In today’s podcast, we hear more about the IoT worries people are sharing about both industrial systems and consumer-grade products. Iot device recalls continue. Analysts expect there are more, and worse, DDoS attacks to come. Cyber espionage surfaces again in the Middle East. Yisroel Mirsky from Ben-Gurion University on machine learning research. Thomas Pore from Plixer on the Mirai botnet source code. And what’s sauce for the goose, is sauce for the gander. Or so we hear, at least with doxing.
DDoS attacks are one of the largest attack methods threatening the stability of the Internet. These events are perpetrated by a collection or botnet of Internet facing devices that communicate with a command and control center for instructions. One of the more infamous groups of bots is referenced as Botnet #14.
The Internet has brought the world together in both good and bad ways. Today, remote employees can live anywhere and get their job done. Cyber criminals are no different. Not only can they live in a different country, but they can also stay anonymous and prevent legal authorities from figuring out from where the attack originated. Think the attack came from China? Maybe that computer was hacked from a server in Russia that was hacked by a person sitting in a country in Africa.
Although the rise in the adoption of content delivery networks (CDNs) such as Akamai and AmazonAWS has improved the speed of online services, it has caused a new problem: Traffic Visibility. Traditional NetFlow exports will tell you where the traffic on your internal network is headed on the Internet, but not the specific Internet site. This is because most of the major Internet sites we visit today are hosting content on CDNs. I estimate that 95% of the companies collecting flows today are only getting the source and destination IP address of a flow. This means that one of the IP addresses will belong to the company and the second IP address will belong to the hosting provider of the Internet site the traffic is headed for. In other words, we can’t discern from traditional NetFlow the actual website being visited.
Last week, hackers targeted an infrastructure provider in Liberia with the botnet Mirai. Early reports suggested that the entire country had been knocked offline, but, in reality, the country suffered isolated outages, according to most reports. The country’s telecom authority downplayed the impact of the DDoS attack in an interview with BBC but acknowledged that a cell provider there had suffered intermittent online attacks that disrupted its service.