A Murderers’ Row of Poisoning AttacksOctober 13 2019
“Garbage in, Garbage out,” is a concept as old as computing. Results can be no better than the data used as input, and that is as true for network and application infrastructure as for enterprise applications. Attackers take advantage of this by intentionally providing bad information to components and infrastructure in a process called “poisoning.”
Poisoning can be used against a number of vulnerable points in the application and network infrastructure. This article will look at four: Two network attack points, one application, and one that can have an impact on either.
Both of the network attack points, DNS and ARP table, deal with addresses. In particular, they are part of the multi-step process by which hardware components are reachable by software, firmware, and other hardware.
A third attack point, a cache, can hit either network or application infrastructure. Because DNS and ARP entries can be cached, those caches can be attacked as part of an attack on those services. Web addresses are also cached, and a web cache poisoning attack can be quite insidious.
Finally, new application building methods bring new attack vectors — and machine learning “model poisoning” is a very real threat for a growing array of applications in different parts of enterprise IT.
With so many opportunities for cyber-arsenic to stain lacy connections that bind modern networks and servers into a useful infrastructure, the question for many IT security professionals is where first to turn their attention.
There are a number of levels in the hierarchy that supports DNS resolution. When a user types a URL into their browser window, the first step is a check to see whether the address for that URL is stored in the computer’s cache. The next check is to see whether the local router has stored the address.
If it’s not in either of those, then the next step is the recursive server identified in the computer’s network settings. (Some companies have their own recursive DNS, practically all ISPs do, and there are a number of public recursive DNS servers available for organizations and individuals to use, like Google, Cloudflare, Quad9, and OpenDNS.) If the recursive DNS server doesn’t have the requested name stored, it sends a request to its nearest root server, which points the inquiring recursive server to a top-level domain name server, which sends the request finally on to the final step of its journey at an authoritative server, where name/address pairs are made.
There are vulnerabilities at several stages in this resolution chain. In April, Cisco Talos released information on the Sea Turtle campaign that hijacked and re-directed traffic from more than 40 government and enterprise organizations. This campaign was noteworthy because it was the first known instance of a group successfully poisoning data all the way to the name server level, leaving only root DNS servers secure (for now).
The multiple steps show why caching is so important for performance across the Internet. Attackers can enter bad data — “poisoned” data — into the local system’s cache in any of several ways. The most direct way is to alter the cache via malware that rewrites the data in the cached database. Another method is to intercept a request and respond as though the bogus server is authoritative. In any case, the result is a visit to an illicit, malicious server with no warning to the victim.
Just as DNS ties a name (the URL) to an IP address, address resolution protocol (ARP) ties a physical address (the media access control, or MAC address) of a particular network interface to an IP address. ARP resolution results are stored in a file. And when a device receives an ARP response, it puts it into a cache — whether it requested that response, or not.
If bogus ARP responses are sent to a system, they’ll be cached and used for transaction routing. One of the results can be an attacker’s computer that receives all the traffic intended for a legitimate system on the network.
ARP poisoning can be used against both network infrastructure devices like routers and endpoints like laptops; all it takes is an ARP request response to the victim’s IP address and the poison is in place. Ettercap is a popular tool for ARP poisoning attacks, especially those that result in a man-in-the-middle campaign.
And since ARP is one of many Internet protocols that has trust baked in, there’s no mechanism for verifying the true source of the response, the accuracy of the data in the response, or the pure heart of the sender.
In addition to bringing evil hardware into the trusted circle of the network ARP poisoning can be used to mask the true sender of malicious data — the “Smurf attack” version of a DDoS attack uses just such a technique to keep the defensive team guessing about where all those wicked packets are coming from.
Because ARP poisoning attacks are tailored to a particular victim, they tend not to be big, “loud” attacks that become known in the business community. But when security professionals are learning their craft, and when those professionals gather to discuss their business, ARP poisoning is almost always on the agenda.
Web Cache Attack
Everyone knows that the idea behind caching is to store frequently requested data where it can be retrieved as quickly as possible. Cache poisoning is when a nefarious system makes a request to the cache that causes the cache to grab and store terrible, horrible, no-good data which it will then serve to innocent systems which ask for information. This is the sort of attack detailed by James Kettle, head of research at PortSwigger Web Security, in the exploit he detailed at Black Hat 2018.
In most cases, the bad information chain starts with a carefully crafted HTTP request. These requests can take advantage of websites that employ programming that, for example, includes the address of specific resources, like images, in the URL.
Attackers will use software known as “cache busters” to rapidly find vulnerable URLs. And what will the attacker do once a vulnerability is found? One popular option is to poison the cache with a URL that includes a link to a third-party website — one that contains malware. When an unwitting visitor requests a particular asset — say, a particular image — the poisoned response delivers the image with a side-order of malware.
This last form of poisoning is the most recent to rear its malicious head. Model poisoning takes advantage of the fact that artificial intelligence and machine learning systems aren’t “born” fully formed: they have to be trained on, and given a model of their world against which to judge new input. If an attacker can manipulate the model, they can manipulate the system’s results.
There have been some famous examples of model poisoning in trivial applications, from tricksters teaching a Microsoft AI to be racist to researchers feeding image recognition systems images that force it to wrong conclusions.
According to a paper published by the IEEE in 2018, “Such poisoning attacks have been practically demonstrated in worm signature generation, spam filters, DoS attack detection, PDF malware classification, handwritten digit recognition, and sentiment analysis.” These poisoning attacks are most easily launched when machine learning systems are building their models based on data from the real world. In these cases, an attacker who understands what the system is attempting to do can manipulate the data it learns from, in effect teaching it a warped view of the world.
There will be more opportunities for model poisoning as machine learning and AI systems become more common in enterprise IT. Building substantial models before the intelligent system is released “into the wild” and maintaining human monitoring in supervised learning scenarios are two techniques currently used as data scientists teach their AIs well.
As long as data is part of a system, the opportunity to manipulate that data will exist — and security teams will be forced to deal with protecting their systems and cleaning up the messes that result from successful poisoning.
- The Beginner’s Guide to Denial-of-Service Attacks
- Security Pros’ Painless Guide to Machine Intelligence, AI, ML DL
- Cybercrime: AI’s Growing Threat
- Why Businesses Fail to Address DNS Security Exposures
- Website Attack Attempts Rose by 69% in 2018
This free, all-day online conference offers a look at the latest tools, strategies, and best practices for protecting your organization’s most sensitive data. Click for more information and, to register, here.
Curtis Franklin Jr. is Senior Editor at Dark Reading. In this role he focuses on product and technology coverage for the publication. In addition he works on audio and video programming for Dark Reading and contributes to activities at Interop ITX, Black Hat, INsecurity, and … View Full Bio