Ricardo Aramburu’s Post

DDoS and USB attacks, critical infrastructure concerns, and more. It's that time: Catch up with the #infosec + #dataprotection news you missed this week with the Friday Five: 

“*Edge services* are often internet accessible, unmonitored, and provide a rapid route to privileged local or network credentials on a server with broad access to the internal network,” says the report. The attraction to edge devices comes from *easier entry* (because, by definition, they have an internet face and can be attacked remotely); and they provide easier and greater stealth once compromised (because they are usually a black box by design). They finds an upward trend in *edge CVEs* added to the KEV list, contrasting with a dramatic downward trend in *non-edge CVEs* being added in 2024. More specifically, edge-related additions have increased from 2 per month in 2022 to 4.75 in 2024; while non-edge entries have decreased from 5.36 in 2023 to 3 in 2024. *This means that anyone who is managing firewalls, edge services, switches, routers, or whatever, does indeed need to be a bit more paranoid about them*,” he added. https://lnkd.in/ep3JZwGD

DDoS attacks overwhelm an internet service with traffic, knocking it offline. Over the years, cybercriminals have come up with various ways to launch DDoS assaults, which can include summoning terabits of data per second or millions of requests per second. ... https://lnkd.in/gpgqDMut

https://lnkd.in/dgekkyex A novel denial-of-service (DoS) attack vector has been found to target application-layer protocols based on User Datagram Protocol (UDP), putting hundreds of thousands of hosts likely at risk. Called Loop DoS attacks, the approach pairs "servers of these protocols in such a way that they communicate with each other indefinitely," researchers from the CISPA Helmholtz-Center for Information Security said. UDP, by design, is a connectionless protocol that does not validate source IP addresses, making it susceptible to IP spoofing. Thus, when attackers forge several UDP packets to include a victim IP address, the destination server responds to the victim (as opposed to the threat actor), creating a reflected denial-of-service (DoS) attack.

Awesome post! DDoS attacks pose a significant threat to internet operations due to their ability to disrupt services at multiple layers of the OSI model, making them challenging to defend against. At the network (Layer 3) and transport (Layer 4) layers, SYN and UDP floods are common. overwhelming the target's network infrastructure, causing severe disruptions in connectivity and service availability. Further up the model, the attacks become more nuanced. Attacks, such as HTTP floods on the application layer, exploit the intricacies of web servers and applications, while session layer attacks employ methods like WordPress pingback exploits, turning content management systems into unwitting accomplices to generate massive traffic. In the face of these evolving threats, a robust, multi-layered defense strategy is the best bet. Organisations should remember, that the digital landscape is constantly evolving, and so are the threats they face. Staying vigilant and updated is staying safe! #CyberSecurity #DDoS #NetworkSecurity #InfoSec #ITSecurity #WebSecurity #DataProtection #NETSCOUT

📌 Lava Lamps and #Encryption 🛡️ Believe it or not, lava lamps are protecting us from being #Hacked. 💡 The "Wall of Entropy" at Cloudflare’s HQ boasts about 100 lava lamps. 🌈 The movement of the bubbles within these lamps is tracked by a camera, 📸 which sends images at regular intervals to servers. 🖥️ This process injects randomness into the encryption keys. 🔑 Why do they do this? 🤔 Because 20% of all web traffic flows through Cloudflare’s network. 🌐 If their systems were breached, it would be disastrous. 💥 #CyberSecurityDubai #CyberSecurityUAE #CyberAwarenessDubai #CyberSafeUAE #CyberAwareness Vivek Patel Joshua Heathcote https://lnkd.in/gdegN5e3

Rate limiting is a mechanism to limit network traffic to prevent users from overloading system resources. 🛡️ Advantages of Rate Limiting for Network Security : 📌 Protects Against DoS Attacks: Rate limiting prevents overwhelming network resources, DoS attacks that could cripple systems. 📌 Safeguards System Performance: By controlling traffic flow, rate limiting ensures smooth operation even during high-demand periods, maintaining optimal user experience. 📌 Reduces Malicious Activity: Malicious bots and attackers are curbed, as rate limits reduce rapid and excessive requests, reducing the risk of data breaches and unauthorized access. 📌 Enhances Fair Resource Allocation: Rate limiting promotes fair usage by preventing any single user or entity from manipulating resources, ensuring equal access for all. 📌 Preserves API Reliability: APIs are safeguarded from being overwhelmed by excessive requests. 📌 Scalability & Efficiency: With controlled traffic, systems can scale more efficiently, without compromising stability. 📌 Cost-Effective Defense: Rate limiting minimizes the need for expensive hardware upgrades or third-party security solutions. #ratelimit #proxy #security

📢 Novel 4G/5G Attack Technique 'Man On The Side' - Adapting NSA approaches for traffic injection in mobile networks. Don’t confuse it with 'Man In The Middle', they're not the same. The term 'Man On The Side' (MOTS) might not be widely recognized, but it is a legitimate concept, especially within the field of network security and encrypted communications. I believe I once heard about it in 2014, relating to the Snowden leaks and secret NSA capabilities. 🔬 Recently, new research released by Fredrik Söderlund explains how a MOTS attack using the SCTP protocol specifics can affect 4G/5G networks. SCTP is a communication protocol designed to surpass TCP and UDP, though it's less commonly used and primarily found in telecom scenarios. Here is what an attacker can do: 🔻Place a node on the same network switch as the target to monitor and intercept SCTP traffic between the Base Station and Core Network. 🔻Capture and analyze key details from SCTP packets, such as sequence numbers and verification tags. 🔻Mimic legitimate communications and inject a fake packet before the legitimate one arrives, causing the victim to accept the fake data and ignore the real response as redundant. 🔻Depending on how the victim processes the fake packets, the attacker can mislead the victim into executing actions based on the manipulated data. 🕵️ Sounds hard to achieve? Probably, but not for nation-state intelligence services. The interesting part here is that in new research this technique was applied to SCTP communication in 4G/5G scenarios (NGAP or S1AP), demonstrating how it can lead to Denial of Service and Data Redirection. 🗺️ Mapping this to the MITRE FiGHT framework, I’d say it falls under ‘Transmitted Data Manipulation’ Techniques (FGT1565.002). Prevention and Detection: 🔹Encrypt the traffic to prevent unauthorized access. 🔹Even better to ensure attackers cannot reside on your network switches. 🔹Detection lies in analyzing the packets that return to a victim in response to its requests. One packet will be the rogue one from the attacker; the other will be legitimate, sent from a genuine server. Both packets will have the same sequence number—a ready-to-use signature, if by chance you monitor this part of the network 🤷♀️ #CyberSecurity #NetworkSecurity #5GSecurity #MOTS #SCTP

Cloudflare utilizes lava lamps in their headquarters to generate truly random data crucial for encryption, as traditional computer outputs lack unpredictability. By capturing images of the lava lamps and converting them into numerical sequences, Cloudflare ensures strong SSL/TLS encryption for millions of internet properties. This innovative approach enhances cybersecurity by leveraging real-world chaos to bolster encryption strength.