Blog Archives | DefendEdge

Cyber Threat Alert: Emerging Cyber Threats and Cyber Security Issues

Written by Advisory Team | December 15, 2016

 

The DefendEdge team is constantly monitoring the cyber threat landscape. We have identified two emerging threats and a cyber security issue of particular concern, and are calling them out so you can take proactive steps to protect you organization. Below you will find a brief description of each individual threat, as well as links to resources that offer more information regarding the threat.

BlackNurse DDos –This attack is targeted at vulnerable firewalls made byCisco, PaloAlto and others. The attack allows hackers to take down the firewalls and also the servers using just a single laptop. It is based on continuously sending a specific ICMP packet vulnerable network device, and it does not have to be distributed. Resources: BlackNurse DDos Takes Just One Laptop to Nix a Network, InfoSecurity Magazine, November 18, 2016;  Black Nurse DDos Attack: Power of Granular Packet Inspection of FortiDDoS with Unpredictable DDoS Attacks, Fortinet Blog, November 14, 2016.

 

Internet of Things (IoT) Botnets – IoT botnets are expected to increase cyber attacks in December, according to an Akamai report.  Attacks have increased 71% over Q315, and those greater than 100Gbps increased 138% from the same period last year. Q316 did see a slight dip in attacks, but Akamai notes that the holiday season typically sees a rise in DDoS attacks. IoT botnets are one of the latest tools in these attacks; exemplified by recent Mirai botnet attacks against Dyn, and Krebs on security. Resource: IoT Botnets Set to Cause DDoS Havoc this December, InfoSecurity Magazine, November 16, 2016

 

SHA-1 Certificates- “Over a third of the world’s websites are still using insecure SHA-1 certificates despite the major browser vendors saying they will no longer trust such sites beginning early next year, according to Venafi. With Microsoft, Mozilla and Google all claiming they won’t support SHA-1 sites, those still using the insecure certificates from the start of 2017 will find customers presented with browser warnings that the site is not to be trusted, which will force many elsewhere.” Resource: SHA-1 Time Bomb: One Third of Websites Have Yet to Upgrade, Infosecurity Magazine, November 17, 2106