botnet Archives

botnet

Cat and Mouse: Web Attacks Increasingly Sidestep WAF Protections

December 31, 2014 Or Katz

Recently, the Akamai Threat Research Team unveiled a unique distributed brute force attack campaign targeting nearly five hundred WordPress applications. What’s interesting about this campaign? It clearly demonstrates how Web attackers are becoming more sophisticated, attempting to evade security controls – specifically Web Application Firewalls (WAFs) and rate control protections. A Short Primer to Brute-Force Attacks Brute force Web attackers attempt to gain privileged access to a Web application by sending a very large set of login attempts, within a short period of time. Using volumetric single source of attack is easily mitigated by blacklisting. Today’s brute force attacks are typically characterized by volumetric attacks coming from distributed IPs. In this way, if the attacker’s source IP is detected, they can still continue with the attack campaign by switching a source IP. As part of this cat-and-mouse evolution, WAFs are enhanced with several rate control measures that detect and block […]

Game Networks Struggle Back After Holiday Attacks

December 27, 2014 Paul Roberts

Online gaming networks including Sony’s Playstation network were the victims of large-scale denial of service attacks that coincided with the Christmas holiday. As of Saturday, Microsoft’s X-Box gaming network had returned to full operation, while Sony’s Playstation Network was still struggling to restore service, 48 hours after attacks attributed to an online hacktivist group known as The Lizard Squad hobbled the gaming networks on their biggest day of the year: Christmas. “Update: PS4, PS3, and Vita network services are gradually coming back online – thanks for your patience,” Sony tweeted via its @AskPlayStation Twitter account early Saturday. The source of the denial of service attacks has not been confirmed. However, the group claiming responsibility for them has claimed that the attacks were more prank than anything else: an effort to irritate Playstation and X-box owners who received a new device on Christmas Day, only to find they couldn’t connect it to the […]

With Multi-Vector Attacks, Quality Threat Intelligence Matters

December 23, 2014 Scott Harrell

In the last year, the world’s attention has been riveted by a series of high-profile hacks of major corporations in retail, finance and the entertainment industry, among others. Each of these incidents is unique, involving different threat actors and motives. However, each of these attacks is also a sterling example of what we, at Cisco, term “multi-vector attack” that employs a range of technologies, deployed in numerous stages, to penetrate the defenses of the target organization. Here at Cisco, we have studied these attacks in-depth and have identified some commonalities among these multi-vector attack, and useful approaches to combat them. This blog post will discuss some of our findings. About Multi-Vector Attacks Any cyber attack, large or small is born from a weak link in the security chain. These weak links take many forms: poorly configured Web servers, gullible employees or vulnerable-but-common applications like Microsoft Office, Adobe Reader and Java are common examples. Multi-vector attacks […]

Discrete Malware Lures Execs At High-End Hotels

November 10, 2014 Paul Roberts

Kaspersky Lab has a fascinating write-up of malware it is calling “DarkHotel.” The information-stealing software is believed to target traveling executives. Curiously, Kaspersky says the malware may be almost a decade old and is found only on the wireless networks and business centers of select, high-end hotels. Reports about targeted attacks on traveling executives are nothing new. However, the Kaspersky report (PDF version here) may be the most detailed yet on a specific malicious software family that is devoted to hacking senior corporate executives. According to Kaspersky, the DarkHotel malicious software maintained a presence on hotel networks for years, with evidence of its operation going back as far as 2007. The malware used that persistent access to target select hotel guests, leveraging check-in/check-out and identity information on guests to limit attacks to high value targets. Targeted guests were presented with iFrame based attacks that were launched from the hotel’s website, […]

Dusting For Malware’s Bloody Prints

October 25, 2014 Paul Roberts

Malicious software is nothing new. Computer viruses and worms have been around for decades, as have most other families of malware like remote access tools (RATs) and key loggers. But all our experience with malware hasn’t made the job of knowing when our organization has been hit by it any easier. In fact, recent news stories about breaches at Home Depot, Target, Staples and other organizations makes it clear that even sophisticated and wealthy corporations can easily overlook both the initial compromise and endemic malware infections – and at great cost. That may be why phrases like “dwell time” or “time to discovery” seem to pop up again and again in discussions of breach response. There’s no longer any shame in getting “popped.” The shame is in not knowing that it happened. Greg Hoglund says he has a fix for that latter problem. His new company, Outlier Security, isn’t “next generation […]