Network and application attacks keep security teams busy all
year long with new attacks discovered each day that target all sectors and
countries. The map below shows different attack types, vectors and trends and
enables interactive filtering on different attack elements. The name of the
customer is displayed only when this information is public.
2014 FIFA World Cup
Recently it has been reported in the news that hacktivist group Anonymous intends to attack the 2014 FIFA World Cup including its partners and sponsors. The threat gained public attention after an interview with an Anonymous group spokesman, referring to himself as Che Commondore, provided select details about the planned operation.
This threat alert provides insight into potential techniques that will be used by Anonymous. It also outlines for potential targets recommended best practices that should be undertaken before, during, and after attack. The ERT expects Anonymous to cast a wide net and potentially target more than partners and sponsors of the event. Most companies should take note of the cautions/advice offered by this alert.
For additional information regarding the threat, read the full Threat Alert
Ukraine-Russia Global Conflict
The current conflict between Ukraine and Russia following the Ukrainian revolution, the Crimean peninsula crisis, and the recent fighting in Slovyansk and Odessa, has the potential of military and political escalation. This conflict takes a global form following the involvement of the USA, Europe, NATO and other actors.
This Threat Alert calls for multiple countries and organizations to be prepared for cyber-attacks and possibly even cyber-war as a direct result of this global conflict. The reason is simple: cyber-attacks nowadays accompany physical and political conflicts. This is especially true for conflicts in this geographical arena.
For additional information regarding the threat, read the full Threat Alert.
Heart Bleed - OpenSSL
A critical vulnerability was recently found in OpenSSL; Due to a missing bounds check
in the handling of the TLS heartbeat extension, 64K of memory can be revealed to a
connected client or server. Only OpenSSL versions 1.0.1-1.0.1f, 1.0.2-beta and 1.0.2-
beta1 are affected.
A remote attacker can exploit the vulnerability by sending a malformed heartbeat
request with a payload size bigger than the actual request; and in response, the
vulnerable server would return a heartbeat response that contains a memory block of
up to 64KB in the payload. This memory block may reveal potentially confidential
information, including SSL certificate user passwords and more.
An attacker cannot control what memory block the server returns, but by performing
multiple requests, some critical data might be leaked.
For mitigation options and more details see the attached Security Advisory.
#OpIsrael is an organized set of attacks aimed at Israeli Web sites, which was officially first launched on 14 November, 2012 against the Israeli government, public institutions and other high profile Web sites.
The goal of the attackers was to a launch massive set of cyber-attacks against Israeli cyber space. Their main intent was to advertise opposition to Israel's actions in Gaza. The organized attacks were planned by several Muslim hacktivist groups such as “Parastoo” (Iran), “AnonGhost” (Tunisia), and “Red Hack” (Turkey).
Those groups are planning another scheduled #OpIsrael set of attacks for April 7, 2014.
There is very little solid information about the expected and specific attacks. The prediction is that the attacks will not be significant and will be different from last year. However, best practice does require organizations be ready for any possibility.
The attached document recommends how to reduce the vulnerabilities for sites at risk.
NTP Reflected Flood
Network Time Protocol synchronizes computer clock times across the internet. NTP uses Coordinated Universal Time (UTC) to synchronize computers with millisecond accuracy. UTC time is obtained using accurate clocks, such as a GPS receiver that gets the time from satellites. NTP is a UDP-based service, using port 123.
The observed manner, in which this attack is generated, is as follows: The attacker sends spoofed NTP packets, containing monlist request code, to the vulnerable NTP servers. Monlist is a command requesting a list of the last 600 hosts who connected to the addressed NTP server. The NTP servers then send large replies to the spoofed IP, the victim, thus flooding the victim. This attack generates a great deal of traffic and can easily cause DoS. One can avoid being used as a reflector by updating the NTP server to NTP 4.2.7, where monlist queries are replaced with the mrunlist function, which is able to authenticate the source IP address as the real client.
You can verify that you fully protected against this attack by following the instruction in the Threat Alert.
The week of July 22nd has started the fourth wave of DDoS attacks against U.S. banks and financial institutions.
We value your opinion! Please take a few moments to provide feedback or suggest additional content.
Under attack? Contact our experts 24*7 to get emergency assistance by dialing one of the toll free numbers available in the list below and provide the code “REDBUTTON” to the support engineers.
Be prepared to face cyber attacks with Radware’s attack mitigation system.
Radware is a leading security solutions provider offering a full spectrum Attack Mitigation System (AMS) comprised of award-winning products DefensePro, AppWall and Vision as well as the top-expert Emergency response team service.