Printer Friendly

Botnets being turned to credential abuse, says Akamai.

Botnets are increasingly being

deployed for credential abuse, according to security company Akamai.

Data analyzed by Akamai of more than 7.3 trillion bot

requests per month found a sharp increase in the threat of credential abuse,

with more than 40% of login attempts

being malicious, according to the company's State of the Internet/Security

Report for Q4 2017.

Akamai said that many of the botnets traditionally

responsible for DDoS attacks are being used to abuse stolen login credentials.

Of the 17 billion login requests tracked through the Akamai platform in

November and December, almost half (43%) were used for credential abuse.

The hospitality industry suffered was the biggest target of

fraudulent credential attacks, with 82% of their login attempts being from

malicious botnets.

The company added that while botnets are being turned to

credentials abuse, there is still a consistent, and increasing, threat from

DDoS attacks. The report showed a 14% year-on-year increase in DDoS attacks in Q4

2017.

The Mirai botnet, used in some of the largest and most

disruptive DDoS attacks of 2016 is also still a threat. Mirai activity faded

over 2017, but Akamai said it still saw a spike of nearly one million unique IP

addresses from the botnet scanning the Internet in late November 2017, showing

that it is still capable of explosive growth.

Akamai researchers have seen recent hacker activity turning

to exploit remote code execution vulnerabilities in enterprise-level software

to make enterprise systems part of the botnet threat. For example, hackers have

been exploiting vulnerabilities in the GoAhead embedded HTTP server-which has

700,000 potential targets-and Oracle WebLogic Server. Aided by the disclosure

of Spectre and Meltdown earlier this year, both vulnerabilities open the door

to a new wave of attacks, including the surreptitious installation of crypto

mining programs that tie up computing resources.

"A key motive of attackers has always been financial profit.

In the past few years, we have seen adversaries move to more direct methods to

achieve that goal such as ransomware," said Martin McKeay, senior security

advocate and senior editor, State of the Internet / Security Report. "Crypto

mining offers attackers the most direct avenue to monetize efforts by putting

money immediately into their cryptowallets.

"Increased automation and data mining have caused a massive

flood of bot traffic to impact websites and Internet services. Although most of

that traffic is useful for Internet businesses, cybercriminals are looking to

manipulate the powerful volume of bots for nefarious gains," said McKeay.

"Enterprises need to watch who is accessing their sites to differentiate actual

humans from both legitimate and malicious bots. Not all web traffic and not all

bots are created equal."

[c] 2018 ITP Business Publishing Ltd. All Rights Reserved. Provided by SyndiGate Media Inc. ( Syndigate.info ).

COPYRIGHT 2018 SyndiGate Media Inc.
No portion of this article can be reproduced without the express written permission from the copyright holder.
Copyright 2018 Gale, Cengage Learning. All rights reserved.

Article Details
Printer friendly Cite/link Email Feedback
Publication:ITP.net
Date:Feb 28, 2018
Words:456
Previous Article:STC and Cisco sign agreement on 5G.
Next Article:Etisalat is the most valuable telecoms brand in MENA.
Topics:

Terms of use | Privacy policy | Copyright © 2019 Farlex, Inc. | Feedback | For webmasters