IT leaders say that hackers have started implementing spoofing, obfuscation and network tunneling techniques to manipulate issue responders
CIOs say that recent cyber-attacks used spoofing and network tunneling techniques to confuse attribution and geolocation. Recently NSA issued a warning regarding cyber-attacks launched by The Onion Router (Tor) that enabled cyber hackers to launch attacks and malicious activities.
Security team members say that such techniques make it difficult for them to analyze variables and locations thus making it impossible to attribute malicious cyber-attacks. CIOs acknowledge that IP address’s location is obtained via publicly available data. Accuracy of the data depends on sources, some sources provide locality and country details while others give neighborhood’s detail as well.
CIOs point out that such obfuscation techniques can be used by hackers to hide their true geolocation, security officials will be unable to point out the exact location even with accurate information. True physical location is unable to identify using the geolocation of the IP address.
IT security leaders say that in website spoofing attacks attackers duplicate authentic sources, similarly, network tunneling hackers create fake packets with a general IP source and geolocation of a selected country. In such scenarios, the hacker may be located in a completely different country when conducting malicious and nefarious activities.
CIOs acknowledge that such attacks are possible for remote activities like network denial of service or endpoint denial of service, resulting in DNS amplification cybercrimes. Such attacks utilize the difference in bandwidth consumption by the intended system and the threat actor. The attack size is amplified by multiple requests to disturb network infrastructure by increased traffic volume.
Network tunnels are used by hackers to ensure the success of such attacks. Security personnel says that network tunnel covers network traffic between two said points; majorly such tunnels are used for legitimate reasons like for the creation of VPNs or a safe and secure remote administration. Hackers however use these to mask their true physical location by purchasing VPSs from commercial vendors.
IT leaders say that hackers create a network tunnel between their VSPs and the computer, thus utilizing the tunnel to conduct the data breaches. The attempts to identify the true physical location will be foiled due to inaccurate geolocation data.
CIOs point out that obfuscation methods are used to connect proxy activities to direct network traffic across systems or behave as the middle man system for command and control servers as network communications to avoid a direct connection to the infrastructure.
CIOs advise that end-users should not be added to the administrator’s group unless required. Employees should ensure all employees ensure a strong password policy within the organization. File and printing services should be disabled to reduce data breach attacks.