Threats & Attacks

  • Network and application attacks keep security teams busy all year long with new attacks discovered each day that target all sectors and countries. The map below shows different attack types, vectors and trends and enables interactive filtering on different attack elements. The name of the customer is displayed only when this information is public.

     

  • Latest Threats

    CategoryThreat Name

    Attack alert

    Shellshock

    Date: 26.09.14

    Background

    2 new vulnerabilities were recently found in Bash (CVE-2014-6271, CVE-2014-7169).These vulnerabilities potentially affect certain services and applications and allow remote unauthenticated attackers to exploit this issue and use this flaw to override or bypass environment restrictions.

    Risk

    The vulnerabilities potentially affect certain services and applications and allow remote unauthenticated attackers to inject certain characters into other environments, allowing them to exploit this issue and use this flaw to override or bypass environment restrictions to execute shell commands.

    Additional Information

    For mitigation options and more details see the attached Security Advisory.

    Attack alert

    FBI Brobot

    Date: 14.07.14

    Background

    The Brobot malware, also known as ‘itsoknoproblembro' and ‘kamikaze,’ is a general purpose PHP script infecting Content Management Systems (CMSs) using known vulnerabilities. During 2012 and 2013, infected networks were used to launch massive DDoS attacks against US-based banks. This attack, also known as Operation Ababil, was considered the biggest DDoS attack campaign ever.

    Recently, the United States Federal Bureau of Investigation (FBI) released an alert through its FBI Liaison Threat Alert System (M-000033-BT) that includes a list of 1,492 URLs of confirmed infected Web sites, with the request that organizations help victims to remove the malware. The FBI threat alert was sent only to its affiliates, and therefore we are unable to provide a direct reference. However the following article explains the alert.

    This ERT threat alert provides additional details on how to translate the FBI alert into specific actions using the Radware Attack Mitigation System (AMS).  

    Additional Information

    For additional information regarding the threat, read the full Threat Alert

    Attack alert

    #OpSaveGaza

    Date: 11.07.14

    Background

    Due to the growing tension between Palestine and Israel that includes military actions in the sector of Gaza, several hacktivists groups have united in a cyber-attack campaign against Israel, named #OpSaveGaza.

    From information that was found online (Twitter #OpSaveGaza and Facebook), AnonGhost and other hacktivist groups claim to have successfully defaced over 500 Israeli websites and leaked some government email credentials. In addition, some government sites have been targeted for DDoS attacks.

    A link to DoS tools on the #OpSaveGaza page indicates a few of the tools that will be used. Most of them are known, such as HOIC, LOIC and ByteDos.

    Radware's Emergency Response Team (ERT) has not yet directly seen any cases related to this activity.

    Additional Information

    For additional information regarding the threat, read the full Threat Alert

    Attack alert

    2014 FIFA World Cup

    Date: 06.06.14

    Background

    Recently it has been reported in the news that hacktivist group Anonymous intends to attack the 2014 FIFA World Cup including its partners and sponsors. The threat gained public attention after an interview with an Anonymous group spokesman, referring to himself as Che Commondore, provided select details about the planned operation.

    This threat alert provides insight into potential techniques that will be used by Anonymous. It also outlines for potential targets recommended best practices that should be undertaken before, during, and after attack. The ERT expects Anonymous to cast a wide net and potentially target more than partners and sponsors of the event. Most companies should take note of the cautions/advice offered by this alert.

    Additional Information

    For additional information regarding the threat, read the full Threat Alert

    Attack alert

    Ukraine-Russia Global Conflict

    Date: 08.05.14

    Background

    The current conflict between Ukraine and Russia following the Ukrainian revolution, the Crimean peninsula crisis, and the recent fighting in Slovyansk and Odessa, has the potential of military and political escalation. This conflict takes a global form following the involvement of the USA, Europe, NATO and other actors. 

    This Threat Alert calls for multiple countries and organizations to be prepared for cyber-attacks and possibly even cyber-war as a direct result of this global conflict. The reason is simple: cyber-attacks nowadays accompany physical and political  conflicts. This is especially true for conflicts in this geographical arena.

    Additional Information

    For additional information regarding the threat, read the full Threat Alert.