Threats Library

  • The threats list below is a central place for threats and alerts related to network and application security. In particular, we are monitoring DDoS trends and tools, announced attacks on IRC channels, social media and other attackers' communication channels.

     

  • CategoryThreat Name

    Attack alert

    2014 FIFA World Cup

    Date: 06.06.14

    Background

    Recently it has been reported in the news that hacktivist group Anonymous intends to attack the 2014 FIFA World Cup including its partners and sponsors. The threat gained public attention after an interview with an Anonymous group spokesman, referring to himself as Che Commondore, provided select details about the planned operation.

    This threat alert provides insight into potential techniques that will be used by Anonymous. It also outlines for potential targets recommended best practices that should be undertaken before, during, and after attack. The ERT expects Anonymous to cast a wide net and potentially target more than partners and sponsors of the event. Most companies should take note of the cautions/advice offered by this alert.

    Additional Information

    For additional information regarding the threat, read the full Threat Alert

    Attack alert

    Ukraine-Russia Global Conflict

    Date: 08.05.14

    Background

    The current conflict between Ukraine and Russia following the Ukrainian revolution, the Crimean peninsula crisis, and the recent fighting in Slovyansk and Odessa, has the potential of military and political escalation. This conflict takes a global form following the involvement of the USA, Europe, NATO and other actors. 

    This Threat Alert calls for multiple countries and organizations to be prepared for cyber-attacks and possibly even cyber-war as a direct result of this global conflict. The reason is simple: cyber-attacks nowadays accompany physical and political  conflicts. This is especially true for conflicts in this geographical arena.

    Additional Information

    For additional information regarding the threat, read the full Threat Alert.

    Vulnerability

    Heart Bleed - OpenSSL

    Date: 27.04.14

    Background

    A critical vulnerability was recently found in OpenSSL; Due to a missing bounds check in the handling of the TLS heartbeat extension, 64K of memory can be revealed to a connected client or server. Only OpenSSL versions 1.0.1-1.0.1f, 1.0.2-beta and 1.0.2- beta1 are affected.

    Risk

    A remote attacker can exploit the vulnerability by sending a malformed heartbeat request with a payload size bigger than the actual request; and in response, the vulnerable server would return a heartbeat response that contains a memory block of up to 64KB in the payload. This memory block may reveal potentially confidential information, including SSL certificate user passwords and more.

    An attacker cannot control what memory block the server returns, but by performing multiple requests, some critical data might be leaked.

    Additional Information

    For mitigation options and more details see the attached Security Advisory.

    Attack alert

    OpIsrael 2014

    Date: 07.04.14

    Background

    #OpIsrael is an organized set of attacks aimed at Israeli Web sites, which was officially first launched on 14 November, 2012 against the Israeli government, public institutions and other high profile Web sites.

    The goal of the attackers was to a launch massive set of cyber-attacks against Israeli cyber space. Their main intent was to advertise opposition to Israel's actions in Gaza. The organized attacks were planned by several Muslim hacktivist groups such as “Parastoo” (Iran), “AnonGhost” (Tunisia), and “Red Hack” (Turkey).

    Those groups are planning another scheduled #OpIsrael set of attacks for April 7, 2014.

    There is very little solid information about the expected and specific attacks. The prediction is that the attacks will not be significant and will be different from last year. However, best practice does require organizations be ready for any possibility.

    Additional Information

    The attached document recommends how to reduce the vulnerabilities for sites at risk.

    Attack alert

    NTP Reflected Flood

    Date: 20.01.14

    Background

    Network Time Protocol synchronizes computer clock times across the internet. NTP uses Coordinated Universal Time (UTC) to synchronize computers with millisecond accuracy. UTC time is obtained using accurate clocks, such as a GPS receiver that gets the time from satellites. NTP is a UDP-based service, using port 123.

    NTP Reflection Attacks

    The observed manner, in which this attack is generated, is as follows: The attacker sends spoofed NTP packets, containing monlist request code, to the vulnerable NTP servers. Monlist is a command requesting a list of the last 600 hosts who connected to the addressed NTP server. The NTP servers then send large replies to the spoofed IP, the victim, thus flooding the victim. This attack generates a great deal of traffic and can easily cause DoS. One can avoid being used as a reflector by updating the NTP server to NTP 4.2.7, where monlist queries are replaced with the mrunlist function, which is able to authenticate the source IP address as the real client. 

    Additional Information

    You can verify that you fully protected against this attack by following the instruction in the Threat Alert.