DDoS Archives - NuTech Services LLC

Jul, 2022

The RSOCKS Botnet Shows the Dangers of Unsecured IoT

Botnets are nefarious entities consisting of countless connected devices, all of which have been infected by hackers to perform malicious deeds. One such botnet, a Russian botnet consisting of millions of infected Internet of Things devices, has been dismantled and taken down by the United States Department of Justice and various law enforcement agencies throughout Germany, the United Kingdom, and the Netherlands.

The RSOCKS Botnet

The RSOCKS botnet was responsible for hacking into countless computers and other connected devices all over the globe, according to the Department of Justice. This particular botnet was operating as a proxy service. While it advertised selling legitimate IP addresses through an Internet service provider, or ISP, it was instead offering IP addresses assigned to devices hacked through the botnet. The purpose of this service was for hackers to conceal their IP addresses from law enforcement while they launched attacks against authentication portals.

In other words, hackers were using these hacked IP addresses to conceal their activity while they launched attack after attack against authentication platforms. The Department of Justice reports: “It is believed that the users of this type of proxy service were conducting large-scale attacks against authentication services, also known as credential stuffing, and anonymizing themselves when accessing compromised social media accounts, or sending malicious email, such as phishing messages.”

What Happened to RSOCKS?

The FBI has since seized control over RSOCKS’ website, where users could purchase IP addresses. The price points for these services ranged from $30 per day for 2,000 proxies to $200 per day for 9,000 proxies. If a user committed to making the purchase, they could download their list of IP addresses and ports, which they could then use to route traffic through the cracked devices to obscure their true identity. The botnet was first built using infected IoT devices, but it later took advantage of Android and other types of computers, too.

When services like this are so affordable, even to the layman hacker, you cannot afford to not take them seriously.

What Can Be Done?

This type of threat shows the security shortcomings of Internet of Things devices, something which your business needs to be well aware of if it is to successfully protect itself from threats such as this. The reason behind why Internet of Things devices were chosen as outlets for these attacks is that many are distributed with their default passwords, easily allowing hackers to bypass their security features and take advantage of them. If you do utilize IoT devices, you should use the same security standards that you would use for other, more advanced devices, like more strict password policies or dedicated networks specifically partitioned off for IoT devices.

NuTech Services can help you take all the appropriate measures needed to secure your business. To learn more about what we can do for your organization, reach out to us at 810.230.9455.

Jan, 2016

Tip of the Week: Spot a DDoS Attack Before it Takes Down Your Network

Direct denial of service attacks are a major problem for businesses. On one hand, they’re difficult to prevent entirely, incredibly annoying, and costly. Hackers are realizing just how annoying DDoS attacks can be, and are capitalizing on them in order to both make a quick buck, and to take jabs at organizations that aren’t necessarily doing anything wrong.

When a business is targeted by a distributed denial of service (DDoS) attack, their servers are overloaded with traffic and brought down by the sheer amount of activity, usually performed by botnets (compromised computer hordes). This is a massive inconvenience for both end users and the business owner. Your workers lose access to critical files and applications, which becomes a cause for expensive and dangerous downtime.

One of the most frightening things about DDoS attacks is that practically anyone can truly pull one off. There have been stories about lone wolf hackers and random kids pulling off DDoS attacks under the right circumstances.

DDoS attacks are designed to cause massive headaches and downtime, but you don’t have to live in fear of them. Here are two ways you can make the next DDoS attack you experience less painful.

Understand Your Network
Before assuming that you’ve been the target of a DDoS attack, you should first familiarize yourself with the normal quality of your network. By doing so, you’ll more easily be able to detect any strange occurrences that may be causes for concern. If it’s business as usual, you have little to fear.

Keep in mind that while this is helpful for DDoS attacks, it can be a good first step toward diagnosing many common issues with your network. If something feels out of place, chances are that there’s something going on behind the scenes. A quality IT technician can help you further correct problems associated with your network.

Be Ready
While DDoS attacks are seemingly unpredictable, this doesn’t mean that you shouldn’t be prepared for them. You should start by identifying what your critical systems are, and take measures to ensure their operation continues, even in the face of the worst circumstances. Are there any services that can be hosted off-site? While it helps to have all of your services hosted in-house, your server will likely be the target of a DDoS attack; therefore, it makes sense to host your critical business systems elsewhere, like in a secure, off-site cloud solution. Although you run the risk of the data center getting hit by a DDoS attack, most data centers have the resources and safeguards to reduce downtime caused by them.

Regardless of the business type, you should never dismiss downtime as an acceptable issue, and you should always do whatever you can to mitigate your losses. Contacting IT professionals like those at NuTech Services can go a long way toward limiting downtime caused by all types of threats, including DDoS attacks.

For more information about how you can fight against DDoS attacks, give NuTech Services a call at 810.230.9455.

Nov, 2015

Pay a Hacker Ransom Money and Risk Getting Bamboozled Twice

Requesting a ransom from victims is an unfortunate trend gaining momentum in the hacking world. This is typically done using ransomware (where hackers encrypt data and request money for the key) and distributed denial of service attacks (where hackers threaten to overwhelm a system with traffic, thus knocking it offline). In both scenarios, hackers are looking for the victim to pay up, or else. Should they?

The answer should be obvious; absolutely not. However, when a person’s valuable data becomes encrypted or they receive a legitimate threat to take down their servers, emotions often get in the way and they’ll end up “paying the piper.” Hackers know this, which is why their ransom methods employ fear tactics.

For example, ransomware like CryptoLocker will lock the user out of their computer while the screen displays a clock counting down to when their data will be deleted. And with DDoS attacks, a hacker may contact the victim mid-attack and promise to cease the attack for a fee. Both of these situations play straight into a person’s irrational fear, causing them to cough up cash.

Before reaching for your credit card to pay a hacker’s demands, stop, take a deep breath, and think objectively about the situation. What guarantee do you have that these hackers will actually make good on their promise to turn over your data or cease the attack? This guarantee is only as good as a hacker’s word, which is pretty worthless seeing that, you know, they’re criminals. Therefore, whatever you do, DON’T GIVE MONEY TO A HACKER!

By paying hackers money, you’ll only add fuel to the fire and help fund the spread of their devious acts. Plus, there are several reported cases where a victim pays the ransom, only to still have their data deleted or the attacks on their site continue. What’s it to them if they go ahead and follow through with the attack? They have your money, so who cares? It’s a classic case of adding insult to injury.

Need proof? There’s a recent example of this happening to ProtonMail, a Switzerland-based email encryption service. On November 3rd, ProtonMail was threatened with a DDoS attack by the hacking group Armada Collective. Like many companies would do, they ignored the threat, deeming it to not be credible. Soon afterward, their servers became overloaded to the point where they had to cease operations.

As reported by ZDNet:

The encryption service says the assault reached 100Gbps and not only attacked the ProtonMail datacenter but routers in Zurich, Frankfurt and other locations linked to the ISP — eventually bringing down the datacenter and ISP. This not only took down ProtonMail, but other companies were affected, too.

To get the attackers to stop, ProtonMail paid the hackers a $6,000 ransom. The hackers happily took their money and kept up the attack. In addition to losing a cool $6k, the company was out a vast sum for all the downtime they experienced.

How much would it cost your company if you lost revenue for a full day of work, and you still had to make payroll? For a medium-to-large sized company, losing a full day’s work would likely come to much more than a few thousand dollars. In fact, hackers understand how downtime can be so costly, which is why they feel justified asking for such an exorbitant fee.

What are you supposed to do if you were asked to pay a ransom by a hacker? The first thing you’ll want to do is contact the IT professionals at NuTech Services. We’re able to take an assessment of the attack to determine how bad it is, and restore your data to a backed up version that’s not infected with malware. When facing a hack attack, we can present you with all the options you can take, none of which will include paying a hacker money.

Call us today at 810.230.9455 to learn more, and don’t give the hackers have the upper hand.