Category Archives: DDOS ATTACKS

Security News This Week: An iTunes Bug Let Hackers Spread Ransomware

FBI overreach, hacker payback, and more of the week’s top security news.

bug wearing headphones on pink to blue gradient

The past week brought a heaping helping of not so comforting cybersecurity news, starting with President Donald Trump’s apparent plans to pull out of the Cold War-era Open Skies treaty. We explained why that would be as bad an idea as it sounds. But that’s just for starters.

We also took a look at how planting a spy bug on IT hardware is a lot easier—and cheaper—than you might assume. Also cheap and easy: Russia’s cross-platform disinformation assault during the 2016 election, as comprehensively laid out in a new report from the Senate Intelligence Committee this week. The conclusion is the same as it has been for over a year, but is no less important for it: Russia’s still at it, and the US isn’t doing enough to stop it.

Hackers steal around $400M from Cryptocurrency System ICOs

ICOs are risky, possibly quite lucrative, and also a top target for threat actors looking to cash in.

Anti piracy button on  keyboard.

Cyberattackers have managed to line their pockets with almost $400 million in cryptocurrency by targeting ICOs, a new report states.

According to a new research report (.PDF) by Ernst & Young, over 10 percent of all funds changing hands during these events have been lost or stolen.

This equates to roughly $400 million in cryptocurrency from $3.7 billion in funding between 2015 and 2017.

Initial Coin Offerings (ICOs), or token sale events, have garnered the interest of investors in recent years. The events are an opportunity to fund cryptocurrency or Blockchain-related projects and companies and can prove lucrative in the long term

ICOs have been popular enough to outstrip venture capital investments in Blockchain projects in recent years, despite the potential risks.

These events may be of interest to investors, but they are also a red flag for threat actors looking to cash in fraudulently.

Ethereum marketplace Enigma was gearing up for its ICO when a phishing campaign scammed $500,000 out of investors, while ICOs launched by CoinDash, Veritaserum, and EtherParty were all compromised by attackers a year ago.

These are only the most high-profile names to be targeted through ICOs, however, as the report found a total of 372 ICOs have been attacked in the last two years.

Hackers have been able to steal an average of $1.5 million per month through ICOs, and the report suggests that attackers “are attracted by the rush, absence of a centralized authority, blockchain transaction irreversibility and information chaos” of such events.

“Project founders focus on attracting investors and security is often not prioritized,” the report says. “Hackers successfully take advantage — the more hyped and large-scale the ICO, the more attractive it is for attacks.”

The most common attacks are the substitution of wallet addresses at the time of the event — as we saw with CoinDash — the unauthorized access of private keys and the theft of funds from both wallets and exchanges.

The most common attack vector is phishing, then also by Distributed Denial-of-Service (DDoS) attacks, direct website compromise, employee attacks, and exchange hacking.

Calls have been made for more regulation and tighter security surrounding ICOs, with regulators worldwide now thrashing out methods to legislate these events and protect investor funds.

“As ICOs continue to gain popularity and leading players emerge globally, there is a risk of having the market swamped with quantity over quality of investments,” said Paul Brody, EY Global Innovation Blockchain Leader. “These high-risk investments and the complexity of ICOs need to be managed to ensure their credibility as a means of raising capital for companies, entrepreneurs and investors alike.”

Read also: Venezuela asks other countries to adopt oil-backed cryptocurrency

On Monday, US Securities and Exchange Commission (SEC) regulator Jay Clayton warned businesses not to jump on the Blockchain bandwagon or offer ICOs without the expertise and regulatory support & backing.

The US agency has added ICOs and companies which have changed their name to something Blockchain or cryptocurrency-related without cause to their watch lists in the face of market disruption and surge share pricing due to the trend.


Henry Sapiecha

The Dyn report: What we know so far about the planet’s biggest DDoS attack yet

The Internet of Things has been proven to be just as dangerous as we feared, with an assault from tens of millions of internet addresses & clogging up the works

We don’t know all the answers about the Distributed Denial of Service (DDoS) attack that blew away Dyn and its clients, but here’s what we do know.

close-up black web camera at the laptop

Close-up black web camera at the laptop

That innocent webcam on your desk may have attacked the internet.

First, there was nothing — nothing — surprising about this attack. As Paul Mockapetris, creator of the Domain Name System (DNS), said, “The successful DDoS attack on DYN is merely a new twist on age-old warfare. … Classic warfare can be anticipated and defended against. But warfare on the internet, just like in history, has changed. So let’s take a look at the asymmetrical battle in terms of the good guys (DYN) and the bad guys (Mirai botnets), and realize and plan for more of these sorts of attacks.”

This new twist came from the Internet of Things (IoT). Surprised? Please. We knew all along that not only could the IoT be used to attack networks, it would be used to target the internet.

IoT vendors must improve their security. Or, as Lyndon Nerenberg, an internet engineer, said on the North American Network Operators Group (NANOG), the professional association for internet engineering, architecture, and operations, mailing list, “The way this will get solved is for a couple of large ISPs and DDoS targets to sue a few of these IoT device manufacturers into oblivion.”

IoT vendors know this. Hangzhou Xiongmai Technology, the Chinese technology company that admitted its webcam and digital video recorder (DVR) products were used in the assault and recalled its webcams, is also threatening legal action against those that try to attach blame for the attack to its gear.

Of course, the ISPs and DNS providers deserve much of the blame as well. Their failure to implement Network Ingress Filtering, Best Current Practice (BCP)-38 and response rate limiting (RRL) played a large role in making the attacks possible.

The attacks themselves were in large part, as expected, driven by a Mirai botnet. Kyle York, Dyn’s chief strategy officer, reported, “The nature and source of the attack is under investigation, but it was a sophisticated attack across multiple attack vectors and internet locations. We can confirm, with the help of analysis from Flashpoint and Akamai, that one source of the traffic for the attacks were devices infected by the Mirai botnet. We observed 10s of millions of discrete IP addresses associated with the Mirai botnet that were part of the attack.”

Let that sink in for a minute. Tens of millions of IP addresses. DDoS attacks of this size were unheard of even six months ago.


The attack itself came in three waves. York stated, “At 7:00 am ET, Dyn began experiencing a DDoS attack. While it’s not uncommon for Dyn’s Network Operations Center (NOC) team to mitigate DDoS attacks, it quickly became clear that this attack was different. Approximately two hours later, the NOC team was able to mitigate the attack and restore service to customers. After restoring service, Dyn experienced a second wave of attacks just before noon ET. This second wave was more global in nature (i.e. not limited to our East Coast [Points of Presence] POPs), but was mitigated in just over an hour; service was restored at approximately 1:00 pm ET. Again, at no time was there a network-wide outage, though some customers would have seen extended latency delays during that time.”

This understates the problem. Globally users reported problems for hours afterward and many Dyn-supported sites were unavailable until the late afternoon.

Finally, “there was a third attack attempted, we were able to successfully mitigate it without customer impact.”

That ended the largest DDoS attack of all time… so far. More will be coming.

As York concluded, “It is said that eternal vigilance is the price of liberty. As a company and individuals, we’re committed to a free and open internet, which has been the source of so much innovation. We must continue to work together to make the internet a more resilient place to work, play and communicate.”

If we don’t, the internet will fail.


Henry Sapiecha