DDoS attacks are nothing new, nor is it new for Krebs on Security to be a target, but the recent attack that forced the site off the network is reported to have been powered entirely by internet of things devices. Former U.S. Defense offensive security researcher and founder of IoT cybersecurity company, Senrio, Stephen A. Ridley said that's no surprise. "This should serve as a serious wake up call that IoT has a serious security problem," Ridley said.
Cisco issued an advisory for a flaw that the company has linked to exploits released by the Shadow Brokers group a month ago. The vulnerability (CVE-2016-6415), which has not yet been patched by the firewall manufacturer, affects Cisco IOS, Cisco IOS XE and Cisco IOS XR Software, and could be exploited by unauthenticated, remote attackers to execute arbitrary code. The vulnerability affects Internet Key Exchange (IKEv1) packet processing.
Senrio CTO and founder Stephen Ridley told SCMagazine.com that researchers are more able to discover “the hallmark of a specific attack” following the release of code containing exploits affecting Cisco products. Companies have likely been observing the behavior of their network traffic, he said. He told SCMagazine.com that he suspects new vulnerabilities “could have been discovered” through an examination of network traffic in the wild. The "1-day" tactic used to be primarily an offensive tool, he said, referring to the process of reverse engineering a vulnerability from a manufacture's patch. "1-days" are highly valuable, Ridley noted, especially concerning networking equipment and embedded devices due to difficulties applying patches to embedded systems.