Tag: DDoS
The Mozi botnet has been documented as able to conduct HTTP, TCP, UDP, and other attacks. More information can be found in the April 2024 Sensor Intel Series article. [back to top] And Another Step Back: Emerging DDoS Attack Vectors HTTP/2 Abuse The relatively new HTTP/2 protocol (new in internet terms, since the protocol is…
Read MoreWeb Application Security Our biggest research story of the year was our 2019 Application Protection Series, which focused on looking at an entire year of application-related breaches as well as a year of global web attack traffic. In that story, we noted how PHP vulnerabilities comprise 81% of the attack traffic, much of it…
Read MoreIn the beginning, attackers built their own botnets by scanning the Internet for vulnerable devices and then compromising them with malware that enabled attackers to remotely control the bots. Sadly, attackers don’t even need to build botnets anymore; they can rent DDoS-for-hire botnets from operators who charge very little money for short-term (but effective) attacks.…
Read MoreThe Largest DDoS Attack of 2021 So Far The largest attack the SOC team encountered over the past 15 months came in February 2021 and targeted a technology company that provides information security services for gaming and gambling organizations. The onslaught peaked at 500 Gbps, or half a terabit per second. Threat actors, possibly disgruntled…
Read MoreThe sector with the largest single attack in 2021, however, was ISP/Hosting, which saw attacks peak at 1.4 Tbps. Where DDoS Attacks Come From Denial-of-service attacks are most frequently launched from compromised servers or consumer devices, such as Internet-of-Thing (IoT) products and broadband routers. In producing this report, we made use of data not only…
Read MoreThere are several interesting developments in this plot other than the emphasis on CVE-2018-13379, the vulnerability in the Fortinet SSL VPNs . After growing in prominence to second rank in June and occupying top spot in July and August, CVE-2020-8958 dropped in attack frequency in September to occupy the fourth spot. September was also the…
Read MoreAnother month has passed, which means more sensor telemetry to analyze for attacker targeting trends. October’s data is notable primarily because we detected attackers looking for a handful of interesting vulnerabilities that were recently released or discovered, most notably CVE-2022-41040, one of the Microsoft Exchange zero day vulnerabilities that attackers began to exploit in August…
Read MoreHere we are in April 2023, which gives us another opportunity to see what vulnerabilities attackers were most interested in last month. After receiving a huge amount of attacker attention from November 2022 to February 2023, CVE-2020-8958 has returned to volumes of traffic more consistent with what we’d come to expect over the last year…
Read MoreThe stubborn one-way passage of time means that it is time for another round of vulnerability targeting intelligence. Web attacks in May 2023 had a lot in common with those in April, with eight of the top ten vulnerabilities remaining consistent across the two months. In that vein of continuity, CVE-2020-8958, the Guangzhou GPON router…
Read MoreCommon Non-CVE Traffic It may be easy to conclude from the above figures that even though overall traffic has held steady, CVE exploitation attempts, at least for the CVEs and vulnerabilities we track, has decreased. That’s true, but there is a great deal of traffic that our sensor network sees that is not reflected in…
Read More