Connect with us

Cybersecurity

Gafgyt and beyond: Inside IoT DDoS Malware

In a Distributed Denial of Service (DDoS) attack, a cyber attacker overwhelms their target by bombarding them with enormous quantities of fake data, knocking them offline

mm

Published

on

Best DDoS Protection Techniques

In a Distributed Denial of Service (DDoS) attack, a cyber attacker overwhelms their target by bombarding them with enormous quantities of fake data, knocking them offline or significantly impeding their ability to offer service regular to legitimate customers.

Because it’s challenging to overwhelm a target on your own, DDoS attacks almost always use a botnet, a zombie army of remote-controlled connected devices, which can launch coordinated attacks to consume a victim’s upstream bandwidth.

Picture it like recruiting a group of friends, acquaintances, and anyone else you can persuade with access to a phone to call a local business at a particular time repeatedly. While you could annoy by doing this yourself, using a single phone line, by getting a large group of people to do so, you can tie up as many phone lines as the target company might have open at once. You also make it much harder for the beleaguered business to trace the party responsible since all the calls come from different numbers.

A botnet works a lot like this. It refers to a collection of internet-connected devices that have been infected using malware to be controlled by hackers. The name “botnet” is a combination of “robot” and “network.” The biggest botnets have involved hundreds of thousands or even millions of connected devices. Those targets without the proper DDoS mitigation tools can be in serious trouble.

1. Attacking IoT devices

Virtually any internet-connected device can be used as a botnet. All that’s required is that it can send messages on command. That means that while malware-infected desktop and laptop computers have been used in botnet-driven DDoS attacks, they too have smartwatches, intelligent security cameras, intelligent kitchen appliances, and home routers.

Some of the devices are ones their owners may not even think of as computers, although that’s precisely what they are. They may also have no awareness that their device is part of a botnet, perhaps only experiencing the occasional slowdown in service — since many devices in a botnet lie dormant until they’re used for a DDoS attack or, sometimes, for sending spam messages.

cybersecurity is essential to the global supply chain

There are many significant advantages to cyber attackers targeting Internet of Things (IoT) devices such as IP cameras and intelligent refrigerators for DDoS attacks. One is the massive number of devices that can potentially target. According to consumer data company Statista, the average number of connected devices per household in the United States last year was 10. Globally, the firm claims that there are around 21.5 billion interconnected devices.

Just as important is the fact that, in many cases, IoT security can be surprisingly poor. That makes these devices comparably easy to compromise for IoT botnets. Poor security may stem from weak and guessable passwords, often unchanged from their default passwords, insecure ecosystem interfaces, flawed security update methodologies, and more.

2. Botnets in action

Whatever the reasons, hackers have wasted no time targeting these vulnerabilities to build bigger, worse botnets. The devastating Mirai botnet, which emerged in 2016, infected IoT devices by scanning the internet for open ports and then trying to access them by using a list of more than 60 default passwords. It was used as part of multiple DDoS attacks.

Mirai’s tricks continue to be used in similar botnets. More recently, variations of a botnet malware family called Gafgyt have used code from the Mirai botnet to target and potentially infect susceptible IoT devices, including routers made by Huawei and Realtek. It downloads malware payloads that can be used to stage DDoS attacks by exploiting vulnerabilities in these devices.

DDoS attacks have been around for decades, but the approaches used by attackers continue to evolve. As seen with the Gafgyt malware and the continued threat of Mirai and Mirai-inspired botnets, attackers constantly tweak their systems to build larger, more dangerous botnets which can be used to inflict harm on targets.

3. Defending against DDoS

Anyone in possession of an IoT device should take steps to ensure that it is adequately secured. This involves changing the name and default password of machines, using strong passwords, providing firmware updates that are downloaded and installed, and avoiding using public Wi-Fi to access IoT networks.

To defend against DDoS attacks, you should also make sure that you deploy the correct anti-DDoS tools. This includes solutions for DDoS detection (able to recognize attacks as rapidly as possible), diversion (to defend against application-layer and network-layer attacks), filtering (blocking malicious traffic while continuing to let legitimate users through), and analysis (to gather information about attacks and attempted attacks.)

Distributed Denial of Service attacks (DDoS attacks) is not going away any time soon. The most that companies can hope for is preparing for them and figuring out how best to mitigate them. Given the potential damage they can cause — from unwanted downtime to long-term reputational damage — this is one of the smartest investments you can make.

We are an Instructor's, Modern Full Stack Web Application Developers, Freelancers, Tech Bloggers, and Technical SEO Experts. We deliver a rich set of software applications for your business needs.

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published.

Cryptocurrency

Should Your Business Accept Cryptocurrency Payments?

Cryptocurrency users have grown in number in recent years, and so has the variety of cryptocurrencies they are adopting.

mm

Published

on

Ethereum Cryptocurrency

The payment options you accept in your physical or online store can be important in convincing your would-be customers to complete their transactions with you. If a customer cannot find their preferred payment option in your store’s list of accepted payments, they might not push through with their purchase and look for a business that aligns with their preferences.

Losing business in this way can be devastating for an establishment trying to set itself up for success in the digital age. As such, businesses should carefully consider whether or not to accept payments in the form of cryptocurrency. Cryptocurrency users have grown in number in recent years, and so has the variety of cryptocurrencies they are adopting.

Would it be a good idea to add this mode of exchange to your establishment’s list of accepted payment methods? In most cases, the answer is yes—especially if you’re eager to enjoy the following benefits and prepared to deal with the complications that come with it.

1. The Pros and Cons of Transacting in Cryptocurrencies

Having a Bitcoin, Ethereum, or Moreno wallet for receiving cryptocurrency payments from your customers can provide you with the following advantages:

2. Access a Wider Range of Customers

Once you start accepting cryptocurrencies in your digital or physical store, you make it easier for techie customers to purchase your products or services. Your market will not be limited to people who pay in cash or credit, as it will also include a portion of the people who have invested in cryptocurrencies in the past few years.

You’ll also be able to accept payment from anyone from anywhere, given that you can live up to your side of the bargain by delivering your goods or providing your services to the place where the customer indicated.

3. Ability to Provide Better Customer Experiences

Privacy is becoming rarer these days, and many customers would like to use their assets without compromising their data or being subject to scrutiny. Using cryptocurrency, your business is catering to their needs without risking their personal details. The same can be said for your business, as the protection offered by transacting in cryptocurrencies goes both ways.

4. Conduct Business with Lower Transaction Fees

One of the main draws of accepting cryptocurrency is a lack of a central system to regulate the flow of coins and tokens. This allows individuals and organizations that transact in cryptocurrency to choose an intermediary that can offer them the most favorable transaction fees.

Cryptocurrencies Bitcoin

Instead of paying 2 to 4% of each transaction to a credit card company or an intermediary, a business can cut down that cost or even eliminate it entirely. Also, there’s no need to wait for payments to clear foreign banks when transacting with crypto, even if the person paying you is based in another country.

At the same time, accepting cryptocurrencies also opens up your establishment to the following risks:

5. High Level of Price Volatility

It’s a well-known fact that cryptocurrencies are quite volatile. The price of the coin you use, BTC, ETH, or XMR, can change dramatically in a day. This, in turn, will affect how you will translate the value of your cryptocurrency assets and include them in your financial records.

You need to be able to quickly and regularly exchange the crypto coins in your wallet for digital or physical cash to protect your business from the drastic changes that the cryptocurrency market often goes through.

6. Technical Barriers and Upkeep

Cryptocurrencies are still developing and will continue to change to reflect the communities that support them. It’s a must to familiarize yourself with the current technologies behind this asset.

Still, you also have to keep an eye out for up-and-coming developments that can impact the coin you support and the community behind it. You need to be prepared for the changes this asset will continue to go through if you want to use it effectively for your business.

7. Regulatory Uncertainties

Cryptocurrencies offer a fairly new way of trading, as the first cryptocurrency was only released in 2009. Laws can be pretty slow in keeping up with technology, and digital coins and tokens can sometimes exist in regulatory limbo.

This can mean that, in many places, the people and organizations that use cryptocurrencies cannot expect the same level of protection afforded to consumers who use more traditional means of trade and exchange, such as fiat money and credit cards. It can also be difficult to determine how cryptocurrency assets should be declared in forms and regulatory reports.

There are many benefits when catering to customers who wish to conduct their business using digital coins. Accepting payments in the form of cryptocurrency as early as now can boost your establishment’s reputation among progressive-minded customers who see the role that crypto coins and tokens will play in the future.

Also, being a part of the cryptocurrency community early on will enable your business to easily adapt to future technologies that may develop from such a dynamic environment.

However, it’s important to consider whether your business is prepared to face the possible complications of going this route. Only by being fully aware of these risks and possibilities can you maximize the opportunities that cryptocurrencies present to your establishment.

Continue Reading
Advertisement
Advertisement
Business2 days ago

How small businesses can overcome their supply chain challenges

Internet7 days ago

How do collect and train data for speech projects?

Business2 weeks ago

Upgrades That Will Help Your Business Thrive

Games2 weeks ago

Tips And Tricks That Will Help You To Win Big In Escape From Tarkov

Insurance3 weeks ago

How To Improve Your Company’s Workers Comp Management Process

Entertainment3 weeks ago

Dear Father Gujarati Movie – The Father – Dear Father

E-commerce4 weeks ago

4 Communication Tools You Need to Integrate in Your Ecommerce App

Software4 weeks ago

Pricing For Profits: Three Simple Rules To Price Your Product

Security4 weeks ago

Cloud Security – Why It’s Important For Your Business

Cloud Computing1 month ago

Make Sure You Avoid These Cloud Computing Mistakes

Advertisement
Advertisement

Trending