Akamai Warns of UPnP Devices Used in DDoS Attacks

October 15, 2014 Akamai Warns of UPnP Devices Used in DDoS Attacks

Akamai Contacts Rob Morton

Media Relations

617-444-3641

rmorton@akamai.com

or Tom Barth

Investor Relations

617-444-7130

tbarth@akamai.com

Four million Universal Plug and Play devices may be vulnerable to use by attackers

Fake requests to UPnP devices can elicit DDoS traffic to a target

Advisory explains need for vendor and community action

CAMBRIDGE, Mass. - October 15, 2014 - Akamai Technologies, Inc. (NASDAQ: AKAM), the leading provider of cloud services for delivering, optimising and securing online content and business applications, today released, through the companys Prolexic Security Engineering & Response Team (PLXsert), a new cybersecurity threat advisory. The advisory alerts the security community, device vendors, Internet service providers and enterprises to the risk of massive distributed denial of service (DDoS) attacks involving Universal Plug and Play (UPnP) devices. The advisory is available for download from Prolexic (now part of Akamai) at www.prolexic.com/ssdp.

PLXsert has observed the use of a new reflection and amplification DDoS attack that deliberately misuses communications protocols that come enabled on millions of home and office devices, including routers, media servers, web cams, smart TVs and printers. The protocols allow devices to discover each other on a network, establish communication and coordinate activities. DDoS attackers have been abusing these protocols on Internet-exposed devices to launch attacks that generate floods of traffic and cause website and network outages at enterprise targets.

Malicious actors are using this new attack vector to perform large-scale DDoS attacks. PLXsert began seeing attacks from UPnP devices in July, and they have become common, said Stuart Scholly, senior vice president and general manager, Security Business Unit, Akamai. The number of UPnP devices that will behave as open reflectors is vast, and many of them are home-based Internet-enabled devices that are difficult to patch. Action from firmware, application and hardware vendors must occur in order to mitigate and manage this threat.

PLXsert found 4.1 million Internet-facing UPnP devices are potentially vulnerable to being employed in this type of reflection DDoS attack - about 38 percent of the 11 million devices in use around the world. PLXsert will share the list of potentially exploitable devices to members of the security community in an effort to collaborate with cleanup and mitigation efforts of this threat.

These attacks are an example of how fluid and dynamic the DDoS crime ecosystem can be, explained Scholly. Malicious actors identify, develop and incorporate new resources and attack vectors into their arsenals. Its predictable that they will develop, refine and monetize these UPnP attack payloads and tools in the near future.

Get the SSDP Reflection Threat Advisory to learn more

PLXsert replicated an attack of this type in a lab environment, demonstrating how attackers produce reflection and amplification DDoS attacks using UPnP-enabled devices. In the advisory, PLXsert shares its analysis and details, including:

How the SSDP protocol and SOAP requests are used in reflection attacks

Two example DDoS tools used to scan for vulnerable devices and launch attacks

Details of an observed attack campaign

Geographical distribution of UPnP devices involved in attacks

Top 10 most common headers in UPnP response payloads

Recommended system hardening and community action

DDoS mitigation

A complimentary copy of the threat advisory is available for download at www.prolexic.com/ssdp.

About Akamai

Akamai is the leading provider of cloud services for delivering, optimising and securing online content and business applications. At the core of the Companys solutions is the Akamai Intelligent Platform , providing extensive reach, coupled with unmatched reliability, security, visibility and expertise. Akamai removes the complexities of connecting the increasingly mobile world, supporting 24/7 consumer demand, and enabling enterprises to securely leverage the cloud. To learn more about how Akamai is accelerating the pace of innovation in a hyperconnected world, please visit www.akamai.com or blogs.akamai.com, and follow @Akamai on Twitter.

Top

LINK:	http://uk.akamai.com/html/about/press/releases/2014/press-101514-2.htm...
	See more stories from akami

Most recent headlines