The frenetic pace of network security threats leads businesses of all size, and managers at all levels, struggling to understand risk.
As consumers are getting their shopping lists ready for the biggest shopping days of the year, businesses should get ready as well. Cyber-attacks, and most notably DDoS attacks, are more likely to occur on high traffic days – in fact, according to a 2013 eCommerce Cyber Crime Report conducted by the Ponemon Institute, 64% of respondents say "their organizations have seen an increase in Internet fraud and/or website attacks on high traffic days such as Cyber Monday."
Radware’s Emergency Response Team (ERT) is reporting a new vulnerability published under CVE 2014-3566 named POODLE (Padding Oracle on Downgraded Legacy Encryption). This SSLv3 POODLE vulnerability can force a client to negotiate SSLv3 instead of TLS and then carry out BEAST (Browser Exploit Against SSL/TLS) attacks to obtain information from an encrypted stream.
Several months ago, following an in-depth analysis of attack methods and defense techniques, the Radware Emergency Response Team (ERT), developed a set of network security predictions that the industry could face this coming year. Let’s take a look at their forecast and see where we stand now.
Recently, I wrote an article for Help Net Security to discuss the modus operandi of cybercriminals and how this can lead to different types of cyber attacks. While we have previously encountered huge distributed denial of service (DDoS) attacks that appear to come from nowhere and flood the victim’s network security, we have begun to see much more stealth and more sophisticated attacks causing just as much, if not more, damage.
This week, I was interview by Fox Business on how hacktivism takes center stage when geopolitical tensions rise. (Geopolitical Tensions Invade Cyberspace, March 11, Fox Business)
In the interview, we discussed how groups and actors that are against state-run edicts, policies and the like take to the web to quickly mobilize and then antagonize and disrupt their adversaries. They leverage online outlets such as YouTube, Twitter, Facebook and other social media properties as their platform to denounce who they’re against and why.
The inventor of the telephone, Alexander Graham Bell once stated, "Before anything else, preparation is the key to success." Unfortunately, it appears that attackers launching DoS/DDoS attacks have embraced this line of thought and invested their efforts in reconnaissance and meticulous preparation during the "pre-attack" phase. Drawing from attacks handled by our Emergency Response Team (ERT), Radware recently conducted research on the ways in which pre-attack planning and detailed preparation dramatically increases the potency and success rate of attacks.
During last week’s RSA conference in San Francisco, I gave a lecture titled "Stock Exchanges in the Line of Fire – Morphology of Cyber Attacks." Based predominantly on my experience as part of Radware’s Emergency Response Team (ERT) that provides 24/7 DDoS attack mitigation support, I focused on three specific topics:
Imagine the following scenario: You’re a hosting company and you receive a call from one of the largest banks in the United States informing you that they are currently experiencing a cyber attack. Why are they calling you? The attack is coming from your servers.
Today, we launched our 2012 Global Application and Network Security report. It was prepared by our security experts – the Emergency Response Team (ERT) – who’ve seen their fair share of cyber attacks while actively monitoring and mitigating attacks in real-time. In this year’s annual report, our experts have uncovered several new trends in cyber-security worthy of a closer look.