

  • Overview:
      - Joint Technical Alert (TA) developed by the FBI to inform on major online ad fraud operations exploiting vulnerabilities.   - Targeting millions of unique Internet Protocol (IP) addresses.

Alert (AA18-337A): SamSam Ransomware

  • Original Release Date: December 03, 2018

  • Summary:   - Ransomware impacting multiple industries, with widespread network infections.   - Utilizes Boaxxe/Miuref and Kovter malware to gain persistent access to victims' systems.   - Boaxxe/Miuref Malware:     - Spreads through email attachments and exploits vulnerabilities in Windows servers.   - Kovter Malware:     - Spread via email without user action or authorization.     - Utilizes a hidden browser on infected machines.

Vulnerability Note VU#766427

  • Title: Multiple D-Link Routers Vulnerable to Remote Command Execution

  • Original Release Date: October 23, 2019 | Last Revised: October 25, 2019

  • Description:
      - Vulnerable devices exposed include:     - DIR-655     - DIR-866L     - DIR-652     - DHP-1565   - Vulnerabilities allowing unauthenticated remote command execution through CGI code on devices exposed at /apply_sec.cgi.

Alert: Diebold Nixdorf ProCash 2100xe USB ATM

  • Vulnerability Note VU#221785

  • Original Release Date: August 20, 2020 | Last Revised: August 24, 2020

  • Description:
      - ATMs vulnerable to physical attacks.   - Lack of encryption or authentication allows attackers to modify critical deposit messages.

Cyber Threats in the Vaccine Supply Chain

  • Cyber incidents targeting the vaccine delivery cold chain have been reported.

  • IBM reports a campaign starting in September 2020 aimed at organizations involved in the cold chain for COVID-19 vaccines.   - Attackers impersonated business executives to send phishing emails loaded with malicious code.

Examples of Targets Included:

  • European Commission

  • Companies manufacturing solar panels for vaccine transportation.

  • Software and website development companies tied to pharmaceutical suppliers.

Case Study: San Francisco Municipal Railway Ransomware Attack

  • An attack encrypted all data within the system, demanding a ransom of 100 Bitcoins (around $73,000).

  • Demonstrates vulnerabilities in operational railway systems.

Privacy Risks in IoT Devices

Vulnerability in Smart Baby Monitors

  • Security researchers found easy access to user voice recordings due to shared default passwords among devices.

MiSafes' Smartwatches Vulnerability

  • Lack of encryption led to tracking children's locations and making unauthorized calls.

Introduction to Shodan

  • Shodan scans open ports on the internet to identify exposed infrastructure.

  • The search engine nature of Shodan has raised privacy concerns, especially regarding medical devices.

Historical Context of DDoS Attacks

Evolution of Attacks

  • Referenced examples of organizations that faced DDoS attacks:   - Hollywood Presbyterian Hospital paid a $17,000 ransom after an infection occurred via Windows XP vulnerabilities.

Stuxnet Worm Overview

  • Infection Process:   - Stage 1: Enters via USB and infects Windows machines.   - Stage 2: Detects Siemens control systems and updates itself for targeting.   - Stage 3: Compromises logic controllers to control physical operations, ultimately causing havoc in nuclear enrichment processes.

DDoS Attack Definitions and Characteristics

What is a DDoS Attack?

  • Definition: An explicit attempt to prevent legitimate use of a service through a distributed approach.

  • Utilizes multiple attacking entities to overwhelm targets.   - Packets sent to a victim can consume resources, rendering services unavailable.

Conditions Enabling DDoS Attacks

  • The internet primarily focuses on packet delivery efficiency, lacking policing features to manage malicious traffic, making exploitation feasible.

  • IP Spoofing: Attackers can disguise the source of their attacks, complicating accountability and detection.

Technical Details of DDoS Attacks

Attack Techniques and Categories

  • Recruitment of machines is performed automatically through scanning for vulnerabilities.

  • Strategies include:   - Host Scanning Strategy: Targets addresses of vulnerable machines   - Vulnerability Scanning Strategy: Probes chosen addresses to identify exploitable weaknesses.

Taxonomy of DDoS Attacks

  • Classification by Automation: Manual, Semi-automatic, Automatic.

  • Classification by Communication Mechanism: Direct, Indirect.

  • Classification by Impact on Victim: Disruptive (denial of service) vs. degrading (reducing service quality).

Exam Preparation and Learning Outcomes

  • Learning Goals:   - Define DDoS and its impacts.   - Compare different DDoS attack types and defense mechanisms.   - Recognize significant implications of DDoS activities in cybersecurity.

  • Reading Material:   - Mirkovic, J. and Reiher, P. (2004). A Taxonomy of DDoS Attack and DDoS Defense Mechanisms. ACM SIGCOMM Computer Communications Review, 34(2), 39-54.

Summary of Notable Malware

Types of Malware

Computer Viruses and Worms
  • Definition: Malicious software that can replicate on computers/network.

  • Categories: File viruses, boot sector viruses, macro viruses, script viruses.

Trojans
  • Programs performing unauthorized actions, including data deletion and disruption of performance.

  • Categories include backdoor Trojans, banker Trojans, DDoS Trojans, and fake antivirus editions.

Spyware and Riskware
  • Spyware: Collects data secretly, often causing privacy concerns.

  • Riskware: Software that creates vulnerabilities in systems, includes various tools that can be exploited maliciously.

Infamous Malware Examples

  • Concept Virus: First virus to infect Microsoft Word documents.

  • ILOVEYOU Virus: Spread via email, causing global disruptions.

  • Blaster Worm: Launched DDoS attacks against Microsoft.

Conclusion

  • DDoS attacks continue to evolve, requiring constant vigilance and up-to-date security measures to mitigate their effects. The importance of understanding various attack types, their executions, and interdependencies within the Internet ecosystem cannot be understated.

  • Final Note: Continuous education and awareness on cybersecurity are essential to protect systems and data against evolving threats.