Vulnerabilities / Threats

8/10/2017
10:30 AM
Bogdan Botezatu
Bogdan Botezatu
Commentary
Connect Directly
Twitter
LinkedIn
Google+
RSS
E-Mail vvv
50%
50%

Taking Down the Internet Has Never Been Easier

Is there a reason why the Internet is so vulnerable? Actually, there are many, and taking steps to remain protected is crucial.

On October 29, 1969, two computers linked via telephone exchanged a couple of letters, then crashed. While the experiment did not achieve its goal, it was the first time computers at a significant distance from one another exchanged information via a data link.

Fast-forward 48 years, where everything — including the kitchen sink, in the case of smart kitchens — is hardwired to a massive network of networks (and things), transporting the entirety of human knowledge one bit at a time. The Internet has come a long way from the two machines attempting to digitally shake hands over a phone line. In 2016 alone, more than 1 zettabyte of data was sent and received over networks. Today, the Internet hosts billions of devices. From a network of computers fully trusting one another, the Internet has morphed into a place where the notion of trust is not part of the equation.

There is no single reason for this current state of vulnerability. Instead, there's a confluence of contributing factors.

The Internet's Architecture Hasn't Caught Up with the Times
In October 2016, a massive botnet of Internet of Things (IoT) devices was used in a highly effective distributed denial-of-service (DDoS) attack against the Internet's core infrastructure: DNS services operated by Dyn. The attack blacked out significant portions of the US Internet for almost a day, halting business for dozens of Fortune 500 companies and causing untold millions, if not billions, of dollars in damage.

Devastating DDoS attacks aren't new — we've had them for years, but until this point they were hard to leverage into a problem that affected more than one organization at a time. Either large botnets or complex amplification techniques were required to knock a host offline.

More modern attacks, however, rely on large botnets of misconfigured IoT devices to pack a serious punch. Today, gathering a significant number of IoT devices to participate in such an effort is a simple script away, readily available to wannabe cybercriminals with no hacking experience.

The DNS system is one of the most heavily targeted subcomponents of the Internet, and it is easy to understand why it remains in the attackers' crosshairs. Overloading the DNS infrastructure with queries will render it inaccessible to other users who need to interrogate what IP a domain name points to.

What Else Is Broken on the Web?
Routing is another hot issue related to the welfare and neutrality of the Internet. Routing is the path that data travels from a machine to the destination server, as it traverses a number of networks operated by distinct companies. In passing, it goes through multiple service providers that use the Border Gateway Protocol (BGP) to determine the path our information should take to its destination. By manipulating the BGP, hostile parties can force data onto a different route, which allows them to intercept and modify traffic.

There have been numerous incidents of BGP manipulation such as China's "18-minute mystery," where the country hijacked 15% of the world’s traffic with very few people noticing. Such attacks can be used to snoop on or manipulate unencrypted traffic before it is relayed to the original recipient. False routing info propagation can also be used to deny access to services at a global level (see the YouTube-vs.-Pakistan incident of February 2008).

Digital Trust and PKI Are Flawed
Digital trust plays a key role in keeping things normal. The public key infrastructure — on which the security of the Web itself stands — is another issue that could dramatically affect the proper functioning of the Internet.

Certificate authority abuse is one example. Several certificate authorities have wrongfully issued digital certificates to fraudulent parties. Turktrust and WoSign are two of the many CAs that have been "tricked" into giving away the keys to websites of high-profile companies such as Microsoft, Google, and Github, allowing third parties to impersonate these companies online.

Even when PKI works well, it is still approaching its expiration date. Cryptography works because of the mathematical complexity behind it. As the industry moves toward quantum computing, PKI and current crypto-algorithms will stop working.

Endpoint Security Is a Serious Cause for Concern
Any discussion of security and the Internet should include individual security itself. Just like herd immunity is achieved through mass vaccination that helps people stay free from infectious diseases, endpoint security plays a key role in keeping others safe on the Internet. The same effect happens with unprotected devices. They can end up herded into botnets operated by cybercrime gangs. Botnet traffic puts serious strain on the infrastructure while raising operational costs for Internet service providers. By sending junk traffic, these hosts "clog" the Internet and cause massive delays in the delivery of legitimate information.

As of the writing of this piece, bad bots are responsible for almost 30% of the Web traffic, carrying out DDoS attacks and spreading spam (which, according to Statista, accounts for 61% of all e-mails sent globally).

But the Internet Endures … for Now
Despite these challanges, the Internet has survived all these incidents, and gracefully waltzed through the IPv4 address pool depletion issue. Still, the security of the Internet is serious cause for concern. For a society so completely reliant on the positive benefits and outcomes of connectivity, taking steps to protect us from its dangers has never been more crucial.

Related Content:

Bogdan Botezatu is living his second childhood at Bitdefender as senior e-threat analyst. When he is not documenting sophisticated strains of malware or writing removal tools, he teaches extreme sports such as surfing the Web without protection or how to rodeo with wild ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Printers: The Weak Link in Enterprise Security
Kelly Sheridan, Associate Editor, Dark Reading,  10/16/2017
20 Questions to Ask Yourself before Giving a Security Conference Talk
Joshua Goldfarb, Co-founder & Chief Product Officer, IDDRA,  10/16/2017
Why Security Leaders Can't Afford to Be Just 'Left-Brained'
Bill Bradley, SVP, Cyber Engineering and Technical Services, CenturyLink,  10/17/2017
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Security Vulnerabilities: The Next Wave
Just when you thought it was safe, researchers have unveiled a new round of IT security flaws. Is your enterprise ready?
Flash Poll
The State of Ransomware
The State of Ransomware
Ransomware has become one of the most prevalent new cybersecurity threats faced by today's enterprises. This new report from Dark Reading includes feedback from IT and IT security professionals about their organization's ransomware experiences, defense plans, and malware challenges. Find out what they had to say!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.