Abuse.ch cybersecurity experts: Corporate web proxy operators shoud block outgoing network traffic towards api.telegram .org. The malware until now exploited FTP or SMTP.
IP “serial hijackers” could br traced in the future, thanks to a new machine-learning system developed by cyber security researcher at MIT and University of California at San Diego (UCSD)
IP hijackers could be traced in future. Cyber security researchers at MIT and the University of California at San Diego (UCSD) developed a new machine-learning system that illuminates some of the common qualities of what they call “serial hijackers,” as Infosec News Ireland reports, training it to be able to identify roughly 800 suspicious networks — and found that some of them had been hijacking IP addresses for years. The paper is a collaboration between CSAIL and the Center for Applied Internet Data Analysis at UCSD’s Supercomputer Center. It was written by Cecilia Testart, David Clark. Philipp Richter, Alistair King and Alberto Dainotti. “Network operators normally have to handle such incidents reactively and on a case-by-case basis, making it easy for cybercriminals to continue to thrive,” says Testart. “This is a key first step in being able to shed light on serial hijackers’ behavior and proactively defend against their attacks.”
Cybercrime and state-sponsored hackers exploit a key shortcoming in the Border Gateway Protocol (BGP)
According to the cyber security experts, IP hijackers exploit a key shortcoming in the Border Gateway Protocol (BGP), a routing mechanism that essentially allows different parts of the internet to talk to each other. Through BGP, networks exchange routing information so that data packets find their way to the correct destination. In a BGP hijack, a malicious actor convinces nearby networks that the best path to reach a specific IP address is through their network. That’s unfortunately not very hard to do, since BGP itself doesn’t have any security procedures for validating that a message is actually coming from the place it says it’s coming from. Moreover, hijacking IP addresses is an increasingly popular form of cyber attack for a range of reasons: from sending spam and malware to stealing Bitcoin. Moreover, not only cybercrime use it. Also state-sponsored hackers exploited it to gather intelligence from different countries.