Posts

botnet

Attack Agents and Bots

zombie computers are also botnetsOne of the critical parts of a successful DDoS attack relies on bots or a botnet. Botnets are groups of zombie computers under the remote control of an attacker via a command and control server (C&C Server). These zombie computers are highly useful as they are used to carry out commands on a whim and can be used as the front line offense to stall any web server that an attacker wants. Here is a good list of uses of botnets, other than carrying out DDoS attacks:

  • Spamming
  • Sniffing traffic
  • Keylogging
  • Spreading malware
  • Installing ads

How Does a Botnet Work?

I know you’re probably asking yourself, “how does a botnet actually work?” Well, we’re here to tell you.

1. First, a hacker sends out viruses, worms or malware to infect ordinary users’ computers, whose payload is a malicious application. This can help remotely control a computer and allow the attacker to communicate with the infected system.
2. Next, the bot on the infected PC logs into a particular C&C server. The C&C server acts as a command center for the main attacker to launch commands to the botnet.
3. Third, a spammer purchases the services of the botnet from the hacker. This actually happens fairly frequently, which contributes to the spreading or strengthening of the botnet.
4. Lastly, the spammer provides the spam messages to the hacker, who instructs the compromised machines via the control panel on the web server, causing them to send out spam messages.

Botnets frequently use DNS to rally infected hosts, launch attacks, and update their call of duties. Essentially, we become zombie armies that are ready and willing to execute any command you give them. They become martyrs to a web server attack and are used specifically to shut down or freeze the target’s system. This can wreak havoc on any website — both large and small. It’s important to not fall victim to being a botnet without knowing. Also, it’s more important to not be attacked by these botnets. Stay safe and stay tuned for more updates from Cloudbric!

credit-card-1591492_640

Cyber Attacks on Banks: How Vulnerable is Your Money?

When it comes to online banking, there’s no room for tolerating sloppy data security. You might not lose any sleep if your (hopefully unique) Adobe password is leaked and you may only experience a few minutes of rage if your Dota 2 game is DDoSed. But if your bank goes offline, you had better hope it’s only for a few minutes. Also that your money is safe. Today let’s look at some cyber attacks and what these types of attacks can mean for your savings.

3 Cyber Attacks with Devastating Consequences

Whether we’re talking about large banks or scrappy new fintechs, any financial companies that do business online are vulnerable to security risks, just like anyone else. Here are three major incidents where online banks had their security compromised.

1. American Banks Targeted With Extended DDoS Campaign

Starting in early 2012, a wave of malicious cyber attacks swept over several American banks, targeting banking web applications one at a time. The attacks affected Bank of America, Citigroup, Wells Fargo, Capital One, and HSBC, among others. Rather than targeting customer data or stealing money, the hackers used DDoS attacks to overwhelm online banking websites. This prevented actual customers from accessing bank services.

A group called Izz ad-Din al-Qassam Cyber Fighters took credit for the attacks. Dubbed Operation Ababil, they claimed retribution for an anti-Islam video. But due to the sophistication of the attacks, the US government suspects the group is just a front for the Iranian government, seeking their own retribution for American cyberwarfare attacks.

The campaign was one of the largest cyber attacks in history (a record since surpassed many times). Cyber attacks were carried out in three phases, the final launching in March 2013. More than just a nuisance, a successful DDoS attack costs banks an estimated $100,000 per hour. Worse, any server, web application, device, or IoT device compromised by a botnet can be used in such a DDoS attack.

cyber attack on individual code injection

2. South Korea’s Banking Industry Hit By Massive Coordinated Attack

On March 20, 2013, South Korean citizens were rattled by a far-reaching cyber blackout. This attack froze computer terminals and paralyzed ATMs and mobile payments. At two banks, Windows and Linux computer systems were affected and entire hard drives were wiped. Others such as Woori Bank reported intrusion attempts. They claimed to have fended off the hackers. The attackers also managed to disrupt broadcasts of three major TV stations.

The South Korean government accused North Korean operatives of orchestrating this cyberwarfare campaign from China, where the attacker IP was traced. It is possible either a North Korean cyberwarfare unit was active in China. Another possibility is a China-based mercenary botnet that had already compromised South Korean targets.

This attack was carried out by a relatively unsophisticated malware program known as “DarkSeoul,” and could have been prevented had adequate cyber security measures been put in place. Despite the disruption to services and deletion of data, it is clear the attack was mainly intended to disrupt business and cause chaos. The total cost of the carnage, both through denial of service and data loss,  was calculated at $725 million.

An old-time bank in the Wild West with a woman on horseback.

3. Russian Hackers Pull Off World’s Biggest Bank Heist

A cybercriminal gang has been attributed to a crime spree that launched a diverse repertory of well-planned attacks against as many as 100 banks across 30 countries. The group, dubbed Carbanak by Kaspersky Lab, is believed to consist of Russians, Ukrainians, and Chinese, with their targets being located primarily in Russia, followed by the US, Germany, China, and Ukraine. Their crime spree began in early 2014, peaking in June, and went unaddressed until February 2015.

The hackers used botnets to send out malware-infected e-mails to bank employees, a tactic called spearphishing, and were able to infiltrate many employee accounts. This allowed them to steal many different kinds of sensitive information, including customer data, secret keys used by ATMs to confirm PINs, bank video surveillance, and information on security systems and anti-fraud measures. They could also manipulate account balances and create fake accounts to move stolen money around. Each attack took around two to four months.

One bank was robbed of $7.3 million when the hackers reprogrammed its ATMs. Another bank’s online platform was accessed and the thieves made away with $10 million. Some of these attacks could have been prevented had employees only updated their Microsoft software. The thieves were able to make off with as much as $1 billion, and authorities have been unable to catch them.

So now what?

These three incidents show hackers with varying motivations and means, using differing techniques to achieve their own unique goals. Whether disrupting service or stealing money, or cybercrime or cyberwarfare, cyber threats cannot go unaddressed. And rather than going after only the biggest banks, hackers are increasingly targeting smaller fintech startups with fewer resources and less experience with cyber security. We must cooperate to secure the Internet from these actions, or we’ll pay the price in the end.


This blog post was originally featured on cloudbric.com. Visit their blog for more insight, news, and accessible information on web threats and trends. If you would like to learn more about Cloudbric’s logic-based WAF service, please contact info@cloudbric.com.

employee using laptop and coding injection

Web Security: Why Does It Matter?

Once upon a time, to access the web we had to have access to our PCs.

Perhaps it wasn’t that long ago, but now with our smart devices, we can access the Internet no matter where we’re currently located. Especially here in Korea, everything is inextricably connected. Companies have even jumped on board with this new-found “connectedness.” Nowadays the services that were previously necessary to seek in-person are available online as a given. Internet banking, financial transactions, registration card issuance, and customer service platforms… The web is now an essential part of everyday life. So what do we do about web security?

Web Security: the Elephant in the Room

With this connected world comes the part that no one wants to talk about. The elephant in the room: Web security.

Now, no one wants to think about that but let’s say you’re a small-medium business (SMB) owner. You’re just getting started and making a slight profit. You want to promote your business on your website. It would also be nice to manage through online services that handle bills and salaries for your employees.

There’s no real way around it – you’re connected to the web. Your information (as well as those of your customers and employees) could be out there if you don’t take the steps to protect it.

The Application Layer

There are many layers to an IT system – and most businesses spend the majority of their security budget on the network layer (which deals with data transfers), maybe a bit more on the systems layer (which are the operating systems like Windows or Linux), and finally the least of their budget on the applications layer (which offers the protocols and services with many features). Now why do they spend so little on the applications? The applications layer is technically complicated and most varied. Therefore, it becomes difficult to find a web security solution.

But this layer is the area that needs the most protection. Because what we know as the “web” is basically composed of applications, including your website. Simply protecting the network or systems layers is not enough. Unfortunately, cyber criminals have figured out that web applications are profitable targets. The most profitable would be the web applications of businesses and companies because the value of their data would be hefty compared to the data of an individual.

Additionally, what many individuals and businesses don’t realize is that cyber threats don’t come in a neat file cabinet. It’s more of a whirlwind of documents that’s constantly being rearranged. For example, there’s SQL injection, cross-site scripting, cookie tampering, website defacement, denial of service, malware… and next year the biggest trends could be an entirely different set of attacks.

While it’s easy to think that perhaps your business is the exception to the rule, Whitehat Security reported that 86% of all websites have at least one vulnerability. That means companies shouldn’t consider web security to be optional, but essential.

smartphone transportation access

Protecting Yourself from Web Attacks?

Then the question is: how do you protect yourself when threats are always changing?

First, if you’re just starting out in the world of web security, I would suggest Cloudbric – a full-service Web Application Firewall (WAF) that can detect even the most elusive attacks. It’s powered by WAPPLES, Penta Security’s WAF that uses a logic analysis engine instead of the traditional pattern matching system. With a lower false positive rate than many of the products out there, it offers accessibility at a reasonable price –  free if your monthly traffic doesn’t exceed 4GB.

Second, make sure you’re consistently educating yourself on cyber security and how to keep your information safe. At the end of the day, keep yourself informed. We’ll be doing our part on this blog going through different types of web threats, what the newest trends are, and what to be on the lookout for. Even those in the industry are always learning. Preparing for these types of threats can prevent major headaches or even worse – loss or damage to information.

Because at the end of the day – you’re protecting your website and investing some time and resources in order to grow your business further. An organization grows as much as you put into it, but if you don’t protect one of your most valuable assets (your customers’ and your own information), how can you expect it to flourish? So research, and take the leap into web security. For more information, visit www.pentasecurity.com/ or email us at info@pentasecurity.com