Massive East Coast Internet Outage

This week we hear how about the Massive East Coast Internet Outage and A Serious “Dirty Cow” Linux Exploit.

Breach

Massive East Coast Internet Outage

Several websites, such as Twitter, Spotify, eBay and Reddit, were affected by a major DDoS cyberattack that affected most of the East Coast last week. The attack was targeted at Dyn, company that offers a platform to optimize websites’ online performance headquartered in New Hampshire. There were a total two attacks that took place within a few hours from each other. 

Dyn’s DNS service acts like an address book for the internet, bridging human-readable domain names and IP addresses that the internet understands. The DDoS attack sent an overwhelming amount of lookup requests to the DNS to cause the network to crash. It’s possible that the attack was a part of a genre of DDoS attack that infects Internet of Things devices with malware and turns them into botnet armies to flood malicious traffic toward a target.

References: What We Know About Friday's East Coast Outage | East Coast Internet Service Attacks 'Coming in Waves' | Mass Internet Disruption Caused by DDoS Attack on DNS Company Dyn

Mitigation Strategies:

  • Ensure a well-defined and tested incident response plan is in place
  • 24x7 security monitoring by a security operations center to quickly detect a DDoS attack and implement the incident response plan to mitigate the risk
  • Validate that your service provider and internal networking teams have a robust networking infrastructure implemented to minimize the effects of a DDoS attack

Malware

A Serious “Dirty Cow” Linux Exploit

Dirty Cow is a silly name, but it’s a serious Linux kernel exploit. The name comes from a race condition in the way the Linux kernel’s memory subsystem handles copy-on-write (COW) breakage of private read-only memory mappings. The security hole allows an underprivileged local attacker to gain write access to otherwise read-only memory mappings and increase their privileges on the system.

Researchers are taking the flaw very seriously as it’s not difficult to develop exploits and this vulnerability is located in a section of the Linux kernel that’s a part of every distribution of open-sourced OS released in the last decade. 

References:  The Dirty Cow Linux Bug: A Silly Name For A Serious Problem | "Dirty COW" Linux Kernel Exploit Seen in The Wild | Explaining Dirty Cow

Mitigation Strategies:

Top 20 Malicious IP Addresses

188.118.2.26 81.183.56.217
37.84.83.13 118.170.130.207
46.109.168.179 114.44.192.128
185.45.193.52 87.222.67.194
173.254.231.111 74.208.99.220
67.222.1.229 185.100.85.150
109.234.35.79 148.251.6.214
107.161.95.138 134.249.201.195
134.249.186.12 163.172.197.79
222.187.239.242 183.60.48.25

*IP addresses provided by Recorded Future.