Data-Deposit-Box-DataDepositBox-Online-Backup-Cloud-Data-Remote-Backup

WOBURN, MA – Dec. 13, 2016 – /BackupReview.info/ — According to the DDOS intelligence report for Q3 2016, Kaspersky Lab experts have noted an emerging trend – a growth in the number of attacks using encryption. Such attacks are highly effective due to the difficulty in identifying them amongst the overall flow of clean requests. Recently, the company encountered yet more evidence of this trend – an attack exploiting vulnerabilities in WordPress via an encrypted channel.

WordPress Pingback attacks have been in use since 2014. They fall under the amplification class of attacks, when the victim’s resource is attacked via third-party servers by exploiting vulnerabilities in them. In the case of WordPress Pingback, the role of the vulnerable server is played by sites created using WordPress CMS (usually blogs) with the Pingback function enabled. This function is designed to automatically send notifications to authors about any activity involving their posts. The attacker sends a specially created HTTP request to these sites with a fake return address – the address of the victim who receives all the responses.

This means it is possible to organize a powerful HTTP GET flood attack without a botnet, making such an attack relatively simple and inexpensive to organize. However, the amplified HTTP GET request has a very specific header – User Agent – which makes such malicious queries easy to detect and block in the overall traffic flow.

Although the recent attack observed by Kaspersky Lab experts used the same method, it differed from a “classic” WordPress Pingback attack in that it was conducted via HTTPS rather than HTTP. The target of the attack – a news resource – turned out to be one of Kaspersky Lab’s customers.

“The use of encryption makes it more difficult to detect an attack and protect against it because it requires traffic decryption to analyze queries to check whether it’s ‘clean’ or ‘junk’,” explains Alexander Khalimonenko, DDoS protection group manager at Kaspersky Lab. “At the same time, such an attack creates a bigger load on the attacked resource’s hardware than a standard attack, because setting up an encrypted connection requires the use of ‘heavy’ mathematics. Another difficulty lies in the fact that modern encryption mechanisms do not allow third-party access to traffic content. In this regard, security solutions will have to reconsider their filtering algorithms in order to protect customers from the growing popularity of DDoS attacks with encryption.”

About Kaspersky Lab
Kaspersky Lab is one of the world’s fastest-growing cybersecurity companies and the largest that is privately-owned. The company is ranked among the world’s top four vendors of security solutions for endpoint users (IDC, 2014). Since 1997 Kaspersky Lab has been an innovator in cybersecurity and provides effective digital security solutions and threat intelligence for large enterprises, SMBs and consumers. Kaspersky Lab is an international company, operating in almost 200 countries and territories across the globe, providing protection for over 400 million users worldwide.

Learn more at www.kaspersky.com

Securelist | Information about Viruses, Hackers and Spam
Follow @Securelist on Twitter

Threatpost | The First Stop for Security News
Follow @Threatpost on Twitter

Media Contact:
Denise Bertrand
781.503.1836
Denise.Bertrand@kaspersky.com

Source: Kaspersky

 

 

General Tags: SaaS, online file storage, online backup services, backing up online, online backup reviews, compare online backups, online backup companies, software as a service, online backup providers directory, data storage, online data backup, top rated online backups, online backup news, online file backup, data security, cloud computing, CEO interviews, online backup

Like us on Facebook




===========================
Do you like this post? Subscribe to our RSS feed ===========================

Sponsored Links:

Data Deposit Box

Asigra



Share/Save/Bookmark

Related posts:

  1. Kaspersky Lab Finds Businesses are Unclear on How to Combat Targeted Attacks and DDoS
  2. Kaspersky Lab Report on DDoS Attacks in Q1 2017: The Lull Before the Storm
  3. Botnet DDoS Attacks in Q3: More Sophisticated, More Europe-Centric
  4. Collateral Damage: 26% of DDoS Attacks Lead to Data Loss
  5. Kaspersky Lab Survey: Half of Companies Put Themselves at Risk by Undervaluing DDoS Countermeasures
  6. Botnet DDoS Attacks in Q1: Decrease in Length, Increase in Number
  7. Kaspersky Lab Research Shows DDoS Devastation on Organizations Continues to Climb
  8. Kaspersky Lab and INTERPOL Survey Reports: 60 Percent of Android Attacks Use Financial Malware
  9. Kaspersky Lab Research Reveals the Cost and Profitability of Arranging a DDoS Attack
  10. Kaspersky Lab Reports: Finance-Related Malware Attacks Rose to 28 Million in 2013

Tags: ,