Logo

DOSarrest Vulnerability Testing and Optimization
Navigation
  • Home

Reflection DDoS Attacks Using Millions of UPnP Devices on the Rise

on October 17, 2014 |
DDoS DDoS Attack Specialist Defend Against DDoS DoS Attacks
After successful in launching reflection and amplification Distributed Denial-of-Service (DDoS) attacks by abusing various protocols such as DNS, NTP and SMTP, hackers are now abusing Simple Service Discovery Protocol (SSDP) – part of the UPnP protocol standard – to target home and office devices, researchers warned.
SSDP is a network protocol based on the Internet Protocol Suite that comes enabled on millions of networked devices, such as computers, printers, Internet gateways, Router / Wi-Fi access points, mobile devices, webcams, smart TVs and gaming consoles, to discover each other and automatically establish working configurations that enable data sharing, media streaming, media playback control and other services.
FLAW IN UPnP USED IN AMPLIFICATION DDoS ATTACK
Prolexic Security Engineering & Response Team (PLXsert) at Akamai Technologies have issued a warning that the devices use in residential or small office environments are being co-opted into reflection and amplification distributed denial-of-service (DDoS) attacks since July that abuse communications protocols enabled on UPnP devices.

“The rise of reflection attacks involving UPnP devices in an example of how fluid and dynamic the DDoS crime ecosystem can be in identifying, developing and incorporating new resources and attack vectors into its arsenal,” the advisory states. “Further development and refinement of attack payloads and tools is likely in the near future.“

The weakness in the Universal Plug-and-Play (UPnP) standard could allow an attacker to compromise millions of its consumer and business devices, which could be conscripted by them to launch an effective DDoS attack on a target.

 

Attackers have found that Simple Object Access Protocol (SOAP) – protocol used to exchange sensitive information in a decentralized, distributed environment – requests “can be crafted to elicit a response that reflects and amplifies a packet, which can be redirected towards a target.”
This UPnP attack is useful for both reflection attacks, given the number of vulnerable devices, and amplification as researchers estimate that it can magnify attack traffic by a factor of 30, according to the advisory.
OVER 4.1 MILLIONS DEVICES VULNERABLE
According to the security researchers, about 38 percent of the 11 million Internet-facing UPnP devices, i.e. over 4.1 million devices, in use are potentially vulnerable to being used in this type of reflection DDoS attack.

“The number of UPnP devices that will behave as open reflectors is vast, and many of them are home-based Internet-enabled devices that are difficult to patch,” said Akamai security business unit senior vice president and general manager Stuart Scholly. “Action from firmware, application and hardware vendors must occur in order to mitigate and manage this threat.”

MAJOR TARGETED COUNTRIES
South Korea has the largest number of vulnerable devices, followed by the United States, Canada, and China, according to the advisory.
This isn’t the first time when a security flaw in UPnP has allowed attackers to target home and business devices, back in January 2013, a flaw in UPnP exposed more than 50 millions computers, printers and storage drives to attack by hackers remotely.

 

Source: http://thehackernews.com/2014/10/reflection-ddos-attacks-using-millions_16.html

Share this story:
  • tweet

Recent Posts

  • OpenSSL fixes severe DoS, certificate validation vulnerabilities

    March 29, 2021 - 0 Comment
  • Acer Reportedly Hit With $50M Ransomware Attack

    March 24, 2021 - 0 Comment
  • REvil ransomware gang claims over $100 million profit in a year

    March 10, 2021 - 0 Comment
Comments are closed.
DOSarrest ad

Keep updated with the latest DDoS Attacks

RSSSubscribe
  • Home
  • Latest News
  • Contact
  • Sitemap
© Copyright 2013. All Rights Reserved. Web Development by: 6folds Marketing