main

Attack Types & VectorsDDoSSecurity

Threat Alert: Bitcoin Exchanges and Websites Experiencing DDoS Attacks

July 6, 2016 — by Daniel Smith1

bitcoin-exchanges-ddos-attack-3-960x555.png

Threat Alert: Bitcoin Exchanges and Websites Experiencing DDoS Attacks

Over the last several months, our ERT Research team has noticed a growing trend of attackers targeting Bitcoin exchanges and websites that deal with Bitcoin directly. These websites are increasingly becoming the target of DDoS attacks for a number of reasons. First, they are mainly targeted by extortionists, but they are also experiencing attacks from competition and user aggression.

Bitcoin-related sites attract a lot of attention and demand from their users, but this also plays against them. This dedicated user base requires instant access and live updates about market conditions and the current value of Bitcoin. When these services go down, thousands of users are left locked out of their accounts, which can result in reputation damage or financial loss for their users. This is also why extortionists choose to target these sites; not only do they have Bitcoin on hand, but some are not willing to go offline even for a moment due to the fear of losing clients.

DDoS AttacksHTTP Flood AttacksSecurity

Much more than Outage: 2013 DDoS Market Review

January 27, 2014 — by Motty Alon1

What comes to mind when the term “Denial of Service” is mentioned? Probably website outage.

This image has been crafted over the last couple of years with media, analysts and bloggers all talking about Denial of Service attacks, but mostly when the result of the DoS attack caused a site outage. Our latest report, the Radware Global Application and Network Security Report addresses this and other misconceptions about DDoS.

Attack MitigationDDoS AttacksSecurity

Inside the World of Hacker Reconnaissance

March 19, 2013 — by Eyal Benishti1

The inventor of the telephone, Alexander Graham Bell once stated, "Before anything else, preparation is the key to success." Unfortunately, it appears that attackers launching DoS/DDoS attacks have embraced this line of thought and invested their efforts in reconnaissance and meticulous preparation during the "pre-attack" phase. Drawing from attacks handled by our Emergency Response Team (ERT), Radware recently conducted research on the ways in which pre-attack planning and detailed preparation dramatically increases the potency and success rate of attacks.

Application SecurityAttack MitigationDDoS AttacksHTTP Flood AttacksSecurity

Stock Exchanges in the Line of Fire

March 6, 2013 — by Ziv Gadot0

During last week’s RSA conference in San Francisco, I gave a lecture titled "Stock Exchanges in the Line of Fire – Morphology of Cyber Attacks." Based predominantly on my experience as part of Radware’s Emergency Response Team (ERT) that provides 24/7 DDoS attack mitigation support, I focused on three specific topics:

Application SecurityAttack MitigationBotnetsBrute Force AttacksDDoS AttacksHTTP Flood AttacksPhishingSecuritySecurity VirtualizationSEIMWeb Application Firewall

New Attack Trends – Are You Bringing a Knife to the Gunfight?

January 22, 2013 — by Ziv Gadot0

Today, we launched our 2012 Global Application and Network Security report. It was prepared by our security experts – the Emergency Response Team (ERT) – who’ve seen their fair share of cyber attacks while actively monitoring and mitigating attacks in real-time. In this year’s annual report, our experts have uncovered several new trends in cyber-security worthy of a closer look.

DDoS AttacksSecurity

Security Week Article: The Missing Layer Against Encrypted Attacks

December 5, 2012 — by Avi Chesla1

I recently contributed another column to Security Week about attackers launching attacks over HTTPS more than ever before. With an increased level of encrypted traffic on enterprise networks, attackers are taking advantage of this blind spot within the organization’s security model.

Social Media services and online financial services have become targets. Most will employ different layers of defense for an encrypted attack. However, this approach will not be effective if an attack included an availability-based threat vector such as Denial of Service attack or zero-day advanced threats.

This is because processing an encrypted attack consumes more system resources than processing non-encrypted data. As a result, an attacker is able to make a big impact even at relatively low rates of requests per second. The solutions that can decrypt the traffic can only detect the known low rate attacks rather than the unknowns (zero-day).

To really help mitigate an attack such as this, a network needs to include another layer which is the network wide attack protection.

I share my thoughts on what an organization needs in order to successfully handle these threats and invite you to read this column to learn more about it. You can also tweet about the column to share it with your followers.

Attack MitigationDDoS AttacksSecurity

Security Week Article: The Need for Resource-Aware Mitigation Technology

August 21, 2012 — by Avi Chesla0

Recently, I wrote an article for Security Week on the growing need for security solutions to manage under-the-radar attack tools before they wreak long-term havoc on the network. When first hearing about another lethal DoS (denial-of-service) attack, the first thing that comes to mind is the volume of traffic attackers sent to take down a service, or to flood a victim’s network. Realizing a more “affordable” solution, attackers are now favoring techniques that require very little resources and can slowly occupy a victim’s machine until the resources are spent.

DDoS AttacksHTTP Flood AttacksSecurity

DoS Attack Forensic: Following Sherlock Holmes Footsteps

August 2, 2011 — by Ziv Gadot0

Denial-of-Service (DoS) Attack forensics has several motivations. When under attack, this process is important to identify the attacker and safely distinguish it from legitimate traffic, and in turn to accurately employ various mitigation techniques to block it. After the attack is over, forensic is important for our customers to understand the attack origin, motivation, preparation for a second strike, and as a basis for legal actions. Our research team values forensic as a research tool that improves our understanding of the DoS attack world.