Evil Network Computing: Distributed Denial of Service
Evil Network Computing
Lecture Title: Evil Network Computing (Really Distributed Denial of Service!)
Course Code: CS3004
Cybersecurity Alerts and Vulnerability Notes
Alert (TA18-331A): 3ve - Major Online Ad Fraud Operation
Original Release Date: November 27, 2018
Systems Affected: Microsoft Windows
Overview:
- Joint Technical Alert (TA) developed by the FBI to inform on major online ad fraud operations exploiting vulnerabilities. - Targeting millions of unique Internet Protocol (IP) addresses.
Alert (AA18-337A): SamSam Ransomware
Original Release Date: December 03, 2018
Summary: - Ransomware impacting multiple industries, with widespread network infections. - Utilizes Boaxxe/Miuref and Kovter malware to gain persistent access to victims' systems. - Boaxxe/Miuref Malware: - Spreads through email attachments and exploits vulnerabilities in Windows servers. - Kovter Malware: - Spread via email without user action or authorization. - Utilizes a hidden browser on infected machines.
Vulnerability Note VU#766427
Title: Multiple D-Link Routers Vulnerable to Remote Command Execution
Original Release Date: October 23, 2019 | Last Revised: October 25, 2019
Description:
- Vulnerable devices exposed include: - DIR-655 - DIR-866L - DIR-652 - DHP-1565 - Vulnerabilities allowing unauthenticated remote command execution through CGI code on devices exposed at/apply_sec.cgi.
Alert: Diebold Nixdorf ProCash 2100xe USB ATM
Vulnerability Note VU#221785
Original Release Date: August 20, 2020 | Last Revised: August 24, 2020
Description:
- ATMs vulnerable to physical attacks. - Lack of encryption or authentication allows attackers to modify critical deposit messages.
Cyber Threats in the Vaccine Supply Chain
Cyber incidents targeting the vaccine delivery cold chain have been reported.
IBM reports a campaign starting in September 2020 aimed at organizations involved in the cold chain for COVID-19 vaccines. - Attackers impersonated business executives to send phishing emails loaded with malicious code.
Examples of Targets Included:
European Commission
Companies manufacturing solar panels for vaccine transportation.
Software and website development companies tied to pharmaceutical suppliers.
Case Study: San Francisco Municipal Railway Ransomware Attack
An attack encrypted all data within the system, demanding a ransom of 100 Bitcoins (around $73,000).
Demonstrates vulnerabilities in operational railway systems.
Privacy Risks in IoT Devices
Vulnerability in Smart Baby Monitors
Security researchers found easy access to user voice recordings due to shared default passwords among devices.
MiSafes' Smartwatches Vulnerability
Lack of encryption led to tracking children's locations and making unauthorized calls.
Introduction to Shodan
Shodan scans open ports on the internet to identify exposed infrastructure.
The search engine nature of Shodan has raised privacy concerns, especially regarding medical devices.
Historical Context of DDoS Attacks
Evolution of Attacks
Referenced examples of organizations that faced DDoS attacks: - Hollywood Presbyterian Hospital paid a $17,000 ransom after an infection occurred via Windows XP vulnerabilities.
Stuxnet Worm Overview
Infection Process: - Stage 1: Enters via USB and infects Windows machines. - Stage 2: Detects Siemens control systems and updates itself for targeting. - Stage 3: Compromises logic controllers to control physical operations, ultimately causing havoc in nuclear enrichment processes.
DDoS Attack Definitions and Characteristics
What is a DDoS Attack?
Definition: An explicit attempt to prevent legitimate use of a service through a distributed approach.
Utilizes multiple attacking entities to overwhelm targets. - Packets sent to a victim can consume resources, rendering services unavailable.
Conditions Enabling DDoS Attacks
The internet primarily focuses on packet delivery efficiency, lacking policing features to manage malicious traffic, making exploitation feasible.
IP Spoofing: Attackers can disguise the source of their attacks, complicating accountability and detection.
Technical Details of DDoS Attacks
Attack Techniques and Categories
Recruitment of machines is performed automatically through scanning for vulnerabilities.
Strategies include: - Host Scanning Strategy: Targets addresses of vulnerable machines - Vulnerability Scanning Strategy: Probes chosen addresses to identify exploitable weaknesses.
Taxonomy of DDoS Attacks
Classification by Automation: Manual, Semi-automatic, Automatic.
Classification by Communication Mechanism: Direct, Indirect.
Classification by Impact on Victim: Disruptive (denial of service) vs. degrading (reducing service quality).
Exam Preparation and Learning Outcomes
Learning Goals: - Define DDoS and its impacts. - Compare different DDoS attack types and defense mechanisms. - Recognize significant implications of DDoS activities in cybersecurity.
Reading Material: - Mirkovic, J. and Reiher, P. (2004). A Taxonomy of DDoS Attack and DDoS Defense Mechanisms. ACM SIGCOMM Computer Communications Review, 34(2), 39-54.
Summary of Notable Malware
Types of Malware
Computer Viruses and Worms
Definition: Malicious software that can replicate on computers/network.
Categories: File viruses, boot sector viruses, macro viruses, script viruses.
Trojans
Programs performing unauthorized actions, including data deletion and disruption of performance.
Categories include backdoor Trojans, banker Trojans, DDoS Trojans, and fake antivirus editions.
Spyware and Riskware
Spyware: Collects data secretly, often causing privacy concerns.
Riskware: Software that creates vulnerabilities in systems, includes various tools that can be exploited maliciously.
Infamous Malware Examples
Concept Virus: First virus to infect Microsoft Word documents.
ILOVEYOU Virus: Spread via email, causing global disruptions.
Blaster Worm: Launched DDoS attacks against Microsoft.
Conclusion
DDoS attacks continue to evolve, requiring constant vigilance and up-to-date security measures to mitigate their effects. The importance of understanding various attack types, their executions, and interdependencies within the Internet ecosystem cannot be understated.
Final Note: Continuous education and awareness on cybersecurity are essential to protect systems and data against evolving threats.