With shades of the GoAnywhere attacks, a cyber threat actor linked to FIN11 is leveraging a bug in the widely used managed file transfer product to steal data from organizations in multiple countries. Read More
Related Posts
Cloudflare Observed The Peak DDOS Attack of 201 Million HTTP Requests Per Second
Cloudflare Observed The Peak DDOS Attack of 201 Million HTTP Requests Per Second
DDoS (Distributed Denial of Service) attacks are extremely destructive and alarming since they flood a target’s web services with overwhelming traffic.
This can disrupt or even completely disable:-
Websites
Servers
Networks
This can cause significant financial losses, damage to reputation, and potential security vulnerabilities.
Recently, cybersecurity analysts at Cloudflare observed the DDoS attack of 201 million HTTP requests per second.
Peak DDOS Attack
With one of the world’s largest networks, Cloudflare handles vast data, serving 64 million HTTP requests per second and 2.3 billion DNS queries daily.
Cloudflare prevents 140 billion cyber threats daily, offering valuable insights into DDoS trends.
Attacks against Israeli websites using Cloudflare (Source – Cloudflare)
Lately, there’s been a rise in DDoS attacks against:-
Israeli media sites
Israeli financial sites
Israeli government sites
Palestinian websites
HTTP DDoS attacks target web properties, including mobile apps and e-commerce sites, exploiting HTTP/2 for better performance, which can aid botnets.
An HTTP DDoS attack Cloudflare (Source – Cloudflare)
From late August 2023, Cloudflare and others faced a relentless DDoS campaign, exploiting the CVE-2023-44487 HTTP/2 Rapid Reset vulnerability.
These attacks reached millions of requests per second, averaging 30M rps, with some hitting 201M rps.
Cloud-based botnets using HTTP/2 deliver 5,000 times more power per node, enabling hyper-volumetric DDoS attacks with small 5-20K node botnets, far surpassing previous IoT botnets with millions of nodes, reads the report.
Over two months, the following percentage of attacks were performed:-
19% of attacks hit Cloudflare infrastructure
18% targeted gaming companies
10% went after recognized VoIP providers
The attack campaign caused a 65% QoQ increase in HTTP DDoS attacks, totaling 8.9 trillion requests mitigated by Cloudflare. L3/4 attacks also increased by 14%, driven by large volumetric attacks, with the largest reaching 2.6 Tbps, launched by a variant of Mirai botnet.
Top HTTP DDoS Attack Sources
Here below, we have mentioned all the top HTTP DDoS attack sources:-
United States with 15.78%
China with 12.62%
Brazil with 8.74%
Germany with 7.52%
Indonesia with 5.36%
Argentina, with 3.04%
Russian Federation with 2.73%
India with 2.48%
Egypt with 2.33%
Netherlands with 2.26%
Top Attacked Industries
Here below, we have mentioned all the top attacked industries:-
Gaming & Gambling with 5.41%
Information Technology and Internet with 4.38%
Cryptocurrency with 3.43%
Computer Software with 2.16%
Telecommunications with 1.58%
Marketing & Advertising with 1.43%
Retail with 1.36%
BFSI with 0.33%
Hospitality with 0.20%
Online Media with 0.18%
Cloudflare users with HTTP reverse proxy (CDN/WAF) are shielded from HTTP DDoS attacks. Others, including non-HTTP users and those not using Cloudflare, should adopt automated HTTP DDoS protection.
Protect yourself from vulnerabilities using Patch Manager Plus to patch over 850 third-party applications quickly. Try a free trial to ensure 100% security.
The post Cloudflare Observed The Peak DDOS Attack of 201 Million HTTP Requests Per Second appeared first on Cyber Security News.
Cyber Security News
178,000+ Publicly Exposed Sonicwall Firewalls Vulnerable to RCE Attacks
178,000+ Publicly Exposed Sonicwall Firewalls Vulnerable to RCE Attacks
Due to Sonicwall Firewalls’ widespread usage in organizations, hackers find them to be appealing targets when looking to breach networks.
By taking advantage of security holes in Sonicwall Firewalls, malicious users can get unwanted access to confidential data, make it easier for outsiders to infiltrate networks, and launch several kinds of cyberattacks.
Cybersecurity researchers at Bishopfox recently discovered 178,000 vulnerable Sonicwall firewalls that could be exploited by the threat actors in the wild.
Document
Free Webinar
Fastrack Compliance: The Path to ZERO-Vulnerability
Compounding the problem are zero-day vulnerabilities like the MOVEit SQLi, Zimbra XSS, and 300+ such vulnerabilities that get discovered each month. Delays in fixing these vulnerabilities lead to compliance issues, these delay can be minimized with a unique feature on AppTrana that helps you to get “Zero vulnerability report” within 72 hours.
Sonicwall Firewall Vulnerable to RCE Attacks
SonicWall NGFW series 6 and 7 faces unauthenticated DoS vulnerabilities (CVE-2022-22274, CVE-2023-0656), potentially allowing remote code execution.
However, no wild exploitation was reported, but a POC for CVE-2023-0656 is public. The BinaryEdge data shows 76% of exposed SonicWall firewalls (178,637 of 233,984) vulnerable.
The impact of a widespread attack could be severe as the default SonicOS restarts after a crash, but three crashes lead to maintenance mode.
Cybersecurity analysts analyzed the “CVE-2022-22274” using Ghidra and BinDiff to compare sonicosv binary versions. Leveraged Watchtowr Labs’ analysis and Praetorian’s decryption tool for efficient research.
Besides this, experts identified key code changes in HTTP request handling functions between NSv firmware versions 6.5.4.4-44v-21-1452 and 6.5.4.4-44v-21-1519.
In the vulnerable code, there are two __snprintf_chk() calls that were sequentially used with output from the first determining the second’s arguments.
The changes in the patched version include converting a variable from signed to unsigned, adding bounds checks, and enhancing input/output checks for the second call.
Meanwhile, the “__snprintf_chk()” was crucial as the SonicWall developers assumed its return value equaled characters written and overlooked a discrepancy highlighted in “snprintf()” documentation.
The issue arises with the use of maxlen as a size_t that leads to an integer overflow when subtracting from 1024. The second function specifies writing an excessively large amount of data into a small 1024-byte buffer which helps bypass overflow protection due to maxlen being set to the maximum 64-bit unsigned integer value.
This hints at developers writing code with snprintf() that enables overflow protection at compile time, causing a mismatch with __snprintf_chk() and resulting in strlen being set to the maximum value.
Patched firmware adds a check between snprintf() calls, ensuring the first’s return value is under 1024 to restore buffer overflow protection.
If the check fails, then the second function call is skipped, which terminates the request handling without modifying the original calls.
On distinct URI paths, the CVE-2022-22274 and CVE-2023-0656 share the same vulnerability, which could be exploited to crash vulnerable devices.
Here, researchers urged users to perform a secure vulnerability check for deployed SonicWall NGFW devices, and if they found any vulnerable device, then the following two steps are recommended to be taken immediately:-
From public access, make sure to remove the web management interface immediately.
Ensure that the old firmware is upgraded to the latest available version.
At the moment, identifying a target’s firmware and hardware versions is a hurdle for attackers, as the exploit needs customization.
Remote fingerprinting of SonicWall firewalls is not known, making the likelihood of RCE low. However, researchers strongly recommended securing your devices to avoid potential DoS attacks.
Looking for cost-effective penetration testing services? Try Kelltron’s to assess and evaluate the security posture of digital systems – Free Demo
The post 178,000+ Publicly Exposed Sonicwall Firewalls Vulnerable to RCE Attacks appeared first on Cyber Security News.
Cyber Security News
![New Bandook RAT Variant Resurfaces, Targeting Windows Machines](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjldEdWkuCd4yyy3PBv0fBF5a0AcGkmf49ssVCzpBH07nlrh7IrvFBwji9ZvULtpIO3DJQ0Vq3n8wIJobGNzymuJP1xT14btRIewk28KssUuoSw3lyyRkkQrp0qRZ4r5e8Y4Wkm62j1DOskyB_t-bVl09SqZWIY-ZOsrsAPCXN0pRJaLN-TtWqol9jB7q0i/s72-c/windows.jpg)
New Bandook RAT Variant Resurfaces, Targeting Windows Machines
New Bandook RAT Variant Resurfaces, Targeting Windows Machines
A new variant of remote access trojan called Bandook has been observed being propagated via phishing attacks with an aim to infiltrate Windows machines, underscoring the continuous evolution of the malware.
Fortinet FortiGuard Labs, which identified the activity in October 2023, said the malware is distributed via a PDF file that embeds a link to a password-protected .7z archive.
“ Read More
The Hacker News | #1 Trusted Cybersecurity News Site