Author Archives: Matthew Pascucci

Why the Mirai IoT Botnet Changed the DDoS Game

Posted on by

Over the weekend the Mirai code for the IoT botnet was released on the internet. Essentially, this allows copy cats and borderline script kiddies to adjust the code as needed for their own misguided use. The Mirai botnet was the botnet that took down both Krebs and OVH last week and there’s been debate as to the number of hosts commanded by it. Either way, it ended up throwing two of the largest DDoS attacks ever seen. The OVH attack tipped the scales at around 1 tbps, which is like wielding your own personal Death Star across the internet. 

This being said, I think we’ll see the Mirai botnet start declining, but that they’ll be an uptick in IoT related DDoS attacks. This was only one botnet, made mostly from small cameras attached to the internet, but what happens when someone goes out and starts creating a botnet from multiple IoT related devices? What if they slowly harvest vulnerabilities within the plethora of insecure IoT devices? An attacker could slowly command an army of soda machines, thermostats, cars, DVRs, etc that when combined will be larger than anything we’ve ever seen before. This like a botnet-of-botnets (BoB) making one mega-botnet to rule them all (okay, now there’s LOTR references in here too, sorry). 
Either way, the Mirai IoT botnet has shown that DDoS is about to turn it up to 11 real soon and hopefully the Akamai’s, Cloudflares, Google, etc are going to be ready for it. These providers are always looking to have N-size the amount of bandwidth from the largest known DDoS attack on record, so this might leave have them scrambling to determine bandwidth sizes for the future. I also think the ISPs need to start playing a bigger role here when it comes to botnets of this size, but regulation and corporation from other countries would also need to be involved and this has always historically been difficult. 
So this is why Mirai changed the game. It almost completely brought down a DDoS mitigation network, which means if there were two botnets of equal size it would be difficult to maintain. This also means if they can’t support multiple attacks of this size their other customers will be left unprotected and vulnerable to attack, or even leaving their “always on” customers with a potential internet outage.  Lastly, this starts the herding of an untapped market of IoT devices ripe for the picking and I think we’ll see copy cats using similar code on different IoT devices real soon. Things are about to get interesting.

Continue reading Why the Mirai IoT Botnet Changed the DDoS Game

Posted in SBN

Wanted: Conversation with forensic psychologist to assit with security research

Posted on by

I’m looking for introductions to behavioral or forensic psychologists in regards to a cyber security research project I’m working on. I’d like to setup a conversation and pick their brains on a couple of topics. Anyone you guys recommend?If so, please … Continue reading Wanted: Conversation with forensic psychologist to assit with security research

Posted in SBN

Using Geo IP Data to Tighten Rulesets

Posted on by
The ability to geo-block countries is a great way to limit malicious requests from entering your network or at the very least reduce the footprint of attack from the internet – it’s a great tool to keep in your security tool box. Take a look at my article for Algosec on using GeoIP data in your firewall to tighten rulesets and increase security. 

http://blog.algosec.com/2016/04/using-geo-ip-data-tighten-firewall-rulesets.html

Continue reading Using Geo IP Data to Tighten Rulesets

Posted in SBN

What Happens If the FBI Beats Apple?

Posted on by

The battle for the San Bernardino iPhone is raging in the news and it’s pointing a large light on just how important mobile data has become.  This case will cause precedence on how a government entity will be allowed to request, or have direct access to, an individual’s private data. Apple is taking the stance that their user’s privacy is under attack if they give up the ability for others to access it freely. On the flip side the government is under the viewpoint that our national security is at risk if they can’t view it. No matter where you stand on this issue personally, it’s interesting to see that the largest case in country is being focused on mobile data and its corresponding security. This shows just how important the issues of mobile security have become and this case, no matter where you stand on it, proves that our mobile phones need to be secured and we need to understand the long term effects of what this means for mobile vendors, app developers and mobile device users. 
While this case will continually unfold throughout the next couple weeks, it has already shown us that the ability for security is needed and that the final decision could cause have major changes as to how mobile vendors develop their product from a security standpoint. If the ability to have a third party access data, or bypass the encryption, of a mobile device could start a trend of mobile app developers to enable strong encryption or security within their applications. This ability to access a mobile device could cause a stir among mobile app developers to start performing better security and encryption within their app and not rely on the security of the mobile phone as an umbrella. Certain apps pride themselves on security and encryption, E.G Signal, but I wonder if this will cause other apps to follow in their footsteps? Will this cause a windfall of encryption within mobile apps in attempts to have better privacy? And will the same question of encryption that Apples experiencing now occur on apps that have their data encrypted?  It would be an interesting trend to watch for after a decision is made. 
Also, dependent on the ruling of the iPhone case there might a shift of users who want more privacy move towards another mobile vendor. Apple seems to have a very strong following regardless and we saw many security and privacy upgrades made to iOS6, but will this decision end up making a few of these mute and affect Apples bottom line? Will there be users who felt safer on an iPhone before this case leave for another vendor in search of looking for more privacy? Will we see similar requests of the government sent down to Google, Blackberry, Windows, etc to have the same or similar capabilities? Yet again, this is another interesting trend to look for when the dust settles. 
Lastly, if this is the norm going forward will all new vendors that come into the mobile space have to adhere to allowing access, or bypass ability, to their mobile devices and applications? Will this become a standard applied to mobile vendors and application developers as part of their build process? There are many things to consider after the final decision is made on whether or not Apple needs to develop a way to have a third party bypass their encryption. Yes, this helps with national security and yes this could bypass privacy, but the follow ups going forward for mobile vendors regarding security could be long lasting and changing.

Continue reading What Happens If the FBI Beats Apple?

Posted in SBN