Last month on Friday, May 12th a global incident related to a ransomware variant named WannaCry broke out, targeting computers around the world. Everything from personal computers to corporate and university networks were affected by this campaign. The campaign spread across networks leveraging a recently disclosed vulnerability in Microsoft SMB service. On March 14th 2017, Microsoft released MS17-010, a security update, that addressed and patched six CVEs. Five were remote code executions and the sixth was related to information disclosure.
Over the last few days, Radware’s Security Research Groups have been monitoring a global incident related to a ransomware variant named WannaCrypt, also known as WannaCry, WanaCrypt0r and wcry. On the morning of Friday May 12th, a ransomware campaign began targeting computers around the world. Once a computer was infected, a worm replicated itself across the network, targeting other computers as well. Worms use a computer network to propagate to other machines and infect them with the malicious payload.
Ideology, politics and religious differences are at the core of operation OpIsrael. OpIsrael is launched by Anonymous with the stated goal of “erasing Israel from the internet” in protest against the Israeli governments’ conduct in the Israeli- Palestinian conflict. This is a yearly operation and was created in 2012. It starts every year on April 7th and ends on April 20th. This operation sees participants from Anonymous, AnonGhost, Red Cult, Anonymous Lebanon, Mauritania Attackers, Cyber Team Tox, M0oDyPL, MCA DDoS Team and LaResistance Hacking Team along with other independent attackers.
The idea of an Internet of Things (IoT) botnet is nothing new in our industry. In fact, the threat has been discussed for many years by security researchers. It has only now gained public attention due to the release and rampage of the Mirai botnet. Since Mirai broke the 1Tbps mark in late 2016 the IoT threat has become a popular topic of conversation for many industries that utilize connected devices. Not only are companies worried about if their devices are vulnerable but they are also worried if those devices can be used to launch a DDoS attack, one possibly aimed at their own network.
The Ring of Fire map from Radware tracks vertical markets based on the likelihood that organizations in these sectors will experience an attack.
Education, freedom and knowledge. These are the pillars for higher learning, but have often been used to describe some open source projects and services that have the potential to be abused by those that are not so innocent. Over the last two years, tools like stressers, Remote Administration Tools (RAT) and ransomware have been published under these pretenses, but do they serve a legitimate purpose? These projects have set off an international debate in the information security community and many wonder if they should be available to the public. Often the justification for these projects is that they are intending to show the potential risks so they can be used to prevent infections or reduce potential damage. With stressers, they claim that the services are to be used to improve and test security products and to understand attack behavior targeting their network. But are they?
Earlier this month my colleague Carl Herberger wrote a blog post regarding how the internet was rolling back our freedoms. I would agree with him. As time moves forward, we are seeing more situations where no one can hide from their government as the internet closes around them. An open internet as we know it may be coming to an end as several countries begin moving towards the idea of a centralized gateway that is controlled by their government.
2016 has been an eventful year when it comes to denial of service attacks. This year the industry as a whole has seen the largest attacks ever, and new attack vectors designed to test and challenge modern day defenses. Every year Radware’s ERT sees millions of attacks and our ERT Researchers throughout the year are constantly reviewing and analyzing these attacks to gain further insight into trends and changes in the attack vector landscape.
This year, two of the most common trends among attackers were burst attacks, aka “hit and run”, and advanced persistent denial of service (ApDoS) campaigns. Throughout the year we have observed a number of attackers using short bursts of high volume attacks in random intervals, and attacks that have lasted weeks, involving multiple vectors aimed at all network layers simultaneously. These types of attacks have a tendency to cause frequent disruptions in a network server’s SLA and can prevent legitimate users from accessing your services.
First, what is Bitcoin and where did it come from?
Bitcoin (BTC) is a cryptocurrency payment system based off of the blockchain, a core component of the digital currency. The blockchain was introduced by a pseudonymous creator, Satoshi Nakamoto, in 2008 and open sourced for the currency in 2009. The blockchain serves as a public ledger that records all Bitcoin transactions. One of Bitcoin’s main features is the fact that the system is a decentralized peer-to-peer payment network with no central authority, which means that it provides a certain level of anonymity with no central point of failure, though most services and business that use Bitcoin are centralized in one way or another. While there are numerous legitimate uses for Bitcoin like investing, paying friends or shopping, a number of criminals have adopted the currency for selling services and deploying ransom campaigns due to its level of anonymity.
Social Engineering is a process of psychological manipulation, more commonly known in our world as human hacking. The sad reality behind Social Engineering is it is very easy to do. In fact, it’s so easy that even a teenager can do it and destroy your company, all on a Friday night. The goal is to have the targeted victim divulge confidential information or give you unauthorized access because you have played off their natural human emotion of wanting to help. Being nice is a human trait and everyone wants to be kind and helpful. If you give someone the opportunity to save the day or to feel helpful, they will most likely divulge the information required. Most of the time the attacker’s motives are to either gather information for a future attack, to commit fraud or to gain system access for malicious activity.