main

Attack Types & VectorsSecurity

What is a Zero-Day Attack?

April 2, 2019 — by Radware0

zeroday-960x640.jpg

Zero-day attacks are the latest, never-before-seen generation of attacks. They are not volumetric or detectable from a known application signature. Security systems and experts must react instantly to solve the new issues, that is, they have zero days to react. Advanced application-level attacks typically fit into this category.

Two Distinct Phases

Probe and Learn: Hackers assess network defenses and probe for vulnerabilities, looking for different weaknesses and identifying the type of attacks that will potentially be effective. It’s like an archer who picks the best arrows to put in his quiver before battle. For example, a hacker may determine that a combination of encrypted attacks, attacks from a rotating IP address source, new low and slow attacks and headless browser attacks will be most effective.

[You may also like: Protecting Applications in a Serverless Architecture]

Optimize, Morph and Attack: Hackers launch the attack and then vary the attack vectors (or arrows from the quiver). In this case, hackers often understand that legacy DDoS mitigators need manual intervention to troubleshoot and mitigate a zero-day attack. So they attack the weakness of the legacy mitigator (multiple manual troubleshooting cycles to stop an attack) in addition to attacking the application vulnerabilities.

Who Are the Attackers?

Richard Clarke, former special cybersecurity advisor to the U.S. president, devised an acronym — C.H.E.W. — to categorize and explain the origin of cyberattacks (that specifically target carriers and enterprises):

  • Cybercrime — the notion that someone is going to attack you with the primary motive being financial gain from the endeavor.
  • Hacktivism — attacks motivated by ideological differences. The primary focus of these attacks is not financial gain but rather persuading or dissuading certain actions or “voices.”
  • Espionage — straightforward motive of gaining information on another organization in pursuit of political, financial, capitalistic, market share or some other form of leverage.
  • War (Cyber) — the notion of a nation-state or transnational threat to an adversary’s centers of power via a cyberattack. Attacks could focus on nonmilitary critical infrastructure.

[You may also like: How Cyberattacks Directly Impact Your Brand]

The attackers can range from a tech-savvy teenager to a highly organized group that taps into huge server farms in places like Russia and Ukraine to facilitate attacks.

The types of hackers are as varied that the methods they employ and include APTs (advanced persistent threats) agents, corporate spies, cybercriminals, cyberwarriors, hacktivists, rogue hackers, spammers and malware spreaders.

Read “Radware’s 2018 Web Application Security Report” to learn more.

Download Now

Attack MitigationAttack Types & VectorsSecurity

Top Cryptomining Malware. Top Ransomware.

August 21, 2018 — by Fabio Palozza3

cryptocurrencies_malware_cryptomining_ransomware-960x640.jpg

In 2018, cryptominers have emerged as the leading attack vector used by cybercriminals to gain access into others systems. Cryptominers are getting advanced makeovers by cybercriminals doing their best to develop innovative cryptominers with ground-breaking capabilities. The recently-discovered cryptominers are not only known for their advanced features, but also for their capabilities to attack a wide range of systems including cloud-based platforms, mobile devices, industrial IT-infrastructure, and servers.

It’s not surprising that cybercriminals have started targeting cloud infrastructures which are based on rich classes of strong computing resources and companies that use cloud platforms to store confidential information. Two of the most striking data breaches that we witnessed this past year were the Monero-miner attack on Tesla’s cloud servers and the data-leak incident that affected FedEx customers.

[You Might Also Like: Malicious Cryptocurrency Mining: The Road Ahead]

Top Cryptomining Malware That Is Dominating the Cybercrime Scene in 2018

The most popular web-based Monero currency miner, Coinhive, undoubtedly occupies the first spot regionally and globally with 25 percent of the companies being affected. With the introduction of Coinhive’s JavaScript mining code in September 2017, the code has been incorporated into thousands of websites allowing cybercriminals to capitalize on visitors’ computing resources. Additionally, the code can be used as substitutes for online advertisements that cybercriminals use to lure visitors to click malicious links. In 2018, threat actors have delivered Coinhive in innovative ways through Google’s DoubleClick service and Facebook Messenger, with code embedded in websites or by hiding code inside YouTube ads. Along with Coinhive, other miners, including Jesscoin and Cryptoloot, have been dominating the malicious cryptomining landscape this year, affecting almost 40 percent of businesses and consumers across the globe.

[You Might Also Like: Raising the Bar for Ethical Cryptocurrency Mining]

RIG Exploit Kit is increasingly being used by cybercriminals to capitalize on system vulnerabilities both regionally and globally. RIG Exploit kits typically work by redirecting people to a landing page that features an embedded JavaScript, the main purpose of which is to identify security flaws in the browser. Cybercriminals use RIG kits to deliver exploits for Internet Explorer, Java, Flash, and Silverlight.  RIG Exploit kits ruled the cybercrime scene in the first half of 2018, moving payloads such as cryptominers and Smoke Loader down the ranking.

XMRig, which is an open-source application for CPU-mining, occupies the third spot across all regions in the United States. The XMrig mining code, which gained popularity in early 2018, has been widely used by a number of crypto-strains, including RubyMiner which is specifically designed to target unpatched Linus servers and Windows. According to Check Point, cybercriminals targeted 30 percent of all business networks to utilize server capacities to support their mining operations.

When it comes to ransomware, Locky, which was first introduced in 2016, occupies the first spot in regional and global lists. Wannacry, which came into the scene in 2017 and made its way to thousands of systems continues to hold a high rank this year.

Read “Consumer Sentiments: Cybersecurity, Personal Data and The Impact on Customer Loyalty” to learn more.

Download Now

Attack Types & VectorsSecurity

Malicious Cryptocurrency Mining: The Road Ahead

August 14, 2018 — by Fabio Palozza1

crypto-part-6-960x640.jpg

As cryptomining continues to rule the cybercrime scenario, cybercriminals are designing innovative ways to drain people’s cryptowallets. Scammers are still doing their best to make the most out of their resources to launch leading-edge scam attempts. The increase in scams is mainly attributed to the failure in implementing appropriate fraud protection measures and unfortunately, popular cryptomining platforms including Coinbase and Bitcoin lack the necessary security features that they need to prevent fraudulent cryptomining activities.