Tag Archive for: fueling

Meet the Windows servers that have been fueling massive DDoSes for months

/in


Meet the Windows servers that have been fueling massive DDoSes for months

Aurich Lawson / Getty

A small retail business in North Africa, a North American telecommunications provider, and two separate religious organizations: What do they have in common? They’re all running poorly configured Microsoft servers that for months or years have been spraying the Internet with gigabytes-per-second of junk data in distributed-denial-of-service attacks designed to disrupt or completely take down websites and services.

In all, recently published research from Black Lotus Labs, the research arm of networking and application technology company Lumen, identified more than 12,000 servers—all running Microsoft domain controllers hosting the company’s Active Directory services—that were regularly used to magnify the size of distributed-denial-of-service attacks, or DDoSes.

A never-ending arms race

For decades, DDoSers have battled with defenders in a never-ending arms race. Early on, DDoSers simply corralled ever-larger numbers of Internet-connected devices into botnets and then used them to simultaneously send a target more data than it could handle. Targets—be they games, new sites, or even crucial pillars of Internet infrastructure—often buckled at the strain and either completely fell over or slowed to a trickle.

Companies like Lumen, Netscout, Cloudflare, and Akamai then countered with defenses that filtered out the junk traffic, allowing their customers to withstand the torrents. DDoSers responded by rolling out new types of attacks that temporarily stymied those defenses. The race continues to play out.

One of the chief methods DDoSers use to gain the upper hand is known as reflection. Rather than sending the torrent of junk traffic to the target directly, DDoSers send network requests to one or more third parties. By choosing third parties with known misconfigurations in their networks and spoofing the requests to give the appearance that they were sent by the target, the third parties end up reflecting the data at the target, often in sizes that are tens, hundreds, or even thousands of times bigger than the original payload.

Some…

Source…

Menlo Security Launches Free Security Assessment Toolkit to Help Companies Identify Highly Evasive Adaptive Threats (HEAT) Fueling Ransomware & Data and Credential Theft | News

/in


MOUNTAIN VIEW, Calif.–(BUSINESS WIRE)–Jun 21, 2022–

Menlo Security, a leader in cloud security, today announced that it has released the HEAT Security Assessment Toolkit designed to provide organizations with the ability to assess their levels of protection and current exposure to Highly Evasive Adaptive Threats (HEAT). Since July 2021, Menlo Security has seen a 224% increase in HEAT attacks. These attacks allow threat actors to deliver malicious content, including ransomware, to the endpoint by adapting to the targeted environment. The HEAT Security Assessment Toolkit includes a HEAT Check test and a HEAT Analyzer that runs on the Splunk Platform. The HEAT Check enables customers to run a light penetration test to identify if they are susceptible to HEAT attacks. The Menlo Security HEAT Analyzer App for Splunk provides organizations with visibility around HEAT attacks that their network may have been exposed to over the past 30 days.

What is a HEAT Attack?

Highly Evasive Adaptive Threats (HEAT) are a class of cyber threats targeting web browsers as the attack vector and employs techniques to evade multiple layers of detection in current security stacks including firewalls, Secure Web Gateways, sandbox analysis, URL Reputation, and phishing detection. HEAT attacks are used as the initial access point to deliver malware or to compromise credentials, which in many cases leads to ransomware attacks.

“Ransomware, data and credential theft and other malware are on the rise. Couple this with the Log4J vulnerability, the Lazarus and Conti groups increased attacks targeting web browsers and the result is security teams worldwide facing a nearly non-stop barrage of incidents,” said John Grady, Senior Analyst, ESG. “Tools such as the HEAT Security Assessment can help ensure companies are aware of potential attacks before they have a chance to happen.”

HEAT Security Assessment Toolkit

The HEAT Security Assessment Toolkit provides a lightweight penetration and exposure assessment to help an organization better understand their susceptibility to HEAT attacks.

“HEAT attacks are defined by the techniques that adversaries are increasingly using to evade…

Source…

Menlo Security Launches Free Security Assessment Toolkit to Help Companies Identify Highly Evasive Adaptive Threats (HEAT) Fueling Ransomware & Data and Credential Theft

/in


MOUNTAIN VIEW, Calif.–()–Menlo Security, a leader in cloud security, today announced that it has released the HEAT Security Assessment Toolkit designed to provide organizations with the ability to assess their levels of protection and current exposure to Highly Evasive Adaptive Threats (HEAT). Since July 2021, Menlo Security has seen a 224% increase in HEAT attacks. These attacks allow threat actors to deliver malicious content, including ransomware, to the endpoint by adapting to the targeted environment. The HEAT Security Assessment Toolkit includes a HEAT Check test and a HEAT Analyzer that runs on the Splunk Platform. The HEAT Check enables customers to run a light penetration test to identify if they are susceptible to HEAT attacks. The Menlo Security HEAT Analyzer App for Splunk provides organizations with visibility around HEAT attacks that their network may have been exposed to over the past 30 days.

What is a HEAT Attack?

Highly Evasive Adaptive Threats (HEAT) are a class of cyber threats targeting web browsers as the attack vector and employs techniques to evade multiple layers of detection in current security stacks including firewalls, Secure Web Gateways, sandbox analysis, URL Reputation, and phishing detection. HEAT attacks are used as the initial access point to deliver malware or to compromise credentials, which in many cases leads to ransomware attacks.

Ransomware, data and credential theft and other malware are on the rise. Couple this with the Log4J vulnerability, the Lazarus and Conti groups increased attacks targeting web browsers and the result is security teams worldwide facing a nearly non-stop barrage of incidents,” said John Grady, Senior Analyst, ESG. “Tools such as the HEAT Security Assessment can help ensure companies are aware of potential attacks before they have a chance to happen.”

HEAT Security Assessment Toolkit

The HEAT Security Assessment Toolkit provides a lightweight penetration and exposure assessment to help an organization better understand their susceptibility to HEAT attacks.

HEAT attacks are defined by the techniques that adversaries are increasingly using to evade detection by traditional…

Source…