Yesterday we saw a massive DDOS attack against a crucial piece of internet infrastructure the DNS ( Domain Name Service) the DNS is responsible;e for name resolution, for example, resolving google.ca to its IP address. Without this service, a user would need to remember the IP address of their favorite website.
Yesterday a major hosted DNS provider ( DynDNS) was attacked with a massive DDOS attack this attack was aimed at flooding the DYN network with as much garbage traffic as possible.Since most top tier websites rely on services such as DYN’s hosted DNS when the DYN network got impacted by the attack it also impacted the DNS servers for websites such as Spotify and Etsy as well as many smaller websites such as blogs and home user websites this took out a huge chunk of websites on the east coast of the US.
This issue has been flagged many times by security professionals the fact is these DDOS attacks are getting bigger and bigger. Since now attackers are leveraging IOT devices such as unsecured DVR’s and home routers with lackluster security.
Just recently we saw a 100Gbps attack against Krebs this attack and others like it may be what we see as a new norm. As these attacks become more frequent administrators and network operators need to ready themselves with a plan of action should they fall victim to an attack
As a general recommendation from myself and many other security professionals, we need to raise more awareness on the security issues with IOT devices some devices especially home routers are not kept up to date with security updates and often contain many vulnerabilities in them which allow attackers to leverage the device in a DDOS
Consumers should be educated on basic security settings and best practices.But there is also the need for vendors to step up and patch holes in their products and perform more stringent code reviews for security risks.
In my recent video, I show you how fast a ransomware infection can spread to a machine even with antivirus
Ransomware is a serious issue that is on the rise the issue with ransomware is its destruction and the rate of which it is spreading. Often leaving organizations with 2 options support the hackers via paying the ransom or losing the data. It is imperative that basic security best practices are followed such as the principal of least privilege
A little while ago I mentioned I wanted to make a page available for those who want to see the behavior of nefarious ssh traffic.
as you may know, I run SSH Honeypots around the web I have now aggregated the stats to one site where you can see the types of attacks that happen. A list of bad IP Addresses that can be downloaded in a CSV format is also available as well as the links where the attackers have downloaded the scripts from if they use any.
The site is a little rough around the edges right now but ill work on that. the mascot is Hades for the site Hades if you don’t know is the god of the underworld so a little fitting. I may also be moving the server soon I am using a small server that I had and I am planning in case capacity becomes an issue any donation towards a bulkier server would be awesome they run for about 5-10$ a month for a decent spec
If you would like to donate either an SSH Honeypot or a couple of dollars so I can put more out that would be awesome. if you have your own I can send you the details on how to submit the stats to the site.
I will also be setting up a single point for website honeypots such as glastopf and others.
The Ultimate goal to gather a large data set of activities from a wide range of honeypots located around the world and make the data available to anyone who can make use of it.
Anyone can join in on the project the more servers we have the more data we can collect !.
Please let me know if you have any suggestions or comments!
The link to the site is http://ssh-research.seanmancini.com/
A blog for Helping users and professionals with their security questions and challanges !