February 16, 2021
Cybercriminals are constantly on the lookout for means and methods to make attacks more destructive. In Q4 2020, Citrix ADC (application delivery controller) devices became one such tool, when perpetrators abused their DTLS interface. The DTLS (Datagram Transport Layer Security) protocol is used to establish secure connections over UDP, through which most DNS queries, as ... February 16, 2021
The number of DDoS attacks on Russian online retailers nearly doubled in 2020 compared to the previous year, the Rostelecom-Solar cyber security company said in a statement.
“Online retail business has been in the focus of cyber criminals for several years. However, as customer demand for online retail services grew amid coronavirus restrictions, they became even ... February 15, 2021
The servers of British cryptocurrency exchange EXMO were taken offline temporarily after being targeted in a distributed denial-of-service (DDoS) attack.
“We are currently experiencing a DDoS attack on our platform,” the exchange said in a notification published earlier today.
“Please note that the EXMO exchange website is now under the DDoS attack. The servers are temporarily unavailable.”
In ... January 24, 2021
Another ransomware gang is now using DDoS attacks to force a victim to contact them and negotiate a ransom.
In October 2020, we reported that ransomware gangs were beginning to utilize DDoS attacks against a victims’ network or web site as an extra tool to force them to pay a ransom. At the time, the two ... January 21, 2021
Windows Remote Desktop Protocol (RDP) servers are now being abused by DDoS-for-hire services to amplify Distributed Denial of Service (DDoS) attacks.
The Microsoft RDP service is a built-in Windows service running on TCP/3389 and/or UDP/3389 that enables authenticated remote virtual desktop infrastructure (VDI) access to Windows servers and workstations.
Attacks taking advantage of this new UDP reflection/amplification ... January 18, 2021
A hacked insulin pump is the last thing a diabetic wants to worry about when life-saving fluids are pumped into their body. Sadly, concerns about medical device IT security are a healthcare reality.
Last year, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued more than a half-dozen warnings tied to connected drug pumps alone. Vulnerabilities ... November 30, 2020
In 2016, Dyn, a provider of managed DNS servers, was the victim of a massive DDoS attack that crippled the company’s operations and took down domain-name-resolving operations for more than 175,000 websites.
While some sites managed to stay up by activating a redundancy and switching DNS resolving to secondary servers, many websites were not prepared and ... October 28, 2020
Q3 was relatively calm from a DDoS perspective. There were no headline innovations, although cybercriminals did continue to master techniques and develop malware already familiar to us from the last reporting period. For example, another DDoS botnet joined in the assault on Docker environments. The perpetrators infiltrated the target server, created an infected container, and ... October 21, 2020
A month after details were published about three severe vulnerabilities in a type of server used to manage fleets of mobile devices, multiple threat actors are now exploiting these bugs to take over crucial enterprise servers and even orchestrate intrusions inside company networks.
The targets of these attacks are MDM servers from software maker MobileIron.
MDM stands ... October 16, 2020
The Google Cloud team revealed today a previously undisclosed DDoS attack that targeted Google service back in September 2017 and which clocked at 2.54 Tbps, making it the largest DDoS attack recorded to date.
Damian Menscher, a Security Reliability Engineer for Google Cloud, said the 2.54 Tbps peak was “the culmination of a six-month campaign” that ... October 14, 2020
In October 2020, during Microsoft’s Patch Tuesday, a security update (CVE-2020-16898) addressed a critical vulnerability discovered in IPv6 Router Advertisement Options (called “DNS RA options”). This vulnerability resides within the Windows TCP/IP stack that is responsible for handling RA packets. Current exploitation leads to a Denial of Service (DoS) with the possibility of remote code ...