The cause of the massive failure in the RuNet has become known
Posted: Wed Jan 22, 2025 5:45 am
of Web Applications", attacks on the web remain one of the hottest topics, which was further confirmed by the failure on the evening of January 30, 2024. He emphasized that this failure clearly demonstrated the real danger and consequences that such attacks can lead to.
Read also
The Coordination cyprus whatsapp number database Center for .RU and .RF domains reported a "technical problem" related to the global DNSSEC infrastructure.
Ilya Polyakov, Head of Code Analysis Department at AT Group LLC (Angara Security), noted that the landscape of such threats has undergone significant changes. According to his assessment, attackers are increasingly using attacks on the supply chain, including developers of open source components. At the same time, as Ilya Polyakov emphasized, the potential of this vector is very large, he especially singled out Python components.
Luka Safonov, Technical Director of Weblock LLC (part of Garda Group), sees an increase in the sociotechnical aspect of attacks involving qualified specialists, including employees of IT vendors. He cited the example of the "1000 Needles" tool, behind which stands one of the Palo Alto employees, for carrying out attacks on large companies at the L7 level of the OSI model. This is the tool that was used during the attacks on Russian Railways JSC and Sberbank PJSC in 2023.
Read also
DDoS attack organizers break new anti-records
The average duration of DDoS attacks on companies and government agencies worldwide reached 66 minutes in Q3 2023, an increase of 19 minutes compared to the previous quarter. The longest attack lasted almost three days. The attackers' main targets were the financial sector and e-commerce.
Anton Apryatkin, Head of Client Solutions at NGENIX, described 2023 as "the year of bots", which generated, according to the most conservative estimates, up to half of all traffic. The main target for malicious bots, according to him, was the e-commerce sphere, while the main motive for such attacks is competition. The goal of the attackers, as Anton Apryatkin noted, is either to worsen the site's performance in search results, or to take actions aimed at making a particular product unavailable to ordinary buyers (the authors of bots take advantage of the fact that goods can be added to the basket without authorization). Anton Apryatkin also called mass attacks on universities during the admissions campaign a new trend among hacktivists.
Luka Safonov gave an example from personal experience of how companies lost 16 million rubles overnight using such manipulations. He also noted that during attacks, attackers actively master the service model with delineation of roles. As an example, Luka Safonov gave the distribution by subscription of the results of research into unprotected API protocols used in testing mobile applications, which attackers use to steal personal and payment data.
Denis Korablyov, Managing Director of Positive Technologies, called the exploitation of vulnerabilities in mass software, not only open source but also commercial, a trend of the last two years. According to him, this was a natural result of neglecting the rules of safe development, while attackers are well aware of these vulnerabilities, and the tools that exploit them are easy to find and use, even without very high qualifications.
Luka Safonov called the development of Bug Bounty programs a natural reaction of business, which is spurred by the fact that companies launching such programs suddenly stop "breaking". Denis Korablyov named the main tasks of market players as helping to ensure that such practices are fully legalized as soon as possible and educating all participants in this process. He also called on regulators to better take into account the specifics of different classes of applications. According to Denis Korablyov, the FSTEC requirements for secure development, which were created with the expectation of checking low-level code, are poorly applicable to web applications. But in general, Denis Korablyov, who was supported by other participants in the discussion, sees a growth in practical interest in the implementation of secure development technologies and application security. Dmitry Belyanin, head of the pre-sale department at Storm Labs LLC (Stormwall), said that their use is already becoming a de facto standard for developers, albeit more slowly than desired.
Another promising direction, according to the participants of the discussion, may be the use of artificial intelligence and machine learning technologies. Thus, Denis Korablyov is confident that they can be used to fine-tune protection tools for changes in the customer's infrastructure and (or) the situation with current threats. Luka Safonov believes that the use of such tools for user profiling and suppressing bot activity is promising.
Read also
The Coordination cyprus whatsapp number database Center for .RU and .RF domains reported a "technical problem" related to the global DNSSEC infrastructure.
Ilya Polyakov, Head of Code Analysis Department at AT Group LLC (Angara Security), noted that the landscape of such threats has undergone significant changes. According to his assessment, attackers are increasingly using attacks on the supply chain, including developers of open source components. At the same time, as Ilya Polyakov emphasized, the potential of this vector is very large, he especially singled out Python components.
Luka Safonov, Technical Director of Weblock LLC (part of Garda Group), sees an increase in the sociotechnical aspect of attacks involving qualified specialists, including employees of IT vendors. He cited the example of the "1000 Needles" tool, behind which stands one of the Palo Alto employees, for carrying out attacks on large companies at the L7 level of the OSI model. This is the tool that was used during the attacks on Russian Railways JSC and Sberbank PJSC in 2023.
Read also
DDoS attack organizers break new anti-records
The average duration of DDoS attacks on companies and government agencies worldwide reached 66 minutes in Q3 2023, an increase of 19 minutes compared to the previous quarter. The longest attack lasted almost three days. The attackers' main targets were the financial sector and e-commerce.
Anton Apryatkin, Head of Client Solutions at NGENIX, described 2023 as "the year of bots", which generated, according to the most conservative estimates, up to half of all traffic. The main target for malicious bots, according to him, was the e-commerce sphere, while the main motive for such attacks is competition. The goal of the attackers, as Anton Apryatkin noted, is either to worsen the site's performance in search results, or to take actions aimed at making a particular product unavailable to ordinary buyers (the authors of bots take advantage of the fact that goods can be added to the basket without authorization). Anton Apryatkin also called mass attacks on universities during the admissions campaign a new trend among hacktivists.
Luka Safonov gave an example from personal experience of how companies lost 16 million rubles overnight using such manipulations. He also noted that during attacks, attackers actively master the service model with delineation of roles. As an example, Luka Safonov gave the distribution by subscription of the results of research into unprotected API protocols used in testing mobile applications, which attackers use to steal personal and payment data.
Denis Korablyov, Managing Director of Positive Technologies, called the exploitation of vulnerabilities in mass software, not only open source but also commercial, a trend of the last two years. According to him, this was a natural result of neglecting the rules of safe development, while attackers are well aware of these vulnerabilities, and the tools that exploit them are easy to find and use, even without very high qualifications.
Luka Safonov called the development of Bug Bounty programs a natural reaction of business, which is spurred by the fact that companies launching such programs suddenly stop "breaking". Denis Korablyov named the main tasks of market players as helping to ensure that such practices are fully legalized as soon as possible and educating all participants in this process. He also called on regulators to better take into account the specifics of different classes of applications. According to Denis Korablyov, the FSTEC requirements for secure development, which were created with the expectation of checking low-level code, are poorly applicable to web applications. But in general, Denis Korablyov, who was supported by other participants in the discussion, sees a growth in practical interest in the implementation of secure development technologies and application security. Dmitry Belyanin, head of the pre-sale department at Storm Labs LLC (Stormwall), said that their use is already becoming a de facto standard for developers, albeit more slowly than desired.
Another promising direction, according to the participants of the discussion, may be the use of artificial intelligence and machine learning technologies. Thus, Denis Korablyov is confident that they can be used to fine-tune protection tools for changes in the customer's infrastructure and (or) the situation with current threats. Luka Safonov believes that the use of such tools for user profiling and suppressing bot activity is promising.