Phishing attacks targeting media websites: Akamai

• Akamai PLXsert's Q3 2014 State of the Internet – Security Report released
• DDoS attacks have ‘gone through the roof’ – 4x increase in size and volume

THE third quarter of 2014 saw not only a massive increase in Distributed Denial of Service (DDoS) attacks, but also the prominence of phishing attacks, according to Akamai Technologies Inc’s Prolexic Security Engineering and Research Team (PLXsert).
 
Multiple phishing attacks targeted Google Enterprise users in order to harvest user credentials and gain access to confidential information.
 
With this information, hacktivists successfully compromised third-party content feeds on popular media websites, such as the Associated Press, CNN, Forbes, The New York Times, and others, sometimes indirectly, Akamai said in a statement in its Q3 2014 State of the Internet – Security Report.
 
The highest profile group of hacktivists targeting third-party content providers is the Syrian Electronic Army, which typically sends emails with a falsified link to a large number of employees in a targeted company or its third-party content provider.
 
Users who click the link are presented with what looks like a login screen to harvest the user's sign-in credentials in a form of identity theft.
 
The Syrian Electronic Army was able to successfully phish credentials from employees and deface the target site or its social media accounts, or deface a target by attacking a third-party content provider.
 
For example, in some cases, a third-party content provider was the one that was successfully phished; by using those credentials, the Syrian Electronic Army was able to get onto the provider’s content delivery network and change the JavaScript code that was sent out to its customers and displayed on its customers’ sites.
 
Some of the content linked to nonsensical articles and others linked to the Syrian Electronic Army website.
 
The Syrian Electronic Army will also sometimes deface a site’s homepage with one of its own. It will often announce that the site has been ‘hacked’ by the Syrian Electronic Army and replace the homepage with its own page and logo.
 
Akamai said it has observed many variations of this page – most will include the national eagle emblem of Syria or the Syrian flag. In one case, the Syrian Electronic Army attacked a third-party content provider and altered the JavaScript on the provider to deface multiple target sites simultaneously.
 
‘Gone through the roof’

The Q3 Internet security report also noted a 22% increase in total DDoS attacks and a whopping 389% increase in average attack bandwidth this quarter over the same period last year.
 
“DDoS attack size and volume have gone through the roof this year,” said John Summers, vice president of the Security Business Unit at Akamai Technologies.
 
“In the third quarter alone, Akamai mitigated 17 attacks greater than 100 gigabits-per-second, with the largest at 321 Gbps.
 
“Interestingly, we witnessed none of that size in the same quarter a year ago and only six last quarter. These mega-attacks each used multiple DDoS vectors to deliver large bandwidth-consuming packets at an extremely high rate of speed,” he added.
 
A brute force approach characterised the most significant campaigns in Q3 as attackers shifted towards new attack methods and enhanced older attack methods to consume more bandwidth.
 
These record-setting DDoS attack campaigns marked an 80% increase in average peak bandwidth in Q3 compared to the previous quarter and a fourfold increase from the same period a year ago, Akamai said.
 
Q3 also saw an increase in average peak packets per second, recording a 10% increase over the previous quarter and a fourfold increase compared the same quarter in 2013.
 
Malicious actors have found ways to involve a wider base of devices to expand DDoS botnets and produce larger DDoS attacks. PLXsert has observed botnet-building efforts in which malicious actors sought to control systems by gaining access through vulnerable web applications on Linux-based machines.
 
Attackers have also expanded to a new class of device including smartphones and embedded devices, such as customer-premises equipment (CPE), home cable modems, mobile devices, and a great variety of Internet-enabled devices including home-based and wearables within the category of the Internet of Things (IoT).
 
Attacks with both high bandwidth and high volume were made possible by the use of multi-vector attack methods.
 
More sophisticated, multi-vector attacks became the norm this quarter, with more than half (53%) of all attacks utilizing multiple attack vectors. This was an 11% increase in multi-vector attacks compared with last quarter, and a 9% increase compared with Q3 2013.
 
Multi-vector attacks have been fuelled by the increased availability of attack toolkits with easy-to-use interfaces as well as a growing DDoS-for-hire criminal industry, Akamai said.
 
To request a copy of the Akamai PLXsert Q3 2014 State of the Internet - Security Report, click here.
 
Related Stories:
 
DDoS attacks grow, era of botnets: Akamai’s Prolexic report
 
Universal PnP devices being harnessed for massive DDoS attacks
 
Against DDoS attacks, an end-to-end approach needed
 
 
For more technology news and the latest updates, follow us on Twitter, LinkedIn or Like us on Facebook.