Discover a new type of DDOS attacks
Quoted from "zdnet"; Researchers have warned of a new type of distributed denial-of-service (DDOS) attack that threatens all companies with online activities.
In the mentioned new method, the vulnerability in the "UPnP" network protocol is used. As a result, attackers can bypass the usual detection methods.
Attacks are carried out through irregular source ports. As a result, it will be more difficult to protect against future incidents by identifying the source and blacklisting the ports.
The researchers of the "IMPERVA" security company identified the above attack. Unknown hackers have used it twice so far.
UPnP protocol is used to identify devices on the network. Especially IoT devices that use it to find each other and communicate on a local network.
Despite known cases of weak default settings, lack of authentication, and remote execution of malicious code, this protocol continues to be used. This issue makes tools vulnerable.
Avishay zawoznik, leader of the security research group IMPERVA said:
Just like many topics surrounding IoT tools that are easily abused, most vendors of UPnP devices prefer to focus on protocol compliance and ease of delivery rather than security.
Zauznik continued:
Many vendors don't bother with better security settings; Rather, they use open source UPnP servers to reset them.
However, imperva researchers claim that discovering how to use DDOS attacks using the above protocol means creating wider problems.
He added:
We discovered a new method of distributed denial of service attack. In this method, known vulnerabilities are used. This issue poses a risk to all companies that operate online.
In April, researchers discovered a new problem when an attack on the SSDP protocol occurred.
They identified a type of botnet that spoofs the IP addresses of victim devices. This is done to query common devices connected to the Internet such as routers, printers, and access points.
While most attacks use the common 1990 SSDP port, 12% of them come from random sources. Imperva experts realized that attacks integrated in UPnP can be used to hide source port information.
Hackers can easily find the IoT devices they want using Shodan's search engine. Researchers identified more than 1.3 million vulnerable tools with the help of this engine. Also, if someone uses scripts to automatically identify said equipment, this process will be faster.
The leader of the IMPERVA security research group explained:
To avoid falling victim to this, businesses should not focus solely on source ports in order to protect themselves from distributed denial of service attacks; Rather, a method based on uploaded information packages should also be created.
There is a simple way to protect systems against UNPnP vulnerabilities, the researchers noted. It is enough to block access to the device; Because this feature does not provide any useful functionality to users in most cases.