New wave of DDoS Attacks that employ TCP Amplification
Researchers have noticed a new wave of DDoS attacks that are using TCP amplification. This is a unique approach, and most attackers reportedly avoid it because of inefficiency. The victims of such attacks include Korea Telecom, Eurobet, Turkish-based Garanti, and South Korean SK Broadband. DDoS attacks generate an amplified volume of attack traffic by the compromised system. In attacks that use TCP amplification, a SYN packet pretending to be from the target’s IP address is sent to a number of random IP addresses or reflection services. These IP addresses respond by sending a SYN-ACK packet that is sent to the target network. If the target network does not respond as expected, the SYN-ACK packet will continue to be retransmitted by the IP to establish a three-way handshake. The number of times the reflection IP sends SYN-ACK packets to the IP determines the amplification. These attacks impact the targeted networks as well as the networks that were used to generate the flood of requests. The networks used as reflection services are flooded with SYN traffic, causing congestion. The intended targets may also be blacklisted by network administrators because of spoofed SYN requests.
Public cloud infrastructures suffer from serious security loophole
Researchers found that cloud APIs' accessibility over the Internet opens new possibilities for adversaries to plan their attack. The researchers note that current security practices and controls are not sufficient to mitigate the risk posed by the misconfiguration of the public cloud. Getting API access can be easy if the account credentials of those who manage cloud resources (typically the members of the DevOps, development, and IT teams) is compromised. Obtaining credentials won’t be a highly challenging task since members also use different software development kits and dedicated command-line tools to get access to APIs. In case an organization’s private subnet is not open to the Internet, according to researchers, cloud APIs can still be accessed from the Internet with the right API key. Cloud provider tools—for example, the command-line interface (CLI) tools — save the user credentials inside a file, which is typically locally stored on the individual's workstation. Traditional protections primarily focus on network, application, and operating system defense. Protection and mitigation techniques of companies are, in essence, reactive and not predictive. Many popular defense techniques focus on specific attack vectors, such as brute force protection for cloud apps against password spray tools or AWS reconnaissance tools. Post-breach defense is usually based on different user activities and machine learning algorithms. Organizations can protect themselves from such attacks by following best practice guides from cloud providers. Large and complex organizations need to constantly monitor attack paths since they often have trouble tracking and monitoring permissions in large cloud infrastructures.
Officials have warned about USB charger scam
Travelers have been advised to refrain from using public USB charging ports because they may contain malware. Known as ‘juice jacking’, the USB charger scam involves criminals injecting malware in charging cables or stations they leave plugged in at public USB ports. USB chargers are said to be originally designed to transfer data as well as power. Attackers exploit this to load malware to devices when the victim believes that only electrical power is being transferred. Over the years, many proof-of-concept exploits have been presented by researchers. In the Black Hat 2013 security conference, a malicious USB wall charger that could deploy malware on iOS devices was presented. This proof-of-concept malicious charger was named Mactans. Another proof-of-concept involves an Arduino-based device called KeySweeper that pretends to be a USB wall charger. It can sniff, decrypt, and log keystrokes from any Microsoft wireless keyboard in the vicinity. There are several other ways to exploit a legitimate USB device to launch cyberattacks. Instead of a USB charging station, use an AC power outlet. Carry AC and car chargers for devices when traveling. Consider investing in a portable charger for emergencies. Apart from these, you can also invest in a USB cable that allows only power transmission and not data transmission.
Edited and compiled by cyber security specialist James Aguilan.