» »Unlabelled » Emerging Web Infrastructure Threats
Friday, 24 July 2015

July 24, 2015

Emerging Web Infrastructure Threats

A secure cloud relies on some weak Internet infrastructure with some new BGP vulnerabilities that will be disclosed at Black Hat USA.

The cloud services industry is beginning to sort out some of the concerns that have kept security-conscious organizations away (for example, by creating new technology like bring-your-own-key encryption schemes). Unfortunately, these improvements still don't do anything to repair some of the very worst threats to cloud security -- vulnerabilties buried in the very underpinnings of the Internet.  
At the Black Hat USA conference in Las Vegas next month, researchers will bring to light even more threats lurking in Web infrastructure. Here's a glimpse at what's to come.

Leaks in the Router Plumbing Attacks on the Border Gateway Protocol (BGP) -- the fabric that all routing on the Internet is based on -- have become so popular that Dan Hubbard, CTO at OpenDNS says 'BGP is the new black.' For example, last year Dell SecureWorks discovered a crypto-currency heist, in which the attacker hijacked BGP routes and redirected cryptocurrency miners to the rogue systems, stealing roughly $83,000 in the process. Wim Remes, manager of strategic security services for Rapid7, will give an overview of the BGP threat landscape in his session 'Internet Plumbing for Security Professionals: The State of BGP Security.'

Leaks in the Router Plumbing

Attacks on the Border Gateway Protocol (BGP) -- the fabric that all routing on the Internet is based on -- have become so popular that Dan Hubbard, CTO at OpenDNS says "BGP is the new black."
For example, last year Dell SecureWorks discovered a crypto-currency heist, in which the attacker hijacked BGP routes and redirected cryptocurrency miners to the rogue systems, stealing roughly $83,000 in the process.
Wim Remes, manager of strategic security services for Rapid7, will give an overview of the BGP threat landscape in his session "Internet Plumbing for Security Professionals: The State of BGP Security."

CDN Takeover The details of the vulnerability that BishopFox security researchers Matthew Bryant and Mike Brooks will reveal at Black Hat are still cloaked in mystery, but the scenario they propose is certainly horrifying: 'Imagine - a Facebook worm giving an attacker full access to your bank account completely unbeknownst to you, until seven Bentleys, plane tickets for a herd of llamas, a mink coat once owned by P. Diddy, and a single monster cable all show up on your next statement.' They'll demo this scenario in the session, 'Bypass Surgery Abusing Content Delivery Networks with Server-Side-Request Forgery (SSRF) Flash and DNS.' Their attack will manipulate a few wobbly components at once to compromise content delivery networks (CDNs) -- those distributed systems of servers meant to deliver to Internet users high availability, high performance -- and maybe some of the nastiest malware imaginable.

CDN Takeover

The details of the vulnerability that BishopFox security researchers Matthew Bryant and Mike Brooks will reveal at Black Hat are still cloaked in mystery, but the scenario they propose is certainly horrifying:
"Imagine - a Facebook worm giving an attacker full access to your bank account completely unbeknownst to you, until seven Bentleys, plane tickets for a herd of llamas, a mink coat once owned by P. Diddy, and a single monster cable all show up on your next statement."
They'll demo this scenario in the session, "Bypass Surgery Abusing Content Delivery Networks with Server-Side-Request Forgery (SSRF) Flash and DNS." Their attack will manipulate a few wobbly components at once to compromise content delivery networks (CDNs) -- those distributed systems of servers meant to deliver to Internet users high availability, high performance -- and maybe some of the nastiest malware imaginable.

BGP Hijacking And Broken Trust SSL, the mechanism on which so much online trust is based on, is untrustworthy itself. As if that wasn't bad enough, SSL trusts BGP Internet routing traffic and BGP is becoming a more attractive attack target all the time. In his session, 'Breaking HTTPS With BGP Hijacking, Artyom Gavrichenkov, developer at the Qrator Labs DDoS mitigation network will show how to exploit this trust to do some real mischief.

BGP Hijacking And Broken Trust

SSL, the mechanism on which so much online trust is based on, is untrustworthy itself. As if that wasn't bad enough, SSL trusts BGP Internet routing traffic and BGP is becoming a more attractive attack target all the time.
In his session, "Breaking HTTPS With BGP Hijacking, Artyom Gavrichenkov, developer at the Qrator Labs DDoS mitigation network will show how to exploit this trust to do some real mischief.
- July 24, 2015