Thursday, 31 March 2016

Third World Problem: Bot Herders Target Home Routers In Developing Nations

A new global botnet that has been used for large-scale denial of service attacks is built on lightly secured home broadband routers in Brazil, Thailand and other developing nations, according to a report from the firm Incapsula.
In a report shared with The Security Ledger and released on Tuesday, Incapsula researchers said that the botnet consists of a large number of SOHO (small office and home office) routers, many of them Ubiquiti home routers equipped with ARM processors. Incapsula recorded traffic from more than 40,000 IP addresses associated with 1,600 ISPs worldwide. 85% of the compromised routers were located in Thailand and Brazil, the company said.
As is often the case with attacks on home routers, the Incapsula researchers found that the devices were easy prey for enterprising cyber criminals. An investigation revealed that the compromised units were remotely accessible via HTTP and SSH on their default ports and all were configured with vendor-provided default login credentials.
Insecure home broadband routers are an endemic problem made worse as the devices have become an attractive target for cyber criminals, especially as security improvements and feature upgrades have made home PCs more challenging to compromise. In October, the firm Rapid7 warned about a vulnerability in more than 1 million SOHO routers makes them potentially vulnerable to remote attacks that could expose private internal network traffic to prying eyes. In that case, the culprit was  implementation and configuration vulnerabilities in NAT-PMP features. In September researchers at the firm Sucuri warned of a web-based attack launched from the site of a popular Brazilian newspaper that was targeting home broadband routers. And, in July, the Electronic Frontier Foundation launched the Open Wireless Router Project to develop a secure alternative to commercial SOHO routers that are more secure and can operate in a peer-to-peer mode.
Incapsula recorded malicious traffic from 109 countries. Brazil and Thailand were the source of 85 percent of all traffic.
Incapsula recorded malicious traffic from 109 countries. Brazil and Thailand were the source of 85 percent of all traffic.
Ubiquiti (NADAQ: UBNT) is the brainchild of Robert Pera, a former Apple Engineer who launched the company in 2005.  Around 70% of Ubiquiti’’s revenue comes from developing countries including Brazil, Indonesia and the Czech Republic, where the company sells through a global network of distributors.
“Ubiquiti Networks tried to do a good thing and bring internet connection to third world regions this year, unfortunately it’s just been discovered that their routers are being actively exploited by hackers to field massive DDoS attacks, due to an overlooked exploit,” Incapsula said in an e-mail statement.
The blame doesn’t lie solely (or even mostly) with Ubiquiti. Internet Service Providers (ISPs), vendors and end users all share blame in a pattern of loose security around SOHO devices that Incapsula called “inexplicably negligent.”
Incapsula said the DDoS campaign in question affected the domains of around 60 Incapsula-customers. It began in December and has continued, intermittently, ever since. The compromised devices are controlled using around 60 command and control (or C2) servers, mostly located in the US and China. In all, Incapsula documented attack traffic from 109 countries around the world.
Compromised routers had the MrBlack malware installed on them, a common malicious program.
Incapsula noted that home routers are often easy prey: ISPs tend to group them on dedicated IP address blocks, making it easy to scan a relatively small set of Internet addresses to find vulnerable devices.
Once built, the SOHO device botnet is well suited to do distributed scans and attacks, which can make it difficult to use blacklisting to block the offending activity.


Incapsula also noted similarities between the patterns of botnet activity and the activities of the hacktivist group the Lizard Squad. That group used Lizard Stressor, a global botnet that is also reportedly built on an infrastructure of under-secured routers. Despite several outward similarities, however, Incapsula concludes that the two botnets are not the same.
courtesy by : securityledger

Tuesday, 29 March 2016

DNA nanobots will target cancer cells in the first human trial using a terminally ill patient

The very mention of “nanobots” can bring up a certain future paranoia in people—undetectable robots under my skin? Thanks, but no thanks. Professor Ido Bachelet of Israel’s Bar-Ilan University confirms that while tiny robots being injected into a human body to fight disease might sound like science fiction, it is in fact very real.
Cancer treatment as we know it is problematic because it targets a large area. Chemo and radiation therapies are like setting off a bomb—they destroy cancerous cells, but in the process also damage the healthy ones surrounding it. This is why these therapies are sometimes as harmful as the cancer itself. Thus, the dilemma with curing cancer is not in finding treatments that can wipe out the cancerous cells, but ones that can do so without creating a bevy of additional medical issues. As Bachelet himself notes in a TEDMED talk: “searching for a safer cancer drug is basically like searching for a gun that kills only bad people.”
This is where nanobots come in—rather than take out every cell in the area they’re distributed to, they’re able to recognize and interact with specific molecules. This means that new drugs don’t even need to be developed; instead, drugs that have already been proven to be effective for cancer treatment but too toxic for regular use can be used in conjunction with nanobots to control said toxicity.
2_DNA nanobots
Nanobots are actually made from DNA, specifically a single strand of DNA folded into a desired shape. Bachelet’s nanobots are designed in a clamshell shape, and work as a carrier for existing cancer drugs. Think of them like a protective box. They’ve been programmed to be in two states—an “off” position, where they’re closed tightly so they can bypass healthy cells without causing any damage, and an “on” position, where the clamshell opens up to expose cancerous cells to the drug in question.

Nanobots have been programmed to switch from an “off” position to an “on” position to target cancer cells while working in harmony with other cells.

3_DNA nanobots
Nanobots can also have multiple “payloads” in them, and can be programmed so that they know which drug to expose to specific molecules. This means that nanobots work well in combination therapy—where multiple drugs are used at once—and can be timed so that the different drugs don’t interfere with one another. As of December 2014, the nanobots that Bechelet’s team have developed can recognize 12 different types of cancerous cells.
Currently, the team is also working on instilling their nanobots with “swarm behaviour” and have figured out how to get the bots to build physical bridges with each other. This would allow them to fix tissue from one end to the other, guiding the regrowth of cells across a larger area, which could be helpful in repairing spinal cords or long sections of muscle.
4_DNA nanobots
So, like any good scientist would ask—what’s the catch? Well there are the usual issues that arise with any sort of disruptive technology. It’s entirely possible that nanobots will be too expensive for the average patient, further widening the health gap between the rich and the poor. Nanobots could potentially be used in new forms of biological warfare. And there’s the classic “grey goo” paranoia, wherein the nanobots gain sentience, learn to self-replicate, and devour the environment—but even the original theorist, Eric Drexler, has dismissed this.


In that case, when can we expect this miracle treatment to hit the public? The first DNA nanobot trial in a human subject will take place this year—in fact, it could be happening right now—on a person with late-stage leukemia. The patient is expected to die in the summer of 2015, but Bechelet believes that, based on previous animal trials, the nanobots can remove the cancer in the span of a month. If the trial goes well, we could see nanotechnology hit the public in one-to-five years.

courtesy by : theplaidzebra
written by : DANIEL KORN