Dear Visitor,

Our system has found that you are using an ad-blocking browser add-on.

We just wanted to let you know that our site content is, of course, available to you absolutely free of charge.

Our ads are the only way we have to be able to bring you the latest high-quality content, which is written by professional journalists, with the help of editors, graphic designers, and our site production and I.T. staff, as well as many other talented people who work around the clock for this site.

So, we ask you to add this site to your Ad Blocker’s "white list" or to simply disable your Ad Blocker while visiting this site.

Continue on this site freely
You are here: Home / Network Security / Feds Warn of New Form of NTP Attack
Feds Warn of New NTP Hack Endangering Infrastructure
Feds Warn of New NTP Hack Endangering Infrastructure
By Jef Cozza / CRM Daily Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
Hot on the heels of accusations by the FBI that North Korea was behind the most devastating hack in U.S. history, the federal government has just issued an advisory warning that large swaths of critical industrial-control infrastructure could be vulnerable to yet another form of attack that takes advantage of the Network Time Protocol.

The danger lies in a weakness in NTP, which is widely used to synchronize the clocks in servers across networks, that can be exploited by hackers to conduct remote attacks, according to an advisory by the government on Friday. Not only that, but hacker tools targeting the exploit are widely available.

Network Time Protocol

NTP is an open-source protocol widely used by networks considered to be critical IT infrastructure by the federal government. Hackers could use the vulnerability in order to execute code on a system with the privileges of the Network Time Protocol daemon (ntpd) process.

The problem resides in the way NTP manages its stack buffer. In earlier versions of NTP, a remote attacker can send a carefully crafted packet that can cause the stack buffer to overflow and potentially allow malicious code to be executed with the privilege level of the ntpd process. All NTP4 releases before 4.2.8 are vulnerable. System administrators are advised to upgrade to NTP-stable 4.2.8, which was released on Friday. The exploit was discovered by Neel Mehta and Stephen Roettger, two researchers in the Google Security Team who were coordinating their efforts with the Department of Homeland Security.

"Impact to individual organizations depends on many factors that are unique to each organization," according to the advisory published Friday by the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT), a group within the Department of Homeland Security responsible for coordinating responses to threats to critical infrastructure. "ICS-CERT recommends that organizations evaluate the impact of this vulnerability based on their operational environment, architecture, and product implementation."

Unfortunately for anxious system admins, ICS-CERT says attackers do not need to be particularly skilled to carry out the hack. Worse, tools to exploit the vulnerability are available publicly.

Protecting Your Systems

This is hardly the first time NTP has been implicated as a potential vector for hackers. NTP attacks provide hackers with the ability to generate high-volume Distributed Denial of Service traffic to target Web sites or public-facing devices in order to disrupt services. Attacks taking advantage of NTP first began appearing around November 2013. This year, NTP attacks were used in 14 percent of all DDoS attacks in Q1, and 6 percent in Q2.

In addition to upgrading to Friday's release of NTP-stable 4.2.8, ICS-CERT is also encouraging asset owners to take additional defensive measures to protect against the vulnerability. Among its recommendations, ICS-CERT said system admins should minimize network exposure for all control system devices and/or systems, and ensure that they are not accessible from the Internet.

Additionally, ICS-CERT recommends that businesses locate control system networks and remote devices behind firewalls, and isolate them from the business network.

Tell Us What You Think


Like Us on FacebookFollow Us on Twitter
© Copyright 2018 NewsFactor Network. All rights reserved. Member of Accuserve Ad Network.