Threats & Attacks

  • Network and application attacks keep security teams busy all year long with new attacks discovered each day that target all sectors and countries. The map below shows different attack types, vectors and trends and enables interactive filtering on different attack elements. The name of the customer is displayed only when this information is public.

     

  • Latest Threats

    CategoryThreat Name

    Vulnerability

    SSLv3 POODLE

    Date: 15.10.14

    Summary

    On October 15 Google published details of a vulnerability in the design of SSL version 3.0. This vulnerability allows the plaintext of secure connections to be calculated by a network attacker.

    Additional Information

    For more details see the attached FAQ.

    Attack alert

    Tsunami SYN Flood Attack

    Date: 07.10.14

    Summary

    The Tsunami SYN Flood Attack is an intriguing variant of the traditional SYN flood attack. We believe that attackers are trying to challenge protected environments that would typically block a classic SYN flood but not this variant. In contrast, the Tsunami SYN flood can cause internet pipe saturation. Unlike other known pipe saturation offenses using mostly UDP traffic, the Tsunami SYN flood attack is carried over the more common TCP protocol. We have noticed attacks on entire IP and port ranges, again trying to bypass traditional SYN flood protection expecting the attack on a specific IP and port.

    Additional Information

    For more details see the attached Threat Alert.

    Attack alert

    Shellshock

    Date: 26.09.14

    Background

    2 new vulnerabilities were recently found in Bash (CVE-2014-6271, CVE-2014-7169).These vulnerabilities potentially affect certain services and applications and allow remote unauthenticated attackers to exploit this issue and use this flaw to override or bypass environment restrictions.

    Risk

    The vulnerabilities potentially affect certain services and applications and allow remote unauthenticated attackers to inject certain characters into other environments, allowing them to exploit this issue and use this flaw to override or bypass environment restrictions to execute shell commands.

    Additional Information

    For mitigation options and more details see the attached Security Advisory.

    Attack alert

    FBI Brobot

    Date: 14.07.14

    Background

    The Brobot malware, also known as ‘itsoknoproblembro' and ‘kamikaze,’ is a general purpose PHP script infecting Content Management Systems (CMSs) using known vulnerabilities. During 2012 and 2013, infected networks were used to launch massive DDoS attacks against US-based banks. This attack, also known as Operation Ababil, was considered the biggest DDoS attack campaign ever.

    Recently, the United States Federal Bureau of Investigation (FBI) released an alert through its FBI Liaison Threat Alert System (M-000033-BT) that includes a list of 1,492 URLs of confirmed infected Web sites, with the request that organizations help victims to remove the malware. The FBI threat alert was sent only to its affiliates, and therefore we are unable to provide a direct reference. However the following article explains the alert.

    This ERT threat alert provides additional details on how to translate the FBI alert into specific actions using the Radware Attack Mitigation System (AMS).  

    Additional Information

    For additional information regarding the threat, read the full Threat Alert

    Attack alert

    #OpSaveGaza

    Date: 11.07.14

    Background

    Due to the growing tension between Palestine and Israel that includes military actions in the sector of Gaza, several hacktivists groups have united in a cyber-attack campaign against Israel, named #OpSaveGaza.

    From information that was found online (Twitter #OpSaveGaza and Facebook), AnonGhost and other hacktivist groups claim to have successfully defaced over 500 Israeli websites and leaked some government email credentials. In addition, some government sites have been targeted for DDoS attacks.

    A link to DoS tools on the #OpSaveGaza page indicates a few of the tools that will be used. Most of them are known, such as HOIC, LOIC and ByteDos.

    Radware's Emergency Response Team (ERT) has not yet directly seen any cases related to this activity.

    Additional Information

    For additional information regarding the threat, read the full Threat Alert