Food for thought #1

Posted byAaron.Posted inCyber Security, Food for Thought.

Hello world!

Today the UK has seen what can only be described as “downtime” with some factor regarding contactless payments, and the speed at which payments were being processed. Being the Cyber security geek, one would love to speculate of a “cool” but very uncool cyber attack on the UK’s payment systems, I haven’t found any articles or official tweets but noticed today when I went to buy a meal deal and had a brief talk with the security guard about it.

From what I have gathered it bears a similarity to the expected results of denial-of-service attacks, this means that the amount of data being sent is simply too much for the system to handle and would have very severe effects if used on some of our certain security systems such as a NIDS (Network intrusion detection system). The method would likely be a SYN flood, which is a type of denial-of-service attack (One of my best friends informed me that TCP/UDP floods are more frequent in the current landscape.) Anyway, whilst this all sounds super cool (just me?)… My theory is simple, straightforward and doesn’t involve any hackers at all.

It’s been a sunny week in the UK, as we are in the gradual easing of our national lockdown and shops, restaurants, pubs and bars all open again… It seems possible that by some sort of automated (or manual) management system being in place to deal with the amount of traffic that it needed to, but not so much that it was wasting energy and money. This would of likely caused the system to get used to that amount of traffic and recent days have led to a surge in commerce, this being said not every denial-of-service is an attack.

A denial-of-service as I described earlier, means that the system is overwhelmed with more traffic than it is either built to take, is expecting to be sent or any controls done by our friendly network admins. But it doesn’t always mean you’re under attack, and I’m sure that the monitoring systems, packet captures and so on would be interpreted in this way and diagnosed correctly before progressing to the next stage of incident response.

Patch your shit!