Wednesday, November 16, 2016

The black nurse

You are convalescing. You need to sleep. The smell of the chemicals enters your nostrils and you know you are not at home. You are in a hospital. You know you are going to be safe there. You will be protected and they will take care of you. You don’t need to worry, they will look after you, even when the night comes. You are disconnected from the outside dangers. When the lights go out, a nurse enters the room but you can only see a shadow. Yes, a shadow. But she is dressed as a nurse. And she is not coming with good intentions.

BlackNurse is the name that a group of researchers have given to a recently discovered cyberattack. This method allows massive DDoS attacks, capable of knocking down large servers with limited resources. Their biggest danger lies in their ability to perform the attack on their own, and what is more important, when victims are offline or disconnected.

BlackNurse takes advantage of the ICMP (Internet Control Messenger Protocol) type 3, code 3, which is used by routers and network equipment to send and receive error messages. Through this specific type of ICMP packets, the attackers can overload the CPUs of certain types of servers. Researchers have noticed that reaching the threshold of 15 Mbps at 18Mbps, the network devices can drop so many packets that they will make the server go offline.

Danish researchers at TDC Security Operations Center explain that the attacks could be done by someone with just a single laptop. They could boost the DDoS attacks with a maximum peak of up to 180 Mbps. Experts confirmed that in the past two years, other 95 DDoS attacks used the ICMP protocol targeting clients inside the TDC network, although they couldn’t identify how many of them were actually BlackNurse.

These experts also pointed out that this kind of attack would go against several models of firewalls from the major manufacturers, including Cisco Systems, Palo Alto Networks, Sonic Wall and Zyxel.

If in this case, we talk about small attackers, when we talk about victims we could say the same. According to Kaspersky Lab, small businesses have suffered 8 times more ransomware attacks in the third quarter of 2016 than in the same period last year. Researchers speak of 27,471 attacks against 3,224 in 2015. Locky is the most common ransomware, affecting about 90,000 victims a day, according to the security software company Webfoot. What they cyber attackers ask for, in exchange of the hijacked information is, of course, money. Once inside the system, hackers have direct access  to the computer desktop and can keep the malware, making it look like it has disappeared, when it hasn’t. 

It is obvious that no one would want a malicious shadow as a nurse, nor finding a malware that can take control of our files and personal information. To avoid it, we should protect ourselves from possible attacks. We could do that, or deal with the consequences.

Image source: Freeimages


Post a Comment