Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

8/10/2017
10:30 AM
Bogdan Botezatu
Bogdan Botezatu
Commentary
Connect Directly
Twitter
LinkedIn
Google+
RSS
E-Mail vvv
50%
50%

Taking Down the Internet Has Never Been Easier

Is there a reason why the Internet is so vulnerable? Actually, there are many, and taking steps to remain protected is crucial.

On October 29, 1969, two computers linked via telephone exchanged a couple of letters, then crashed. While the experiment did not achieve its goal, it was the first time computers at a significant distance from one another exchanged information via a data link.

Fast-forward 48 years, where everything — including the kitchen sink, in the case of smart kitchens — is hardwired to a massive network of networks (and things), transporting the entirety of human knowledge one bit at a time. The Internet has come a long way from the two machines attempting to digitally shake hands over a phone line. In 2016 alone, more than 1 zettabyte of data was sent and received over networks. Today, the Internet hosts billions of devices. From a network of computers fully trusting one another, the Internet has morphed into a place where the notion of trust is not part of the equation.

There is no single reason for this current state of vulnerability. Instead, there's a confluence of contributing factors.

The Internet's Architecture Hasn't Caught Up with the Times
In October 2016, a massive botnet of Internet of Things (IoT) devices was used in a highly effective distributed denial-of-service (DDoS) attack against the Internet's core infrastructure: DNS services operated by Dyn. The attack blacked out significant portions of the US Internet for almost a day, halting business for dozens of Fortune 500 companies and causing untold millions, if not billions, of dollars in damage.

Devastating DDoS attacks aren't new — we've had them for years, but until this point they were hard to leverage into a problem that affected more than one organization at a time. Either large botnets or complex amplification techniques were required to knock a host offline.

More modern attacks, however, rely on large botnets of misconfigured IoT devices to pack a serious punch. Today, gathering a significant number of IoT devices to participate in such an effort is a simple script away, readily available to wannabe cybercriminals with no hacking experience.

The DNS system is one of the most heavily targeted subcomponents of the Internet, and it is easy to understand why it remains in the attackers' crosshairs. Overloading the DNS infrastructure with queries will render it inaccessible to other users who need to interrogate what IP a domain name points to.

What Else Is Broken on the Web?
Routing is another hot issue related to the welfare and neutrality of the Internet. Routing is the path that data travels from a machine to the destination server, as it traverses a number of networks operated by distinct companies. In passing, it goes through multiple service providers that use the Border Gateway Protocol (BGP) to determine the path our information should take to its destination. By manipulating the BGP, hostile parties can force data onto a different route, which allows them to intercept and modify traffic.

There have been numerous incidents of BGP manipulation such as China's "18-minute mystery," where the country hijacked 15% of the world’s traffic with very few people noticing. Such attacks can be used to snoop on or manipulate unencrypted traffic before it is relayed to the original recipient. False routing info propagation can also be used to deny access to services at a global level (see the YouTube-vs.-Pakistan incident of February 2008).

Digital Trust and PKI Are Flawed
Digital trust plays a key role in keeping things normal. The public key infrastructure — on which the security of the Web itself stands — is another issue that could dramatically affect the proper functioning of the Internet.

Certificate authority abuse is one example. Several certificate authorities have wrongfully issued digital certificates to fraudulent parties. Turktrust and WoSign are two of the many CAs that have been "tricked" into giving away the keys to websites of high-profile companies such as Microsoft, Google, and Github, allowing third parties to impersonate these companies online.

Even when PKI works well, it is still approaching its expiration date. Cryptography works because of the mathematical complexity behind it. As the industry moves toward quantum computing, PKI and current crypto-algorithms will stop working.

Endpoint Security Is a Serious Cause for Concern
Any discussion of security and the Internet should include individual security itself. Just like herd immunity is achieved through mass vaccination that helps people stay free from infectious diseases, endpoint security plays a key role in keeping others safe on the Internet. The same effect happens with unprotected devices. They can end up herded into botnets operated by cybercrime gangs. Botnet traffic puts serious strain on the infrastructure while raising operational costs for Internet service providers. By sending junk traffic, these hosts "clog" the Internet and cause massive delays in the delivery of legitimate information.

As of the writing of this piece, bad bots are responsible for almost 30% of the Web traffic, carrying out DDoS attacks and spreading spam (which, according to Statista, accounts for 61% of all e-mails sent globally).

But the Internet Endures … for Now
Despite these challanges, the Internet has survived all these incidents, and gracefully waltzed through the IPv4 address pool depletion issue. Still, the security of the Internet is serious cause for concern. For a society so completely reliant on the positive benefits and outcomes of connectivity, taking steps to protect us from its dangers has never been more crucial.

Related Content:

Bogdan Botezatu is living his second childhood at Bitdefender as senior e-threat analyst. When he is not documenting sophisticated strains of malware or writing removal tools, he teaches extreme sports such as surfing the Web without protection or how to rodeo with wild ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 9/21/2020
Hacking Yourself: Marie Moe and Pacemaker Security
Gary McGraw Ph.D., Co-founder Berryville Institute of Machine Learning,  9/21/2020
Startup Aims to Map and Track All the IT and Security Things
Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/22/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-25136
PUBLISHED: 2020-09-25
An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to directory traversal and local file inclusion due to the fact that there is an unrestricted possibility of loading any file with an inc.php extension. Inclusion of other files (even though li...
CVE-2020-25135
PUBLISHED: 2020-09-25
An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting (XSS) due to the fact that it is possible to inject and store malicious JavaScript code within it. This can occur via the graph_title parameter to the graphs/ URI.
CVE-2020-25134
PUBLISHED: 2020-09-25
An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to directory traversal and local file inclusion due to the fact that there is an unrestricted possibility of loading any file with an inc.php extension. Inclusion of other files (even though li...
CVE-2020-25133
PUBLISHED: 2020-09-25
An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to directory traversal and local file inclusion due to the fact that there is an unrestricted possibility of loading any file with an inc.php extension. Inclusion of other files (even though li...
CVE-2020-25132
PUBLISHED: 2020-09-25
An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to SQL Injection due to the fact that it is possible to inject malicious SQL statements in malformed parameter types. Sending the improper variable type Array allows a bypass of core SQL Inject...