- 14 May 2010 10:29
Imperva discovers more dangerous DDoS attack threat
SYDNEY, May 14. Imperva, the data security leader, has uncovered a new DDoS attack that appears to be more powerful, more efficient and less traceable than traditional methods.
The new threat was identified by Imperva's lab, the Application Defense Center (ADC). Already the new attack mode has compromised hundreds of web servers by turning them into bots. Unlike typical DDoS attacks that capitalise on bot-infected PCs by using the servers as the attack platforms, the hackers have created a much stronger force. Below are details of the discovery:
What it is: A new type of DDoS attack that has currently infected hundreds of web servers. Unlike traditional DDoS methods that capitalise on bot-infected PCs, the attackers have turned the web servers themselves into payload-throwing bots
How it works: Rather than use the server as a means of distributing DoS malware to PCs, attackers infect the servers themselves with a malicious DoS application. Then, using a simple software program with a dashboard and control panel, the hackers configure the IP, port and duration of an attack. The simply insert a URL they wish to attack, click and go.
Imperva was able to acquire the source code of this application - which consisted of just 90 lines of PHP code - and has screenshots . We've also witnessed an attack as it was taking place and can describe what we saw and what we learned.
Why Imperva believes this is unique:
* Although servers are typically harder to compromise than PCs, by capitalising on their greater horsepower, the hackers create a much more efficient and powerful DDoS tool using servers as the attack platform. Attack volumes are multiplied by the numbers of exploited web servers.
* By using web servers, the attackers are less detectable. Tracebacks typically lead to a lone server at a random hosting company.
About Imperva Imperva, the Data Security leader, enables a complete security lifecycle for business databases and the applications that use them. Over 4,500 of the world’s leading enterprises, government organizations, and managed service providers rely on Imperva to prevent sensitive data theft, protect against data breaches, secure applications, and ensure data confidentiality. The award-winning Imperva SecureSphere is the only solution that delivers full activity monitoring from the database to the accountable application user and is recognised for its overall ease of management and deployment. For more information, visit www.imperva.com.
Media queries Grenadine Lau Imperva Phone: +65.6749 4482 Mobile: +65.9666 1886 Email: Grenadine.Lau@Imperva.com
David Frost PR Deadlines Pty Ltd, for Imperva Phone: +61.2.4341 5021 Mobile: +61 (0) 408 408 210 Email: email@example.com
Sign up now »
- FTJob Title: Mac Systems/ Enterprise Systems EngineerNZ
- FTLead Software EngineerSA
- FT.NET - Sitecore Developer - Melbourne - PermNSW
- FTSenior Python DeveloperNSW
- FTQuality ManagerSA
- FTOS Web Applications DeveloperNSW
- FTTechnical Business AnalystNSW
- FTFlash / ActionScript Developer - ContractNSW
- FTR&D EngineerSA
This report by Tolly tests the system resource requirements of competing vendor solutions when performing on-demand and on-access scanning functions, during distributed definition updates. Click to download how the four ...
The nature of work has changed fundamentally and forever and it continues to evolve rapidly. Geographic distance and ...
"Suggesting that people's "purpose is to get information to flow through the ..."
Why change management doesn’t work
"Darn those pesky laws that get in the way of commercial exploitation ..."
Larry Page wants to see your medical records
"Instead of partitioning the device between corporate and personal data, another approach ..."
Dual-Persona Smartphones Not a BYOD Panacea
"Well that's a nice back-handed compliment isn't it? So now, finally, my ..."
After two-year hiatus, EFF accepts bitcoin donations again
"Actually, both Mobile App developers and CIOs should be blamed for it. ..."
CIOs struggle to deliver timely mobile business apps: survey
- Layered defenses largely fail to block exploits, says NSS
- Researchers warn of increased Zeus malware activity this year
- AusCERT 2013: Four dissenters to spur next year's security debates
- AusCERT 2013: Kill the password, says Mozilla
- AusCERT 2013: Unmanaged, unknown privileged logins opening the door for APTs: Cyber-Ark
- Analytics and personalisation drive leading marketer behaviour: Report
- Innovation and big data take centre stage during CMO panel
- Twitter targets second screen interaction with Amplify advertising partnerships
- Facebook talks hyper-targeting, analytics and cross-platform at AANA event
- Tapping into social experience: Tourism Australia