TMCnet News
DDoS-for-Hire Preys Upon SaaS Apps such as JoomlaCAMBRIDGE, Mass., Feb. 25, 2015 /PRNewswire/ -- Akamai Technologies, Inc. (NASDAQ: AKAM), the leading provider of cloud services for delivering, optimizing and securing online content and business applications, today released, through the company's Prolexic Security Engineering & Research Team (PLXsert) in collaboration with PhishLabs' R.A.I.D (Research, Analysis, and Intelligence Division), a new cybersecurity threat advisory. The advisory alerts enterprises and Software-as-a-Service (SaaS) providers of attackers using Joomla servers with a vulnerable Google Maps plugin installed as a platform for launching distributed denial of service (DDoS) attacks. The advisory is available for download from www.stateoftheinternet.com/joomla-reflection. "Vulnerabilities in web applications hosted by Software-as-a-Service providers continue to provide ammunition for criminal entrepreneurs. Now they are preying on a vulnerable Joomla plugin for which they've invented a new DDoS attack and DDoS-for-hire tools," said Stuart Scholly, senior vice president and general manager, Security Business Unit, Akamai. "This is one more web application vulnerability in a sea of vulnerabilities – with no end in sight. Enterprises need to have a DDoS protection plan in place to mitigate denial of service traffic from the millions of cloud-based SaaS servers that can be used for DDoS." Vulnerability in Google Maps plugin for Joomla enables DDoS attacks With cooperation from PhishLabs' R.A.I.D, PLXsert matched DDoS signature traffic originating from multiple Joomla sites, which indicates vulnerable installations are being used en masse for reflected GET floods, a type of DDoS attack. Observed attacktraffic and data suggest the attack is being offered on known DDoS-for-hire sites. PLXsert was able to identify more than 150,000 potential Joomla reflectors on the Internet. Although many of the servers appear to have been patched, reconfigured, locked or have had the plugin uninstalled, others remain vulnerable to use in this DDoS attack. Details of a mitigated DDoS attack Multi-layered DDoS mitigation protects against reflection DDoS attacks Cloud-based DDoS attack mitigation can combat this problem to protect organizations from malicious traffic. Edge-based security and scrubbing centers stop DDoS attack traffic long before it affects a client's website or data center. Get the Joomla Reflection DDoS-for-Hire Threat Advisory to learn more
A complimentary copy of the threat advisory is available for download at www.stateoftheinternet.com/joomla-reflection. About Akamai Akamai® is the leading provider of cloud services for delivering, optimizing and securing online content and business applications. At the core of the Company's solutions is the Akamai Intelligent Platform™ providing extensive reach, coupled with unmatched reliability, security, visibility and expertise. Akamai removes the complexities of connecting the increasingly mobile world, supporting 24/7 consumer demand, and enabling enterprises to securely leverage the cloud. To learn more about how Akamai is accelerating the pace of innovation in a hyperconnected world, please visit www.akamai.com or blogs.akamai.com, and follow @Akamai on Twitter About PhishLabs PhishLabs is the leading provider of cybercrime protection and intelligence services that fight back against online threats and reduce the risk posed by phishing, malware, distributed denial-of-service (DDoS) and other cyber-attacks. The company fights back against cybercrime by detecting, analyzing and proactively dismantling the systems and illicit services cybercriminals depend on to attack businesses and their customers. With a fixed-price service model that ensures alignment with client goals, the company partners with businesses to stop account takeover attacks, reduce online fraud and prevent the loss of customer trust. To learn more about PhishLabs, visit http://www.phishlabs.com or email [email protected] Contacts: Rob Morton Tom Barth Logo - http://photos.prnewswire.com/prnh/20100225/AKAMAILOGO To view the original version on PR Newswire, visit:http://www.prnewswire.com/news-releases/ddos-for-hire-preys-upon-saas-apps-such-as-joomla-300040641.html SOURCE Akamai Technologies, Inc. |