Tag: DDoS | SpinSafe

Radware: Web App, API Malicious Transactions Up 171% Due to DDoS Attacks

March 6, 2024/in Internet Security

DDoS attacks per customer nearly double
Web DDoS attacks relentlessly continue throughout the year
DNS query flood vectors increase more than three fold
Government, business/economy, and travel websites face the most hacktivist claimed DDoS attacks worldwide

Radware® (NASDAQ: RDWR), a leading provider of cyber security and application delivery solutions, released its 2024 Global Threat Analysis Report.

“The technological race between good and bad actors has never been more intense,” said Pascal Geenens, Radware’s director of threat intelligence. “With advancements like Generative AI,

inexperienced threat actors are becoming more proficient and skilled attackers more emboldened. In 2024, look for attack numbers to climb and attack patterns, like the shift in Web DDoS attacks, to continue to evolve.”

Radware’s comprehensive report leverages intelligence provided by network and application attack activity sourced from Radware’s Cloud and Managed Services, Global Deception Network, and threat intelligence research team during 2023. In addition, it draws from information found on Telegram, a public messaging platform often used by cyber criminals.

Radware’s report reveals key themes about the emerging threat landscape.

DDoS Attacks Surge Unprosecuted

“With almost two years of illegal denial of service left un-prosecuted following Russia’s invasion of Ukraine and the unfettered rise of hacktivism, the threshold into a life of cyber crime has reached a new low,” said Geenens. “We have yet to see DDoS attacks used as a mainstream vehicle to settle disagreements or differences, but plenty of groundwork has been laid by proficient hacktivists.”

Between the close of 2022 and 2023 DDoS attacks rose worldwide:

Globally, the average number of DDoS attacks per customer grew by 94%. On a regional basis, the increase in the number of DDoS attacks targeting customers varied:
- EMEA rose 43%
- The Americas grew 196%
- APAC climbed 260%
The Americas were targeted by almost half of all global DDoS attacks. The EMEA region, accounting for 39% of the DDoS attacks, mitigated 65% of the global DDoS attack volume. The APAC region accounted for almost 12% of global DDoS attacks.

Hacktivists Attack with Unrelenting…

Source…

Meris Botnet Sets Record with Massive DDoS Attacks Across Global Servers

March 5, 2024/in Internet Security

In a startling display of cyber force, the Meris botnet has successfully executed the largest DDoS (Distributed Denial of Service) attacks in history this summer, targeting a wide range of countries including the United States, Russia, New Zealand, and the United Kingdom. This malicious network, comprising over 250,000 devices, overwhelmed some of the most robust servers worldwide, marking a significant moment in cyber warfare.

Research conducted by the Russian search engine Yandex, alongside insights from DDoS mitigation service Qrator Labs, has unveiled that Meris is a new breed of botnet. Its capacity to generate an unprecedented 21.8 million requests per second (RPS) during an attack on Yandex on September 5 highlights its potential to cripple almost any infrastructure, including highly resilient networks.

Unprecedented Scale and Impact

The Meris botnet’s capability to launch attacks of such magnitude lies in its unique focus on the number of requests per second, a method that sets it apart from traditional DDoS attacks which generally aim to saturate servers with massive amounts of data. This strategy has enabled Meris to take down significant infrastructures, as evidenced by the disruption caused to major companies in New Zealand, including banks like ANZ and Kiwibank, NZ Post, MetService, and even the New Zealand Police.

Technical Sophistication

Unlike typical ‘Internet of Things’ (IoT) devices often associated with botnets, the devices commandeered by Meris are high-performance and likely connected via Ethernet, contributing to the botnet’s formidable power. This revelation, coupled with the attackers’ technique of rotating devices to avoid revealing their full capacity, complicates efforts to mitigate the botnet’s impact.

Global Response and Mitigation

The emergence of Meris has prompted a global response, with entities like Cloudflare and Yandex at the forefront of efforts to counteract the botnet’s attacks. The record-breaking assault on Yandex, which surpassed previous incidents attributed to the Mirai botnet, underscores the escalating challenge of safeguarding digital infrastructure against such sophisticated…

Source…

Security firm now says toothbrush DDOS attack didn’t happen, but source publication says company presented it as real

February 12, 2024/in Internet Security

Update 2 — 2/9/2024 6:30am PT: The security company at the nexus of the original report that three million toothbrushes were used in a DDOS attack has now retracted the story and claimed it was a result of a mistranslation — but according to the news outlet that published the initial report, that statement isn’t true. The reports of this story are not based on a mistranslation by the media. The publication claims Fortinet presented the story as having actually happened and approved the text of the article, which had been submitted to Fortinet prior to publication.

Here’s the Aargauer Zeitung’s (the source of the story) statement on the matter (via Google Translate):

What the Fortinet headquarters in California is now calling a “translation problem” sounded completely different during the research: Swiss Fortinet representatives described the toothbrush case as a real DDoS at a meeting that discussed current threats -Attack described.

Fortinet provided specific details: information about how long the attack took down a Swiss company’s website; an order of magnitude of how great the damage was. Fortinet did not want to reveal which company it was out of consideration for its customers.

The text was submitted to Fortinet for verification before publication. The statement that this was a real case that really happened was not objected to.

Fortinet’s global management has now backtracked on its statement, which was sent to various international media outlets. The company also failed to send this to CH Media. We have not yet received any further statements from Fortinet.”

EDIT 2/7/2024 — 3:30pm PT: Fortinet sent us a statement indicating that the report of the toothbrush attack is inaccurate:

“To clarify, the topic of toothbrushes being used for DDoS attacks was presented during an interview as an illustration of a given type of attack, and it is not based on research from Fortinet or FortiGuard Labs. It appears that due to translations the narrative on this topic has been stretched to the point where hypothetical and actual scenarios are blurred.” – Fortinet.

The original text of the source report read:

“She’s in the bathroom at home, but she’s part of a large-scale cyber…

Source…

teiss – News – Ukraine’s largest mobile-only bank, Monobank, faces severe DDoS cyberattacks

January 23, 2024/in Internet Security

Monobank, Ukraine’s leading mobile-only bank, encountered a relentless wave of denial of service (DDoS) attacks on January 21, severely disrupting its operations and causing widespread chaos.

Please take 30 seconds to register

or if you have an account please login

Source…

Tag Archive for: DDoS

DDoS Attacks Surge Unprosecuted

Unprecedented Scale and Impact

Technical Sophistication

Global Response and Mitigation

Please take 30 seconds to register