INDUSTRY WATCH ///////////////////////////////////////////
• Akamai measured a 16 % increase in the number of DDoS attacks recorded since last year
• The largest DDoS attack of the year set a new record at 1.35 Tbps by using the Memcached reflector attack
• Researchers identified a 4 % increase in reflection-based DDoS attacks since last year
• There was a 38 % increase in applicationlayer attacks such as SQL injection or cross-site scripting
• In April , the Dutch National High-Tech Crime Unit took down a malicious DDoSfor-hire website with 136,000 users
Tomi Tuominen , Practice Leader at F-Secure Cyber Security Services
who change tactics to overcome the defences in their way . One of the attacks in the report came from a group that coordinated their attacks over group chats on STEAM and IRC . Rather than using a botnet of devices infected with malware to follow hacker commands , these attacks were carried out by a group of human volunteers .
Another notable attack overwhelmed the target ’ s DNS server with bursts lasting several minutes instead of using a sustained attack against the target directly . This added to the difficulty of mitigating the attack due to the sensitivity of DNS servers , which allows outside computers to find them on the Internet . The burst system also increased difficulty by fatiguing the defenders over a long period of time .
“ Both of these attack types illustrate how attackers are always adapting to new defences to carry out their nefarious activities ,” said McKeay . “ These attacks , coupled with the record-breaking 1.35 Tbps Memcached attacks from earlier this year , should serve as a not-so-gentle reminder that the security community can never grow complacent .”
By the numbers :
Other highlights from Akamai ’ s Summer 2018 State of the Internet / Security : Web Attack Report include :
Meanwhile , F-Secure researchers have found that global hotel chains and hotels worldwide are using an electronic lock system that could be exploited by an attacker to gain access to any room in the facility . The design flaws discovered in the lock system ’ s software , which is known as Vision by VingCard and used to secure millions of hotel rooms worldwide , have prompted the world ’ s largest lock manufacturer , Assa Abloy , to issue software updates with security fixes to mitigate the issue .
The researchers ’ attack involves using any ordinary electronic key to the target facility – even one that ’ s long expired , discarded , or used to access spaces such as a garage or wardrobe . By using information on the key , the researchers are able to create a master key with privileges to open any room in the building . The attack can be performed unnoticed .
“ You can imagine what a malicious person could do with the power to enter any hotel room with a master key created basically out of thin air ,” said Tomi Tuominen , Practice Leader at F-Secure Cyber Security Services . “ We don ’ t know of anyone else performing this particular attack in the wild right now .”
The researchers ’ interest in hacking hotel locks was sparked a decade ago when a colleague ’ s laptop was stolen from a hotel room during a security conference . When the researchers reported the theft , hotel staff dismissed their complaint given that there was not a single sign of forced entry and no evidence of unauthorised access in the room
Timo Hirvonen , Senior Security Consultant at F-Secure
entry logs . The researchers decided to investigate the issue further and chose to target a brand of lock known for quality and security . These security oversights were not obvious holes . It took a thorough understanding of the whole system ’ s design to identify small flaws that , when combined , produced the attack . The
92 INTELLIGENTCIO www . intelligentcio . com