Microsoft Patches 61 Flaws, Including Two Actively Exploited Zero-Days
Microsoft has addressed a total of 61 new security flaws in its software as part of its Patch Tuesday updates for May 2024, including two zero-days which have been actively exploited in the wild.
Of the 61 flaws, one is rated Critical, 59 are rated Important, and one is rated Moderate in severity. This is in addition to 30 vulnerabilities& Read More
Telegram CEO Pavel Durov’s Arrest Linked to Sweeping Criminal Investigation
French authorities detained Durov to question him as part of a probe into a wide range of alleged violations—including money laundering and CSAM—but it remains unclear if he will face charges. Read More
A Single Iranian Hacker Group Targeted Both Presidential Campaigns, Google Says
APT42, which is believed to work for Iran’s Revolutionary Guard Corps, targeted about a dozen people associated with both Trump’s and Biden’s campaigns this spring, according to Google’s Threat Analysis Group. Read More
Massive DDoS Attacks at 633.7 Gbps Combining ACK, PUSH, RESET, and SYN Packets
DDoS attack evolves with changing tech and attacker motivations, with recent cases involving significant damages and legal consequences.
Recently, the DDoS defense platform of Akamai Prolexic prevented the largest DDoS attack on a major U.S. financial institution’s platform, reaching 633.7 Gbps and 55.1 Mpps.
Security analysts at Akamai reported that this largest DDoS attack lasted for less than 2 minutes, and in this attack, threat actors used the combination of the following flood attack vectors:-
ACK
PUSH
RESET
SYN
Prolexic’s DDoS protection shield platform prevented several record-breaking attacks in Europe and Asia-Pacific, including a 704.8 Mpps spike in September 2022 and a 900.1 Gbps surge in February 2023.
Advanced DDoS protection is crucial for companies in today’s world. Apptrana provides comprehensive coverage against DDoS and Bot attacks, making it highly recommended for businesses to employ.
Malicious Traffic source
Here below, we have mentioned the top malicious traffic sources:-
Bulgaria
Brazil
China
India
United States
Thailand
Russia
Ukraine
Vietnam
Japan
Distribution of peacetime traffic and attack traffic (Source – Akamai)
Moreover, U.S. traffic surged to over twice its usual volume during the attack. DDoS attacks, deliberate and cost-effective, now serve as smokescreens for triple extortion ransomware attacks on vital financial institutions, impacting entire economies.
Attend the Live DDoS Website & API Attack Simulation webinar to gain knowledge on various types of attacks and how to prevent them.
Attack Analysis
From 10-15% historically, DDoS attacks on financial services surged to over 30% since 2021, marking a significant shift in attack patterns once seen primarily in the following sectors:-
Software
Tech
Gaming
Media
Entertainment
Internet
Telecom
Besides this, a surge in deeper reconnaissance threats and attacks on vulnerable assets was noted by the security researchers at Akamai.
However, the recent DDoS attack seems quite different than the usual ones, as in this attack, threat actors directly targeted a major US-based financial institution’s primary web page, aiming to disrupt online banking.
Moreover, Akamai confirmed zero collateral damage due to proactive defense with their global command center partnership. While in today’s high-risk environment, a solid DDoS strategy is crucial and essential.
Recommendations
Here below, we have mentioned all the recommendations provided by the Akamai:-
Make sure to adopt CISA recommendations promptly.
Check all the key subnets and IPs for effective mitigation controls.
Establish continuous DDoS security controls as your initial defense layer.