Tuesday, January 26, 01:13
Home security FBI: New DdoS attacks using CoAP, WS-DD, ARMS, Jenkins

FBI: New DdoS attacks using CoAP, WS-DD, ARMS, Jenkins


The FBI announced last week that some new network protocols are used to implement DdoS attacks big scale.

The FBI alert lists three network protocols and one web application as a DdoS attack carriers.

The list includes CoAP (Constrained Application Protocol), the WS-DD (Web Services Dynamic Discovery), the ARMS (Apple Remote Management Service) and software Jenkins.

Three of the four (CoAP, WS-DD, ARMS) have already been abused to carry out mass DDoS attacks, the FBI said.


In December 2018, malicious hackers began to abuse his features Constrained Application Protocol (CoAP) to carry out DDoS "reflection" and "amplification" attacks.


In May and August 2019, cybercriminals began exploiting the protocol Web Services Dynamic Discovery (WS-DD) to accomplish more than 130 DDoS attacks. Later that year, several researchers security they said increase in the exploitation of non-standard IoT protocols and devices with incorrect configuration to enhance DDoS attacks. The Appliances IoTs are attractive targets because they use the protocol WS-DD to automatically detect new devices connected to Internet and are close by. As of August 2019, there were 630.000 exposed IoTs Appliances with the WS-DD protocol enabled.


In October 2019, the hackers took advantage of Apple Remote Management Service (ARMS), part of the Apple Remote Desktop (ARD), to perform DDoS attacks.


In February 2020, researchers security of the United Kingdom located a vulnerability in embedded Jenkins server protocols, used to support the software development process and which could be exploited by hackers to perform DdoS amplification attacks. The researchers calculated that hackers could use vulnerable Jenkins servers to enhance traffic to systems of victims up to 100 times.


FBI experts believe that these new threats DDoS will continue to be used further to cause downtime and other problems.

The purpose of the FBI alert is to warn American Companies for the impending danger so that they can invest in DdoS attack systems.

The FBI says that because these newly discovered DDoS carriers are network protocols that are necessary for Appliances in which they are used (IoT devices, smartphones, Macs), device manufacturers are unlikely to remove or disable protocols on their products. Therefore, the danger he is big.

"In the near future, the Criminals will likely take advantage of the growing number of devices with built-in network protocols (enabled by default) to create botnets capable of performing malicious attacks "DDoS," the FBI said.

So far, these four attackers have been used sporadically, but industry experts expect them to be used more and more often.


Please enter your comment!
Please enter your name here

Digital Fortress
Digital Fortresshttps://www.secnews.gr
Pursue Your Dreams & Live!



COVID-19 vaccines: Ways to protect supply chains

The development of vaccines for COVID-19 in such a short period of time has created many challenges and these are not only related to ...

How do insurance companies "enhance" ransomware attacks?

Ransomware attacks have increased significantly, with experts warning that their victims should not pay ransom to hackers ....

Russia: "US may be planning retaliation for SolarWinds hack"!

The Russian government warns the country's organizations about possible cyber attacks that the US may carry out, as "retaliation" for the hack ...

iPhone: How to see which apps have access to your contacts

Some iPhone privacy issues go deeper than accessing your contacts list, which exposes your contacts to ...

COVID-19: Google makes vaccination clinics available

Google CEO Sundar Pichai said Monday that the company will make its facilities available to become clinics ...

Netflix offers "studio quality" audio upgrade on Android

Do not be surprised if Netflix sounds better the next time you run a marathon with rows on your Android phone ...

Will Bitcoin return to $ 40.000? There is concern!

Bitcoin lovers who take his return above the level of $ 40.000 for granted have been worried because the demand ...

Avaddon ransomware: Its operators threaten with DDoS attacks to get ransom!

Lately, more and more ransomware gangs tend to threaten their targets with DDoS attacks in order to secure profits ....

Volunteer firefighters will be trained through VR simulation

Volunteer firefighters in the Australian state of Victoria will soon have access to the virtual reality (VR) training that will be available in ...

Tesla: Accuses its former employee of stealing her confidential data!

On January 23, Tesla sued former employee Alex Khatilov for stealing 26.000 confidential documents, including trade secrets. The software ...