BlackNurse: The cyber attack that can take out a business in one hit

18 November 2016

2 min read

Researchers have discovered a new Denial of Service (DoS) attack that can disrupt an entire network – all from a single laptop. Meet BlackNurse.

BlackNurse: The cyber attack that can take out a business in one hit (Desktop)

There’s a new cyber attack on the scene and it’s called BlackNurse. Normally DoS attacks require large numbers of devices or IP addresses to disrupt networks. However, instead of utilising the power of hundreds of devices to bombard a network or server, BlackNurse only needs one.

Danish researchers at the Security Operations Center of telecom operator TDC discovered this new way of delivering a DDoS attack and spoke about it in their PDF report:

A single laptop can take down a firewall.

“The BlackNurse attack attracted our attention because in our anti-DDoS solution we experienced that even though traffic speed and packets per second were very low, this attack could keep our customers' operations down. This even applied to customers with large internet uplinks and large enterprise firewalls in place. We had expected that professional firewall equipment would be able to handle the attack.”

BlackNurse works by sending out an Internet Control Message Protocol (ICMP) error message in a low volume, which then overwhelms the processor of a firewall. The efficacy of the attack depends on the speed of the internet connection – a fast connection means a single laptop can take down a firewall.

What’s concerning about this is that BlackNurse is a lot more efficient than the large-scale DDoS attacks that took Dyn’s DNS servers in October. Netresec, a security firm, released a statement that BlackNurse has a similar level of damage to high-profile attacks, but only needs a connection speed of around 21Mbps instead of 1 Tbps.

TDC’s report contains specific instructions and rules on how to detect BlackNurse attacks. The security community have already responded to the news with a proof-of-concept code on GitHub which allows you to test if your equipment is vulnerable to BlackNurse.

BlackNurse has a similar level of damage to high-profile attacks, but only needs a connection speed of around 21Mbps instead of 1 Tbps.

What we can do is bolster our security and make the most of everything available to us. The UK government is currently offering a £5,000 grant to help small businesses implement its list of recommended IT security policies. Businesses are encouraged to apply to funding competitions to help them develop their efforts.

To learn more about how to make your business as secure as possible, check out our series of cyber security articles here. HP devices are designed with state of the art security features, whether you’re using  HP Secure Managed Print Services or Windows 10 on your HP laptops.

Cyber Security eBook