Data centers

01:44 PM
Connect Directly
RSS
E-Mail
50%
50%
Repost This

Cisco Security Report: Internet Infrastructure Under Attack

Attackers are zeroing in on Web servers, domain name servers and datacenters in order to launch wide-scale attacks, according to Cisco security researchers.

The DarkLeech attack compromised at least 20,000 legitimate websites around the world last year. It also made its mark as an example of a trend -- attackers targeting Internet infrastructure as a stepping stone to more potent attacks.

In the latest edition of its annual security report, Cisco Systems spotlights this increased focus on gaining access to Web servers, name servers and datacenters with the goal of taking advantage of their processing power and bandwidth.

"Through this approach, exploits can reach many more unsuspecting computer users and have a far greater impact on the organizations targeted, whether the goal is to make a political statement, undermine an adversary, or generate revenue," according to the report. "In essence, this trend in targeting Internet infrastructure means the foundation of the Web itself cannot be trusted."

Hackers use a variety of techniques to gain root access to hosting servers, including placing Trojans on management workstations to steal login credentials and exploiting vulnerabilities on third-party management tools used on the servers.

"CMS plays a huge role in this picture," explained Levi Gundert, Cisco technical lead for threat research, analysis and communications (TRAC). "So many people run content management software, whether it be WordPress or Joomla or what have you ...the vulnerability lists for these types of CMS are very extensive."

One compromised hosting server can infect thousands of websites. In addition, websites hosted on compromised servers may act as both a redirectors and a "malware repository," the report noted. Rather than many compromised sites loading malware from only a few malicious domains, "the relationship has now become many-to-many, hampering takedown efforts."

Once the server is compromised, the attackers can implement SSHD backdoors and install rogue modules into Web server software like Apache, Gundert said.

[Read how distributed denial-of-service attacks are a growing cause of costly data center outages in "DDoS Attacks Wreak Havoc On Data Centers."]

This is essentially what happened in the DarkLeech campaign: Sites were infected with a Secure Shell daemon (SSHD) backdoor that enabled the attackers to remotely upload malicious Apache modules and inject IFrames in real-time on hosted websites. The end result is that users were served exploits via the Blackhole crimeware kit.

"Because the DarkLeech IFrame injections occur only at the moment of a site visit, signs of the infection may not be readily apparent," the report notes.

Domain name servers are prime targets of this breed of attack, and Cisco's research indicates that, in addition to individual websites and hosting servers, nameservers at certain hosting providers are being compromised as well.

"Threat actors -- hacktivists, national state actors and cyber criminals -- will continue to conduct land grabs for high-powered infrastructure and compute power in 2014," said JD Sherry, vice president of technology and solutions at Trend Micro. "Several reasons are in play for this. The first is there is still a tremendous amount of DDoS attacks against banks and other critical infrastructures. Having large amounts of processing power across many geos helps with this."

In addition, high-performance computing is important for brute-force attacks on passwords, and cloud computing infrastructures will be the source of attacks for cybercriminals looking to leverage their horsepower for attacks as well, he said.

"We are advising our partners and customers that creation and orchestration of hybrid clouds -- blending your internal datacenter with public cloud capabilities -- requires a tremendous amount of thought with regard to security architecture," Sherry said.

View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Bprince
50%
50%
Bprince,
User Rank: Apprentice
1/19/2014 | 3:51:44 PM
re: Cisco Security Report: Internet Infrastructure Under Attack
Hi. I can't speak to the level of security at Barnes and Noble, but I would advise you generally to be cautious about using public hot spots. If you are going to do it, I would say don't visit sensitive sites (eg. online banking, email, etc).
LUCKY1234A
50%
50%
LUCKY1234A,
User Rank: Apprentice
1/18/2014 | 7:38:36 PM
re: Cisco Security Report: Internet Infrastructure Under Attack
Away from my home network I go to Barnes and Noble an am concerned about this an other bugs. Should I stop using their public hot spot?
Hot Topics
3
IT Certification Exam Success In 4 Steps
Amy Arnold, CCNP/DP/Voice,  4/22/2014
1
The Ideal Physical Network
Martin Casado 4/23/2014
White Papers
Register for Network Computing Newsletters
Cartoon
Current Issue
2014 Private Cloud Survey
2014 Private Cloud Survey
Respondents are on a roll: 53% brought their private clouds from concept to production in less than one year, and 60% ­extend their clouds across multiple datacenters. But expertise is scarce, with 51% saying acquiring skilled employees is a roadblock.
Video
Slideshows
Twitter Feed