DDoS Attacks Become More Complex and Costly

Distributed denial-of-service (DDoS) attacks are more complex and cause more financial damage than ever, new data shows.

According to NETSCOUT Arbor’s 2017 Worldwide Infrastructure Security Report published today, the number of DDoS attacks that cost organization between $501 to $1,000 per minute in downtime increased by 60%. In addition, 10% of enterprises estimated a major DDoS attack cost them greater than $100,000 in 2017, five times more than previously seen.

Now in its 13th year, the report is based on 390 responses from service providers, hosting, mobile, enterprise, and other types of network operators from around the world. A full 66% of all respondents identify as security, network, or operations professionals.

Gary Sockrider, principal security technologist with NETSCOUT Arbor, says there was a 20% increase in multi-vector attacks in 2017 compared to the previous year. Multi-vector attacks combine high-volume floods, TCP state exhaustion attacks, and application-layer attacks in a single sustained offensive, which makes the attacks more difficult to mitigate and increases the attackers chance of success.

“We found that nearly half the group said they experienced a multi-vector attack,” Sockrider says.

“Along with revenue loss, companies also experience customer and employee churn as well as reputational damage,” he says.

DDoS attacks last year originated primarily from China, Russia, and inside the US, according to the report. The top motivators for the attacks were online gaming-related (50.5%), criminals demonstrating DDoS capabilities to potential customers (49.1%), and criminal extortion attempts (44.4%). Political/ideological disputes were fifth on the list at 34.5%.

Sockrider says due to the global shortage of IT security talent, many respondents were turning to automation  for DDoS mitigation: 36% of service providers use automation tools for DDoS mitigation, and 30% of providers employ on-premise or always-on cloud services for thwarting these attacks.

Meantime, researchers at Imperva researchers developed a list of the Top 12 DDoS Attack Types You Need to Know. Among them:

DNS Amplification: In a reflection type of attack, a perpetrator starts with small queries that use the spoofed IP address of the intended victim. Exploiting vulnerabilities on publicly-accessible DNS servers, the responses inflate into much larger UDP packet payloads and overwhelm the targeted servers.

UDP Flood: The perpetrator uses UDP datagram–containing IP packets to deluge random ports on a target network. The victimized system attempts to match each datagram with an application, but fails. The system soon becomes overwhelmed as it tries to handle the UDP packet reply volume.

DNS Flood: Similar to a UDP flood, this attack involves perpetrators using mass amounts of UDP packets to exhaust server-side resources. However, in this attack the target is DNS servers and their cache mechanisms, with the goal being to prevent the redirection of legitimate incoming requests to DNS zone resources.

Source: https://www.darkreading.com/attacks-breaches/ddos-attacks-become-more-complex-and-costly/d/d-id/1330899

Test your cyber defenses with DIY DDoS

CANADIAN cybersecurity company DOSarrest has released a new service which allows organizations to test their systems’ resilience against distributed denial of service attacks.

The Cyber Attack Preparation Platform (CAPP) allows anyone to choose from a variety of options which specify the attack type, velocity, duration, and vector. The service is paid for according to the options chosen, and can be used by anyone – previously, only DOSarrest’s clients had access to this type of facility.

The attacking machines are distributed across the world and employ a variety of methods, thus accurately emulating an attack “in the wild.”

The company’s literature states that in some cases, larger hosts (such as cloud provider services like AWS or Google Cloud) simply scale up their hosted sites’ provisions in order to mitigate an attack: in short, when the going gets tough, the tough throw resources.

However, this style of mitigation can cost companies large sums of money if they are funding their cloud computing activities on the basis of pay-as-you-use.

Users of DOSarrest’s service can choose to pick specific attack types from a range of TCP attacks, plus a focussed range of attacks usually aimed at web services.

DOSarrest’s CTO, Jag Bains commented:

“It’s interesting to see how different systems react to attacks; CAPP not only shows you the traffic to the victim but also shows you the traffic response from the victim. A small attack [on] a target can actually produce a response back that’s 500 times larger […] This is the best tool I’ve seen to fine tune your cybersecurity defenses, if you fail you can make changes and launch the exact same attack again, to see if you can stop the attack.”

The company advises that attacks are chosen carefully as it is plainly possible to bring down an entire enterprise’s systems – by equal measures alarming and reassuring that large attacks can be emulated.

The company provides a handy pricing calculator by which interested parties can scope out what their testing might cost them: a ballpark of $US1,500 might be considered a bare minimum.

Of course, the cost of an attack by unknown actors will be much more, by some significant factor, and DOSarrest’s facility should hopefully go some way in mitigating the chances of such an attack being successful.

Source: http://techwireasia.com/2018/01/test-your-cyber-defenses-with-diy-ddos/

Hackers Will Target Small Business Through the Internet of Things in 2018, New Report Says

A new report finds hackers are poised to target small businesses that use Internet of Things (IoT) technology to gain access to data from larger global firms in 2018. The  2018 Cybersecurity Predictions by Aon’s Cyber Solutions predicts a small business Internet of Things (IoT) breach will create a domino effect that damages a larger company.

2018 Cybersecurity Predictions

The report also found that while  55 percent of small businesses were breached between 2015 and 2016,  only a small minority see cybersecurity as a critical issue. This is despite the fact that the overall money spent on cybersecurity in 2017 was $86.4 billion, an increase of 7 percent over 2016.

New Threat

The Internet of Things (IoT) is at heart of this new threat.  It’s loosely defined as all software enabled devices we use (from appliances to smartphone sand computers) that can exchange data.

Criminals hijacked hundreds of thousands of Internet of Things (IoT) devices worldwide in 2017. They’ve even fine tuned  social engineering and spear-phishing tactics according to the report.

Jason J. Hogg, CEO of Aon Cyber Solutions explains the looming threat as small businesses use this technology.

“IoT is notoriously unsecured: manufacturers often lack necessary security expertise, constant product innovation creates vulnerabilities, and companies frequently overlook proper patch management programs. Hackers exploit this reality, targeting IoT as a pivot point to enter systems and take control of physical operations.”

Botnets

The report found that hackers favored botnets like “Hajime” and “IoT_reaper” last year. The growing trend caused concerns about DDoS attacks and other issues. DDoS attacks occur when hackers flood servers with bogus data and websites and networks get shut down.

High Cost

Any attack can really harm a small businesses’ operations as well as a larger organization.  There’s always a high cost to having your business shut down for any amount of time. What’s more, there’s lasting reputational damage because these smaller firms are working more and more with big organizations that have a large reach.

Hogg also says there are some other reasons why small businesses are ripe for this new Internet of Things (IoT) cybersecurity threat.

“Small businesses, lacking resources and/or awareness to effectively secure their systems, are particularly vulnerable to cyber attacks on IoT,” he says. “The breach will serve as a wake-up call for small and midsized businesses to implement better security measures so as not to risk losing business.”

Passwords

The report also predicts passwords will continue to be hacked. Multifactor authentication will become critical as hackers learn to get around biometrics.  Larger businesses will adopt standalone cyber insurance policies and chief risk officers will play a larger role.

The report also sees the spotlight on regulation strengthening and widening as calls for a harmonized approach to cyber security get more intense.  It points to the EU’s attempt to set  a universal standard for consumer data privacy and Global Data Protection Regulation (GDPR), that oversees companies collecting data from EU citizens.

Criminals will also target transactions that use points as currency like retailers who use rewards, gift and loyalty programs.  The use of cryptocurrencies will encourage an increase in ransomware attacks in 2018 like the WannaCry ransomware that affected 200,000 computers in 150 countries in 2017.

Source: https://smallbiztrends.com/2018/01/2018-cybersecurity-predictions.html

New year, new defence: Cybersecurity help and predictions for 2018

Organisations will adopt AI and other emerging technologies to help fight this year’s growing cyber threats.

With 2017 seeing an enormous number of data breaches, businesses should be looking at their cybersecurity processes and planning how to effectively monitor their network security in the year to come. With massive developments in monitoring and AI providing unmissable cybersecurity opportunities, here are five predictions of what we expect to see in 2018.

1. Organisations will increasingly adopt AI-based systems to help with Cybersecurity

In 2018, we’ll see companies using AI-based tools to benchmark their networks to ensure that companies know exactly what systems should ‘normally’ look like, allowing abnormalities to be identified faster before cyber incidents become full-blown attacks.

Despite hackers constantly evolving their attack methods to target new vulnerability points and bypass existing defence systems, AI-based tools can use real-time analytical models to search for anomalies. While analysts still need to decide whether these anomalies require urgent action or not, AI can help make them more productive.

We can also expect to see AI being used more to evaluate and prioritise security alerts. This will automate the more routine procedures that analysts have to undertake, and may even reduce threat related ‘false positives’ alerts in networks. Many companies are relying on rule-sets provided by third-party providers to deal with false positives, and they often don’t have the ability to tune and change the rules. This means that they either suffer the false positives and ignore them, or turn off that rule if the false positives are too prevalent – neither of which is an effective strategy.

AI-based systems can help by filtering out the noise of false positives, making it easier for analysts to identify, and focus on, the real threats.

2. Companies will handle breach communication much better than they did in 2017

PayPal is a great example of this. The company should be commended for implementing good hygiene practices that resulted in identifying and announcing the breach at TIO on 4th December, and for showing leadership in claiming responsibility for dealing with the outcome. We’re set to see a big difference between those companies that try and sweep breaches under the carpet, and those that are set up with the right processes to investigate breaches and respond appropriately. Those who attempt to hide breaches – we’re looking at you Uber – will be treated with contempt by customers and the media, as indicated by surveys that indicate as many as 85% of respondents wouldn’t do business with firms that had suffered a data breach.

Of course, on 25th May, 2018, the General Data Protection Regulation (GDPR) will come into effect, which means companies will have to notify the Information Commissioner’s Office (ICO) of a breach within 72 hours, or a fine of up to 4% of global revenue.

Sensible organisations will look to implement stronger protection using application whitelisting, encryption and other techniques and improve their detection capability. They should also look to collect and store more definitive evidence about what takes place on their networks – in the form of more verbose log data, NetFlow history and full packet capture. Without this, organisations will find it impossible to investigate a breach quickly enough to satisfy regulatory obligations.

3. Retailers will be far more risk averse during holidays

Companies have begun to accept that optimised monitoring needs to take place all year-round, and Christmas will be no exception. However, companies will become more risk adverse, and whether it’s a bank or a retailer, as the holiday period approaches, often there’s a “blackout” period during which network and security teams are not allowed to make updates and changes to their networks other than urgent patches.

Threat actors may step their activity during the holiday period because there is a higher chance of evading identification and more to gain. This year, Shopify revealed that at the peak of Black Friday, online shoppers were making 2,800 orders per minute, worth approximately US$1million. Had Shopify experienced an outage of just five minutes during this busy period, it would have cost them US$5million in revenue. Protecting against outages – such as might result from a Distributed Denial Of Service (DDOS) attack – is critical at these times. Additionally, this volume of online activity makes it easy for hackers to hide their movements while everyone’s focus is on making sure systems stay up and handle the load.

4. New housekeeping and the end of BYOD

Basic house-keeping will play a big role in cybersecurity in 2018. We’ll see a lot more staff training, and more focus on patching and standardisation so that companies avoid attacks like the widespread ransomware outbreaks we saw this year.

We’re also likely to see more companies moving away from BYOD. The reality is that BYOD has simply proven too hard to regulate and the risk it poses too difficult to protect against. In sensitive networks, with a lot at stake, this risk is not acceptable any longer.

5. Increasing use of strong encryption, and attacks over encrypted connections.

We already know that encryption of network traffic is being used more frequently by attackers as way to hide evidence of their activity. Analysts and their detection tools can’t see into the payload of encrypted traffic.

Unless, of course, they have the encryption keys. If operators force all SSL connections to pass through a proxy, they can decrypt the traffic and see inside the payload. This allows the proxy to provide a clear-text version of the traffic to security tools for analysis, or to full packet capture appliances like the EndaceProbe Network Recorder.

 We should expect to see the adoption of SSL proxy appliances increasing in 2018 – great news for companies like Ixia, Gigamon, Bluecoat, Juniper and others that make these appliances.

Conclusion

So, will 2018 be just as unpredictable when it comes to cybersecurity, data breaches and network infiltration? Chances are, most likely it will. However, with the right plans, practices and network monitoring in place, companies can at least prepare themselves for the worst, and prevent any possible breaches from being anywhere near as extensive as those that took place in 2017.

Source: https://www.itproportal.com/features/new-year-new-defence-cybersecurity-help-and-predictions-for-2018/

Banking on security in an environment of threats

The global financial crisis of 2008 was a piercing wake-up call for the financial industries of the world. It brought several regulatory and legislative changes in its wake, all aimed at preventing the recurrence of such an event. But the years since then have seen a different kind of threat emerging. The warning sirens are more frequent than before and more insistent.

Banks and financial institutions seek to stay relevant and competitive with providing convenient, personalized services to their customers. For this, they collect and analyze huge volumes of sensitive customer data. All this information is stored and accessed online. And this makes them prone to cyber attacks. Cybercriminals exploit vulnerabilities in digital systems to perpetrate attacks of different natures and complexities. Incidences of such attacks have been increasing over the years, and unless we take great care, cyber attacks could easily be the cause of the next global financial crisis.

Only recently, US credit reporting bureau Equifax suffered a huge data breach, resulting in significant loss of data, which included the personal details of over 145 million people across the US, UK, and Canada. This event triggered a rethink of data protection laws in the US. Earlier in 2017, the Llyods Banking Group was hit by a major DDoS (Distributed Denial of Service) attack over the course of 48 hours, as cybercriminals attempted to block access to 20 million UK accounts. Later in the year, several South Korean Banks were threatened with a DDoS attack if they did not pay a $315,000 bitcoin ransom.

Equally worrying, and just as dangerous, are attacks that gradually siphon off data over an extended period of time. Such attacks are generally perpetrated through malware, such as the TrickBot Trojan, which made an appearance in Latin America and targeted banks in over 40 countries.

Recent trends like P2P (peer-to-peer) banking, directives like PSD2 (Revised Payment Service Directive), and initiatives like the Open API Standards for banking in the UK, while they all have their positives, have also inadvertently made the threat landscape riskier by providing more channels through which hackers can target systems. National and global authorities have introduced regulations to ensure that the financial industry takes the cybersecurity aspect of their business very, very seriously.

Under the EU General Data Protection Regulation, which will be enforced from May 25, 2018, organizations that are breached could attract a penalty of up to 20 million Euros or 4 percent of their annual global turnover, whichever is higher. India is in the process of instituting a Computer Emergency Response Team in Financial Sector (CERT-Fin), which will work closely with all financial-sector regulators and stakeholders on issues of cybersecurity.

Cyber threats are evolving as fast as the counter-measures being adopted to combat them. It is therefore essential for banks and financial institutions to be armed with agile cybersecurity strategies that identify potential threats, prevent attacks, and enable fast recovery. The banking industry should continue to invest significantly in cybersecurity – as they traditionally have – because their business is heavily dependent on customer trust.

As the open banking phenomenon grows, and different sets of data become digitally interconnected, the industry needs to protect customer data more fiercely than ever. A security breach can damage not just the company’s revenues, but also its reputation. A recent consumer study revealed that 50 percent respondents would consider switching banks if they suffered a cyber attack, while 47 percent said they would “lose complete trust” in their bank if such an event occurred.

The BFSI industry needs to look at adaptive, round-the-clock methods of detection, defense, and counter-attacks against cyber threats. Help is readily available in the form of third-party security service providers, who have the requisite expertise to offer comprehensive, assured protection. It is also an encouraging sign that investments in security operation centers (SOCs) are on the rise.

The 2008 financial crisis taught the financial industry that it needed to adopt a more responsible approach towards risk management. The years since have delivered a recurring lesson – the pertinence of keeping abreast of the latest in security threats and solutions and investing in security applications that can adapt to the current and future changes in one of our most important and vulnerable industries. Let’s act as we learn.

Source: http://www.ciol.com/banking-security-environment-threats/

Stay vigilant — cyber threats not over yet

Local companies should remain alert and continue to constantly update their cyber security measures as more “innovative” hacking activities are expected this year.

LGMS Services Sdn Bhd CEO Fong Choong Fook said the public and local corporations should be vigilant, as new variants of ransomware could penetrate Malaysia, resulting in various attacks as ransomware services are becoming easier to be accessed.

“Users should always stay updated with system and anti-virus developments, as well as avoid downloading or installing pirated softwares,” he said.

As hacking of Internet of Things devices are also expected to increase, the cyber security analyst urged industry players to perform regular risk assessments to evaluate their risks of cyber threats.

“They should also perform penetration testing in a proactive way and fix any loopholes before hackers take advantage of it,” he said.

Preemptive measures are vital, Fong said, as hackers are more innovative and creative in upgrading their skills and knowledge each day.

In retrospect, Fong said 2017 was the year where Malaysians were “awakened” by the threats of cyber attacks, beginning with a ransomware pandemic of WannaCry in May.

Malaysia has also faced the highly coordinated Distributed Denial of Service (DDoS) attack, followed by what was described as the biggest data leak incident in October.

CyberSecurity Malaysia CEO Datuk Dr Amirudin Abdul Wahab (picture) was reported as saying that, as Malaysians are still unaware of the existence of ransomware, they are advised to equip themselves with cyber security knowledge, as well as to use technology prudently and ethically.

In the incident, over 200,000 systems from 150 countries all over the world were hit by hackers charging US$300 (RM1,221) for their files to be decrypted.

On DDoS attack, it was reported that three linked stock brokerages and one bank were involved in the incident.

In order to ensure the success of DDoS attacks, hackers just need to leverage on computer connections and flood any targeted system with high traffic, or sending information that triggers a crash to the victim’s system.

The attack is capable to shut down a machine or network, causing the user to be blocked from accessing it.

“Company should subscribe cloud traffic scrubbing services such as ‘Cloudflare’, as well as having alternative Internet line on standby (as back up, should the attack happen),” Fong said.

He said the incident should be treated as a learning curve to the public and industry.

“We will learn to be wiser and become more proactive to prepare ourselves for volumetric DDoS attacks,” he said.

On the case of data leaks, Fong said the silver lining of it would be that the consumers have begun to realise the importance of data protection.

“The public are now starting to question the data custodians’ accountability on data privacy, which can be considered as a positive note of the entire data leak chaos,” he noted.

Source: https://themalaysianreserve.com/2018/01/04/stay-vigilant-cyber-threats-not-yet/

UK businesses fear DDoS attacks hijacking their devices

Businesses are afraid wireless devices could be hacked and used as DDoS weapons, report finds.

Businesses are afraid their wireless devices can be hacked and used at weapons in DDoS attacks.

A new report from the Neustar International Security Council (NISC) found that many businesses are becoming increasingly concerned with the current international security landscape, with system compromises seen as the biggest threat, following by ransomware and financial data theft.

But unlike with other similar reports, this time businesses aren’t just sitting idly on this information – they’re actually taking action.

What they usually do is keep a close eye on outgoing traffic, installing buffer servers that help them keep malware out, replace vulnerable access points, and make sure all members of staff are on the same page when it comes to safety guidelines and rules.

Almost half of businesses polled (43 per cent) hire specialist companies to help them with DDoS mitigation.

“As the cybersecurity landscape continues to evolve, and with businesses unsure about where the next attack will come from and what form it will take, there are clear challenges focusing their prevention and protection efforts,” said Rodney Joffe, head of NISC and Neustar senior vice president and fellow.

“But DDoS has long been seen as a severe threat to companies, reaping tremendous impacts and steadily increasing in incidence. The sheer volume of traffic caused by DDoS attacks make them hard, but not impossible, to mitigate and for businesses to have the best chance of success in fighting against them, they need to make them a priority”.

Source: https://www.itproportal.com/news/uk-businesses-fear-ddos-attacks-hijacking-their-devices/

CISO Challenges in 2018

To stay ahead of threats, CISOs will need to enter 2018 in steep learning mode. Their priorities will include integrating artificial intelligence, protecting against increasingly advanced Distributed Denial-of-Service (DDoS) attacks, pressuring IoT vendors to build enterprise-class devices and deciding what blockchain technology may mean to them.

When it comes to leveraging IoT devices for DDoS attacks, the bad guys tipped their hand in 2016 with the Dyn DDoS attack, said Eric Cowperthwaite, managing principal at Citadel Services, a security and risk management consulting company. “There’s way more of that coming—way more,” he said. Broadly speaking, enterprises lack good plans to deal with these types of attacks, he said.

The Dyn attack illustrates two separate issues that CISOs must address. One is the order of magnitude: While the attack is the same type of threat businesses often face, the leveraging of IoT devices amplified the amount of malicious network traffic used in DDoS attacks.

The second challenge isn’t just the operational stability problems such an attack can cause, Cowperthwaite said; it’s also the damage to the company’s reputation when it becomes known that its inadequately secured IoT network enabled the attack.

CISOs need to pressure vendors to add instrumentation to IoT devices entering the enterprise, so that commercial devices are at least hardened from attack and defendable. “If CISOs don’t apply pressure on those vendors, who will?” he asked.

CISOs must be able to monitor their networks so that it’s possible to tell when trusted—or supposedly trusted—devices are behaving appropriately. “If it’s not acting correctly, you should take it off the network,” Cowperthwaite said.

Also high on the CISO’s priority list should be figuring out how to use artificial intelligence to automate event management. “If we don’t figure out how to use AI to deal with the masses of data that we have, we’ll never get ahead,” Cowperthwaite warned. He suggested automating basic security so people aren’t looking at first-level event data. “Why aren’t we taking all that event log data and running it through an AI that will look for anomalies before we do anything else?”

CISOs also can take a page from Agile to tackle other persistent cybersecurity challenges, and move away from security-event firefighting and into more of a business advisory role.

Finally, while blockchain technology may or may not be your friend, it most likely will be more than a passing acquaintance by year’s end. CISOs need to learn about distributed trust systems as well as the technologies and tools that help ensure transaction integrity, irrefutability and nonrepudiation. CISOs then can consider business risk when it’s time to establish governance for the new players on the block.

Source: https://securityboulevard.com/2018/01/ciso-challenges-2018/

Old Vulnerabilities still available to be exploited ROBOT

Old Vulnerabilities still available to be exploited
R.O.B.O.T:
Return Of Bleichenbacher’s Oracle Threat

A joint study by researchers from Ruhr-Universitat Bochum/Hackmanit GmbH and Tripwire VERT has revealed a re-tread of an old vulnerability from 1998 that allows an attacker to leverage RSA decryption and cryptographic operations. It does so by using the private key configured on the vulnerable TLS servers. This latest CVE, dubbed ROBOT (Return Of Bleichenbacher’s Oracle Threat) has a surprisingly large target area, affecting almost a third of the top 100 domains (according to ALEXA).

I won’t detail the history and specifics of the exploit; there is a pretty good overview over at The Hacker News and of course at the researchers own website, where they have provided an online and downloadable tool for testing for this exploit.

What I will bring to attentionare the hardware vendors that are identified as being susceptible to this exploit even today , as it contains some of the biggest names in the IT industry: Cisco, F5, Citrix, and the most surprising isRadware, who specialize in building cybersecurity products. Granted some of the listed platforms are older legacy platforms, but given that the RSA cipher has been deprecated for over a decade, one would assume that patches to remove it would have been offered and applied years ago. One may be led to believe that this type of negligence is one way to incentivize customers to continually spend on expensive hardware upgrades, but of course we all know better than that…..

With regards to DOSarrest and R.O.B.O.T, we’ve long known about the weakness of using RSA ciphers, and only use strong, hardened cipher suites in our operations.

If you are using one of the affected hardware vendors, we can help. With our DDoS Proxy Defense Network, we can take all HTTPS connections and ensure your origin server/s are protected from this CVE, as well as many other vulnerabilities.

Jag Bains, CTO

DOSarrest Internet Security

Source: https://www.dosarrest.com/ddos-blog/old-vulnerabilities-still-available-to-be-exploited-robot/

If you have satellite TV, hackers have access to your network

Imagine if every single gadget in your life was “smart.” Your self-driving car could let your house know you’re on the way home so it can adjust the thermostat and kick on the lights.

Your fridge could detect that you’re out of milk and order more online before you even wake up. A drone delivers the milk just in time for your morning bowl of cereal. These are all super helpful features, but they do come with some digital risks.

Now, something as simple as satellite television can be targeted by hackers.

Who’s at risk?

If you are one of the millions of people with AT&T’s DirecTV service, you could be at risk of attack by hackers. That’s due to a vulnerability recently discovered by security researcher Ricky Lawshae.

He said the flaw was found in DirecTV’s Genie digital video recorder (DVR) system. More specifically, Linksys WVBRo-25 model. The vulnerability is located in the wireless video bridge that lets DirecTV devices communicate with the DVR.

Lawshae said that he discovered the flaw when trying to browse to the web server on the Linksys WVBRo-25. He was expecting to find a login page, but instead found a wall of text. It contained output of diagnostic scripts dealing with information about the bridge, including the WPS pin, connected clients, processes that were running, and more.

That means anyone who accesses the device can obtain sensitive information about it. Not only that but the device is able to accept commands as the “root” user.

Lawshae said, “It literally took 30 seconds of looking at this device to find and verify an unauthenticated remote root command injection vulnerability. It was at this point that I became pretty frustrated. The vendors involved here should have had some form of secure development to prevent bugs like this from shipping.”

If a hacker has root access, they can steal data or even turn the device into a botnet. Cybercriminals are not always trying to steal personal and banking information. Sometimes they are trying to create havoc.

Cybercriminals can use an army of internet of things (IoT) gadgets to disrupt services or shut down websites. This is called a distributed denial of services (DDoS) attack.

DDoS attacks occur when servers are overwhelmed with more traffic than they can handle. These types of attacks are performed by a botnet.

A botnet is a group of gadgets that hackers have taken over without the owner’s knowledge. The hackers seize control of unwitting gadgets with a virus or malware and then use the network of infected computers to perform large-scale hacks or scams.

How to resolve this issue

A spokesperson for Linksys told “Forbes” earlier this week that it had “provided the firmware fix to DirecTV and they are working to expedite software updates to the affected equipment.”

The good news is, once the software is pushed out, the flaw should be fixed. The bad news is, we don’t know how long it will take for DirecTV to send the updates.

As a DirecTV customer, you don’t need to do anything to receive the updates. As long as your satellite receiver is connected to the internet updates that are automatically installed behind the scenes.

Source: https://www.komando.com/happening-now/434022/if-you-have-satellite-tv-hackers-have-access-to-your-networ