DDoS & Application Threat Analysis

Q1, 2022 Executive Summary

The first quarter of 2022 was marked by geopolitic, nation-state and vulnerability-focused cyberactivity.

Following the invasion of Ukraine and the escalation of hybrid warfare, Radware monitored an increase in DoS attacks targeting both the Russian and Ukrainian governments and associated financial institutions. A more significant movement and increase in denial-of-service activity was caused by patriotic hactivism from pro-Ukrainian and pro-Russian activists. The IT Army of Ukraine brought hacking to the masses, including teens, via gamification of denial-of-service attacks, including the playforukraine[.]com website, where in-game achievements are websites you helped disrupt while playing. WordPress websites were breached and injected with malicious code to perform denial-of-service attacks upon loading the webpage. Any visitor of the WordPress-based website becomes an attacking bot, leveraging javascript ‘onload()’ code that starts application-level, denial-of-service attacks targeting a list of websites curated by the authors of the malicious code.

Read the Ukraine/Russian Conflict Threat Advisory ➔

In an act of protest against this conflict, the maintainer of a popular Node.js module called ‘node-ipc’, deliberately sabotaged his module. The module, providing local and remote inter process communication (IPC), is leveraged by many neural network and machine-learning tools. The developer altered his code to deliberately corrupt files on systems running applications that depend on the node-ipc module, but only if the system was geolocated in either Russia or Belarus.

The DeFi (Decentralized Finance) sector became a prime target. Crypto exchanges are facing denial-of-service attacks following the ban of Russian citizens from their crypto exchanges. Crypto exchanges were the target of attacks by North Korean state-sponsored threat actors.

A new vulnerability was discovered in the Java Spring framework, a popular java framework for building online applications. Publicly disclosed the end of March after a Chinese researcher published a proof-of-concept on Github, it exploits a severe vulnerability in the Java Spring framework. Spring4shell was quickly exploited and required businesses to patch applications leveraging the Java Spring framework as soon as possible.

Read the Spring4Shell Threat Advistory ➔

OpIsrael, a yearly operation targeting Israelian businesses and citizens, was nearly nonexistent this year due to Anonymous’ focus on the Russian/Ukrainian conflict. OpsBedil, a hacktivist operation targeting Middle Eastern organizations in 2021, returned this year. OpsBedil is considered the replacement for the now-defunct OpIsrael operations. The new operations were conducted by DragonForce Malaysia and its affiliates throughout Southeast Asia, specifically Malaysia and Indonesia. The current operation, OpsBedilReloaded, is considered a political response to events that occurred in Israel on April 11, 2022 and executed website defacements, sensitive data leaks and denial-of-service attacks that started on April 11th and are ongoing. Based on previous OpsBedil TTPs, attack campaigns can be expected to run through April, May and potentially into June/July timeframe. Hacktivist campaigns like OpsBedil, while nowhere close to as notorious as OpIsrael once was, present a renewed level of risk for the region. Unlike Anonymous, DragonForce Malaysia and its affiliates have the time, the resources and the motivation to execute these attacks and present a moderate-level threat to Israel.

Read the OpsBedil Threat Advisory ➔

Continue Reading...

Radware's DDoS & Application Attack Hub analyzes attack data across three primary categories:

Additional Resources

For additional, detailed analysis of new threats, vulnerabilities and attack vectors as they emerge, view our Threat Intelligence Alerts, or subscribe to our email list to automatically receive these alerts as they’re released.

Threat intelligence and analysis is only the beginning. Learn more about how Radware’s cybersecurity solutions provide state-of-the-art, frictionless security solutions that empower innovation and agility while safeguarding your organization.

Contact Us ➔

 

Threat actors adapt tactics to assault the cloud and micro floods and application-layer DDoS attacks run rampant.

Download the 2021 – 2022 Global Threat Analysis Report to understand:

  • How threat actors are adapting their tactics and techniques to launch “cloud-scale attacks”
  • DDoS and web application attack trends from 2021 and what it means for 2022
  • How threat actors maximized botnet resources in 2021 and are expected to launch record-breaking DDoS assaults in 2022

Download the Global Threat Analysis Report Now