What is a Botnet and Why Should I Care?

What is a Botnet and Why Should I Care?

If you’ve seen the news this week, you’ve no doubt seen articles about a botnet called “Reaper”, “IoT Reaper” or “IoTroop” that is enslaving vulnerable smart devices like wireless routers, security cameras, and DVRs. While botnets are interested to cyber-security professionals, I’m sure the news made many people think “what the heck is a botnet and why do I care about it?”

In a simple explanation, a botnet is an army of internet-connected devices or computers that have been infected by malware and are now under the control of hackers. The malware is designed to infect devices and create an army of devices that can be enlisted to create distributed denial of service (DDoS) attacks like the one last October that took much of the East Coast offline. Botnets also can be used to steal data, send spam emails, or just simply allow a hacker to access the device and the internet connection it uses.

You may also hear the term “zombie” in connection with a botnet and that is simply because the malware lives on the compromised device and often the owner of the device is unaware of the infection of that the device is being used in attacks.

So what is it about this particular “IoT Reaper” botnet that has created such a buzz in the cyber-security industry? The sheer number of devices that are vulnerable, over 378 million, that can be brought into the botnet that has many worried. The hackers behind “IoT Reaper” are currently exploiting at least nine different vulnerabilities across different device manufacturers and appear to be adding to the list of vulnerabilities as they are found. Plus, like the Mirai botnet, “IoT Reaper” is a worm that jumps from one infected device to the next to spread the infection.

So all of that sounds scary, is there anything that can be done to prevent getting your devices enlisted into a “zombie” botnet army? YES!

As always, make sure that you don’t keep default username/password combinations on your internet connected anything. Also, check to see if your smart device manufacturer has released any firmware or security patches to close the vulnerabilities that are being abused by the botnet. Another great way to protect your IoT network is to place firewall protection at your internet connection but it’s also important to make sure that you keep your firewall up-to-date as well because threats are always evolving!

IoT DDoS: Disrupting the Internet, One Device at a Time

IoT DDoS: Disrupting the Internet, One Device at a Time

The Internet of Things, a network of physical devices embedded with technology that enables them to collect and exchange data via the Internet, is one of technology’s most incredible advancements because it has been able to bring together millions of ‘smart devices’ in order to help us with things in our daily lives through items such as kitchen appliances, cameras, and cars. However, like many things that are connected to the Internet, these devices can have their helpful technology used for evil. IoT has been the vehicle for many cyber-crimes such as data breaches and ransomware, but more recently, IoT has been in the news for having fueled multiple distributed denial of service (DDoS) attacks.

A DDoS attack occurs when an Internet circuit is flooded with so much Internet traffic, referred to as “packets,” that the Internet becomes jammed and then stops, similar to traffic build-up on a busy interstate that eventually leads to a bumper-to-bumper standstill. Though this is usually done by a cyber-criminal taking over compromised computers referred to as “zombies” which are then used to send ‘bad traffic’ to the victim’s site, there is a new wave of this type of attack being fueled by IoT devices.

IoT-fueled DDoS attacks

One of the most noteworthy of these IoT DDoS attacks affected Domain Name System (DNS) provider, Dyn. On Friday, October 21st, Dyn, the DNS provider for major websites including Twitter, Netflix, Reddit, and Spotify, was attacked by one of the largest DDoS attacks to date. This takedown was facilitated by hundreds of thousands of hacked IoT devices from Web cams to routers. Similar to a common DDoS attack, once hijacked, these Internet-enabled devices are mobilized together to target all of their Web page requests at one target, in this case, it happened to be Dyn. This caused chaos and outrage on the Internet primarily because the websites it impacted, like Twitter and Reddit, have a massive amount of daily users. Though this is the most widely-known IoT-fueled DDoS attack so far, these attacks continue to occur at an alarming rate.

As recent as this morning, there have been reports on at least five Russian banks being hit by IoT-enabled DDoS attacks. Similar to the Dyn attack, unsecured IoT devices were used without owner knowledge and then colonized to target these banks and their websites. Kaspersky Lab has come out to say that the main cause of this attack was due to the fact that many of these devices were left with their default passwords, meaning that once a hacker got into one standard device, he gained access to all of them. This and a few other simple security steps could help us to be better protected against IoT-fueled DDoS attacks.

How to protect against IoT-fueled DDoS attacks

Many people found that in cases such as the Dyn DDoS attack, their IoT-enabled devices were being used in the attack without their consent or knowledge, and this is largely due to a lack of IoT device security. Here are some things you can do in order to help try and prevent your devices being used in the next IoT-fueled DDoS attack:

  • Turn off remote access to your devices when not in use, if possible–When at all possible, turn off remote access to your IoT devices. By leaving a device active while not in use leaves it extremely vulnerable to use in an attack similar to that against Dyn DNS.
  • Change all device passwords from the default–As mentioned above about the recent Russian bank attack, this is another simple step that can be taken in order to make it that much harder for attackers to gain access to your devices. Change your passwords to something hard to guess rather than leaving them vulnerable by using the same, basic passwords that came installed on your devices when you bought them. This is likely the same password used on similar devices, and using such passwords make these devices easier to hack.
  • Update your systems early and often–Stay on top of your system updates so that your network is well-protected. Activate fully automatic updates if it is hard for you to remember to update frequently, this way, you will never be behind in securing your devices.

Stay Secure, America

Axiom Cyber Solutions has been selected as one of the 20 Most Promising DDoS Solutions of 2016 for being able to mitigate the most amount of DDoS attack in a single 1U appliance by CIOReview Magazine. To learn more about our DDoS mitigation services and how you can secure your business by staying ahead of cyber-attacks, please contact us at https://axiomcyber.com or by phone at 1 (800) 519-5070 today!

Hailey R. Carlson | Axiom Cyber Solutions | 11/11/2016

DDoS Attacks Against Universities Are on the Rise

DDoS Attacks Against Universities Are on the Rise

In our blog last week, we discussed how colleges and universities are the third most attacked sector, beating out financial, government, and insurance sectors for numbers of cybersecurity attacks. This week, we will discuss how these hackers commonly utilize DDoS (Distributed Denial of Service) attacks to shut down a university’s network.

What is a DDoS attack?
A Denial of Service attack occurs when a malicious entity sends more traffic to your network than it can handle in order to overload it. When this occurs, your network equipment can become overloaded and fail into a state known as “hub mode” in an effort to maintain communication across the network. When this “hub mode” is enabled, all of the traffic on your network is blasted to every port, allowing an attacker to gather meta and packet data in an effort to map topology of your equipment.

Having a map of your network makes it easier for attackers to push forward with deeper penetration into your infrastructure, allowing them to breach data systems and steal information about your business and clients. The reasoning behind DDoS attacks can vary from revenge to anti-competitive businesses. Whatever the intent behind the cyber attack is, the goal is to be a huge headache for that organization by bringing down their network.

This past year, a number of colleges and universities were hit with DDoS attacks. The University of Virginia, Pennsylvania State, University of Connecticut, Washington State, Johns Hopkins, University of Maryland, University of Southern California, were all victims of DDoS attacks. We aren’t just talking about the big names in the academia world. Community colleges are also being targeted for DDoS attacks.

Earlier this January, Rutgers University suffered from their 6th successful DDoS attack. This came even after Rutgers spent approximately $3 million dollars on improving their cybersecurity which the hacker was sure to mention on Twitter.

Academic institutions in the U.S. are not the only ones falling victim to these DDoS attacks. On December, 7, 2015, the United Kingdom was hit with a cyber attack on their Janet computer network which operates on behalf of the UK’s higher education.

Andrew Smith, a senior lecturer at The Open University, one of the biggest universities in the UK for undergraduate education, described a DDoS attack as “probably one of the oldest tools in the arsenal of attacks that come from cyber criminals”.

“In straightforward terms, attackers have lined up an army of malware compromised computers and have primed them to attack Janet,” he said. “Janet is used by many universities and colleges in the UK. While our security is good, having thousands of computers around the world all sending useless data to one system will flood it and will slow it down.

“Each compromised computer will send a small amount of data, nothing that you would notice and normally in keeping with the typical internet traffic behaviour expected by your broadband provider. However, when this is multiplied by tens, hundreds and thousands of computers – the deluge becomes unmanageable as this restricts our ability to receive internet traffic which would also come in via the same connection.”

With the decreasing price of hacking tools, this increase in attacks will continue to become the new norm. Businesses of all sizes need to adapt to these new threats now in order to continue operating in the coming storm. The number of distributed denial of service attacks in the second quarter of 2015 has hit record highs according to the latest State of the Internet report from Akamai.

DDoS attacks grew seven percent since the last quarter and a staggering 132 percent compared to this time last year. In the quarter there were also 12 attacks that were categorized as “mega attacks,” peaking at more than 1,000 gigabits per second (Gbps) and 50 million packets per second (Mpps). These attacks will not slow down in 2016 and will only increase. All colleges and universities must think about how to mitigate through the murky waters of cybersecurity and reach out to cybersecurity experts.

How can Axiom Cyber Solutions help you?
Axiom Cyber Solutions is offering Managed Cyber-Security Protection for Enterprise Class Businesses Organizations with advanced DDoS capabilities, starting as low as $199 per month. Let us take over and provide you with peace of mind. Axiom will provide your organization a firewall and manage it so you don’t have to worry about securing your business. We will assess the security risks for your business and will help implement the right cyber security service for your organization.

From response time to an attack, to mitigative capacity, to packets inspected per second, the Axiom Sentinel wins in every category against the competition. Our patent pending algorithm coupled with the latest nanotechnology allows us to inspect 120 million packets per second, respond within 10 milliseconds to an attack and mitigate up to 100GB of traffic with a single appliance.

Axiom’s solutions come in different sizes and all our solutions are designed to deal with the attack vectors of today while being adaptive and flexible enough to continue to secure your network for years to come. For more information, check out our website at axiomcyber.com or give us a call us at (800) 519-5070. #FightBackWithAxiom

The Reality of Internal Denial of Service

The Reality of Internal Denial of Service

Internal Denial of Service            

It’s a term we don’t often hear. An internal denial of service is simply something on the internal LAN that floods the network with traffic causing a loss of connectivity and it happens more than you think.

Sometimes internal denial of service happens by accident as was the case for a client of Axiom’s earlier this year. A switch had gone bad and was multicasting traffic across the LAN to the point that it brought the company’s phones down. Although the phones had their own VLAN, the faulty switch flooded all VLANs making all applications and phones useless.

Imagine a multi-lane interstate. Normal traffic is organized and manageable. When internal denial of service occurs, flooded traffic takes over all lanes and clogs the highway to the point that no one moves. It’s gridlock. In this example, the customer’s internal applications like Email, CRM and ERP were down, the phones were down and their customers from outside could no longer reach the locally hosted web app. It was a nightmare. Everything was down.

Flash forward to this month. We consulted with a private high school. A couple of students decided they didn’t want to take part in exams so they started an application on a workstation that flooded the network with traffic. In this example, the flood again caused the LAN to be saturated with traffic and the online test came to a halt. The students were identified and removed from the school, but the downtime was significant.

This last example is more common. A client had an internal denial of service at the same time that they were being attacked from the outside. Forensic analysis found that an employee’s computer was infected with a malware that remained dormant for months. At some point before an external distributed denial service, an employee clicked a suspicious link and unknowingly became infected with a malware that would later launch the internal denial of service. This act was coordinated by the external group to coincide and took the business out of commission for nearly a week.

The FBI recently stated that 90% of companies would be susceptible to similar malware. (http://read.bi/1vZbFAr) Axiom has found that just as in the case of UK based Internet Service Provider Talk-Talk, DDoS is a precursor to a breach in a large number of cases.

What’s the solution? Axiom has developed next generation denial of service mitigation appliances that stop the internal and external threats of denial of service. By inspecting every packet on the LAN or WAN, our Sentinel is able to respond within 10 milliseconds of an attack. Sentinel will isolate and absorb that traffic so that it cannot affect the rest of your network. Sentinel can mitigate up to 100GB of traffic in a single 1U appliance and can inspect more than 120 million packets per second.

Axiom is on a mission to stop denial of service attacks. Internal, External, Distributed… We have the solution. With the availability of our next generation, multi-core processors and proprietary algorithms we can make DDoS a thing of the past.

Contact us today for a personalized solution discussion regarding your unique use case. Give us a call at 1-800-519-5070

DDoS: All Hope is Not Lost

DDoS: All Hope is Not Lost

With recent news revealing that the TalkTalk UK hack was preempted by a Denial of Service attack, Axiom feels the time is right to reiterate the sentiment that all businesses are susceptible to the dangers of these attacks.

Cloud “Scrubbing” and intelligent routing will not be enough to protect the American core transport infrastructure throughout the coming cyber-attacks of tomorrow. Powerful, efficient, and scalable appliance-based solutions like the Axiom Sentinel are where tomorrow’s protection exists, today.

For those of you that do not know, a Denial of Service attack occurs when a malicious entity sends more traffic to your network than it can handle. When this occurs, your network equipment can become overloaded and fail into a state known as “hub mode” in an effort to maintain communication across the network. When this “hub mode” is enabled, all of the traffic on your network is blasted to every port, allowing an attacker to gather meta and packet data in an effort to map topology of your equipment.

Having a map of your network makes it easier for attackers to push forward with deeper penetration into your infrastructure, allowing them to breach data systems and steal information about your business and clients.

Over the past two years, a popular defense against these attacks has been to pipe your Web domain through a cloud scrubbing service that filters out requests not coming from legitimate users. While these services do a good job of keeping your Web site up and running, the continued use of Cloud scrubbing stems from the ill-conceived idea that DOS and DDoS are only about taking a service off-line, or restricting access.

The bottom line is that these services often only:
1) Protect your domain against application layer (HTTP, HTTPS) traffic.
2) Stem the flood of traffic at their Cloud data center, creating a failure scenario wherein that attack is eventually routed to you. Effectively leaving your susceptible to the brunt of the attack.

Do you run a compliance environment? Payment Cards Standards has recently stated that simply doing business with a “PCI Compliant Cloud Provider” does not make that traffic compliant. Similarly, a HIPPA certified cloud environment will not provide the same level of compliance as your certified internal network.

The bottom line: Working with cloud security providers in standards complaint environments is still an exercise in time and well-formed business agreements.
Axiom engineers believe that to effectively defend against today’s DOS-type attacks, best practices involve protection both up-stream and at the edge of your network using powerful, appliance-based, solutions like Axiom Sentinel. These premise-installed devices are capable of analyzing and processing over one-hundred million packets per second, enough to mitigate some of the largest enterprise-targeted DOS and DDOS attacks.

When deployed in combination with a multitude of failover internet circuits, Axiom Sentinel will keep your network and business online and communicating when the worst attacks come downstream.

Wherein your provider has failed to mitigate the attack, or ported your traffic to stop the flow of packets into their own network, Axiom’s Sentinel allows you to use your backup internet circuits while continuing to defend against any malicious data coming from the compromised route.

Easy deployment, intelligent management, flexible placement, and industry-leading performance make Axiom Sentinel the most robust security platform available on the market.

Why only protect your Web-site when you can protect your entire network.

Axiom’s solutions come in different sizes and all our solutions are designed to deal with the attack vectors of today while being adaptive and flexible enough to continue to secure your network for years to come. For more information, check out our website at axiomcyber.com or give us a call us at (800) 519-5070. #FightBackWithAxiom

DDoS: What is it and How Will it Affect My Business?

DDoS: What is it and How Will it Affect My Business?

You hear about it almost every day. Some large business, corporation, or government entity has suffered a “Distributed Denial of Service Attack”, or DDoS attack, and lost time and revenue due to an inability to continue to operate under such conditions. It’s happening with increasing frequency and intensity, and has now become a top concern for small and medium sized enterprise organizations all over the country.

To understand how a DDoS attack can cripple a network, it helps to know what one is. The attack can come in many forms but most often starts as a network of geographically distributed computers who were unwillingly enlisted into a virtual army, waiting for commands from the hacker to begin flooding their target.

You’ll commonly hear networks like this referred to as “bot-nets”, and these networks can produce floods of traffic anywhere from megabits to hundreds of gigabits depending on the number of nodes enlisted. Most bot-net administrators do not perpetrate attacks themselves, instead renting out their networks to clients who pay by the hour to utilize the service to attack.

As bandwidth and compute power has decreased internationally, the price of renting a gigabit botnet has reached an all-time low. This has created an environment wherein hacking service providers have resorted to marketing tactics, such as coupons and subscriptions, to lure customers away from competing services.

With a web-link and handful of US dollars, you too can rent enough power to bring a large public-facing entity to a grinding halt.

Coincidently, as bandwidth to small and medium businesses has increased, service-providers have had to support access to very fast circuits and switching networks to adapt. Therefore an attack at 500Mbps, that may cripple your Web server’s ability to communicate with the outside world, will not have any effect on your provider’s ability to continue operations.

Therefore, they are unlikely to step in to mitigate, or port, the traffic until you call to alert them of the malicious traffic. To them, you’re just using more of your already fast internet connection!

Axiom researchers have found that the number of DDoS attacks in 2014 was up approximately 90% over the prior year. In 2015 alone, we have already recorded a 100% increase in attacks over 300Mbps in comparison with 2014.
With the decreasing price of hacking tools, this increase in attacks will continue to become the new norm. Businesses of all sizes need to adapt to these new threats now in order to continue operating in the coming storm.

#FightBackWithAxiom

Axiom DDoS protection uses a proprietary security solution that denies the attacker information about your network and causing an increase in resource commitment on behalf of the attacker to in order continue their virtual volley. This not only allows you to continue business operations during an attack, but turns you into an undesirable target for any hacker. It makes them think twice about spending money to mess with you again.

Axiom Sentinel solutions come in different sizes and solutions. From Axiom Sentry devices with 500Mbps of mitigation capacity to our flagship Axiom Sentinel appliance, a sealed bridging appliance with 2 Terabit mitigated capacity, all Axiom solutions are designed to deal with the attack vectors of today while being adaptive and flexible enough to continue to secure your network for years to come.

For more information about Axiom Sentinel, feel free to call us about a capabilities presentation at (800)-519-5070

What Is The Future Of Internet Security?

What Is The Future Of Internet Security?

What if you woke up tomorrow and couldn’t access Facebook. Next you try Google and nothing happens. Next it’s CNN.com and Wikipedia. 

Nothing resolves and nothing works. Now, imagine this is not a short lived outage but days, weeks, even months.

This is a potential reality. What would businesses do? Think about banking, transportation, and healthcare. Every single industry relies on the internet to do business and keep our lives running.

As bandwidth availability continues to increase, there is a real threat of a distributed attack on the nation’s core infrastructure that could paralyze our world. We are tracking daily these attacks from Asia and Eastern Europe that are testing our vulnerabilities.

A few weeks ago, we saw a 25% packet loss across the backbone of the internet when the New York Stock Exchange was impacted. That same day United Airlines suffered outages due to that same flood. Many other businesses and government entities were impacted that day as well. Those attacks weren’t aimed at those businesses, but the carriers who service them.

Just like the Velociraptors in the original Jurassic Park movie, our enemies are testing our defenses. They are poking and prodding daily, finding our weaknesses. In the last week, core Level 3 routes were impacted by one of the worst sustained floods in recent months. Google DNS servers were also halted for more than 5 minutes, which is unprecedented.

In addition to increasing bandwidth, compute is becoming more accessible. Today you can purchase a Raspberry Pi device that has a 100MB interface for $39.  Many similar ARM SOCs (systems on a chip) are shipping with 1GBe interfaces. Most are less than $40. Someone with access to a 10Gbe circuit and an array of these compute nodes would have the distributed power equivalent of a State Sponsored action just 5 years ago.

We have to be thinking in future terms. At Axiom, we are developing devices that could have stopped these attacks at the upstream provider. What is needed, what Axiom is refining, is a compute solution that is designed to fight back. #FightBackWithAxiom. The answer is not to deny packets, not to black-hole packets, but to use a software defined algorithm that actively fights back and mitigates the attack. Not just at a single layer of the OSI model but at all of them.

In the past, flood attacks often used a single protocol as an attack vector. Since these kind of attacks are becoming easier to mitigate, attackers are evolving, adapting and creating new ways to attack specifically at the application layer, hitting you where it hurts. The best intruder will always use an open front door.

Axiom’s algorithm combined with our compute nodes is designed to mitigate an attack at any layer.

We are working with devices up to and including 100Gbe bonded interfaces, utilizing 400Gbe mitigation and TB switching fabric at the carrier level to stop these attacks before they ever get to the end customer.

Distributed denial of service (DDoS) is the new normal. We must fight back. #FightBackWithAxiom