Radware Threat Research Center has identified a hijacking campaign aimed at Brazilian Bank customers through their IoT devices, attempting to gain their bank credentials.
One in three organizations hit by DDoS attacks experienced an attack against their DNS server. Why is DNS such an attractive target? What are the challenges associated with keeping it secure? What attack vectors represent the worse of the worst when it comes to DNS assaults? Based on research from Radware’s 2017-2018 Global Application & Network Security Report, this piece answers all those questions and many more.
HTTP traffic is dominating the internet. In fact, when people are asked about the internet, they are sometimes sure the internet is their browser that connects them to everything online. Data centers also experience a high volume of HTTP traffic and many enterprises are seeing more and more of their revenues coming from online sales. However, as the popularity grows, the risks grow with it, and just like any protocol, HTTP is vulnerable to attacks. Attackers use Denial-of-Service (DoS) attack techniques in order to create denial-of-service on web servers. Such attacks are used to make a point, make some profit or simply for fun. In this blog post I will describe the common DDoS attacks that are launched against HTTP servers.
Since the first Denial-of-Service (DoS) attack was launched in 1974, Distributed Denial-of-Service (DDoS) attacks have remained among the most persistent and damaging cyber-attacks. Let’s examine how these attacks have evolved and how your company can mitigate them:
In late July we were approached by a government agency of a Latin American country who was suffering from an over-a-month long campaign of DDoS attacks they had so far failed to mitigate. Each of the attacks lasted for several hours at a time –sometimes multiple times a day – making it through their existing DDoS protection device and right into the headlines of the local press.
One year ago, a threat actor launched a DDoS attack that disrupted service of some of the internet’s biggest names. The Mirai botnet had enslaved hundreds of thousands of IoT devices and was used to attack several entities, including the managed Domain Name System (DNS) provider Dyn.
The attack on Dyn was an event that many referred to as a wake-up call for internet security.
Except the industry, by and large, never really woke up.
Availability, or the big “A” is often the overlooked corner of the CIA triad. Perhaps a contributing factor is the common belief among security professionals that if data is not available, it is secure. Corporate executives have a different opinion, as downtime carries with it a hefty price tag. While today’s corporate risk assessment certainly involves the aspect of availability, it is focused on redundancy, not on security. Penetration tests, a result of the corporate risk assessment, also fail to test on availability security. In fact, pen testing and vulnerability scanning contracts specifically avoid any tests which might cause degradation of service, often leaving these vulnerabilities unknown until it’s too late. Availability is commonly handed off to be addressed by network engineering to design and build resilient networks. Common risk mitigations in this arena include redundant power, internet links, routers, firewalls, web farms, storage, and even geographic diversity with use of hot, warm and cold data centers. You get the picture; there is a ton of money invested in building network infrastructure to meet corporate availability requirements.
On the morning of October 21st Dyn began to suffer from a denial of service attack (DoS attack) that interrupted their Managed DNS network. As a result, hundreds of thousands of websites became unreachable to most of the world including Amazon’s EC2 instances. This problem intensified later in the day when the attackers launched a second round of attacks against Dyn’s DNS system. Dyn’s mitigation of the attack can be viewed on RIPE’s website where a video illustrates the BGP switches.
DNS is one of the most used protocols on the Internet, and you have probably heard a lot about DNS attacks on the Internet. In this series, I will explain more about the DNS attack types, and the reasons behind using them.
The DNS Protocol
Domain Name Server, or DNS for short, is a protocol that is mainly focused on translating the so-called human format name of a site (the domain name), into the Internet address (IP address), and is often referred to as the Internet phonebook. For example, when you want to go to www.radware.com using a browser, your browser will automatically perform a DNS request to its DNS server to translate www.radware.com into its IP address – 18.104.22.168. The browser will then use this IP address to get the content from www.radware.com. Each enterprise or ISP has its own DNS server that serves its users. The DNS server is automatically configured into any connected device so it can perform DNS queries, usually using DHCP. Public DNS servers are also available, such as Google’s famous 22.214.171.124 DNS server or openDNS (recently acquired by Cisco), which also provide many services on top of the simple DNS response.
March 2012 – Radware’s ERT Busiest Month Ever
Operation Blackout Status:
If you read the press over the weekend, you would have been led to believe that most of Anon’s request for a virtual army fell on deaf ears. To be certain fewer soldiers materialized, and those who did participate were met with even less meaningful impact on their targets than previous efforts.
However, not all was lost. Of the virtual soldiers who decided to pick up their digital battle-axes, they provided enough energy for notable mayhem at a few of the world’s leading organizations.