Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint

2/13/2016
08:00 AM
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
100%
0%

Valentine's Day Inspires DDoS Attacks Against Online Florists

Security vendor Imperva says it has observed a sharp increase in automated bot traffic directed at florist sites.

Cyber criminals have shown a consistent tendency to exploit major news and seasonal events to slip phishing and other malicious attacks past unwary victims. And so it is with this Valentine’s Day as well.

Florists apparently have been receiving a lot of attention, of the unwanted variety, from online criminals, security vendor Imperva reported this week. All 34 of the company’s florist customers have experienced a sharp spike in traffic to their sites over the last few days. While some of the traffic is to be expected, considering the rush to order flowers for Valentine’s Day -- a lot of it is not.

According to Imperva, more than nine in 10 of the florist sites witnessed a sudden surge in bot traffic between February 5 and February 11. In about 23% of the cases, the spike in bot traffic was dramatic enough to cause problems. Contrary to what some might expect, the attack traffic did not appear to be opportunistic in nature. Rather, it looked as if the florists were being individually targeted in denial-of-service campaigns apparently designed to extort money from them.

One of Imperva’s florist customers reported receiving a ransom note, while another experienced an application-layer denial of service attack, Imperva said. In the case of the latter victim, the company’s Content Distribution Network (CDN) provider interpreted the botnet traffic as regular user sessions, resulting in the site exceeding its contracted cache capacity. This in turn caused the CDN to route the attack traffic through its own origin servers, resulting in their site going down under DDoS traffic.

A screenshot published on Imperva’s blog shows that some of the Web application attacks had originated in the United Kingdom, though one appeared to be from Latvia. Somewhat surprisingly, attackers were still going after old vulnerabilities such as Shellshock in an attempt to breach systems belonging to their targets, according to Imperva.

Florists can mitigate the threat by monitoring their traffic for unexpected behavior, like heavier than normal traffic spikes, or visits from unfamiliar IP addresses. “Any unusual activity could be 'dry runs' by attackers foreshadowing an imminent full-blown attack,” Imperva said.

The company also urged florists to monitor Twitter and sites such as Pastebin.com for chatter hinting at a potential attack on their sites.

The sudden spike in malicious traffic directed at online florists reflects a common tendency among cyber crooks to escalate malware campaigns and attacks around seasonal events and major news happenings.

Earlier this year, mobile network protection vendor Adaptive Mobile reported on a series of picture message spam campaigns on the Kik messenger service that were timed to coincide with seasonal events.

The spam messages involved the use of images belonging to well-known brands to try and get recipients to follow links to malicious websites. What was noteworthy was the fact that each campaign was tied to a specific event. For instance, one of the Kik spam campaigns was launched around Halloween, and featured an image message purportedly from Amazon. Another campaign around Thanksgiving involved spam featuring spoofed McDonalds images, while one in the days preceding Cyber Monday featured BestBuy-related spam.

While the campaign was not technically very sophisticated, the effort put into creating individual picture messages purporting to be from major brands, suggested a specialist campaign, Adaptive Mobile had noted.

Interop 2016 Las VegasFind out more about security threats at Interop 2016, May 2-6, at the Mandalay Bay Convention Center, Las Vegas. Register today and receive an early bird discount of $200.

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Microsoft Patches Wormable RCE Vulns in Remote Desktop Services
Kelly Sheridan, Staff Editor, Dark Reading,  8/13/2019
The Mainframe Is Seeing a Resurgence. Is Security Keeping Pace?
Ray Overby, Co-Founder & President at Key Resources, Inc.,  8/15/2019
GitHub Named in Capital One Breach Lawsuit
Dark Reading Staff 8/14/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-0173
PUBLISHED: 2019-08-19
Authentication bypass in the web console for Intel(R) Raid Web Console 2 all versions may allow an unauthenticated attacker to potentially enable disclosure of information via network access.
CVE-2019-11140
PUBLISHED: 2019-08-19
Insufficient session validation in system firmware for Intel(R) NUC may allow a privileged user to potentially enable escalation of privilege, denial of service and/or information disclosure via local access.
CVE-2019-11143
PUBLISHED: 2019-08-19
Improper permissions in the software installer for Intel(R) Authenticate before 3.8 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2019-11145
PUBLISHED: 2019-08-19
Improper file verification in Intel? Driver & Support Assistant before 19.7.30.2 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2019-11146
PUBLISHED: 2019-08-19
Improper file verification in Intel? Driver & Support Assistant before 19.7.30.2 may allow an authenticated user to potentially enable escalation of privilege via local access.