Change is inevitable and it happens in every industry. Those that evolve with change often help lead the transformation and revolutionize their domain. In 2016 we began to enter the era of digital transformation in our industry and changes have begun to take place that are revolutionizing the way we consume, collect and deliver data to every aspect of society. Along with these changes have we seen the creation of new businesses and opportunities centered around this evolution in connectivity. Digitization is creating growth opportunities and offering user experiences in ways we have never seen before.
As the 2018 Winter Olympics in PyeongChang approaches, Radware’s Emergency Response Team (ERT) and Threat Research Center turn their attention to the large crowds and target-rich environments created by high-profile events once again. With over 1.07 million tickets available for 102 events over 16 days, spread out across two clusters and containing a total of 12 venues, the crowds at the 2018 Winter Olympics will bring a large demand for connectivity. This enormous demand for connectivity and technology at the Winter Olympics will also pose a security risk for Olympic organizers, partners, sponsors, suppliers, service providers, athletes and attendees.
2017 has been another eventful year for denial-of-service attacks. Radware’s ERT team has monitored a vast number of events, giving me ample opportunities to review and analyze attack patterns to gain further insight into trends and changes in the attack vector landscape. Here is some insight into what we have observed:
More than half of all internet traffic is bot-driven. That means, if you have a website, you have experienced bots in one way or another. Bots are automated software that interacts with your website for a number of different reasons, both in a legitimate and illegitimate way.
The growth of DDoS-as-a-Service has resulted in a wide array of powerful and affordable DDoS services available to the public. Since the beginning of 2016, Radware’s ERT Research division has been monitoring a number of services available on both the clear and the darknet. These off-the-shelf attack services have been used to launch DDoS attacks on a number of industries including ISPs, media, financial service companies and online gaming. These services are commoditizing the art of hacking by making it possible for novices with no experience to launch large scale attacks.
Darknet markets are nothing new but they have grown considerably in popularity since the highly publicized take down of the Silk Road marketplace in October of 2013. Since then users around the world have flocked to these sites in search of drugs and other illicit services. Due to the high demand and availability for these items many marketplaces began to spring up across the Darknet. Most of these marketplaces feature drugs, but after the Silk Road takedown, marketplaces began offering items Silk Road wouldn’t allow. These items included weapons, credit cards and other malicious services like malware, DDoS-as-a-service and data dumps.
Over the years Radware has followed the evolution of DDoS attacks directed at the gaming industry. For the industry, large-scale DDoS attacks can result in network outages or service degradation and has become an everyday occurrence. In 2016 Lizard Squad and Poodle Corp launched repeated attacks against EA, Blizzard and Riot Games, resulting in service degradation and outages for users around the world.
This blog discusses active research from Radware’s ERT research team regarding a DDoS for Ransom campaign.
This is a preliminary report and will be updated accordingly.
Last month on Friday, May 12th a global incident related to a ransomware variant named WannaCry broke out, targeting computers around the world. Everything from personal computers to corporate and university networks were affected by this campaign. The campaign spread across networks leveraging a recently disclosed vulnerability in Microsoft SMB service. On March 14th 2017, Microsoft released MS17-010, a security update, that addressed and patched six CVEs. Five were remote code executions and the sixth was related to information disclosure.
Over the last few days, Radware’s Security Research Groups have been monitoring a global incident related to a ransomware variant named WannaCrypt, also known as WannaCry, WanaCrypt0r and wcry. On the morning of Friday May 12th, a ransomware campaign began targeting computers around the world. Once a computer was infected, a worm replicated itself across the network, targeting other computers as well. Worms use a computer network to propagate to other machines and infect them with the malicious payload.