main

Attack Types & VectorsBotnetsSecurity

DarkSky Botnet

February 8, 2018 — by Yuval Shapira0

darksky-botnet-960x600.jpg

Radware’s Threat Research has recently discovered a new botnet, dubbed DarkSky. DarkSky features several evasion mechanisms, a malware downloader and a variety of network- and application-layer DDoS attack vectors. This bot is now available for sale for less than $20 over the Darknet.

As published by its authors, this malware is capable of running under Windows XP/7/8/10, both x32 and x64 versions, and has anti-virtual machine capabilities to evade security controls such as a sandbox, thereby allowing it to only infect ‘real’ machines.

Security

What Does a Windstorm in Wyoming Have to Do with Cyber Security?

February 7, 2018 — by Carl Herberger0

windstorm-cyber-attack-960x640.jpg

Natural disasters serve as excellent examples of the unforeseen consequences that a cyber-attack against infrastructure will have. Take for example a strong windstorm in Wyoming in February 2017. The storm knocked down power lines, forcing water and sewage treatment plants to operate on backup generators, which weren’t available to some of the pumps that moved sewage from low-lying areas to higher ground. As a result, the sewers backed up after the weather continued to prolonged the outage. While government officials tasked with disaster planning have long focused on the cascading effects of power outages from natural disasters, only recently have they realized the effects of cyber warfare could be quite similar.

DDoSSDNSecurityWAF

Orchestrating Flows for Cyber

January 24, 2018 — by Edward G. Amaroso0

sdn-960x463.jpg

There is a great scene in the movie Victor, Victoria, where the character played by James Garner decides it’s time to mix things up a bit. So, he strolls into an old gritty bar wearing a tuxedo, walks up to the bartender, and orders milk. Within minutes, the other men in the bar decide they’ve had enough of this, and they start an intense bar fight. Garner is soon throwing and taking punches, getting tossed across the floor, and loving every minute of it.

DDoSSecuritySSL

Rethinking the Scrubbing Center

January 23, 2018 — by Eyal Arazi0

scrubbing-centers-960x576.jpg

In the past five years, we have watched a rapid evolution in both sophistication and scale of DDoS attacks.  Long gone are the days of the traditional Denial of Service (DoS) attack.  Now, threat actors use massive IoT botnets to enslave millions of devices into global scale DDoS attacks.  They confuse defenses by launching short multi-vector attacks in bursts, they multiply the force impact of their attacks by using TLS/SSL, and even destroy systems with Permanent Denial of Service (PDoS) attacks.

Attack Types & VectorsDDoSSecurity

Has Cyber Security Reached Its Limits?

January 16, 2018 — by Ben Zilberman0

Hackermanstealinformation-1-960x576.jpg

Thoughts from Radware’s Global Application and Network Security Report

  • Rise of cryptocurrency trade and value boosts attacks;
  • Notorious attacks of the year point at the human factor to blame;
  • Machine-learning technologies are not fully mature nor broadly adopted;
  • Despite a notion of tolerance, in one of four cases customers will take action against a targeted organization;
  • IoT devices power more effective DDoS attacks, but nobody takes responsibility to patch the known holes;
  • Data Leakage is the number one concern of organizations today.

These are just a handful of insights from Radware’s 2017-2018 Global Application and Network Security Report, providing a comprehensive view of the industry trends and evolutions. 2017 was an eventful year, with global cyber-attack campaigns that grabbed headlines in mainstream media and affected the lives of many, in particular the WannaCry, NotPetya and BadRabbit ransom sprees, as well as Equifax and Forever 21 data leaks. Let’s take a closer look at 2017 trends and 2018 predictions:

Attack Types & VectorsSecurity

The Radware Research Roundup

December 28, 2017 — by Radware0

radware-research-roundup-960x641.jpg

As 2017 comes to a close, we decided to take a look back at a number of new attack types and threats that we saw throughout the year. Our team took a deep dive into researching and testing many of these threats to find out how they operate and how big of a threat they really were, through setting up honeypots, intentionally bricking a colleague’s device, and setting up IoT chatbots. Below are some of the highlights from our year: