This site uses cookies to ensure the best viewing experience for our readers.
Recent Attacks Enabled by Lax Corporate Cybersecurity, Report Says

Recent Attacks Enabled by Lax Corporate Cybersecurity, Report Says

Last month saw denial-of-service attacks on an unprecedented scale. Israeli cybersecurity consulting firm Komodo says it has traced a fifth of the servers abused in the attack to Fortune 500 companies

Asaf Shalev | 18:29, 02.04.18
Hackers last month took advantage of unprotected computer servers to launch several unprecedented denial-of-service attacks in which several websites were bombarded with so much junk traffic that they were taken offline temporarily.

For daily updates, subscribe to our newsletter by clicking here.

Researchers from Israel-based Komodo Information Security Consulting Ltd. analyzed the attacks and found that about a fifth of the servers used by the hackers are hosted, owned or operated by companies on the Fortune 500 list. Oracle, Comcast, and France Telecom were the leading companies whose vulnerable servers were tricked into carrying the hackers’ orders.

A computer server. Photo: Shutterstock A computer server. Photo: Shutterstock A computer server. Photo: Shutterstock
In a recent blog post announcing the findings, Komodo CEO Boaz Shunami called on multinational tech companies to take initiative and patch vulnerabilities in their infrastructure that impact cybersecurity across the internet.

“Cybersecurity is a great, global challenge and it seems like all hands are on deck,” Mr. Shunami wrote. “We believe large corporations, especially cloud vendors, should be taking more initiative to make things better for the rest of us.”

DoS cyberattacks have existed for decades, but the new type of DoS attack used by the hackers allowed them to direct up to 1.7 terabits of malicious data per second to the web address of their victims, twice the amount of traffic seen in the previous largest attack.

The traditional way to launch a DoS attack is to get a massive amount of computers or IoT devices to send simultaneous queries to a target website, overwhelming a service for the sake of disruption or to demand ransom. In this case, the hackers sent malicious command packets to what are known as memcached servers, which amplified the queries by a factor of 51,0000.

Memcached servers exist deep within the infrastructure of the internet, helping companies manage their network and load web pages more quickly. 100,000 such servers exist, according to a report in Wired magazine last month.

As part of a separate analysis, Komodo had examined the digital fingerprints of all the companies on the Fortune 500 list, assigning each a unique profile. Following last month’s attack, a list of addresses of 17,000 vulnerable memcached servers that were tapped by the hackers surfaced on the web. Komodo cross-checked the addresses with its database of companies to reveal that 20% of the vulnerable servers are linked to the Fortune 500.

Yossi Shenhav, Komodo’s co-founder, said an interview that there could be some false positives and false negatives and estimated that the accuracy rate is 80%.

Related stories

Mr. Shenhav compared the mishandling of private data by companies to the lapses in the cybersecurity of their servers.

“No one looks at the responsibility of companies toward their serves,” he said. “They may not have directed the attacks but someone used their resources to do so.”
share on facebook share on twitter share on linkedin share on whatsapp share on mail

TAGS