Category Archives: DDoS

Most credential abuse attacks against the financial sector targeted APIs

From May 2019 and continuing on until the end of the year, there was a dramatic shift by criminals who started targeting APIs, in an effort to bypass security controls. According to data from Akamai, up to 75% of all credential abuse attacks against the financial services industry targeted APIs directly. According to the report’s findings, from December 2017 through November 2019, 85,422,079,109 credential abuse attacks were observed. Nearly 20 percent, or 16,557,875,875, were against … More

The post Most credential abuse attacks against the financial sector targeted APIs appeared first on Help Net Security.

8.4 million: Number of DDoS attacks researchers saw last year alone

Netscout released the findings of its Threat Intelligence Report for the second half of 2019, which also incorporates insights from its 15th Annual Worldwide Infrastructure Security Report (WISR) survey. The report underscores the proliferation of risks faced by global enterprises and service providers. These organizations must now not only defend IT infrastructures, but also manage risks caused by increased DDoS attacks on customer-facing services and applications, mobile networks, and unsecured IoT devices. “We’ve uncovered some … More

The post 8.4 million: Number of DDoS attacks researchers saw last year alone appeared first on Help Net Security.

12,000+ Jenkins servers can be exploited to launch, amplify DDoS attacks

A vulnerability (CVE-2020-2100) in 12,000+ internet-facing Jenkins servers can be abused to mount and amplify reflective DDoS attacks against internet hosts, Radware researchers have discovered. The vulnerability can also be triggered by a single, spoofed UDP packet to launch DoS attacks against those same vulnerable Jenkins servers, by forcing them into an infinite loop of replies that can’t be stopped unless one of the servers is rebooted or has its Jenkins service restarted. About the … More

The post 12,000+ Jenkins servers can be exploited to launch, amplify DDoS attacks appeared first on Help Net Security.

The frequency of DDoS attacks depends on the day and time

Multivector and cloud computing attacks have been rising over the last twelve months, according to Link11. The share of multivector attacks – which target and misuse several protocols – grew significantly from 46% in the first quarter to 65% in the fourth quarter. DNS amplification most popular for DDoS attackers DNS amplification was the most used technique for DDoS attackers in 2019 having been found in one-third of all attacks. The attackers exploited insecure DNS … More

The post The frequency of DDoS attacks depends on the day and time appeared first on Help Net Security.

Massive DDoS attack brought down 25% Iranian Internet connectivity

Iran comes under cyber-attack again, a massive offensive brought down a large portion of the Iranian access to the Internet.

Iran infrastructures are under attack, a massive cyberattack brought down a large portion of the Iranian access to the Internet, according to the experts the national connectivity fell to 75%.

The NetBlocks internet observatory, which tracks disruptions and shutdowns, observed yesterday (February 8, 2019) a massive outage of the country’s connectivity to the Internet

According to NetBlock, the connectivity issue was observed after the Iranian Government has deployed the “Digital Fortress” (also known as D DEZHFA/Dejfa) which is the national cyber shield.

“Network data from the NetBlocks internet observatory confirm extensive disruption to telecommunication networks in Iran on the morning of Saturday, 8 February 2020 lasting several hours.” reads a post published by NetBlocks.

“Network data show a distinct fall in connectivity with several of Iran’s leading network operators from approximately 11:45 a.m. local time (08:15 UTC) affecting cellular and fixed-line operators. Partial recovery was observed one hour after the initial shutdown but other networks returned some seven hours after the incident onset. National connectivity fell to a low point of 75% of ordinary levels for a period during the morning.”

In December 2019, the Iranian telecommunications minister Mohammad Javad Azari Jahromi, announced that the Islamic Republic had recently thwarted a “highly organized cyber attack” targeting its government infrastructure.

In October 2019, addressing the Munich Security Conference (MSC) Cyber Security Summit in Qatar, Azari Jahromi said his country’s cybersecurity project codenamed Digital Fortress (Dejfa) deterred 33 million cyberattacks in 2018.

According to the experts, the Internet outage suffered yesterday by Iran had impacted some network operators. ICT ministry officials confirmed that the Digital Fortress system repelled a Distributed Denial of Service (DDoS) attack.

Technical data confirm that networks were disabled while the country’s infrastructures were under attack.

A spokesperson for Iran’s Telecommunication Infrastructure Company, confirmed via Twitter that a DDoS attack had been “normalized” with the “intervention of the Dzhafa Shield.”

While NetBlocks pointed out that the observation is consistent with a targeted disruption, the Financial Tribune revealed that there is no evidence that the attack was launched by a nation-state actor.

“No sign of state sponsorship of the attack has been detected yet.” Bonabi told Financial Tribune.

“The attack’s sources and destinations were highly distributed. Spoofed source IPs from East Asia and North America were used in the DDoS attack,”

Iran has faced multiple network disruptions in recent months, in some caused the problems were caused by internal factors.

In December Iran telecommunications minister announced that for the second time in a week it has foiled a cyber attack against its infrastructure.

In November 2019, after the announcement of the government to cut fuel subsidies, protests erupted in Iran and the authorities blocked access to the internet to prevent the spreading of news, videos, and images online.

Pierluigi Paganini

(SecurityAffairs – Iran, hacking)

The post Massive DDoS attack brought down 25% Iranian Internet connectivity appeared first on Security Affairs.

DDoS Attack Potentially Targeted State Voter Registration Site, Says FBI

The FBI said that a distributed denial-of-service (DDoS) attack potentially targeted a state-level voter registration site. In a Private Industry Notification (PIN) released on February 4, the FBI said that a state-level voter registration and voter information website received a high volume of DNS requests over the period of a month. Those requests were consistent […]… Read More

The post DDoS Attack Potentially Targeted State Voter Registration Site, Says FBI appeared first on The State of Security.

LoRaWAN Encryption Keys Easy to Crack, Jeopardizing Security of IoT Networks

New research from IOActive has found that “blindly” trusting the encryption of the widely adopted device protocol can lead to DDoS, sending of false data and other cyber attacks.

Labour Party DDoS Cyber Attacks

It was just a matter of time before cyberattacks were catapulted into the forefront of the UK 2019 General Election campaign, with two cyber-attacks on the Labour Party in the last two days.


It was reported the Labour Party was targeted by two separate Distributed Denial of Service (DDoS) attacks. Labour have not publically disclosed which of its digital systems were targetted by the DDoS attacks, but it is understood cyber attacks impacted the speed of their election and campaigning tools on Monday.

A Labour spokeswoman said: “We have ongoing security processes in place to protect our platforms, so users may be experiencing some differences. We are dealing with this quickly and efficiently.” Following reports of a second cyber-attack, a Labour Party spokesperson said: "We have ongoing security processes in place to protect our platforms, so users may be experiencing some differences. We are dealing with this quickly and efficiently."

The National Cyber Security Centre (NCSC) has warned all political parties about the high likelihood of being targeted with cyberattacks during elections for years. An NCSC spokesman said the Labour Party followed the correct procedure and notified them swiftly of Monday's cyber-attack, adding: "The attack was not successful and the incident is now closed".

Despite the apparent 'failure' of this attack, it raises important questions around the security of data ahead of the vote: Who is behind this attack? What is the intended outcome? Do political parties have the required level of security to ward off nation-state hackers?

A Labour source said the attacks came from computers in Russia and Brazil, but given it was a DDoS attack, that attack source is likely from 'zombie' controlled computers, so the countries cited as generating the network traffic on mass against the Labour Party IT systems have no bearing on who the culprit behind the attacks is. The DDoS attacks such as these can be orchestrated from any part of the world, so the culprit could be anyone from a nation-state offensive cyber team to a bored 14-year-old kid sat in a bedroom.


DDoS Cyber Attack Explained
Zombie Computers
A zombie computer is where malware with ‘command and control software” has inflected a computer, which allows the computer to be remotely controlled by a hacker over the internet to perform malicious tasks. Computer users are typically unaware their computer is infected and is being controlled. Where hackers infect and control computers on mass over the internet, it is known as a botnet.

Botnets can have tens and even hundreds of thousands of computers remotely controlled by a hacker. Such botnets are used to send spam and phishing emails, and to perform Distributed Denial of Service DDoS) attacks. A DDoS attack is where a hacker instructs computers within the botnet to send network traffic to a website or server, at the same time, to flood server(s) with so much network traffic the server or website is unable to provide a service or function.


Terry Greer-King, VP EMEA at SonicWall said, "This morning’s ‘failed’ cyber attack on the Labour Party underscores the fact that we are living in an era where political attacks are business as usual for cybercriminals. Breaching a political organisation for the purpose of compromising personal information or even blackmail tampers with the political fabric of a nation and potentially tampers with democratic processes."

Greer-King stated "Despite the apparent 'failure', today's attack once again raises important questions around the upcoming election. Any vulnerabilities within political parties will be ruthlessly exploited, hindering and possibly manipulating their information and systems. Today’s trustworthy security solutions should empower government agencies and political parties, like Labour in this instance, to consistently meet cybersecurity safeguarding requirements and procedures, and implement layered security solutions to block attackers at every step of the way."

Tom Kellermann, Head Cybersecurity Strategist at VMware Carbon Black said "The UK government should be lauded for its ability to successfully thwart an attack campaign targeting its digital platforms. It’s clear the west is under siege as a new Cold War continues to emerge in cyberspace. 

Nation-state-backed hackers have often taken advantage of divisive issues like Brexit to undermine democratically elected governments and cooperative international coalitions like NATO and the EU. It’s hard to think this attack is the last that will target the UK. In turn, the US should see these cyberattacks as a prelude for what may come in 2020.”

Anthony Webb, EMEA Vice President at A10 Networks said “Distributed denial of service (DDoS) attacks present one of the most dangerous forms of cyber threat for political parties and can cause serious reputational and financial damage. This is especially prominent during a General Election campaign when the party will be engaged in influencing voters, thus widening their cyber footprint. The UK Labour Party has suffered two DDoS attacks in quick succession, indicating that similar, future attacks are likely.

While the political parties participating will be on-guard following this latest attack, they all must be prepared for even more sophisticated, multi-vector application layer attacks throughout the remainder of the election period, that could seriously undermine their campaign.

An always-on DDoS protection system between the open web and servers is essential. Network security professionals need to embrace an extensible and adaptable position to detect both application and network attacks. The choice of defensive policy will be determined by the size of the enterprise and its resources. But as the number of high-profile campaign blackouts skyrockets, it’s worth reassessing expenditure and risk levels to combat these threats.

Ultimately, key political parties that cannot ensure that their campaign communication channels are continuously available, risk severely damaging their election campaigns – and may appear untrustworthy in the eyes of constituents. The key is to be prepared: the question is not if but when an attack will come. As we’ve seen in the last three years, cyber-attacks are now commonplace when nationwide elections or referendums are taking place.”

Top 6 Plesk Security Extensions You Should Consider for Website Security

As one of the most popular hosting platforms alongside cPanel, Plesk provides a variety of security extensions for its users. Each Plesk security extension boosts their own unique features, meant to fully protect your website, server, email, and network from potential threats.

Some extensions on Plesk require advanced system administration, so it’s important that you choose the right security tools based on your knowledge and experience — as not all security extensions are created equal. 

While Plesk offers a range of security tools such as malware scanners or ransomware protection software, this blog post will focus on security extensions that are available on Plesk that provide protection against web application attacks and DoS and DDoS attacks. 

These types of web threats directly affect web applications and can result in your websites going offline. In this case, customers and visitors are denied access to your information and commercial services, which will negatively impact your business’s bottom line.

Take a look below at some of the most popular security extensions available on Plesk and how they can help prevent web attacks as well as their potential shortcomings. 

BitNinja

BitNinja specializes in server security; their Plesk security extension is designed to effectively eliminate threats from your Linux servers. The security extension is also meant to save you from having to perform any configurations and spend long hours of troubleshooting.

Because BitNinja’s security extension is equipped with DoS mitigation and a WAF (web application firewall), they protect against web application and DDoS attacks. Their DDoS mitigation works based on TCP based protocols, but instead of permanently blocking the IP source they “greylist” the attacker IP.

On the WAF side, they analyze incoming traffic to your server based on different factors and stops attacks against the applications running on your server. They utilize the same WAF model used by Cloudflare and Incapsula. More specifically, for their reverse proxy engine, they use Nginx, WAF engine by ModSecurity, and a ruleset from the OWASP. One downside to BitNinja is that they are unable to constantly update and finetune the WAF ruleset or implement other rulesets in real time. 

Variti DDoS

The Variti DDoS security extension focuses on protection against DoS and DDoS attacks. They do this by allowing incoming web traffic to pass through a distributed network of filtering nodes. Then, traffic is analyzed in real time and classified as either legitimate or illegitimate. Upon detection of a threat, their Active Bot Protection (ABP) technology immediately blocks this malicious traffic with a response time of less than 50 ms.

Because of this bot protection technology, Variti is able to distinguish traffic between real users and bots, including those coming from the same IP address. Thus, they can also protect against both network and application layer DDoS attacks.  Though it doesn’t offer a WAF, Variti is one of the few DDoS protection tools that are available on Plesk. 

ModSecurity

ModSecurity is arguably one of the most well-known WAFs. They support web servers such as Apache on Linux or IIS on Windows, to protect web applications from malicious attacks. ModSecurity works by checking incoming HTTP requests and based on the set of rules applied, ModSecurity either allows the HTTP request to enter the website or blocks it. 

The ModSecurity security extension on Plesk offers both free and paid sets of rules. It includes regular expressions that are used for HTTP requests filtering, but you can also apply custom rulesets. This may require extensive knowledge on WAF rules by the system administrator. For example, you may need to manually switch off certain security rules so maintenance of the rulesets can be a setback for those who are looking for a more hands-off WAF.

Furthermore, there have also been cases where customers experience ModSecurity blocking legitimate requests too when too many rules are applied. 

Cloudflare Servershield 

The Cloudflare Servershield security extension is intended to protect and secure your servers, applications and APIs against DoS/DDoS and other web attacks. While the security extension is primarily used to speed up websites, Cloudflare Servershield also offers WAF and DDoS protection.

Cloudflare’s WAF option and its rulesets can only be enabled on their paid plans – more specifically the Cloudflare Servershield Advanced extension on Plesk. Cloudflare’s WAF uses the OWASP Modsecurity Core Rule Set to inspect web traffic and block illegitimate requests. These OWASP rules are supplemented by Cloudflare’s built-in rules that you can apply with the click of a button. 

As part of their free plan, Cloudflare provides unlimited and unmetered mitigation of DDoS attacks, regardless of the size of an attack.

Imunify360

Imunify360 takes a multi-layered approach when it comes to server security. This security extension combines an advanced firewall, WAF, IDS/IPS, and more. Their advanced firewall is also powered by a machine learning engine. They take a proactive defense to preemptively stop all malware and identify potential attacks on your server. 

Their WAF protects web servers from multiple threats, such as DoS attacks, port scans, and distributed brute force attacks. Their WAF also relies on ModSecurity and is automatically installed on certain versions of Imunify360. Because other third-party ModSecurity vendor’s rulesets may be installed (for example, OWASP or Comodo), these rulesets can generate a large number of false-positives and may duplicate Imunify360’s rulesets.

You will need to manually disable other third-party ModSecurity vendors on different hosting panels.

Cloudbric

To simplify the management of website security, Cloudbric’s cloud-based WAF is integrated with the Plesk platform. The Cloudbric WAF extension also includes DDoS protection and SSL certificate renewal automation at no extra cost. 

Instead of painfully blocking the customer’s IP address individually to keep DDoS attacks under control, Cloudbric blocks these huge amounts of traffic before it reaches the site. Cloudbric’s advanced DDos protection ensures your website stays up and running. 

The Cloudbric WAF is designed to install and work with as little human interaction as possible. We handle the security so that customers don’t have to. Unlike ModSecurity which maintains a library of malicious patterns, known as signatures, Cloudbric takes it up a notch by also implementing signature-less detection techniques into the WAF engine. 

Additionally, unlike the rules of ModSecurity that are updated once per month, Cloudbric’s WAF does not require signature updates. 

This signature-less detection technology can also identify and block modified and new web application attacks. Cloudbric’s WAF engine includes 27 unique pre-set rules and AI capabilities to create an advanced threat detection engine to accurately detect and block attacks. 

If your company is dependent on online traffic for business, then protection against DDoS and web application attacks is a must. 

For Plesk users, there are a variety of security extensions to choose from to make the management of security extremely easy for web managers, designers, system administrators, and other web professionals – it all depends on your security needs and whether you are looking for fully managed services or customization. 

If you need assistance with Cloudbric’s plesk extension email us at support@cloudbric.com.

The post Top 6 Plesk Security Extensions You Should Consider for Website Security appeared first on Cloudbric.