跳到主体内容

DDoS Attacks via WordPress Now Come with Encryption, Kaspersky Lab Reports

2016年11月26日

Recently, the company encountered yet more evidence of this trend – an attack exploiting vulnerabilities in WordPress, but via an encrypted channel.

According to the DDOS intelligencereportfor Q3 2016, Kaspersky Lab experts have noted an emerging trend – a growth in the number of attacks using encryption. Such attacks are highly effective due to the difficulty in identifying them amongst the overall flow of clean requests. Recently, the company encountered yet more evidence of this trend – an attack exploiting vulnerabilities in WordPress, but via an encrypted channel.

WordPress Pingback attacks have been in use since 2014. They fall under the amplification class of attacks, when the victim’s resource is attacked via third-party servers by exploiting vulnerabilities in them. In the case of WordPress Pingback, the role of the vulnerable server is played by sites created using WordPress CMS (usually blogs) with the Pingback function enabled. This function is designed to automatically send notifications to authors about any activity involving their posts. The attacker sends a specially created HTTP request to these sites with a fake return address – the address of the victim who receives all the responses.

This means it is possible to organize a powerful HTTP GET flood attack without a botnet, making such an attack relatively simple and inexpensive to organize. However, the amplified HTTP GET request has a very specific header – User Agent – which makes such malicious queries easy to detect and block in the overall traffic flow.

Although the recent attack observed by Kaspersky Lab experts used the same method, it differed from a "classical" WordPress Pingback attack in that it was conducted via HTTPS rather than HTTP. The target of the attack – a news resource – turned out to be one of Kaspersky Lab’s customers.

"The use of encryption makes it more difficult to detect an attack and protect against it because it requires traffic decryption to analyze queries to check whether it’s ‘clean’ or ‘junk’,” explains Alexander Khalimonenko, DDoS Protection Group Manager at Kaspersky Lab. “At the same time, such an attack creates a bigger load on the attacked resource’s hardware than a standard attack, because setting up an encrypted connection requires the use of ‘heavy’ mathematics. Another difficulty lies in the fact that modern encryption mechanisms do not allow third-party access to traffic content. In this regard, security solutions will have to reconsider their filtering algorithms in order to protect customers from the growing popularity of DDoS attacks with encryption."

Kaspersky DDoS Protection provides business resources with effective multi-layered protection from DDoS attacks of almost any complexity and power, including the type of the attacks described above.

DDoS Attacks via WordPress Now Come with Encryption, Kaspersky Lab Reports

Recently, the company encountered yet more evidence of this trend – an attack exploiting vulnerabilities in WordPress, but via an encrypted channel.
Kaspersky logo

关于卡巴斯基

卡巴斯基是一家成立于1997年的全球网络安全和数字隐私公司。卡巴斯基不断将深度威胁情报和安全技术转化成创新的安全解决方案和服务,为全球的企业、关键基础设施、政府和消费者提供安全保护。公司提供全面的安全产品组合,包括领先的端点保护解决方案以及多种针对性的安全解决方案和服务,以及用于应对复杂和不断变化的数字威胁的网络免疫解决方案。全球有超过4亿用户使用卡巴斯基技术保护自己,我们还帮助全球200,000家企业客户保护最重要的东西。要了解更多详情,请访问www.kaspersky.com.cn.

相关文章 企业新闻