DDoS Mitigation

Reflection on Detection of Encrypted Malware Traffic

July 29, 2021 | Jie Ji

The Internet has become an indispensable part of our lives, and it is of vital importance to work out how to guarantee the security of users’ sensitive information and privacy in cyberspace. Most of the Internet traffic is encrypted with Transport Layer Security (TLS), which cannot guarantee absolute security. Malware has been seen to use […]

Cloud DPS – Optimization for a Managed Security Service Customer

July 27, 2021 | Jie Ji

Today DDoS attacks are continuing to increase in frequency, volume and duration to affect a business’s continuity and reputation. DDoS mitigation capability has become the top priority for CIO/CISOs in Enterprise, Internet content providers and government, while they may have to face the challenge of finding sufficient experienced security professionals to build, maintain and operate […]

A Look into Source Code of Paradise Ransomware, a “Custom-Built” Virus – 2

July 20, 2021 | Jie Ji

2. Encrypter: DP_Main 2.2 Self Copy and Automatic Running at Startup The program copies itself to %APPDATA%/DP/DP_Main.exe, and modifies the registry for automatic running at startup. 2.3 Deletion of Volume Shadow Backups The program uses CMD command parameters to delete volume shadow backups. 2.4 Upload of Encryption Information After obtaining disk information, the program begins […]

A Look into Source Code of Paradise Ransomware, a “Custom-Built” Virus – 1

July 16, 2021 | Jie Ji

Event Overview Recently, NSFOCUS CERT, through ongoing monitoring, found that the source code of the Paradise ransomware was leaked. Since data encrypted by Paradise cannot be decrypted now, the source code, if widely spread over the Internet, may cause a lot of trouble. Paradise had its source code leaked on a Russian hacker forum on […]

2020 DDoS Attack Landscape Report – 4

July 8, 2021 | Jie Ji

Key Findings – 5 The Number of DDoS Attacks on Healthcare, Education, and Government Sectors Increased Significantly During the COVID-19 Pandemic The healthcare sector suffered more DDoS attacks during the COVID-19 pandemic than previous years. According to statistics2, the number of attacks in each month in 2020 H2 increased year on year, with March and […]

Case Study: A 400G DDoS Attack Event Captured By NSFOCUS in Hong Kong S.A.R.

July 6, 2021 | Jie Ji

Event look back A NSFOCUS Cloud DPS customer with their servers located in Hong Kong SAR has encountered a series of mass DDoS attacks lasted for four (4) days, from June 20th to 24th. The attackers managed to create serval spikes including the biggest one reaching 399.2 Gbps and followed by another at 360 Gbps. […]

Recommendations on Protection Against Random Subdomain Attacks

July 2, 2021 | Jie Ji

What is a Random Subdomain Attack? A Random subdomain attack is also known as a pseudo-random subdomain (PRSD) attack due to the use of pseudo-random algorithms. A PRSD attack is an approach of double attack against both DNS caching servers of Internet service providers (ISPs) and local authoritative servers of customers. During such an attack, […]

2020 DDoS Attack Landscape Report – 3

June 23, 2021 | Jie Ji

Key Findings – 4 DDoS Protection Techniques Need to Continue to Evolve with Emergence of New Attack Vectors NXNSAttack, a new vulnerability in DNS, can be exploited to launch massive DDoS attacks In May 2020, Israeli researchers reported a new DNS server vulnerability and dubbed it NXNSAttack. This vulnerability exists in DNS’s recursive resolution process. […]

Why only have the Gi-FW and GTP inspection isn’t enough for 5G security?

June 18, 2021 | Jie Ji

Written By: Bruno CarvalhoSystem Engineer UK & Western Europe Firstly, to become this information clearer is interesting to answer the question…What is GPRS Tunneling Protocol (GTP)? GPRS Tunneling Protocol (GTP) is a 2.5G technology that provides interconnection between various network interfaces, enabling mobile users to roam seamlessly between networks of different generations. The GTP protocol […]

NSFOCUS Protected an IDC Customer Against Volumetric Mixed DDoS Attacks

June 11, 2021 | Jie Ji

ABOUT CUSTOMER Based in APAC, company A provides comprehensive IDC services for the world’s top 500 as well as many small and medium enterprises. Other than server rental and hosting, company A also cooperates with NSFOCUS to provide server rental service with advanced protection against DDoS attacks. The investment in DDoS protection not only protects […]