Posts

Showing posts with the label DDoS attacks

Mirai Botnet Variant 'Pandora' Hijacks Android TVs for Cyberattacks

Image
A Mirai botnet variant called  Pandora  has been observed infiltrating inexpensive Android-based TV sets and TV boxes and using them as part of a botnet to perform distributed denial-of-service (DDoS) attacks. Doctor Web said the compromises are likely to occur either during malicious firmware updates or when applications for viewing pirated video content are installed. "It is likely that this update has been made available for download from a number of websites, as it is signed with publicly available Android Open Source Project test keys," the Russian company said in an analysis published Wednesday. "The service that runs the backdoor is included in boot.img," enabling it to persist between system restarts. In the alternative distribution methods, it's suspected that users are tricked into installing applications for streaming pirated movies and TV shows through websites that mainly single out Spanish-speaking users. The list of apps is as follows - Latin...

What's in a NoName? Researchers see a lone-wolf DDoS group

Image
Every morning at roughly the same time, a Russian hacker group known as NoName057(16) carries out distributed denial-of-service (DDoS) attacks on European financial institutions, government websites or transportation services. Last week, the group claimed responsibility for disrupting the websites of several banks and financial institutions in the Czech Republic and Poland, which it considers hostile to the Russian state because of its support to Ukraine. Like other pro-Kremlin hacktivist gangs, including Killnet or the Cyber Army of Russia, NoName057(16) orchestrates relatively simple and short-lived DDoS incidents with the help of hundreds of volunteers. The goal is to disrupt daily life, even for a few minutes. But there are some things that set this group apart, researchers say. In the Russian cybercrime landscape, NoName057(16) is a "lone wolf," according to Pascal Geenens, the director of cyberthreat intelligence at the cybersecurity firm Radware. The group doesn't ...

DDoS Radware Mitigation on Cisco Firewalls

Image
 What is Radware’s DDoS Mitigation Solution? Radware’s DDoS Mitigation solution for Cisco Firepower NGFW appliance detects all DDoS attacks and mitigates them in seconds – all without blocking legitimate user traffic. It protects network infrastructure and data centers against network and application downtime (or slow time), network anomalies and network and application scanning. Radware DDoS Mitigation helps service providers win the ongoing security battle against availability attacks by detecting and mitigating known and zero-day DoS/DDoS attacks in real-time. It protects against other security threats that go undetected by traditional DDoS mitigation tools that rely on rate-based threshold for detection. Radware’s DDoS Mitigation provides full protection against the DoS/DDoS threat with the shortest mitigation time and broadest possible attack coverage. Radware provides a hybrid solution that combines on premise and cloud-based mitigation tools in a single integrated solution t...

CVE-2023-29552: Abusing the SLP Protocol to Launch Massive DDoS Amplification Attacks

Image
  What is SLP protocol? Service Location Protocol (SLP) is a network protocol designed to simplify the process of discovering and accessing network services. Developed by the Internet Engineering Task Force (IETF) and defined in RFC 2608, SLP eliminates the need for users or administrators to manually configure clients with the addresses of available network services. Instead, it allows devices and applications to automatically find and connect to services in their local area networks (LANs). Since the SLP protocol doesn’t require authentication, anyone can register new services, which is why it wasn’t intended to be publicly available over the Internet. How Does SLP Work? SLP operates based on a request-response model that involves three primary components: User Agents (UAs), Service Agents (SAs), and Directory Agents (DAs). User Agents (UAs): UAs are clients seeking network services. They send out service requests to discover the available services in the network. Service Agents ...

New high-severity vulnerability (CVE-2023-29552) discovered in the Service Location Protocol (SLP)

Image
  What is the Service Location Protocol (SLP)? SLP is a protocol that was created in 1997 through  RFC 2165   to provide a dynamic configuration mechanism for applications in local area networks. SLP allows systems on a network to find each other and communicate with each other. It does this by using a directory of available services, which can include things like printers, file servers, and other network resources. SLP works by having a system register itself with a directory agent, which then makes that system's services available to other systems on the network. Daemons providing SLP are bound to the default port 427, both UDP and TCP. SLP was not intended to be made available to the public Internet. According to RFC 2165, "Service Location provides a dynamic configuration mechanism for applications in local area networks. It is not a global resolution system for the entire Internet; rather, it is intended to serve enterprise networks with shared services." However, th...

Simplifying DDoS Protection in Large Service Provider Networks-Radware Solution

Image
Distributed denial of service (DDoS) attacks pose a significant threat to service providers; they have the potential to bring down critical infrastructure and disrupt business operations. In today’s digital age, protecting against DDoS attacks is no longer a luxury. It’s a necessity. However, implementing and managing effective DDoS protection solutions can be complex and costly, particularly for large service providers. In the following, we will explore how to simplify DDoS protection for the networks of large service providers. I’ll discuss the challenges facing them and provide practical solutions to mitigate the risks of DDoS attacks. The Challenges Of Protecting A Large Service Provider Network Scale: Service providers typically operate large networks with multiple entry points. This makes it a challenge to identify and mitigate DDoS attacks across the entire infrastructure. Complexity: DDoS attacks can come in various forms, and different types of attacks require different mitiga...