The threats list below is a central place for threats and
alerts related to network and application security. In particular, we are
monitoring DDoS trends and tools, announced attacks on IRC channels, social
media and other attackers' communication channels.
The Brobot malware, also known as ‘itsoknoproblembro' and ‘kamikaze,’ is a general purpose PHP script infecting Content Management Systems (CMSs) using known vulnerabilities. During 2012 and 2013, infected networks were used to launch massive DDoS attacks against US-based banks. This attack, also known as Operation Ababil, was considered the biggest DDoS attack campaign ever.
Recently, the United States Federal Bureau of Investigation (FBI) released an alert through its FBI Liaison Threat Alert System (M-000033-BT) that includes a list of 1,492 URLs of confirmed infected Web sites, with the request that organizations help victims to remove the malware. The FBI threat alert was sent only to its affiliates, and therefore we are unable to provide a direct reference. However the following article explains the alert.
This ERT threat alert provides additional details on how to translate the FBI alert into specific actions using the Radware Attack Mitigation System (AMS).
For additional information regarding the threat, read the full Threat Alert
Due to the growing tension between Palestine and Israel that includes military actions in the
sector of Gaza, several hacktivists groups have united in a cyber-attack campaign against Israel,
From information that was found online (Twitter #OpSaveGaza and Facebook), AnonGhost and
other hacktivist groups claim to have successfully defaced over 500 Israeli websites and leaked
some government email credentials. In addition, some government sites have been targeted for
A link to DoS tools on the #OpSaveGaza page indicates a few of the tools that will be used. Most of them are known, such as HOIC, LOIC and ByteDos.
Radware's Emergency Response Team (ERT) has not yet directly seen any cases related to
2014 FIFA World Cup
Recently it has been reported in the news that hacktivist group Anonymous intends to attack the 2014 FIFA World Cup including its partners and sponsors. The threat gained public attention after an interview with an Anonymous group spokesman, referring to himself as Che Commondore, provided select details about the planned operation.
This threat alert provides insight into potential techniques that will be used by Anonymous. It also outlines for potential targets recommended best practices that should be undertaken before, during, and after attack. The ERT expects Anonymous to cast a wide net and potentially target more than partners and sponsors of the event. Most companies should take note of the cautions/advice offered by this alert.
Ukraine-Russia Global Conflict
The current conflict between Ukraine and Russia following the Ukrainian revolution, the Crimean peninsula crisis, and the recent fighting in Slovyansk and Odessa, has the potential of military and political escalation. This conflict takes a global form following the involvement of the USA, Europe, NATO and other actors.
This Threat Alert calls for multiple countries and organizations to be prepared for cyber-attacks and possibly even cyber-war as a direct result of this global conflict. The reason is simple: cyber-attacks nowadays accompany physical and political conflicts. This is especially true for conflicts in this geographical arena.
For additional information regarding the threat, read the full Threat Alert.
Heart Bleed - OpenSSL
A critical vulnerability was recently found in OpenSSL; Due to a missing bounds check
in the handling of the TLS heartbeat extension, 64K of memory can be revealed to a
connected client or server. Only OpenSSL versions 1.0.1-1.0.1f, 1.0.2-beta and 1.0.2-
beta1 are affected.
A remote attacker can exploit the vulnerability by sending a malformed heartbeat
request with a payload size bigger than the actual request; and in response, the
vulnerable server would return a heartbeat response that contains a memory block of
up to 64KB in the payload. This memory block may reveal potentially confidential
information, including SSL certificate user passwords and more.
An attacker cannot control what memory block the server returns, but by performing
multiple requests, some critical data might be leaked.
For mitigation options and more details see the attached Security Advisory.
Design flaws, bugs or any other weakness found in programs, servers, applications or other network elements.
Alerts on possible upcoming network and/or application attacks, tracked by ongoing monitoring of hackers’ forms of communication (IRC, Twitter, Youtube, etc.)
Network and/or application attack tool or malware
We value your opinion! Please take a few moments to provide feedback or suggest additional content.
Under attack? Contact our experts 24*7 to get emergency assistance by dialing one of the toll free numbers available in the list below and provide the code “REDBUTTON” to the support engineers.
Be prepared to face cyber attacks with Radware’s attack mitigation system.
Radware is a leading security solutions provider offering a full spectrum Attack Mitigation System (AMS) comprised of award-winning products DefensePro, AppWall and Vision as well as the top-expert Emergency response team service.