Humaniq

BlackNurse Vulnerability Lets Anyone With A Semi-decent Internet Connection DDoS Major Websites

For those people who were wondering when the next wave of DDoS attacks was to take place, the wait seems almost over. BlackNurse, a new DDoS tactic, is capable of knocking major platforms offline without expensive hardware requirements. In fact, users only need one computer to pull off a successful attack.

BlackNurse Is A Far Bigger Threat Than We Realize

Major exploits hardly ever get mainstream media coverage, but that does not make them less of an issue. BlackNurse lets criminals with few resources attack large companies and platforms. There is one requirement, though, as these platforms have to be protected by Cisco Systems firewalls. Other manufacturers seem vulnerable to similar attacks as well.

With just a 15-megabit connection, anyone in the world could cause major issues for big companies. Compared to how most DDoS attacks require thousands or millions of zombie devices to be successful, BlackNurse is a legitimate threat that can occur at any given time. Although it requires far fewer resources, the consequences are virtually the same.

Assailants can send a special ICMP packet to server firewalls, which will then overload the CPU. Once traffic is sent through at a rate of at last 15 mbits, the firewalls will start to suffer from increasing packet loss. As a result, the server protected by these firewalls will simply become inaccessible. More importantly, assailants can maintain this steady stream of traffic with relative ease.




To make matters worse, the BlackNurse exploit will have an impact on users who are active on the server’s local area network as well. Opening websites will be either very slow or virtually impossible. Once the attacks cease, firewalls can quickly recover, and business is resumed like normal. It is expected that hackers will exploit this opportunity and demand companies to pay a ransom to ensure that these attacks will not take place.

Moreover, this creates new business opportunities for criminals looking to provide “denial-of-service attacks as a service”.  As we have seen with one Israeli company, such a service can be quite popular, and people are willing to pay a lot of money to make life difficult for their competitors.

In a rather surprising turn of events, Cisco does not consider BlackNurse an active security threat. Considering how their devices seem vulnerable to this attack, this is quite an odd stance. Then again, maybe they are aware of specifics that the rest of the world does not know of yet. Either way, BlackNurse is a very grave threat, and anyone can be targeted by it.

If you liked this article, follow us on Twitter @themerklenews and make sure to subscribe to our newsletter to receive the latest bitcoin, cryptocurrency, and technology news.