‘Security’ Cameras Are Dry Powder for Hackers. Here’s Why

Forums Security News (Security) ‘Security’ Cameras Are Dry Powder for Hackers. Here’s Why

  • This topic has 1 voice and 0 replies.
Viewing 0 reply threads
  • Author
    Posts
    • #35934
      Telegram SmartBoT
      Moderator
      • Topic 5959
      • Replies 0
      • posts 5959
        @tgsmartbot

        #News(Security [ via IoTGroup ]


        Headings…
        ‘Security’ Cameras Are Dry Powder for Hackers. Here’s Why
        How it works
        What’s so bad about the new attack
        What can be done about it

        Auto extracted Text……

        The latest cause for concern: A vulnerability that enables hackers to summon a firehose of network traffic from hundreds of thousands of such devices for “distributed denial of service” attacks, also known as “DDoS” attacks, that aim to knock targets offline—sometimes just for kicks and giggles, other times until a victim pays ransom.
        In a report published Wednesday, security researchers at “cloud” network firm Akamai called attention to the recently identified flavor of attack, warning that instances of it are likely to worsen, in coming weeks, in terms of severity and frequency.
        The new attack uses a novel method to achieve old aims.
        Observed since May, the attack involves misuse of a device-pinpointing protocol—called “web services dynamic discovery,” or “WS-Discovery”—which helps identify the whereabouts of machines on a network.
        What’s so bad about the new attack
        The new attack is troubling because it is unusually powerful and, moreover, it can tap the collective power of many exploitable devices.
        In this case, one byte of inbound traffic, when routed to a vulnerable device, can generate 153 bytes of firepower directed toward a target of attackers’ choice.
        This “reflective” DDoS attack, so called because it reflects from a vulnerable device to another target, acts like a lever, amplifying small forces into far larger ones.
        Memcached,” the most powerful DDoS method known, can amplify the strength of attacks by tens of thousands.
        Scanning the Internet for devices vulnerable to “LDAP” hacking using Shadowserver, a search tool provided by a nonprofit security group of the same name, reveals nearly 15,000 devices ready for abuse.
        For WS-Discovery, the newly discovered attack method, more than 800,000 vulnerable devices appear to be open to abuse.
        “What we’re really seeing here is that this has the potential to hit as hard, or harder [than LDAP attacks], but with a much larger pool” of vulnerable devices, Seaman says


        Read More..
        AutoTextExtraction by Working BoT using SmartNews 1.0299999999 Build 26 Aug 2019

    Viewing 0 reply threads
    • You must be logged in to reply to this topic.