Another Record Breaking DDoS Attack; Stealing Crypto Keys from AMD and Intel CPUs – ThreatWire
All that coming up now on ThreatWire. Greetings, Im Shannon Morse, and this is ThreatWire for June 21. 2022. This is your summary of the threats to our security, privacy and Internet freedom., Merch alert. I have about 20 of these left, so Ill mention them until theyre completely sold out.. This is a ThreatWire, SAO Totem board, its an electronic board powered by micro USB. That can be used to power. These tiny devices called Simple, Add Ons.. These are limited edition and once they sell out, theyre gone for good., So get em, while you can from my personal shop at snubsie.comshop.. Thank you for supporting my content in whichever way you do it lets get started with todays news. The record breaking DDoS attack, I reported on a few months. Back is no longer the record. Breaking DDoS. Cloudflare reportedly mitigated the most record breaking HTTPS DDoS attack ever recorded about a week ago. According to their report. This attack hit 26 million requests per second, which makes it the largest on record.. The attack stemmed from cloud service providers rather than residential ISPs, which leads Cloudflare to believe the attackers are using hijacked VMs and servers, not IoT smart home devices.. It attacked a customer using Cloudflares free plan., The last two major attacks. The company disclosed hit 17.2M requests per. Second and 15M, so this one is about 10 million more in comparison., This amounted to more than 212 million HTTPS requests in less than 30 seconds from 1500 networks in over a hundred countries.
But most of these were from Indonesia, the US, Brazil, Russia and India.. What makes this interesting is not just the speed of the attack, but also the size.. Usually DDoS attacks require huge amounts of infected botnet devices like one that required 730000 devices, but hit at one million requests per second, mainly because each device is relatively weak in power.. This one, on the other hand, used less devices at about 5000, but they were powerful servers or VMs., So this attack was about 4000 times stronger.. The attack took place over HTTPS, which is generally more expensive than one using the HTTP protocol.. This is your security headline story from the ThreatWire studio Im, Shannon Morse Linux has been hit with a slew of attacks in the last week, including ones dubbed Panchan P2P, which is a botnet that spreads using stolen SSH keys and is used to install cryptomining malware Symbiote. A Linux backdoor discovered back in November that is used to infect financial institutions and stays very well hidden and Syslogk. The newest one that Ill be talking about here. Syslogk is a Linux kernel, rootkit based on Adore Ng and has been found in the wild. Under development. – It hides a malicious payload within it that is triggered remotely by an attacker when it sees a specially crafted network traffic. Packet. Adore Ng is an open source. Rootkit thats been around since 2004 and gives attackers the ability to hide processes and modules while they gain full control over an infected.
Machine. Syslogk hides itself from networking tools like netstat, while it inspects TCP packets to find a source port number of 59318, which triggers it to launch malware called Rekoobe.. This malware is a fake SMTP server and it creates a shell once it receives a special command.. The attacker from any remote location can send the specifically crafted TCP packets to trigger the malware to start up the backdoor shell, giving them access to the infected machine and network.. The attacker can also send a command to close the backdoor as well at anytime.. According to Avast, who discovered this attack, These are known as magic packets because they have a special format and special powers. In this implementation. An attacker can trigger actions without having a listening port in the infected machine, such that the commands are in some way magically executed. In the system. …, Even if it is found during a network port scan, it still seems to be a legitimate SMTP server.. Currently, this malware only works on older versions of the Linux kernel, but since it is under active development that could change. Avast also warns that kernel rootkits are harder to detect because they run on a privileged layer, so system admins should be aware of these potential attacks And take proper steps to protect systems. Biggest of shoutouts to my Hush, Puppy, perk level patrons for sharing their fur baby photos and for the support.. Thank YOU to Benjamin who joined the alliance on Patreon.
comthreatwire. Lets finish out. Todays episode with my last top story about stealing crypto keys from CPUs. Attackers could steal entire cryptographic keys. Using this new side channel attack called Hertzbleed.. It allows them to detect variations in CPU frequency, using something called dynamic voltage and frequency scaling or DVFS. DVFS throttles CPUs. So they dont go over their thermal or power limitations when under high usage load., It also reduces power. Consumption., Modern Intel and AMD CPUs are affected by this attack because of how they use this dynamic scaling.. The adjustments are translated into execution time differences and an attacker could use the time variations to extract info, such as cryptographic, keys. Hertzbleed, which was disclosed by researchers at the University of Texas at Austin. The University of Illinois, Urbana Champaign and the University of Washington proved that power side channel attacks can be turned into timing attacks remotely, as explained by the researchers on their website.. They also pointed out that this attack shows how cryptographic code could leak via remote timing analysis., And this affects modern x86 CPUs.. The attack is tracked as CVE 2022 24436 for Intel and 23823 for AMD. Intel and AMD both disclosed that this affects their processors and can be exploited with rather low privileges.. The researchers have not confirmed if their proof of concept works on other vendors as well. AMD and Intel both have stated. They dont intend to release any patches because they dont believe the attacks would be practical outside of a lab environment.
. They do provide mitigation assistance, though, by explaining that developers can use masking hiding or key rotation to protect against power analysis based frequency side, channel attacks.. Also, the researchers say if you have Turbo Boost on Intel or Turbo Core or Precision Boost on AMD CPUs, you can disable that feature as its basically DVFS with a user friendly name.. Keep in mind that may impact your PCs performance. Intel stated. The attack could still happen even if you disable this feature. Check out My youtube channel youtube.comShannonMorse, where I just posted two videos about upcoming Android tech.