DDoS attacks have become more extensive and are testing the limits of existing DDoS mitigation tools and practices, as well as affecting online businesses globally. Organizations are experiencing an increase in the magnitude of DDoS attacks, with the average size of attacks over 50 Gbps quadrupling in just two years. What presents a particular risk for organizations is the barrage of short, low volume attacks that mask more serious network intrusions. Frost & Sullivan found … More ?
Researchers have discovered a new batch of malicious apps on Google Play, some of which have been downloaded and installed on some 2.6 million devices. The apps’ capabilities The apps posed as legitimate offerings that modify the look of the characters in Minecraft: Pocket Edition (PE). In the background, though, they set out to rope the devices into a botnet. Once they were installed on a target device, they would connect to a C&C server, … More ?
Fast Flux, a DNS technique first introduced in 2006 and widely associated with the Storm Worm malware variants, can be used by botnets to hide various types of malicious activities – including phishing, web proxying, malware delivery, and malware communication. The technique allows the botnet to “hide” behind an ever-changing network of compromised hosts, ultimately acting as proxies and making detection incredibly difficult. High-level architecture overview of the Fast Flux network ?and associated threat landscape … More ?
Three out of every four DDoS attacks employed blended, multi-vector approaches in the second quarter of 2017, according to Nexusguard. Distribution of DDoS attack vectors The quarterly report, which measured more than 8,300 attacks, demonstrated that hackers continued to rely on volumetric attacks to overwhelm system resources. For example, UDP-based attacks increased by 15 percent this quarter, targeting hijacked devices connected to the IoT, and overtaking SYN, HTTP Flood and other popular volumetric attacks in … More ?
Frost & Sullivan found that the DDoS mitigation market generated a revenue of $816 million in 2016 and is expected to register a CAGR of 17.1 percent through 2021. Threat actors’ continuous development of new techniques to overwhelm their target’s defenses and improve effectiveness of their DDoS attacks in terms of scale, frequency, stealth, and sophistication, are factors driving rapid growth. DDoS attacks are on the rise Attacks have become more extensive and are testing … More ?
Here’s an overview of some of last week’s most interesting news, podcasts and articles: New, custom ransomware delivered to orgs via extremely targeted emails Ransomware campaigns are usually wide-flung affairs: the attackers send out as many malicious emails as possible and hope to hit a substantial number of targets. But more targeted campaigns are also becoming a trend. Getting a start on cyber threat hunting We live in a world where the adversaries will persist … More ?
Pulse wave DDoS is a new attack tactic, designed to double the botnet’s output and exploit soft spots in “appliance first cloud second” hybrid mitigation solutions. Comprised of a series of short-lived bursts occurring in clockwork-like succession, pulse wave assaults accounted for some of the most ferocious DDoS attacks we ever mitigated. Reading this whitepaper will help you: Understand the nature of pulse wave DDoS attacks See how they are used to pin down multiple … More ?
Newly released data shows that DDoS and web application attacks are on the rise once again, according to Akamai’s Second Quarter, 2017 State of the Internet / Security Report. Contributing to this rise was the PBot DDoS malware which re-emerged as the foundation for the strongest DDoS attacks seen by Akamai this quarter. In the case of PBot, malicious actors used decades-old PHP code to generate the largest DDoS attack observed by Akamai in the … More ?
Threats using SSL encryption are on the rise. An average of 60 percent of the transactions in the Zscaler cloud have been delivered over SSL/TLS. Researchers also found that the Zscaler cloud saw an average of 8.4 million SSL/TLS-based security blocks per day this year. “Hackers are increasingly using SSL to conceal device infections, shroud data exfiltration and hide botnet command and control communications. In fact, our study found that the amount of phishing attempts … More ?
A high-tech, internet-connected fish tank in a North American casino has been used to exfiltrate data from the company’s network. Smart drawing pads used in an architectural firm were part of a botnet used to mount DDoS attacks against websites around the world owned by entertainment companies, design companies, and government bodies. These are just some of the discoveries made by UK-based cyber defense Darktrace, but serve as perfect examples of how lax security when … More ?