This is the last part of the blog series exploring the various alternatives for protection against DDoS attacks, and how to choose the optimal solution for you. The first part of this series covered premise-based hardware solutions, the second part discussed on-demand cloud solutions, and the third part covered always-on cloud solutions. This final piece will explore hybrid DDoS solutions, which combine both hardware and cloud-based components.
As the world waits for the introduction of 5G networks, the industry gears up to address the security challenges that may accompany 5G. The 5G networks would essentially promote the use of a huge number of interconnected devices, a tremendous increase in bandwidth, and collaborative functioning of legacy and new access technologies. Undoubtedly, the upcoming 5G environment would demand the deployment of additional security mechanisms to ensure business continuity. 5G systems are meant to be service-oriented, which is why it is important to address the security challenges appropriately and to focus on instilling stronger security and privacy settings in 5G networks.
On April 12, 2018, Radware’s threat research group detected malicious activity via internal feeds of a group collecting user credentials and payment methods from Facebook users across the globe. The group manipulates victims via phishing emails to download a painting application called ‘Relieve Stress Paint.’ While benign in appearance, it runs a malware dubbed ‘Stresspaint’ in the background. Within a few days, the group had infected over 40,000 users, stealing tens of thousands Facebook user credentials/cookies. This rapid distribution and high infection rate indicates this malware was developed professionally. The group is specifically interested in users who own Facebook pages and that contain stored payment methods. We suspect that the group’s next target is Amazon as they have a dedicated section for it in the attack control panel. Radware will continue to analyze the campaign and monitor the group’s activity. Prior to publication of this alert, Radware has detected another variant of the malware and saw indication of this new version in the control panel.
The recent data breaches against Panera Bread, Delta Airlines and Sears, and Saks and Lord & Taylor highlight a lot: the need for improved web application and Internet security processes, better accountability, and enhanced crisis management. But perhaps more than anything, it highlights why cyber-security is critical to securing the loyalty of your organization’s most valued customers.
When you think about the future of threat intelligence, we can all agree that threats morph, constantly. Sophisticated new botnets, the increase in DDoS-as-a-Service tools, and the rise in cryptocurrency are creating an unpredictable environment where even novice attackers can demand ransoms, carry out attacks, and rent IoT botnets. Known attack types also rise and fall in popularity, as demonstrated by recent attacks such as Memcached. “What’s old is new again,” but with a twist of a new vector or motive. This provides one of the biggest challenges for those of us in the cyber-security community. How do we make sure that we are identifying and mitigating attacks quickly, protecting our customers and the organizations they serve with minimal business impact?
Threats evolve fast, don’t lag behind!
I recently returned from a business trip to an exotic destination, which is also a massive emerging market depending on how you look at it. The folks I’ve met do not seem to face other challenges than what you see in mature markets, but I could easily relate to the sheer interest of people to learn and adapt and act quickly. They were keen to get knowledge and use it, knowing that without it they may stay behind.
In today’s threat landscape, if you aren’t able to react quickly enough, you will suffer.
Most of my life has been centered around architecture and design. Both my grandfather and great grandfather were architects and during my childhood I spent a lot of time in and around their buildings.
This blog series dives into the different DDoS protection models, in order to help customers choose the optimal protection for their particular use-case. The first parts of this series covered premise-based appliances and on-demand cloud services. This installment will cover always-on cloud DDoS protection deployments, its advantages and drawbacks, and what use-cases are best for it. The final part of this series will focus on hybrid deployments, which combine premise-based and cloud-based protections.
SIP-enabled devices have gained widespread use in recent times. With more and more VoIP applications that use SIP as their signalling protocol being developed these days, the industry should put greater emphasis on safeguarding SIP assets against undesirable exploitations that may either degrade the quality of VoIP services or promote cyber-crime.
This blog series explores the various options for DDoS protection and help organizations choose the optimal solution for themselves. The first part of this series covered the premise-based DDoS mitigation appliance. This installment will provide an overview of on-demand cloud-based solutions. Subsequent chapters will also cover always-on and hybrid solutions.