The attack that targeted the DynDNS service on Friday react to it. If the first Ddos attacks against Krebsonsecurity and OVH had caused quite a few reactions, one of them having touched the DynDNS service seems to have played a role of trigger for the authorities. Thus, the ministry of the interior of the us, has published a press release on Monday about the attack. In the latter, the american authorities explain to monitor the case closely and have made contact with 18 telecom operators in order to make the point on the subject.
mixed
” We believe that this issue is for the moment under control, “specifies in particular the release, using the term “Mitigated” to describe the reaction of the operators. The term is vague : in the lexicon of cybersecurity, this term refers to the measures taken to work around such a vulnerability, without actually correcting it at the source. One imagines, therefore, that the operators of telecommunications americans have taken steps to detect and possibly block traffic from botnets Mirai, but the ministry of the Interior does not really give details in its press release. The ministry explains, however, that the National Cybersecurity and Communications Integrations Center is working on the development of counter-measures for this type of malware.
The eyes will also turn to the chinese company Hangzhou Xiongmai Technology. It sells cameras and video recorders. According to blogger Brian Krebs, these devices constitute the bulk of devices within the botnet established by the malware Mirai, because of a low security and default passwords are freely accessible. According to the company, which apologized for these weaknesses, this vulnerability was corrected in a patch dating back to September 2015 and the new firmware version now asks users to change the default password during first installation.
Smile, you’re compromise
A model of camera marketed by XiongMai.
The company recommends that users update their firmware and change their passwords, but they are unable to force this patch, and therefore need to recover the good will of the users to correct this gaping fracture. Suffice to say that the issue of cameras in Hangzhou Xiongmai Technology will not be resolved in the week. The manufacturer has expressed its intention to recall several of its products sold in the United States. But if the attack has targeted a us company, the sources of traffic are numerous and from all countries of the world.
In addition, the problem of the botnets based on the malware Mirai is not the blunders of a chinese manufacturer. The company’s Level 3 was assessed at the beginning of the month that a botnet made up thanks to the botnet had approximately 500,000 machines infected. DynDNS, for its part, had communicated in the first hours of the attack on the fact that its services had detected the traffic from more than 10 million different IP addresses.
A figure that suggests that the botnet targeted at the dynamic DNS service would be within a lot more than just cameras : the source code to Mirai has been put into open source by its creator and first variants were detected, able to address new types of machines. These attacks have at least the merit to relaunch the debate on the safety of connected objects, often neglected by the manufacturers, which flood for several years, the market of inexpensive products, but also insecure.
No comments:
Post a Comment