DDoS attacks in high bandwidth bursts

https://www.darkreading.com/threat-intelligence/ddos-attacks-hitting-victims-in-high-bandwidth-bursts

Security firm Imperva culled the intelligence from nearly 5,600 network-level attacks encountered by its clients to find that attackers continued to increase the intensity of attacks as they also shortened attack duration. More than half of the attacks lasted eight minutes or less, with attackers repeatedly inundating the same companies with floods of data — including one attack that topped 1 Tbps, according to Imperva.

From the Big Brother Files: Chicago Heat

The Chicago Police Department is using an algorithm to predict whether citizens will be involved with a shooting incident. While the system identifies people who might be involved with an incident, it doesn’t say on which side the citizen might be involved. This resulted in a citizen with no record of violence being continually contacted by the police, which caused the person to be targeted twice by violent crime. The system uses data from police stops and arrests to make educated guesses about what might happen. Using this kind of system could put entire populations at risk of over-policing. Read more below

https://www.theverge.com/22444020/chicago-pd-predictive-policing-heat-list

Denial of Service and the xISP Part 1

Most service providers have been the victim of a Denial of Service (DoS) attack at one point or another. Sometimes you may not realize you are under an attack. A few months ago, I posted a simple screenshot at https://blog.j2sw.com/networking/anatomy-of-a-ddos/ of what an active DDoS looks like.

Types of Attacks
In order to know what to look for you have to understand the four basic types of attacks. I will outline this and talk about how modern attacks are affecting Internet Service Providers (ISPs). In my next article, we will talk about identifying these types of attacks and some mitigation techniques you can employ.

Throw everything at you attack aka Buffer overflow
This type of attack is throwing enormous amounts of traffic at you to fill up your switch and router buffers, causing the device to exceed its capabilities. Your devices become crushed by an overwhelming volume of data throw at them. This attack isn’t always sheer bandwidth. Sometimes it is tens of thousands of remote connections.

Attacking vulnerable protocols
Attackers go after exposed services like ICMP to do amplification attacks. Fragmented packets, which keep the router tied up are also a common method of attacking a host.

Application attacks
These are the ones most consumers hear about. Vulnerabilities in operating systems, applications, and packages are exploited and used in attacks.

Hacks
The fourth kind is not lumped in with Application attacks, but I wanted to separate it for a few reasons. The first reason is that someone compromising a system is not always sophisticated. If a bad actor guessed the password on your router and erased the configuration, they have performed a Denial of Service against you. If you don’t keep your software up-to-date and someone exploits a backdoor and “hacks” your system, they have performed of DoS attack.

Modern Attacks against networks
Modern DoS attacks are always evolving. As network administrators find ways to mitigate these attacks, the bad actors find ways to tweak them and get around mitigation techniques employed by providers. Most of the exploits above involve sheer volumes of traffic or connections being directed at a host to take it offline. This attack is especially detrimental for service providers because it takes your customers offline if the attack is significant enough.

One of the most common techniques these days is the Distributed Denial of Service attack (DDoS). These are usually botnets involving thousands of compromised machines or devices acting against a host(s). These can be anywhere in the world. They could even be users inside your network with compromised machines or other devices. Distributed attacks are hard to mitigate because they can be legitimate traffic pointed at a web-server as an example. The traffic is not malicious from a technical perspective. You have thousands and thousands of machines sending legitimate requests to a web-server or other host on your network. This traffic looks legitimate but is overwhelming for your hardware and Internet pipe.

Image courtesy of https://www.imperva.com/blog/how-to-identify-a-mirai-style-ddos-attack/

So what does a DDoS look like and what are your options when it comes to Denial of Service Attacks? In my next article in this series, I will talk about some best practices you can do so you are not as vulnerable to these types of attacks.

WPS: Cyber Security & Online Privacy

John Lovell interviews professional hacker on cyber security, privacy on the internet, cyber terrorism, penetration testing, information / data security, confidentiality, phishing, the dark / deep web, and hacking in Hollywood movies such as James Bond Skyfall, Hackers, Swordfish, the Net, Mr. Robot, and other movies.

Garmin gets hit with Ransomware

https://www.forbes.com/sites/barrycollins/2020/07/25/will-garmin-pay-10m-ransom-to-end-two-day-outage/#2e6983423164

Garmin is reportedly being asked to pay a $10 million ransom to free its systems from a cyberattack that has taken down many of its services for two days.

The navigation company was hit by a ransomware attack on Thursday, leaving customers unable to log fitness sessions in Garmin apps and pilots unable to download flight plans for aircraft navigation systems, among other problems. The company’s communication systems have also been taken offline, leaving it unable to respond to disgruntled customers.

Garmin employees have told BleepingComputer that the company was struck down by the WastedLocker ransomware.

Updated Mikrotik firewall script from Rick Frey

Our friend Rick Frey has updated his Mikrotik Firewall script.  You can find it here
http://rickfreyconsulting.com/rfc-mikrotik-firewall-6-0-for-ipv4-free-version/

You will need a fairly beefy router to run all of this.  If you are an enterprise this will be very handy for protecting your corporate network.  If you are an ISP I would pick and choose some of the parts which apply to you.  Your infrastructure should already be on non accessible IP space so the need for this big of a firewall should not be necessary