Tag: Thingbot
Internet of Things (IoT) devices gained infamy almost overnight for their lack of security. This led to their participation in a Thingbot (a botnet built out of IoT devices) named Mirai1 that launched massive distributed denial-of-service (DDoS) attacks against a handful of victims, including Dyn, OVH, KrebsOnSecurity, and Rutgers University2 in late 2016. As a result of…
Read MoreSure, the C&C list is a small sample size, and C&C hosts come and go quickly. This list is in no way exhaustive—it’s just a snapshot in time from last quarter. But for a breakdown of the domain hosting services, see the end of this article. “Yes, I really am a C&C server.” A…
Read MoreWe’re celebrating our one-year anniversary here at F5 Labs, the application threat intelligence division of F5! Although F5 researchers have been providing threat-related, F5-specific guidance to our customers for many years through DevCentral, the time was right a year ago today to launch a dedicated website that provides the general public with vendor-neutral, application-focused, actionable…
Read MoreOne thing to consider about the Q1 2018 data is that it’s only one quarter in comparison to the annual averages of 2016 and 2017, and that Q1 typically receives the least number of attacks of any quarter. If attacks against North America decline in Q2, as they have done the past 2 years, the…
Read MoreWith the explosive growth of the Internet of Things, and the increasing threat posed by botnets that leverage IoT, more must be done to ensure IoT devices include security by design, says David Holmes, principal threat researcher at F5 Networks. The Named Data Networking project can play a critical role, Holmes says in an interview with…
Read MoreAn advanced thingbot, nicknamed Reaper (or IoTroop), was recently discovered infecting hordes of IoT devices. Reaper ups the ante for IoT security. It has a sophisticated C2 channel system and a Lua code execution environment (to deliver much more complicated attacks), and it comes prepackaged with 100 DNS open resolvers. Researchers are tracking Reaper, even…
Read MorePotential Attacks and Impact We stumbled upon the issues with cellular IoT devices during our “Hunt for IoT” research of devices that were infected by Mirai. Attackers know how to exploit these systems and are actively monitoring them. Sierra Wireless, one of the largest manufacturers of cellular IoT devices, issued a public statement describing how…
Read MoreIn August 2018 when we presented our research on the extreme vulnerability of many emergency services vehicles due to their use of onboard cellular gateways, we hoped to get the attention of people who could help change things. After all, when you tell the world you’ve been able to easily track police cruisers, in real-time,…
Read MoreF5 Labs continually tracks DDoS trends based on data from various sources. Among the most important are the F5 Security Operations Center (SOC), the front line for mitigating DDoS attacks on behalf of F5 Silverline customers, and F5’s Security Incident Response Team (SIRT), which assists F5 customers who are under attack. This article is a…
Read MoreThe number of Mirai scanner systems across the world decreased slightly from December 2017 to June 2018. There is less concentration of scanner systems in North America, South America, and Asia in June 2018 versus December 2017. Europe is the only region where Mirai scanner infections remained relatively the same from December 2017 to June…
Read More