Arbor Networks Claims Customer Was Hit with 1.7 Terabit Per Second DDoS
Last week, Github was hit by a distributed denial of service (DDoS) attack that peaked at 1.3 Tbps, which is thought to have been the biggest DDoS attack ever observed. Wired has a highly detailed write-up on the GitHub incident. The attack, which leveraged a relatively new amplification method that relies on memcached servers that are designed to optimize website and database speed (but shouldn’t be connected to the Internet), knocked Github offline for a matter of minutes before its DDoS prevention service provider was able to mitigate the attack. Today, Arbor Networks announced that it observed a DDoS attack targeting an unnamed U.S.-based service provider that reached 1.7 Tbps leveraging the same sort of memcached amplification attack. Problematically, this memcached method is easy to exploit and doesn’t require a vast botnet to achieve staggering traffic volumes in the same way that the Mirai attack did. The only solution to the problem, by most accounts, will be to pull the openly available memcached servers offline, which seems like a tall order considering how many of them are currently and variously exposed online.
42 Android Device Models Pre-Infected with Triada Banking Trojan
Researchers from Russian antivirus firm Dr. Web analyzed a variety of low-coast Android devices and determined that 42 of them had the Triada banking trojan pre-installed on them, according to a Bleeping Computer report. Triada is somewhat notorious among Android banking trojans for its ability to root devices and then maintain persistence by manipulating a core Android operating system process known as Zygote, a function first discovered by Kaspersky Lab in 2016. The majority of affected devices are Chinese-made, although Dr. Web claims that the devices are commonly sold outside China and Russia in places like Poland, Indonesia, Czech Republic, Mexico, Kazakhstan, and Serbia. Dr. Web believes that resellers (rather than manufacturers) are infecting the devices. The affected devices include: Leagoo M5, Leagoo M5 Plus, Leagoo M5 Edge, Leagoo M8, Leagoo M8, Pro Leagoo Z5C, Leagoo T1 Plus, Leagoo Z3C, Leagoo Z1C, Leagoo M9, ARK Benefit M8, Zopo Speed 7 Plus, UHANS A101, Doogee X5 Max, Doogee X5 Max Pro, Doogee Shoot 1, Doogee Shoot 2, Tecno W2, Homtom HT16, Umi London, Kiano Elegance 5.1, iLife Fivo Lite, Mito A39, Vertex Impress InTouch 4G, Vertex Impress Genius, myPhone Hammer Energy, Advan S5E NXT, Advan S4Z, Advan i5E, STF AERIAL PLUS, STF JOY PRO, Tesla SP6.2, Cubot Rainbow, EXTREME 7, Haier T51, Cherry Mobile Flare S5, Cherry Mobile Flare J2S, Cherry Mobile Flare P1, NOA H6, Pelitt T1 PLUS, Prestigio Grace M5 LTE, and BQ 5510.
4G LTE Bugs Call Into Question Cellular Network Integrity
Attackers could exploit multiple vulnerabilities in the various 4G LTE carrier networks to take devices offline, passively spy on communication, and send out fake emergency alerts, according to Purdue University and University of Iowa research. By and large, the bugs could enable authentication relay attacks wherein an attacker could spoof a user-device and connect to carrier networks as the victim, hijacking calls and text and knocking the victim offline in the process. The attacks, and there are ten in total, mostly result from ill-conceived authentication and encryption protections. While the primary research on these attacks is dense and esoteric, Zack Whittaker of ZDNet has a great run-down on the attacks.
MKACyber publishes this intelligence brief regularly in an effort to keep cybersecurity professionals up-to-date on the news and research that matters.