blog.radware.com
Open in
urlscan Pro
192.229.133.139
Public Scan
URL:
https://blog.radware.com/security/2015/12/how-smoke-screen-cyber-attacks-are-being-used/
Submission: On August 03 via manual from SG — Scanned from DE
Submission: On August 03 via manual from SG — Scanned from DE
Form analysis 3 forms found in the DOM
GET https://blog.radware.com/
<form method="get" class="td-search-form" action="https://blog.radware.com/">
<!-- close button -->
<div class="td-search-close">
<a href="#"><i class="td-icon-close-mobile"></i></a>
</div>
<div role="search" class="td-search-input">
<span>Search</span>
<input id="td-header-search-mob" type="text" value="" name="s" autocomplete="off">
</div>
</form>GET https://blog.radware.com/
<form method="get" class="td-search-form" action="https://blog.radware.com/">
<div role="search" class="td-head-form-search-wrap">
<input id="td-header-search" type="text" value="" name="s" autocomplete="off"><input class="wpb_button wpb_btn-inverse btn" type="submit" id="td-header-search-top" value="Search">
</div>
</form>POST https://blog.radware.com/wp-comments-post.php?wpe-comment-post=blogradwarepr
<form action="https://blog.radware.com/wp-comments-post.php?wpe-comment-post=blogradwarepr" method="post" id="commentform" class="comment-form" novalidate="">
<div class="clearfix"></div>
<div class="comment-form-input-wrap td-form-comment">
<textarea placeholder="Comment:" id="comment" name="comment" cols="45" rows="8" aria-required="true"></textarea>
<div class="td-warning-comment">Please enter your comment!</div>
</div>
<input name="wpml_language_code" type="hidden" value="en">
<div class="comment-form-input-wrap td-form-author">
<input class="" id="author" name="author" placeholder="Name:*" type="text" value="" size="30" aria-required="true">
<div class="td-warning-author">Please enter your name here</div>
</div>
<div class="comment-form-input-wrap td-form-email">
<input class="" id="email" name="email" placeholder="Email:*" type="text" value="" size="30" aria-required="true">
<div class="td-warning-email-error">You have entered an incorrect email address!</div>
<div class="td-warning-email">Please enter your email address here</div>
</div>
<div class="comment-form-input-wrap td-form-url">
<input class="" id="url" name="url" placeholder="Website:" type="text" value="" size="30">
</div>
<p class="comment-form-cookies-consent"><input id="wp-comment-cookies-consent" name="wp-comment-cookies-consent" type="checkbox" value="yes"><label for="wp-comment-cookies-consent">Save my name, email, and website in this browser for the next time
I comment.</label></p>
<div class="gglcptch gglcptch_v2">
<div id="gglcptch_recaptcha_635501556" class="gglcptch_recaptcha">
<div style="width: 304px; height: 78px;">
<div><iframe title="reCAPTCHA"
src="https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Ld4YGMUAAAAADxvntEsXFnnUJyAZycNbuOTE9CX&co=aHR0cHM6Ly9ibG9nLnJhZHdhcmUuY29tOjQ0Mw..&hl=de&v=5JGZgxkKwe0uOXDdUvSaNtk_&theme=light&size=normal&cb=2tv76hxxfu8"
width="304" height="78" role="presentation" name="a-avnjm2iub0d0" frameborder="0" scrolling="no" sandbox="allow-forms allow-popups allow-same-origin allow-scripts allow-top-navigation allow-modals allow-popups-to-escape-sandbox"></iframe>
</div><textarea id="g-recaptcha-response" name="g-recaptcha-response" class="g-recaptcha-response"
style="width: 250px; height: 40px; border: 1px solid rgb(193, 193, 193); margin: 10px 25px; padding: 0px; resize: none; display: none;"></textarea>
</div><iframe style="display: none;"></iframe>
</div>
<noscript>
<div style="width: 302px;">
<div style="width: 302px; height: 422px; position: relative;">
<div style="width: 302px; height: 422px; position: absolute;">
<iframe src="https://www.google.com/recaptcha/api/fallback?k=6Ld4YGMUAAAAADxvntEsXFnnUJyAZycNbuOTE9CX" frameborder="0" scrolling="no" style="width: 302px; height:422px; border-style: none;"></iframe>
</div>
</div>
<div style="border-style: none; bottom: 12px; left: 25px; margin: 0px; padding: 0px; right: 25px; background: #f9f9f9; border: 1px solid #c1c1c1; border-radius: 3px; height: 60px; width: 300px;">
<textarea id="g-recaptcha-response" name="g-recaptcha-response" class="g-recaptcha-response"
style="width: 250px !important; height: 40px !important; border: 1px solid #c1c1c1 !important; margin: 10px 25px !important; padding: 0px !important; resize: none !important;"></textarea>
</div>
</div>
</noscript>
</div>
<p class="form-submit"><input name="submit" type="submit" id="submit" class="submit" value="Post Comment"> <input type="hidden" name="comment_post_ID" value="5003" id="comment_post_ID">
<input type="hidden" name="comment_parent" id="comment_parent" value="0">
</p>
<p style="display: none;"><input type="hidden" id="akismet_comment_nonce" name="akismet_comment_nonce" value="b408d71ca4"></p>
<p style="display: none !important;"><label>Δ<textarea name="ak_hp_textarea" cols="45" rows="8" maxlength="100"></textarea></label><input type="hidden" id="ak_js_1" name="ak_js" value="1659508706445">
<script>
document.getElementById("ak_js_1").setAttribute("value", (new Date()).getTime());
</script>
</p>
</form>Text Content
* Application Delivery * Virtualization * WPO * NFV * SDN * Security * DDoS * Cloud Security * WAF * SSL * Attack Types & Vectors * Hacks * Premium Content * Bios * Resources * Registration * Login Search Radware Blog * Application Delivery * Virtualization * WPO * NFV * SDN * Security * DDoS * Cloud Security * WAF * SSL * Attack Types & Vectors * Hacks * Premium Content * Bios * Resources * Registration * Login Home Security Attack Types & Vectors * Security * Attack Types & Vectors * Hacks HOW SMOKE SCREEN CYBER-ATTACKS ARE BEING USED IN DATA BREACHES By Ron Winward - December 9, 2015 0 3610 Facebook Twitter Linkedin 2015 was a paramount year in data exfiltration. You may be familiar with many of the data breaches that were covered in the media this year, including the United States IRS, several major health care providers, Ashley Madison, and most recently, the personal data of children and parents from the vTech breach. Just last week, retailer Target agreed to settle with several banks for $39 million over their 2013 data breach. Smoke screen attacks are an interesting technique that is common in data exfiltration. As the name suggests, these are attacks on the network that are specifically designed to misdirect security personnel from the real threat, which is data exfiltration. By distracting a security team, attackers are hoping they can slip under the protection sets by overloading them with activity in other parts of the network. HOW IT WORKS Security personnel typically monitor the network using tools that generate alerts when there is an anomaly. When configured to do so, things like changes in bandwidth usage, latency, availability, and responsiveness will all send alerts to the Network/Security Operations Center (NOC or SOC). It’s that team’s job to begin investigating those events and one of the first places to look are event logs. It is best practice to have network appliances like routers, firewalls, and IPSs send their logs to a central collector, which allows for better correlation between network events, so tools like this make sense as the first place to look. That is exactly what smoke screen attackers are hoping for. By attacking a network on multiple fronts, the attacker hopes to create confusion and misdirection. Knowing that security personnel will check the traditional tools, attackers will attempt to overwhelm them with irrelevant traffic, slowing down unrelated applications or filling logs with irrelevant data. Doing so makes identifying unique events more difficult. WHAT CAN YOU DO? If you notice an attack, you must be mindful of the intent. Was it designed to disrupt your network but your infrastructure handled it? Was it a decoy? Check your logs and perhaps filter out vectors once you’ve ruled them out. Check your other assets or collaborate with other departments in your organization to ensure that nothing else looks wrong. The best way to assess and mitigate a smoke screen attack is with the use of a Web Application Firewall (WAF) that can help prevent data theft and the manipulation of sensitive corporate data, as well as protecting customer information. By combining this with an on premise detection and behavioral analysis device, you can mitigate smoke screen attacks while protecting customer data at the same time. It is absolutely critical that organizations protect consumer data. Security professionals need to leverage all of the tools available to protect the integrity of this data. At Radware, we feel that layered security is the best way to do this. Web Application Firewalls can protect your websites and databases. DDoS mitigation appliances can protect you from the smoke screens. Firewalls and a strong perimeter can secure access. Make use of the tools and forensic data that you have available. And finally, remember that things aren’t always what they seem and a smoke screen attack just might be real intent of obvious network events. Cyber-attacks are complex and dynamic challenges for anyone responsible for cyber security. > DOWNLOAD THE DDOS HANDBOOK FOR THINGS TO CONSIDER WHEN PLANNING FOR ATTACKS. * TAGS * data breach * information security * network security * Smokescreen Attacks Facebook Twitter Linkedin Previous articleHybrid Cloud is Not Genetically Modified, But You Can Still Benefit Next articleSSL Breaks Bad: A Protective Technology Turned Attack Vector Ron Winward As a Security Evangelist at Radware, Mr. Winward is responsible for developing, managing, and increasing the company’s security business in North America. Ron’s entire career has been deeply rooted in internet and cybersecurity. For over 20 years, Ron has helped design complex solutions for carriers, enterprises, and cybersecurity providers around the world. Ron is an industry-recognized expert in the Mirai IoT botnet and its modern variants. Ron conducted the industry’s first complete analysis of the Mirai attack vectors, producing forensic examples for public distribution of each attack and the specific impact each attack had on networks. His work on IoT attack analysis has been presented at conferences worldwide and has been referenced by NIST. Prior to joining Radware, Ron was Director of Network Engineering for a global datacenter provider and ISP. In this role, Ron oversaw the growth and development of a global network infrastructure that delivered services to other ISPs, hosting providers, and enterprises around the world. During this time, Ron assisted some of the world’s top businesses in mitigating cyberattacks on their infrastructure, cultivating an extensive knowledge in DDoS attack methodologies. Ron holds a Bachelor of Science degree in Business and has earned many technical certifications throughout his engineering-focused career. Ron acutely understands the impact of technology and security on business and is enthusiastic about their interrelation. RELATED ARTICLESMORE FROM AUTHOR THIS WAS H1 2022 – PART 1 – THE FIGHT AGAINST CYBERCRIME VISIBILITY INTO PEACETIME TRAFFIC. IS IT TOO MUCH TO EXPECT FROM YOUR DDOS PROTECTION PROVIDER? HOW TO FIGHT BAD BOTS AND WIN: RADWARE’S NEW CRYPTO MITIGATION ALGORITHMS THE FOUR PILLARS OF A CYBERSECURITY STRATEGY THAT WORKS THE SECURITY VULNERABILITIES OF THIRD-PARTY COLLABORATION TOOLS THE DANGER OF API SECURITY OVERCONFIDENCE: FOUR TAKEAWAYS FROM RADWARE’S 2022 STATE OF API SECURITY SURVEY LEAVE A REPLY CANCEL REPLY Please enter your comment! Please enter your name here You have entered an incorrect email address! Please enter your email address here Save my name, email, and website in this browser for the next time I comment. Δ LEARN MORE ABOUT RADWARE’S PRODUCTS AND SERVICES * Application & Network Security * Application Delivery & Load Balancing * Cloud Services LEARN BEST PRACTICES FROM OUR LIBRARY OF RESOURCES * Read White Papers, Customer Stories and Research HAVE A QUESTION? * Contact US © Radware Ltd. | 2022 All Rights Reserved. | Privacy Policy | Terms of Use | Legal Notice | Cookie Preferences Facebook LinkedIn Twitter Youtube