2013年11月14日星期四

Server-based botnet attacks and encryption layer

[ REVIEW ] Radware recently released 2012 annual report global applications and network security. In monitoring the global network environment, Radware researchers found a series of new criminals attack. These attacks in today's increasingly intelligent and increasingly covert Distributed Denial of Service (DDoS) attacks based. In this report, Radware pointed server-based bonnet attacks and encryption layer DDoS attacks for enterprise networks, two new tools, since September 2012 continues to this day, these two new attacks are attacks on the U.S. financial institutions intruders frequently use.
Hardware recently released 2012 annual report global applications and network security. In monitoring the global network environment, Radware researchers found a series of new criminals attack. These attacks in today's increasingly intelligent and increasingly covert Distributed Denial of Service (DDoS) attacks based. In this report, Radware pointed server-based bonnet attacks and encryption layer DDoS attacks for enterprise networks, two new tools, since September 2012 continues to this day, these two new attacks are attacks on the U.S. financial institutions intruders frequently use.
2012 annual reports of global application and network security for real-time active monitoring by the Radware and mitigate attacks Emergency Response Team (ERT) written. ERT team of experts noted that in the security agencies of the major energy and attention focused on the security and defense of the " pre-attack defense " and " after the attack to make up for " these two stages, the attacker turned to the launch last several days or even weeks long attack strategy. As defenders of so-called "attack in progress" at this stage often lack effective means to mitigate attacks and resources, thereby exposing a series of weak security blind spot, the attacker is to use this stage to attack the security blind spots create trouble.
hardware CTO Avi Chesla expressed : "Radware emergency response team to monitor the hundreds of cases every year, the DoS / DDoS attacks , through the analysis found that more than a week of sustained attack attack frequency doubled year on year in 2012 by combined with practical experience and research of statistical data , our ERT team released this for the entire security community are quite enlightening security trends report . "Chsela further stressed:" Our ultimate goal is to provide all kinds of organizations can detect and mitigate such attacks intelligent solutions, in order to ensure that the enterprise network infrastructure from the threat of such attacks. "
Security Summary Report
Server-based bonnet DDoS attacks in a new and more dangerous attacks. From a single server attacks shift to multiple servers in different geographic locations to attack , this attack could allow an attacker to not only quickly and effectively than ever before launching DDoS attacks more powerful , but also through the use of server 24 × 7 availability, attacker will gain greater control and command capabilities , only a small amount of attack server can generate a large number of bbonnetclients with the same attack traffic. Hardware is expected that this attack in 2013 will be more widely adopted. In response to this trend, companies need to ensure their own defense system able to withstand the attack traffic exponentially. Meanwhile, some of the weak points of network defense need to be found and confirmed.
Lasts longer than a week the number of DDoS and DoS attacks doubled in 2012. Hardware Emergency Response Team presents advanced persistent threat (APT) indicators to measure the year 2012 the growing intensity of the attacks a variety of attacks, intelligence and persistence. Statistics are startling -58 % attack in complexity got 7 or higher score ( out of 10 ) , compared to the figure in 2011 only 23% ; terms on the severity of the attack , in 2011 , only 30 % of the attacks scored more than three levels, while in 2012 , 70% of the attack to score three points or higher.
Difficult to detect the encryption layer attacks cannot be ignored. In 2012, the https-based attacks began increasingly common, and are adding a new security dimension. Although encryption layer close contact with the Web security, hackers have successfully encryption layer is used as a weapon, use it to launch applications and SSL attacks that can evade detection and continuous hidden until the attacker objects have a serious impact. For HTTPS, highly dependent on financial services and e-commerce sites, such attacks disturbing.
In today's security environment, many organizations in security and defense capability are clearly insufficient. 2012, the world's largest financial institutions, repeated cyber attacks. Many financial corporate security defenses have been at a disadvantage. In fact, less than a quarter of respondents in the attack occurs to find ways to mitigate attacks - which is precisely what hackers use this is it. In 2013 , Radware recommends that companies invest resources to build an attack can be implemented at all stages of the dynamic response , treatment continued security attacks "security war room ," and prior to the attack , and attack after attack in the three stages have security measures , rather than just before and after the attack in the attack two stages to take preventive measures .
Attack "DIY" phenomenon. Specializes in providing a variety of hacking techniques "DIY" website flooding the market has reached a commercial scale. Supply chain includes only rarely for anyone coding toolbox and rental services, or advanced hacking skills, just $ 10 you can get a ransom Trojan attack tools. This greatly reduces the individual or hackers attack threshold

没有评论:

发表评论