Tag: DNS amplification
The security community was just taking a breather because we hadn’t seen a massive DDoS attack since the Mirai thingbot took down Dyn in October 2016 with a 1.2 terabit per second DDoS attack. Yesterday, that world record attack was broken when GitHub was hit with a 1.3 terabit per second DDoS attack.1 This attack…
Read MoreExecutive Summary Like coral reefs teeming with a variety of life, web applications are “colony creatures.” They consist of a multitude of independent components, running in separate environments with different operational requirements and supporting infrastructure (both in the cloud and on premises) glued together across networks. In this report, we examine that series of interacting…
Read MoreIn July 2018, F5 released its first annual Application Protection Report based on the results of an F5-commissioned Ponemon survey of 3,135 IT and security practitioners across the globe. Additional research conducted by Whatcom Community College, University of Washington Tacoma, along with data from White Hat Security and Loryka served to make this one of…
Read MoreWhen this happens, customers are seeing lots of DNS queries from a wide variety of never-seen-before addresses. Often these requests are for nonsensical domains or even ‘localhost’ addresses, as they are bot-generated as with the DNS water torture attack. Sometimes attackers will use large Internet DNS resolvers like Yahoo or Google to reflect their attacks…
Read MoreWhat Does a Typical Brute Force Attack Look Like at a Service Provider? Brute force attack methods vary. It’s not uncommon, for example, for mobile phone service providers to encounter unauthorized online account activity in which an attacker accesses accounts by trying a phone number in combination with a PIN code. These types of attacks…
Read MoreAuthentication Attacks: Growing Every Year Credential stuffing and brute force attacks have been the biggest threats for financial services recently, and the trend shows no sign of slowing. This is unsurprising, given the capability that legitimate credentials represent for attackers. If attackers are able to guess or simply re-use already compromised credentials and gain access…
Read MoreDuring this period, a campaign of blackmail attempts claimed to be from the Russian advanced attacker Fancy Bear. Their attack opened with a small DDoS attack as a demonstration, followed by a payment demand for hundreds of thousands of dollars. Pay up or they will “make sure your services will remain offline until you pay.”…
Read MoreAccounting for the slight dip in 2019, password login attacks account for 32% of all reported SIRT incidents over the past three years. We also saw how they jumped in 2020, so we did a deeper dive into how these kinds of cyberattacks ramped up during the pandemic. Credential Stuffing Attacks at Financial Services Organizations…
Read MoreThe Largest DDoS Attack of 2021 So Far The largest attack the SOC team encountered over the past 15 months came in February 2021 and targeted a technology company that provides information security services for gaming and gambling organizations. The onslaught peaked at 500 Gbps, or half a terabit per second. Threat actors, possibly disgruntled…
Read MoreA wide variety of organizations fall under financial services, including banks of varying sizes, credit unions, insurance companies, government-sponsored financial institutions, stock exchanges, investment funds, payment processors, consumer finance lenders, brokerages, and companies that service the financial sector. We’ll look at all of these and note the differences in the data, starting with the largest…
Read More