Thursday, February 25, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Internet Security

macOS systems abused in DDoS attacks

October 4, 2019
in Internet Security
macOS systems abused in DDoS attacks
586
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter

DDoS-for-hire services, also known as DDoS booters, or DDoS stressors, are abusing macOS systems to launch DDoS attacks, ZDNet has learned.

These attacks are leveraging macOS systems where the Apple Remote Desktop feature has been enabled, and the computer is accessible from the internet, without being located inside a local network, or protected by a firewall.

You might also like

Want to pass on your old PCs to good causes? Here’s how to do it while staying secure

Red Hat closes StackRox Kubernetes security acquisition

COVID pandemic causes spike in cyberattacks against hospitals, medical companies

More specifically, the attackers are leveraging the Apple Remote Management Service (ARMS) that is a part of the Apple Remote Desktop (ARD) feature.

When users enable the Remote Desktop capability on their macOS systems, the ARMS service starts on port 3283 and listens for incoming commands meant for the remote Mac.

Huge “amplification factor”

But sometime this year, cyber-criminals have realized that they can abuse the ARMS service as part of a so-called “DDoS amplification attack.”

DDoS amplification attacks are one of the many forms of DDoS attacks. It’s when attackers bounce traffic off an intermediary point and relay it towards a victim’s server.

In this case, that intermediary point is a macOS system with Remote Desktop enabled.

Protocols like DNS, NTP, CharGEN, Memcached, NetBIOS, CLDAP, and LDAP are often abused as part of DDoS amplification attacks. CoAP and WS-Discovery are just the latest protocols to have joined this list. Most of these protocols are UDP-based, where UDP is a type of network packet used as the base for the other, more complex protocols. ARMS is also a UDP-based protocol.

The danger level for any of the above protocol is what security researchers call the “amplification factor,” which describes the ratio between a packet before and after it bounces off towards its target.

Most DDoS amplification attacks observed in the wild have an amplification factor of between 5 and 10. The higher the protocol, the more useful it is for attackers.

According to security researchers from Netscout, who saw the first ARMS-based DDoS attacks in June, ARMS commands an impressive 35.5 amplification factor.

Furthermore, while there’ve been other protocols with big amplification factors in the past, most of them are oddities and rarely used protocols, making them unusable for attackers.

Most of today’s DDoS amplification attacks rely on DNS and NTP, which even if they have a small amplification factor, there’s plenty of servers to go around that attackers can use to amplify their bad traffic.

Up to 40,000 macOS expose ARD/ARMS ports

However, ARMS is different, in the sense that this is the worst-case scenario, where we have a big amplification factor protocol that’s available on a large number of hosts that attackers can abuse.

A search with the BinaryEdge IoT search engine shows nearly 40,000 macOS systems where the Remote Desktop feature is enabled, and the systems reachable via the internet.

ddos-mac-be.png

Some attacks peaked at 70 Gbps

It is unclear who discovered that the ARMS service could be abused for DDoS amplification attacks, but attacks have already happened in the real world.

Netscout spotted the first one in the second week of June. The company said the attack peaked at 70 Gbps, which is a pretty large attack.

Other attacks followed, as observed by the Keyo University Shonan Fujisawa Campus in Japan, and by Italian systems administrator Marco Padovan.

But while initial attacks were sparse, they’re now starting to pick up, according to a source in the DDoS community. The main reason is that some DDoS booters have added support for launching attacks via this protocol, this source told ZDNet.

This means that macOS systems across the globe are now being used as bouncing points for DDoS attacks.

These systems should not be reachable via the internet

According to an analysis of the BinaryEdge search results, the vast majority of these systems are on university and enterprise networks, where system administrators use the Apple Remote Desktop feature to manage large fleets of macOS systems, at a time.

These systems should not be available online, and if they need to be, then access should be restricted using Virtual Private Networks or IP whitelists.

The Apple Remote Desktop feature is the direct equivalent of Microsoft’s Remote Desktop Protocol (RDP).

In the past, hackers have brute-forced RDP endpoints to gain access to corporate networks, from where they stole proprietary information, or have installed ransomware. Similar to how crooks target companies with RDP systems exposed online, they can do the same for Mac systems with ARD.

Admins of macOS fleets should probably secure ARD endpoints to prevent these types of attacks first, and DDoS nuisance second.

Credit: Zdnet

Previous Post

Embattled Tariff Man Strikes Again With A Failing Strategy

Next Post

How to Set Up and Use Your Small Business Instagram Profile

Related Posts

Want to pass on your old PCs to good causes? Here’s how to do it while staying secure
Internet Security

Want to pass on your old PCs to good causes? Here’s how to do it while staying secure

February 24, 2021
Red Hat closes StackRox Kubernetes security acquisition
Internet Security

Red Hat closes StackRox Kubernetes security acquisition

February 24, 2021
COVID pandemic causes spike in cyberattacks against hospitals, medical companies
Internet Security

COVID pandemic causes spike in cyberattacks against hospitals, medical companies

February 24, 2021
Bill establishing cyber abuse takedown scheme for adults enters Parliament
Internet Security

Bill establishing cyber abuse takedown scheme for adults enters Parliament

February 24, 2021
McAfee shares jump on first public report: Q4 revenue tops expectations, outlook higher as well
Internet Security

McAfee shares jump on first public report: Q4 revenue tops expectations, outlook higher as well

February 24, 2021
Next Post
How to Set Up and Use Your Small Business Instagram Profile

How to Set Up and Use Your Small Business Instagram Profile

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

January 6, 2019
Microsoft, Google Use Artificial Intelligence to Fight Hackers

Microsoft, Google Use Artificial Intelligence to Fight Hackers

January 6, 2019

Categories

  • Artificial Intelligence
  • Big Data
  • Blockchain
  • Crypto News
  • Data Science
  • Digital Marketing
  • Internet Privacy
  • Internet Security
  • Learn to Code
  • Machine Learning
  • Marketing Technology
  • Neural Networks
  • Technology Companies

Don't miss it

Want to pass on your old PCs to good causes? Here’s how to do it while staying secure
Internet Security

Want to pass on your old PCs to good causes? Here’s how to do it while staying secure

February 24, 2021
Experts Warns of Notable Increase in QuickBooks Data Files Theft Attacks
Internet Privacy

Experts Warns of Notable Increase in QuickBooks Data Files Theft Attacks

February 24, 2021
Cutting-edge Katana Graph scores $28.5 million Series A Led by Intel Capital
Big Data

Cutting-edge Katana Graph scores $28.5 million Series A Led by Intel Capital

February 24, 2021
Assessing the rise of DeFi – and how data will drive fintech in 2021
Blockchain

Assessing the rise of DeFi – and how data will drive fintech in 2021

February 24, 2021
Zorroa Launches Boon AI; No-code Machine Learning for Media-driven Organizations
Machine Learning

Zorroa Launches Boon AI; No-code Machine Learning for Media-driven Organizations

February 24, 2021
Red Hat closes StackRox Kubernetes security acquisition
Internet Security

Red Hat closes StackRox Kubernetes security acquisition

February 24, 2021
NikolaNews

NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

What’s New Here?

  • Want to pass on your old PCs to good causes? Here’s how to do it while staying secure February 24, 2021
  • Experts Warns of Notable Increase in QuickBooks Data Files Theft Attacks February 24, 2021
  • Cutting-edge Katana Graph scores $28.5 million Series A Led by Intel Capital February 24, 2021
  • Assessing the rise of DeFi – and how data will drive fintech in 2021 February 24, 2021

Subscribe to get more!

© 2019 NikolaNews.com - Global Tech Updates

No Result
View All Result
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News

© 2019 NikolaNews.com - Global Tech Updates