Massive cyber-attack affecting the internet

Massive cyber-attack affecting the internet

This post is also available in: heעברית (Hebrew)

11204319_sWritten by: Joey Peleg

In the last few days, news outlets started receiving reports of serious slow Internet traffic that is causing widespread congestion and jamming crucial infrastructure around the world. Behind this, it appears that a DDoS (Distributed denial-of-service) attack against Geneva-based “Spamhause” , a non-profit and  anti-spam organization, that that aims to help email providers filter out spam and other unwanted content.

This form of cyber-attack uses networks of computers to point huge volumes of web traffic at the company’s server, a technique that usually can knock computers offline. Most of these cyber-attacks are hidden behind BOTnets that enslave computers around the world of unsuspecting regular users. It is possible to rent these BOTnets from hackers that cater to other hackers as a Crime-as-a-Service solution, for several hours or even days (Not that expensive).

The cyber-attackers seem to be associated with or sympathize with “CyberBunker” a notorious Dutch hosting providerthat proudly advertises that it will service any website “except child porn and anything related to terrorism“. CyberBunker is headquartered in an ex-NATO “former military nuclear warfare bunker that is currently utilized as bulletproof data center. The company previously gained notoriety for providing hosting to the Russian Business Network cyber crime gang, which the FBI ultimately helped destroy.

This event has reached unimaginable proportions with implications for the global network, in particular dragging down Internet speeds in Europe. According to cyber-security experts this could possibly be the biggest publicly announced cyber-attack in history.

The reason for this quarrel is that “Spamhause” blacklisted CyberBunker. In retaliation Spamhause was attackedby exploiting the Internet’s core infrastructure, called the Domain Name System, or DNS, that functions similar to a  telephone switchboard for the Internet. It translates the names of Web sites like I-hls.com or Google.com into a string of numbers that the Internet’s underlying technology can understand. Millions of computer servers around the world perform the actual translation.

This cyber-attack is known as DNS reflection attack. Attackers sent messages, masquerading as ones coming from Spamhaus, to those machines, which were then intensified drastically by the servers, causing torrents of data to be aimed back at the Spamhaus computers.

CloudFlare, a security service company, extended assistance to Spamhaus and in response the attackers began to focus their digital wrath on both Spamhaus and CloudFlare.

Beyond attacking CloudFlare’s direct peers, the attackers also attacked the core IX infrastructure on the London Internet Exchange (LINX), the Amsterdam Internet Exchange (AMS-IX), the Frankfurt Internet Exchange (DE-CIX), and the Hong Kong Internet Exchange (HKIX)

An internet exchange point (IXP) is a physical network access point through which major network providers connect their networks and exchange traffic.

This duel between relatively small players have affected the internet and not broken it, but after last week’s disturbing cyber-attack on Korean Banks, communications companies that still haven’t fully recovered and I just received an exclusive report from Group_IB, aleading security and computer forensics company, cybercriminals started to use specific malware against major US banks, such as such as Chase (Newark, Delaware), Capital One (Virginia, Richmond), Citibank (South Dakota), Union Bank of California (California, San Diego), Nordstrom FSB Debit (Scottsdale, Arizona), were compromised by this malware.

Adding to these effective cyber-attacks, Anonymous has threatened to attack Israel on the 7th of April. This is nothing new, but as we are starting to see new cyber-attacks are becoming more effective, efficient withlasting damage to our cyber-infrastructures.

We need to start out-of-the-box thinking about cyber-security or we may find that services and applications that we all got used to and enjoy will soon be unreachable.

Written and submitted by:

Joey Peleg, CEO

ICDI-Israeli Cyber Defense Institute.