Story image

New report reveals hackers weaponising old vulnerabilities

23 Aug 2017

Akamai has released the findings of its Q2 2017 State of the Internet – Security Report, examining the latest trends in distributed denial of service (DDoS) and web application attack traffic around the world.

And surprise surprise, attacks are on the rise once more with one of the main contributors being the PBot DDoS malware, which re-emerged as the foundation for the ‘strongest DDoS attacks seen by Akamai this quarter’.

The number of DDoS attacks in Q2 this year increased by 28 percent quarter over quarter, following three quarters of decline. Akamai says DDoS attackers are more persistent than ever before, after attacking targets an average of 32 times over the quarter – one gaming company was attacked a whopping 558 times or around six times a day on average.

Another concerning finding is Egypt came out as the origin of the greatest number of unique IP addresses used in frequent DDoS attacks with 32 percent of the global share, despite not even being in the top five in the last quarter.

The incidence of Web application attacks increased five percent quarter-over-quarter and 28 percent year-over-year, while SQLi attacks were used in more than half (51 percent) of web application attacks this quarter—up from 44 percent last quarter—generating nearly 185 million alerts in the second quarter alone.

Interestingly, one of the main themes derived from the report is cybercriminals are reverting to old techniques, with Akamai using the quote “everything old is new again”.

In the case of PBot, malicious actors used decades-old PHP code to create a mini-DDoS botnet capable of launching a 75 gigabits per second (Gbps) DDoS attack.

Another entry utilising old techniques was noted by the Akamai Enterprise Threat Research Team’s analysis of the use of Domain Generation Algorithms (DGA) in malware Command and Control (C2) infrastructure.

Although first introduced with the Conficker worm in 2008, DGA has remained a frequently used communication technique for today's malware.

The team discovered that infected networks generated around 15 times the DNS lookup rate of a clean network.

Akamai asserts this can be explained as the outcome of access to randomly generated domains by the malware on the infected networks - because most of the generated domains were not registered, trying to access all of them created a lot of noise.

According to Akamai, when the Mirai botnet was unearthed in September last year, Akamai was one of its first targets and now the platform continues to receive and defend against attacks from the Mirai botnet.

Researchers at Akamai have used the company’s unique visibility into Mirai to study different aspects of the botnet, most specifically in the second quarter, its C2 infrastructure. Akamai research offers a strong indication that Mirai, like many other botnets, is now contributing to the commoditization of DDoS.

“Attackers are constantly probing for weaknesses in the defenses of enterprises, and the more common, the more effective a vulnerability is, the more energy and resources hackers will devote to it,” says Martin McKeay, Akamai senior security advocate.

“Events like the Mirai botnet, the exploitation used by WannaCry and Petya, the continued rise of SQLi attacks and the re-emergence of PBot all illustrate how attackers will not only migrate to new tools but also return to old tools that have previously proven highly effective.”

Security professionals want to return fire – Venafi
Seventy-two percent of professionals surveyed believe nation-states have the right to ‘hack back’ cybercriminals.
Alcatraz AI to replace corporate badges with AI security
The Palo Alto-based startup supposedly leverages facial recognition, 3D sensing, and machine learning to enable secure access control.
Unencrypted Gearbest database leaves over 1.5mil shoppers’ records exposed
Depending on the countries and information requirements, the data could give hackers access to online government portals, banking apps, and health insurance records.
Mozilla launches Firefox Send, an encrypted file transfer service
Mozille Firefox has launched a free encrypted file transfer service that allows people to securely share files from any web browser – not just Firefox.
Ransomware’s decline equals cryptomining’s rise
ESET’s Security Days Conference recently took place to go over the current threat environment and what to look out for next.
IoT and DDoS attacks: A match made in heaven
A10 Network’s Adrian Taylor uses findings from a number of reports to illustrate his point that advances in technology are facilitating cybercrime.
ForgeRock launches Sandbox-as-a-Service to facilitate compliance
The cloud-based testing environment for APIs enables banks to accelerate compliance with Open Banking and PSD2 deadlines.
Cloud application attacks in Q1 up by 65% - Proofpoint
Proofpoint found that the education sector was the most targeted of both brute-force and sophisticated phishing attempts.