Connect with us

Cybersecurity

Gafgyt and beyond: Inside IoT DDoS Malware

In a Distributed Denial of Service (DDoS) attack, a cyber attacker overwhelms their target by bombarding them with enormous quantities of fake data, knocking them offline

mm

Published

on

Best DDoS Protection Techniques

In a Distributed Denial of Service (DDoS) attack, a cyber attacker overwhelms their target by bombarding them with enormous quantities of fake data, knocking them offline or significantly impeding their ability to offer service regular to legitimate customers.

Because it’s challenging to overwhelm a target on your own, DDoS attacks almost always use a botnet, a zombie army of remote-controlled connected devices, which can launch coordinated attacks to consume a victim’s upstream bandwidth.

Picture it like recruiting a group of friends, acquaintances, and anyone else you can persuade with access to a phone to call a local business at a particular time repeatedly. While you could annoy by doing this yourself, using a single phone line, by getting a large group of people to do so, you can tie up as many phone lines as the target company might have open at once. You also make it much harder for the beleaguered business to trace the party responsible since all the calls come from different numbers.

A botnet works a lot like this. It refers to a collection of internet-connected devices that have been infected using malware to be controlled by hackers. The name “botnet” is a combination of “robot” and “network.” The biggest botnets have involved hundreds of thousands or even millions of connected devices. Those targets without the proper DDoS mitigation tools can be in serious trouble.

1. Attacking IoT devices

Virtually any internet-connected device can be used as a botnet. All that’s required is that it can send messages on command. That means that while malware-infected desktop and laptop computers have been used in botnet-driven DDoS attacks, they too have smartwatches, intelligent security cameras, intelligent kitchen appliances, and home routers.

Some of the devices are ones their owners may not even think of as computers, although that’s precisely what they are. They may also have no awareness that their device is part of a botnet, perhaps only experiencing the occasional slowdown in service — since many devices in a botnet lie dormant until they’re used for a DDoS attack or, sometimes, for sending spam messages.

cybersecurity is essential to the global supply chain

There are many significant advantages to cyber attackers targeting Internet of Things (IoT) devices such as IP cameras and intelligent refrigerators for DDoS attacks. One is the massive number of devices that can potentially target. According to consumer data company Statista, the average number of connected devices per household in the United States last year was 10. Globally, the firm claims that there are around 21.5 billion interconnected devices.

Just as important is the fact that, in many cases, IoT security can be surprisingly poor. That makes these devices comparably easy to compromise for IoT botnets. Poor security may stem from weak and guessable passwords, often unchanged from their default passwords, insecure ecosystem interfaces, flawed security update methodologies, and more.

2. Botnets in action

Whatever the reasons, hackers have wasted no time targeting these vulnerabilities to build bigger, worse botnets. The devastating Mirai botnet, which emerged in 2016, infected IoT devices by scanning the internet for open ports and then trying to access them by using a list of more than 60 default passwords. It was used as part of multiple DDoS attacks.

Mirai’s tricks continue to be used in similar botnets. More recently, variations of a botnet malware family called Gafgyt have used code from the Mirai botnet to target and potentially infect susceptible IoT devices, including routers made by Huawei and Realtek. It downloads malware payloads that can be used to stage DDoS attacks by exploiting vulnerabilities in these devices.

DDoS attacks have been around for decades, but the approaches used by attackers continue to evolve. As seen with the Gafgyt malware and the continued threat of Mirai and Mirai-inspired botnets, attackers constantly tweak their systems to build larger, more dangerous botnets which can be used to inflict harm on targets.

3. Defending against DDoS

Anyone in possession of an IoT device should take steps to ensure that it is adequately secured. This involves changing the name and default password of machines, using strong passwords, providing firmware updates that are downloaded and installed, and avoiding using public Wi-Fi to access IoT networks.

To defend against DDoS attacks, you should also make sure that you deploy the correct anti-DDoS tools. This includes solutions for DDoS detection (able to recognize attacks as rapidly as possible), diversion (to defend against application-layer and network-layer attacks), filtering (blocking malicious traffic while continuing to let legitimate users through), and analysis (to gather information about attacks and attempted attacks.)

Distributed Denial of Service attacks (DDoS attacks) is not going away any time soon. The most that companies can hope for is preparing for them and figuring out how best to mitigate them. Given the potential damage they can cause — from unwanted downtime to long-term reputational damage — this is one of the smartest investments you can make.

We are an Instructor, Modern Full Stack Web Application Developers, Freelancers, Tech Bloggers, and Technical SEO Experts. We deliver a rich set of software applications for your business needs.

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Bitcoin

3 Tips for Designing the Perfect Cryptocurrency Blog

The design will also have a big impact on how many people you keep on your website, and for how long. Here are some tips for designing the perfect cryptocurrency blog.

mm

Published

on

Tips for Designing the Perfect Cryptocurrency Blog

Crypto is back in the news right now, and, if you’re a big fan of crypto and know a lot about it, then you could make a little bit or even a lot of money with a cryptocurrency blog. You have to make sure that it’s designed properly, however.

This will make your blog come across as more professional, reliable, and credible. The design will also have a big impact on how many people you keep on your website, and for how long. Here are some tips for designing the perfect cryptocurrency blog.

1. Look at What Other People are Doing

The first thing you should do when designing a crypto website is to scout the competition and see what they’re doing. Now would also be a good time to start looking at sites for information. If you want accurate information on price action for different currencies, a site like OKX.com will help. You should also check out some of the main information sites and inspire yourself with their design.

Look at different blogs and see how much emphasis they put on images. Look at the banners and if they’re using a pop-up or pop-under.  Also look at the navigation, size, and weight of the fonts, color schemes, and the site’s layout.

2. Leave Plenty of Space

You shouldn’t obsess over design elements when it comes to a blog. Look at any of the top blogs in any category and you’ll notice that most of them have very barebone designs with lots of white space. And you can rest assured that they did not come with that design by accident.

3 Tips for Designing the Perfect Cryptocurrency Blog

White space is your friend and allows people to concentrate on the content. White space will also make images stand out. So don’t be afraid to have plenty of white space and try to use impactful images or titles instead of snazzy design elements to attract attention.

3. Perform thorough A/B Testing

You have to test every element of your website and monitor your metrics closely. You have to look at bounce rates, average time spent on pages, and how many pages on average people visit when they come to your blog, among other things.

The best way to test your website is to put it through multiple rounds of A/B testing. This is when you present an alternative version of the website to visitors and see how specific elements impact your metrics.

Be very careful to only test one aspect of your website at a time, however. If you test color schemes and fonts at the same time, for example, and you see a drop or increase in bounce rate, you won’t be able to know what the exact cause was.

These are all things that you’ll need to do if you want to build a great cryptocurrency blog this coming year. If you manage to give your readers the content that they need and work on promotion, you could amass an audience very fast, so be persistent and commit to offering your audience the best product you’re capable of.

Continue Reading
Advertisement
Advertisement
Travel & Tourism4 days ago

What to Do During Your First Visit to Singapore

Business1 week ago

What is a Customer Data Platform?

Lifestyle2 weeks ago

The Advantages of Ray Rose Ballroom Shoes

Gadgets1 month ago

Destiny 2: the main activities of the PvE game mode

Operating System1 month ago

iPhone Stuck On Apple Logo- 100% Working Solutions!

Mobile Apps2 months ago

iOS 16 Programming for Beginners 7th Edition by Ahmad Sahar

Business2 months ago

The Improvement Checklist for any Expanding Tech Gadget Business

Bitcoin2 months ago

3 Tips for Designing the Perfect Cryptocurrency Blog

Business2 months ago

Top Ways to Boost Your Interior Design Business

Database2 months ago

4 Ways to Reduce the Risk of Human Error When Entering Data

Advertisement
Advertisement

Trending