01
Jul
2015
 It’s Not a Game: The Ever-Growing Risk of DDoS Attacks on Online Games

Over the past six months, Imperva Incapsula has seen several high-profile, distributed denial of service (DDoS) attacks aimed at taking down several online gaming networks—including Xbox Live, Playstation, Nintendo, League of Legends, Blizzard, as well as countless other, smaller networks. While such attacks against online gaming servers goes back at least a decade, recent examples suggest that the problem is growing—both in terms of frequency and severity.

This blog post outlines the risks that DDoS assaults pose to gaming providers, as well as elaborates upon the unique confluence of factors that make the gaming industry an ideal DDoS target.

Read more »

24
Jun
2015
More RAM: ×100 Upgrade to Incapsula’s CDN Cache Capacity

Since 2009 Imperva Incapsula has offered updated multi-faceted solutions that make websites faster, secure, and reliable. Having a robust, global content delivery network (CDN) continues to play a major part in our offerings.

As part of our ongoing commitment to build upon our existing CDN, we recently introduced a set of upgrades that take its caching capabilities to a higher level...

Read more »

09
Jun
2015
Q2 2015 Global DDoS Threat Landscape: Assaults Resemble Advanced Persistent Threats

Distributed denial of service (DDoS) assaults continue to be a nuisance for online businesses and their customers. Worse, the downtime caused by attacks is costly for organizations and frustrating for consumers.

With no signs of abating, understanding the methods and capabilities of perpetrators is essential to maintaining good defenses.

In our Q2 2015 DDoS Global Threat Landscape Report we share unique research data, collected in the course of mitigating thousands of DDoS assaults against Imperva Incapsula-protected domains and network infrastructures.

Leveraging this large dataset, we are able to produce statistical research of DDoS events—one which provides a bird’s-eye view of the current state of the DDoS threat landscape, focusing on latest attack methods, attack frequency and duration patterns...

Read more »

03
Jun
2015
ELB and Beyond: Introduction to Load Balancing Across Clouds

In a 24/7 world of websites and applications, downtime is simply not an option; uninterrupted availability has become absolutely imperative. Amazon’s Elastic Compute Cloud (EC2) service, along with its Elastic Load Balancing (ELB) offering, addresses this need by offering Amazon Web Services (AWS) users on-demand scalability and availability—as need dictates, additional servers are added to a virtual “data center” and entered into a load balancer’s destination list. This makes Amazon EC2/ELB a great solution for organizations having their entire environments residing within AWS.

Most enterprise-scale organizations, however, do not situate their entire network infrastructures within AWS, Rackspace—or any single cloud environment, for that matter. So, while Amazon ELB does a rather good job of load balancing within its native environment, it doesn’t work outside AWS. This can be a severe limitation in many common-use cases. This post addresses use-cases where ELB is not sufficient and explores load balancing solutions for such scenarios...

Read more »

26
May
2015
DD4BC's Latest DDoS Extortion Campaign Targets The Payment Industry

Over the past month, a number of Imperva Incapsula customers have received email threats from DD4BC—a DDoS group that, despite its boyband-sounding name, was actually responsible for several high-profile DDoS extortion attacks against bitcoin companies last year.

DD4BC's previous attacks targeted bitcoin exchanges and gaming sites, presumably due to the assumption that these types of businesses would refrain from reporting attacks to law enforcement authorities. Based on the recent threats we've seen, it would appear that DD4BC has also started targeting the payment industry...

Read more »


12
May
2015
Lax Security Opens the Door for Mass Scale Abuse of SOHO Routers

Small Office / Home Office (SOHO) router security has recently become a hot topic. For those who are unfamiliar with the situation, it can best be described as negligent, with ISPs, vendors, and users sharing a long tradition of disregarding basic security practices. The result of this negligence is the existence of hundreds of thousands—more likely millions—of hacker-controlled routers used to attack the Internet ecosystem and interconnected networks.

Several dozen Imperva Incapsula customers were recently targeted by one such DDoS botnet comprised of tens of thousands of hijacked routers. After informing the major companies involved, we are sharing attack details in an attempt to raise awareness about the dangers posed by under-secured, connected devices.

The attacks we will describe are enabled by what we perceive as particularly careless security practices. Many of these botnet devices remain active, continuing to play a role in attack attempts against our clients and other websites, even as this is being written...

Read more »

10
May
2015
Come Meet us at G2E Asia 2015

Next week we'll be travelling to G2E Asia, the most prominent event in the global gaming industry. This lucrative expo brings together top professionals in the field, and serves as an invaluable platform for Incapsula to present its services and solutions in an arena that continuously grows more competitive.

Read more »


30
Apr
2015
Case Study: Advanced Camouflage Techniques that Help Backdoors Bypass Security Solutions

The nature of our business is such that many of our clients come to us only after experiencing a security breach, with their websites already infested by one or more backdoor shells. As a result, a good chunk of our time is spent towards perfecting our backdoor detection and removal mechanisms. But even when you think you've seen it all, hackers never cease to surprise.

The following is a case study that delves into the details of a sophisticated backdoor we've recently neutralized—one that really brought out our inner security geek. We hope that it will provide assistance and guidance to fellow security professionals and help them outsmart similar sneaky perpetrators...

Read more »