ICT security trend. looking back on 2017, new attacks, new threats and what have not changed.
[ Apr 26, 2018 ]
Cyber attacks are a constant threat these days, with many businesses falling prey to criminal attempts to access and steal confidential information and money. We have been using data learned from these cyber attacks to develop new security measures that help protect your business.
2017 latest update
The ongoing threat of malware and DDoS attacks are still present and growing. In the middle of 2017 outbreak of malware called "WannaCry" affected not only Business ICT environment but individual users costing billions of dollars in damages in total. The number of DDoS attacks has shown a consistent rise and costing web providers and service providers millions of Doller to react to the threat.
The methodology of attacks is also showing variations. Huge DDoS attack recorded in 2016 conducted by malware botnet called "Miral." From this attack alone shows that DDoS attack and malware attacks are not independent but orchestrated in combination making the attack complex and hard to resist.
So far we have covered what happened in previous years. Malware and DDoS are remains as the highest threat out there on the internet. However, there is some new development detected alongside previously known risks. Let's focus on what have changes in the present and what is happening in the realm of cyberspace concerning what to expect and new trends of cyber attacks.
According to NTT security "2017 Global Threat Intelligence Report", In Asia, two industries are attracting 78% of all attack - finance 46% and manufacturing 32%. Of all detected attacks 66% was targeting specific IoT devices. These attacks to IoT devices are coming from other compromised IoT devices indicating that Mirai botnet infects a large percentage of IoT devices. Also, Asia is number one source of IoT attack, and 60% of all global IoT attack are coming from IP address within Asia.
Geographic Sources of IoT and OT-Based Attacks
What causes Virus and Malware infection?
Despite the emergence of sophisticated, targeted attacks and new methods, fake software updates of freeware are still the incredibly popular method of distributing malware. Phony update warning of Adobe Flash Player yet remains effective and popular. Even security-related software can be a target of an attacker. In 2017, hackers infiltrated free PC cleaning software managed to affect 2 million computers.
Devices and software have evolved over the past year becoming more secure and more stable. However, attackers are targeting not only the computers but the users. Human vulnerabilities are something that cannot be patched. Having updated system, running anti-virus software and frequent backup is essential. Users should be aware of threats and also be able to identify suspicious emails or links in websites.
What to expect and new targets.
The new type of attack targeting IoT devices has been detected called PDoS, Permanent Denial-of-Service. PDoS aim is to damage system so severely that it requires replacement or reinstallation of hardware. By exploiting security flows or misconfiguration, PDoS attack can destroy device by damaging firmware.
Known PDoS bot is called "BrickerBot." BrikerBot targets Linux/BusyBox-based IoT device exploiting unsecured telnet and ssh settings. Brickerbot attacks are usually coming from TOR egress node and reports have shown that it is still active. To protect network and IoT devices from BrikerBot following measures are recommended.
- Change the device's factory default credentials.
- Disable Telnet access to the device.
- Do Network Behavioral Analysis and detect an anomaly
- Do User/Entity behavioral analysis (UEBA) to spot granular anomalies in traffic early.
- Use IPS to block Telnet default credentials or reset telnet connections.
Can all SSL/TLS connection be trusted?
Not all attack is from HTTP access; attackers are now using SSL too. The use of encrypted connection is on a rise and adaptations keeps growing. Also, the introduction of HTTP/2.0 will boost the SSL/TLS traffics. So what kind of attack we are expecting from friendly SSL/TLS connections.
Encrypted SSL floods.
This attack exhausts the resources in place to complete the SYN-ACK handshake. Encrypted SSL floods complicate the challenge by encrypting traffic and forcing resource use of SSL handshake resources.
This attack exploits renegotiation of SSL handshake. By intercepting and blocking user's SSL/TLS connection, an attacker can send a legitimate request containing harmful command or data to the server.
These attacks generate floods of encrypted HTTP traffic. It is often used as part of multi-vector attack campaigns. Compounding the impact of HTTP floods (GET flood and POST flood), encrypted HTTP attacks add the burden of encryption and decryption mechanisms to target service.
Encrypted Web application attacks.
Even the web application is using SSL, inherent security risk stemming from improper coding or settings still exists. Also by encrypting the traffic that masks these attacks, they often pass undetected through both DDoS and Web application protection. For example, SQL injection is still possible over SSL connection and that SSL connection makes it difficult to detect the attack.
NTT Communications Global managed security services
Our WideAngle global integrated security service is built on 25 years experience providing risk management services to over 8,000 customers, worldwide. We offer a combination of professional services, security solutions and managed security, powered by a security information and event management (SIEM) engine.
Virus Scan Services
NTT Com (Thailand) provides system integration of virus scan solutions and virus scan management service to protect your PC network environment from computer virus.
Issues facing today's IT operations and maintenance teams