Black Threat Clouds Loom Over U.S. Organizations: The FBI Warns

Thousands of organizations become victims to at least one form of cybercrime every year in the U.S, most of which come from foreign countries. This time, the FBI is warning big firms, government, and critical bodies against multiple threats targeting them.


What happened?

Last week, the FBI spotted new network protocols being abused by cybercriminals to launch large-scale Distributed Denial of Service (DDoS) attacks. 
According to the report, the FBI has listed three network protocols—CoAP (Constrained Application Protocol), WS-DD (Web Services Dynamic Discovery), and ARMS (Apple Remote Management Service)—and a Jenkins web-based automation software as newly discovered DDoS attack vectors.


Understanding the attack vectors

  • CoAP: In December 2018, cyber experts discovered attackers exploiting the multicast and command transmission features of the CoAP as an attack vector. It helped them conduct DDoS reflection and offered an amplification factor of 34. Until January last year, a majority of Internet-accessible CoAP devices were used in China.
  • WS-DD: In May and August 2019, cyber adversaries exploited the WS-DD protocol in IoT devices to leverage a User Datagram Protocol (UDP) amplification technique to ramp up their attacks. Through UDP, actors could spoof a victim's IP address and flood the system with data from nearby IoT devices.
  • ARMS: In October 2019, researchers found criminals abusing the ARMS in macOS systems to launch DDoS amplification attacks. With enabled Apple Remote Desktop (ARD) feature, the ARMS service starts listening on port 3283 for incoming commands meant for the remote Mac. A researcher observed ARMS commanding a huge amplification factor of 35.5 in June last year.
  • Jenkins: In February 2020, Radware researchers asserted that a vulnerability in more than 12,000 Jenkins servers could be exploited to carry out DDoS amplification attacks. Going by research, crooks could amplify DDoS attack traffic by 100 times against the targeted victim.


Other fresh alerts

  • The FBI warned against the Russian intelligence agency GRU-linked APT28 hacker group that has been targeting mail servers of U.S. organizations, government agencies, and critical infrastructure.
  • In another warning, the FBI alerted U.S. organizations about threats on the networks of multinational companies operating in China and using government-recommended tax software.


In a nutshell

According to FBI officials, attackers have higher chances of leveraging these threats to cause downtime and damages to their target. The reason behind it is that these network protocols are essential to the devices in use today, including smartphones, Macs, and IoT-enabled devices.

Hence, the department decided to send an alert to warn organizations against looming threats so that they can take preventive and protective measures in time.