Rewterz Threat Alert – RedLine Stealer – Active IOCs
January 28, 2022Rewterz Threat Alert – DJVU Ransomware – Active IOCs
January 28, 2022Rewterz Threat Alert – RedLine Stealer – Active IOCs
January 28, 2022Rewterz Threat Alert – DJVU Ransomware – Active IOCs
January 28, 2022Severity
High
Analysis Summary
In November of 2021 Microsoft Azure successfully mitigated a 3.47 Tbps DDoS attack which was targeting its customer in Asia. Asian countries have been a target for DDoS attacks especially because of the increased gaming and streaming volumes of the continent. Microsoft also mitigated two 2.4 Tbps attacks which make up the three largest DDoS attacks of 2021. Sources for the attack are global, including the U.S., China, Korea, Thailand, Russia, India, Taiwan, Indonesia, Vietnam, and Iran. Attack vectors include UDP reflection on port 80 using Connection-less Lightweight Directory Access Protocol (CLDAP), Simple Service Discovery Protocol (SSDP), Network Time Protocol (NTP), and Domain Name System (DNS). Together they comprised a single peak and the attack lasted 15 minute overall.
From Microsoft
“The concentration of attacks in Asia can be largely explained by the huge gaming footprint, especially in China, Japan, South Korea, Hong Kong, and India, which will continue to grow as the increasing smartphone penetration drives the popularity of mobile gaming in Asia. In India, another driving factor may be that the acceleration of digital transformation, for example, the “Digital India” initiative, has increased the region’s overall exposure to cyber risks.”
Impact
- Distributed Denial of Service
Remediation
- Implement WAF (Web Application Firewall) for layer 7 (application layer) attacks, nd layer 3 and 4 attacks.
- Implement software or services that will intelligently route your network traffic.
- Network analyzers can detect patterns for DDoS.
- IP reputations, previous data, and attack patterns can be used to help in detection.
- DDoS mitigation services are the way to go for large and small-medium enterprises.