main

Attack Types & VectorsSecurity

The Radware Research Roundup

December 28, 2017 — by Radware0

radware-research-roundup-960x641.jpg

As 2017 comes to a close, we decided to take a look back at a number of new attack types and threats that we saw throughout the year. Our team took a deep dive into researching and testing many of these threats to find out how they operate and how big of a threat they really were, through setting up honeypots, intentionally bricking a colleague’s device, and setting up IoT chatbots. Below are some of the highlights from our year:

Attack Types & VectorsSecurity

Evolution is the Name of the Game

November 2, 2017 — by Radware2

evolution-q-and-a-960x676.jpg

The following is a Q&A with Daniel Smith, an information security researcher for Radware’s Emergency Response Team. He focuses on security research and risk analysis for network and application based vulnerabilities. Daniel’s research focuses in on Denial-of-Service attacks and includes analysis of malware and botnets. As a white-hat hacker, his expertise in tools and techniques helps Radware develop signatures and mitigation attacks proactively for its customers.

Attack Types & VectorsSecurity

BrickerBot.3: The Janit0r is back, with a vengeance

April 21, 2017 — by Pascal Geenens0

brickerbot-4-featured-1-960x540.jpg

In early April, we identified a new botnet designed to comprise IoT devices and corrupt their storage. Over a four-day period, our honeypots recorded 1,895 PDoS attempts performed from several locations around the world. Its sole purpose was to compromise IoT devices and corrupt their storage. Besides this intense, short-lived bot (BrickerBot.1), our honeypots recorded attempts from a second, very similar bot (BrickerBot.2) which started PDoS attempts on the same date – both bots were discovered less than one hour apart –with lower intensity but more thorough and its location(s) concealed by TOR egress nodes.

SecurityService Provider

The Economics of Cyber-Attacks

April 4, 2017 — by Mike O'Malley0

economics-of-cyber-attacks-960x640.jpg

How to Provide State of the Art Protection against Real World Threats

We live in a world where increasing numbers of complex cyber breach tools are available on the Darknet. But what is the Darknet and how do we protect against it? The Darknet is an anonymous and obfuscated section of the internet where criminals can exchange information, tools and money to carry out attacks with little or no traceability. The Darknet provides a service marketplace where criminals can do many of the same things that law-abiding citizens do every day. Criminals search the internet (anonymously). They exchange emails with other criminals and prospective customers, they read news on the latest opensource tools available to perform effective attacks. They even have an online marketplace where cyber-attack services can be ordered and placed into your online shopping cart. In fact, a Darknet marketplace recently advertised $7,500 to rent the now notorious Mirai botnet – the same botnet used to generate a several hundred gigabit multi-vector attack that took down the services of Amazon, BBC, HBO, Netflix, PayPal, Spotify, and many others in October 2016.

Security

IoT Threats: Whose problem is it?

March 16, 2017 — by Ron Winward0

iot-whose-problem-is-it-960x608.jpg

If you think about it 2016 was a year that will forever change the way many people think about cyber security and some fundamental best practices. After the attacks on Dyn shook the internet in October, many organizations will forever deploy redundant DNS services or providers. Further, people now use 1 Tbps as their high watermark for DDoS protections and more organizations are adopting hybrid DDoS protections.

Security

Open-Source Attack Tools Open Pandora’s Box

February 9, 2017 — by Zeev Ravid1

mirai-source-code-960x701.jpg

The act of leaking or flat-out releasing source code of advanced hacking tools isn’t new. It has happened numerous times, especially with high-profile and advanced malware families, such as Zeus, Citadel, Carberp and SpyEye, which have been responsible for losses measuring in the hundreds of millions of dollars. Once dangerous tools are released to the public, they can be downloaded—and modified and enhanced—by anyone.

Attack Types & VectorsSecurity

The Rise of the Internet of Things (IoT)

December 28, 2016 — by Radware0

iot-roundup-960x641.jpg

Unless you have been living under the proverbial rock, you probably heard about a number of Internet of Things (IoT) attacks this fall, beginning with KrebsOnSecurity, then OVH, then the DDoS attack on Dyn DNS. All of this started with a bot called Mirai, and involved IoT devices. Why is this important? By 2020, it is estimated that the number of connected devices is expected to grow exponentially to 50 billion. A survey by HP indicates that about 70% of these devices have vulnerabilities, making them the perfect targets for botnets like Mirai.

Security

Nine Questions to Ask to Determine IoT Device Safety

December 14, 2016 — by David Hobbs0

internet-of-things-960x640.jpg

The holidays are almost upon us.  All around the globe, people are purchasing the latest and greatest gadgets as gifts. Consumers will be linking their new of Internet of Things (IoT) thermostats, doorbells, baby monitors, security cameras, home appliances and even GPS pet trackers to the internet in droves.

On the heels of the holiday season, the International Consumer Electronics Show will take place in Las Vegas, Nevada,  where device manufacturers reveal a whole new crop of IoT devices set to hit the market in 2017.  Amazon.com now has a team of “Smart Home” consultants who come to your house to help you wade through automation, Wi-Fi, ZigBee, Alexa and a sea of other “things” for your homes.