Tuesday, February 24, 2015

Low-cost hackers vs. professional hacking

5:45 am. You wake up a bit disoriented. The buzz of your alarm does not stop. You take your phone and approach the screen to your face. You are not wearing glasses on and the blinding light of the device forcesd you to put different and grotesque faces. Slowly you begin to distinguish some shapes: it is the Calendar spp, it is labeled with a red square, so... You get up to your feet, and in just five minutes you are at the controls of your computer. The company's services are experiencing a denial of service attack.

How to deal with such a situation? The duty team is already aware of the situation, monitoring requests, looking for patterns and IP ranges to route and block traffic. You soon receive a call from your supervisor.

- Did you see it?
- Yes, I'm at it, did you release the mitigation plan?
- Yes, but these %$#¢$! They are so clever. They are attacking us on several fronts.
- Give me a few minutes. I will active CDN perimeter defenses and I will analyze log right now.

In fact,  it is here where the questions arise. What if there is an orchestrated attack by a government or competitor? If they have unlimited resources, it will be difficult to deal with it. In UK they recently realeased some of the "user guides" used by their spies to hack and exploit vulnerabilities and bugs on devices. And there is little you can do about it.

Fortunately, the attack your company is suffering  is so rough that you reject such idea for now. IPs belong to different ranges, so it could be a botnet. It could even be a mobile one, which is one of the threats most used by the crime industry when it comes to smartphones, along with espionage based on connected hardware, privilege escalation allowing to install apps and possible fraudulent attacks on the SIM,.

It is also possible that they are not even mobile devices, but connected things. The Internet of things is composed of many devices, ranging from smartwatches to home automation, which are vulnerable devices that can be used as an attack vector.

But low-cost hacking does also exist. Any guy could take his old router to transform it into a "honeypot" to steal data sent via WIFI. With $ 15, a pair of wires and a smartphone, he could even hack a smart car.

Well, finally the attack was not as tough as it looked at the beginning. Perimeter defenses blocked enough fake requests to keep running most services, added to the increased bandwidth request to yout provider. Two or three additional rules allow you to block requests that bypassed automation.

What is the bad side then? You have to do a written report of the whole situation, so forget about going back to bed. This day started earlier than usual…


Post a Comment