Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

8/10/2017
10:30 AM
Bogdan Botezatu
Bogdan Botezatu
Commentary
Connect Directly
Twitter
LinkedIn
Google+
RSS
E-Mail vvv
50%
50%

Taking Down the Internet Has Never Been Easier

Is there a reason why the Internet is so vulnerable? Actually, there are many, and taking steps to remain protected is crucial.

On October 29, 1969, two computers linked via telephone exchanged a couple of letters, then crashed. While the experiment did not achieve its goal, it was the first time computers at a significant distance from one another exchanged information via a data link.

Fast-forward 48 years, where everything — including the kitchen sink, in the case of smart kitchens — is hardwired to a massive network of networks (and things), transporting the entirety of human knowledge one bit at a time. The Internet has come a long way from the two machines attempting to digitally shake hands over a phone line. In 2016 alone, more than 1 zettabyte of data was sent and received over networks. Today, the Internet hosts billions of devices. From a network of computers fully trusting one another, the Internet has morphed into a place where the notion of trust is not part of the equation.

There is no single reason for this current state of vulnerability. Instead, there's a confluence of contributing factors.

The Internet's Architecture Hasn't Caught Up with the Times
In October 2016, a massive botnet of Internet of Things (IoT) devices was used in a highly effective distributed denial-of-service (DDoS) attack against the Internet's core infrastructure: DNS services operated by Dyn. The attack blacked out significant portions of the US Internet for almost a day, halting business for dozens of Fortune 500 companies and causing untold millions, if not billions, of dollars in damage.

Devastating DDoS attacks aren't new — we've had them for years, but until this point they were hard to leverage into a problem that affected more than one organization at a time. Either large botnets or complex amplification techniques were required to knock a host offline.

More modern attacks, however, rely on large botnets of misconfigured IoT devices to pack a serious punch. Today, gathering a significant number of IoT devices to participate in such an effort is a simple script away, readily available to wannabe cybercriminals with no hacking experience.

The DNS system is one of the most heavily targeted subcomponents of the Internet, and it is easy to understand why it remains in the attackers' crosshairs. Overloading the DNS infrastructure with queries will render it inaccessible to other users who need to interrogate what IP a domain name points to.

What Else Is Broken on the Web?
Routing is another hot issue related to the welfare and neutrality of the Internet. Routing is the path that data travels from a machine to the destination server, as it traverses a number of networks operated by distinct companies. In passing, it goes through multiple service providers that use the Border Gateway Protocol (BGP) to determine the path our information should take to its destination. By manipulating the BGP, hostile parties can force data onto a different route, which allows them to intercept and modify traffic.

There have been numerous incidents of BGP manipulation such as China's "18-minute mystery," where the country hijacked 15% of the world’s traffic with very few people noticing. Such attacks can be used to snoop on or manipulate unencrypted traffic before it is relayed to the original recipient. False routing info propagation can also be used to deny access to services at a global level (see the YouTube-vs.-Pakistan incident of February 2008).

Digital Trust and PKI Are Flawed
Digital trust plays a key role in keeping things normal. The public key infrastructure — on which the security of the Web itself stands — is another issue that could dramatically affect the proper functioning of the Internet.

Certificate authority abuse is one example. Several certificate authorities have wrongfully issued digital certificates to fraudulent parties. Turktrust and WoSign are two of the many CAs that have been "tricked" into giving away the keys to websites of high-profile companies such as Microsoft, Google, and Github, allowing third parties to impersonate these companies online.

Even when PKI works well, it is still approaching its expiration date. Cryptography works because of the mathematical complexity behind it. As the industry moves toward quantum computing, PKI and current crypto-algorithms will stop working.

Endpoint Security Is a Serious Cause for Concern
Any discussion of security and the Internet should include individual security itself. Just like herd immunity is achieved through mass vaccination that helps people stay free from infectious diseases, endpoint security plays a key role in keeping others safe on the Internet. The same effect happens with unprotected devices. They can end up herded into botnets operated by cybercrime gangs. Botnet traffic puts serious strain on the infrastructure while raising operational costs for Internet service providers. By sending junk traffic, these hosts "clog" the Internet and cause massive delays in the delivery of legitimate information.

As of the writing of this piece, bad bots are responsible for almost 30% of the Web traffic, carrying out DDoS attacks and spreading spam (which, according to Statista, accounts for 61% of all e-mails sent globally).

But the Internet Endures … for Now
Despite these challanges, the Internet has survived all these incidents, and gracefully waltzed through the IPv4 address pool depletion issue. Still, the security of the Internet is serious cause for concern. For a society so completely reliant on the positive benefits and outcomes of connectivity, taking steps to protect us from its dangers has never been more crucial.

Related Content:

Bogdan Botezatu is living his second childhood at Bitdefender as senior e-threat analyst. When he is not documenting sophisticated strains of malware or writing removal tools, he teaches extreme sports such as surfing the Web without protection or how to rodeo with wild ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 8/10/2020
Researcher Finds New Office Macro Attacks for MacOS
Curtis Franklin Jr., Senior Editor at Dark Reading,  8/7/2020
Hacking It as a CISO: Advice for Security Leadership
Kelly Sheridan, Staff Editor, Dark Reading,  8/10/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Changing Face of Threat Intelligence
The Changing Face of Threat Intelligence
This special report takes a look at how enterprises are using threat intelligence, as well as emerging best practices for integrating threat intel into security operations and incident response. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-8720
PUBLISHED: 2020-08-13
Buffer overflow in a subsystem for some Intel(R) Server Boards, Server Systems and Compute Modules before version 1.59 may allow a privileged user to potentially enable denial of service via local access.
CVE-2020-12300
PUBLISHED: 2020-08-13
Uninitialized pointer in BIOS firmware for Intel(R) Server Board Families S2600CW, S2600KP, S2600TP, and S2600WT may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2020-12301
PUBLISHED: 2020-08-13
Improper initialization in BIOS firmware for Intel(R) Server Board Families S2600ST, S2600BP and S2600WF may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2020-7307
PUBLISHED: 2020-08-13
Unprotected Storage of Credentials vulnerability in McAfee Data Loss Prevention (DLP) for Mac prior to 11.5.2 allows local users to gain access to the RiskDB username and password via unprotected log files containing plain text credentials.
CVE-2020-8679
PUBLISHED: 2020-08-13
Out-of-bounds write in Kernel Mode Driver for some Intel(R) Graphics Drivers before version 26.20.100.7755 may allow an authenticated user to potentially enable denial of service via local access.