DDoS Mitigation

WebLogic Multiple Severe Vulnerabilities Threat Alert

May 6, 2021 | Jie Ji

Vulnerability Description On April 21, 2021, NSFOCUS detected that Oracle released the April 2021 Critical Patch Update (CPU), which fixed 400 vulnerabilities of varying risk levels. Seven of these vulnerabilities are severe and easy to exploit and affect WebLogic. Users are advised to take measures without delay to protect against the preceding vulnerabilities. CVE-2021-2135: This […]

Principles and Characteristics of TCP Reflection Attacks

April 28, 2021 | Jie Ji

Produced by: Siqi GUO, Qiwen LUO Increasingly Serious Reflection Attacks Reflection attacks, as nothing new, have become one of the most troublesome and common DDoS attacks and are dominant in bandwidth consumption DDoS attacks. According to NSFOCUS’s latest 2020 DDoS Attack Landscape, reflection attacks made up 34% of all DDoS attacks in 2020. Compared with […]

2020 DDoS Attack Landscape Report – 1

April 20, 2021 | Jie Ji

Executive Summary In 2020, the total number of distributed denial-of-service (DDoS) attacks declined a little compared with 2019, probably attributable to effective governance and enhanced protection capabilities of Anti-DDoS products. Despite this, DDoS attacks intensified during the COVID-19 pandemic, especially for healthcare, government, and education sectors. January to April 2020 was a period when China […]

malware

‘FreakOut’ Malware Analysis – FreakOut Samples

March 16, 2021 | Jie Ji

Produced by: NSFOCUS Security Labs FreakOut samples appearing in the campaign were a typical IRC bot Trojan program written in Python. The Trojan program would connect to IRC channels in hardcoded C&C and act as instructed by C&C to collect information, launch DDoS attacks, interact with shells, and conduct ARP sniffing attacks. Also, it carried […]

malware

‘FreakOut’ Malware Analysis – Groups Behind FreakOut

March 15, 2021 | Jie Ji

Produced by: NSFOCUS Security Labs In early January 2021, NSFOCUS Security Labs captured an unknown malicious program called “out.py” via its real-time data platform, which is usually spread with the domain name “gxbrowser.net”. NSFOCUS Security Labs conducted an in-depth research on the samples and payloads of the malware and compared the malware with NSFOCUS threat […]

Numerous Bank Customers Getting Hooked on SMS Phishing

March 11, 2021 | Jie Ji

Event Overview Since February 2021, NSFOCUS’s emergency response team has found that several provinces in China saw multiple SMS phishing events using fake bank domain names. As these events bear a striking resemblance in the phishing playbook, attack means, and phishing website pages, we can largely determine that these attacks were launched by the same […]

Amplification DDoS Attacks Come Again

February 26, 2021 | Jie Ji

Just in February, another two amplification DDoS attacks caught our attention. They are respectively abusing Plex Media Servers and Powerhouse VPN servers to amplify junk traffic to victims. Abuse Plex Media Server for Amplification Attacks On 3rd February, according to ZDNet, DDoS-for-hire services have found a way to abuse Plex Media servers to bounce junk […]

Information Disclosure-Incurred Asset Compromise and Detection and Analysis

February 4, 2021 | Mina Hao

According to a survey, 25% of internal security incidents are attributed to information disclosure. Attackers, merely through information disclosure, without needing to resort to measures with obvious patterns, like password cracking, can further acquire sensitive information about users and enterprises. It should be noted that this kind of attack method has a high degree of […]

Risk Assessment for Industrial Control Systems

February 2, 2021 | Mina Hao

ICS security professionals should report ICS vulnerabilities to the vendor before attackers discover them and offer the vendor with remediation suggestions, mitigation measures, and security solutions to avoid network attack risks before the vulnerabilities are malicious exploited. Compared with Windows systems, a quite different method is used to assess ICS systems due to their heterogeneity. […]

Annual IoT Security Report 2019-18

January 29, 2021 | Mina Hao

Introduction IoT devices are faced with a great security challenge and their security appears particularly important. On one hand, though IoT devices have had a long existence, legacy IoT devices and their application protocols contain a variety of vulnerabilities due to the ill-conceived security design. On the other hand, as noted in the analysis of […]