CAMBRIDGE, Mass., Feb. 25, 2015 /PRNewswire/ -- Akamai
Technologies, Inc. (NASDAQ: AKAM), the leading provider of cloud
services for delivering, optimizing and securing online content and
business applications, today released, through the company's
Prolexic Security Engineering & Research Team (PLXsert) in
collaboration with PhishLabs' R.A.I.D (Research, Analysis, and
Intelligence Division), a new cybersecurity threat advisory. The
advisory alerts enterprises and Software-as-a-Service (SaaS)
providers of attackers using Joomla servers with a vulnerable
Google Maps plugin installed as a platform for launching
distributed denial of service (DDoS) attacks. The advisory is
available for download from
www.stateoftheinternet.com/joomla-reflection.
"Vulnerabilities in web applications hosted by
Software-as-a-Service providers continue to provide ammunition for
criminal entrepreneurs. Now they are preying on a vulnerable Joomla
plugin for which they've invented a new DDoS attack and
DDoS-for-hire tools," said Stuart
Scholly, senior vice president and general manager, Security
Business Unit, Akamai. "This is one more web application
vulnerability in a sea of vulnerabilities – with no end in sight.
Enterprises need to have a DDoS protection plan in place to
mitigate denial of service traffic from the millions of cloud-based
SaaS servers that can be used for DDoS."
Vulnerability in Google Maps plugin for Joomla enables DDoS
attacks
A known vulnerability in a Google Maps plugin for
Joomla allows the plugin to act as a proxy. A proxy is an
intermediary server that processes a request and returns the result
on behalf of someone else. The vulnerable Google Maps plugin
allows Joomla servers that use it to be used as a proxy. Attackers
spoof (fake) the source of the requests, causing the results to be
sent from the proxy to someone else – their denial of service
target. The true source of the attack remains unknown, because the
attack traffic appears to come from the Joomla
servers.
With cooperation from PhishLabs' R.A.I.D, PLXsert matched DDoS
signature traffic originating from multiple Joomla sites, which
indicates vulnerable installations are being used en masse
for reflected GET floods, a type of DDoS attack. Observed attack
traffic and data suggest the attack is being offered on known
DDoS-for-hire sites.
PLXsert was able to identify more than 150,000 potential Joomla
reflectors on the Internet. Although many of the servers appear to
have been patched, reconfigured, locked or have had the plugin
uninstalled, others remain vulnerable to use in this DDoS
attack.
Details of a mitigated DDoS attack
PLXsert mitigated a
DDoS attack of this type on behalf of an Akamai customer in
November. The majority of the top attacking IP addresses originated
from Germany. The same IP
addresses that participated in this attack have participated in
DDoS attacks against other Akamai customers in the industries of
hosting, entertainment and consumer goods.
Multi-layered DDoS mitigation protects against reflection
DDoS attacks
Refection-based DDoS attacks of many types are
popular at this time. In the fourth quarter of 2014, Akamai's
PLXsert observed 39 percent of all DDoS attack traffic employed
reflection techniques. Reflection DDoS attacks each take advantage
of an Internet protocol or application vulnerability that allows
DDoS attackers to reflect malicious traffic off a third-party
server or device, hiding their identities and amplifying the amount
of attack traffic in the process.
Cloud-based DDoS attack mitigation can combat this problem to
protect organizations from malicious traffic. Edge-based security
and scrubbing centers stop DDoS attack traffic long before it
affects a client's website or data center.
Get the Joomla Reflection DDoS-for-Hire Threat Advisory to
learn more
In the advisory, PLXsert shares its analysis and
details, including:
- Use of the GET flood in Joomla reflection
- What to look for: Three sample payloads
- Attacks from the DAVOSET DDoS tool
- Attacks from the UFONet DDoS tool
- GET flood requests observed during an attack
- Geographical distribution of source traffic
- Three DDoS mitigation procedures to stop DDoS attacks of this
type
A complimentary copy of the threat advisory is available for
download at www.stateoftheinternet.com/joomla-reflection.
About Akamai
Akamai® is the leading provider of cloud services for
delivering, optimizing and securing online content and business
applications. At the core of the Company's solutions is the Akamai
Intelligent Platform™ providing extensive reach, coupled with
unmatched reliability, security, visibility and expertise. Akamai
removes the complexities of connecting the increasingly mobile
world, supporting 24/7 consumer demand, and enabling enterprises to
securely leverage the cloud. To learn more about how Akamai is
accelerating the pace of innovation in a hyperconnected world,
please visit www.akamai.com or blogs.akamai.com, and follow @Akamai
on Twitter
About PhishLabs
PhishLabs is the leading provider of cybercrime protection and
intelligence services that fight back against online threats and
reduce the risk posed by phishing, malware, distributed
denial-of-service (DDoS) and other cyber-attacks. The company
fights back against cybercrime by detecting, analyzing and
proactively dismantling the systems and illicit services
cybercriminals depend on to attack businesses and their customers.
With a fixed-price service model that ensures alignment with client
goals, the company partners with businesses to stop account
takeover attacks, reduce online fraud and prevent the loss of
customer trust.
To learn more about PhishLabs, visit http://www.phishlabs.com or
email info@phishlabs.com
Contacts:
Rob Morton
Media Relations
617-444-3641
rmorton@akamai.com
Tom Barth
Investor Relations
617-274-7130
tbarth@akamai.com
Logo - http://photos.prnewswire.com/prnh/20100225/AKAMAILOGO
To view the original version on PR Newswire,
visit:http://www.prnewswire.com/news-releases/ddos-for-hire-preys-upon-saas-apps-such-as-joomla-300040641.html
SOURCE Akamai Technologies, Inc.