STE WILLIAMS

Cyber criminals have shown a consistent tendency to exploit major news and seasonal events to slip phishing, and other malicious attacks past unwary victims. And so it is with this Valentine’s Day as well.

Florists apparently have been receiving a lot of attention, of the unwanted variety, from online criminals security vendor Imperva reported this week.  All 34 of the company’s florist customers have experienced a sharp spike in traffic to their sites over the last few days. While some of the traffic is to be expected, considering the rush to order flowers for Valentine’s Day a lot of it is not.

According to Imperva, more than nine in 10 of the florist sites witnessed a sudden surge in bot traffic between Feb 5 and Feb 11. In about 23 percent of the cases, the spike in bot traffic was dramatic enough as to cause problems. Contrary to what some might expect, the attack traffic did not appear to be opportunistic in nature. Rather it looked as if the florists were being individually targeted in denial of service campaigns apparently designed to extort money from them.

One of Imperva’s customers in fact reported receiving a ransom note while another experienced an application layer denial of service attack, Imperva said. In the case of the latter victim, the company’s Content Distribution Network (CDN) provider interpreted the botnet traffic as regular user sessions resulting in the site exceeding its contracted cache capacity, Imperva said. This in turn caused the CDN to route the attack traffic through its own origin servers resulting in their site going down under DDoS traffic.

A screenshot published on Imperva’s blog showed that some of the web application attacks had originated in the United Kingdom though one appeared to be from Latvia. Somewhat surprisingly attackers were still going after old vulnerabilities like Shellshock in an attempt to breach systems belonging to their targets, Imperva said.

Florists can mitigate the threat by monitoring their traffic for unexpected behavior, like heavier than normal traffic spikes or visits from unfamiliar IP addresses. “Any unusual activity could be “dry runs” by attackers foreshadowing an imminent full-blown attack,” Imperva said.

The company also urged florists to monitor Twitter and sites like Pastebin.com for chatter hinting at a potential attack on their sites.

The sudden spike in malicious traffic directed at online florists reflects a common tendency among cyber crooks to escalate malware campaigns and attacks around seasonal events and major news happenings.

Earlier this year, mobile network protection vendor Adaptive Mobile reported on a series of picture message spam campaigns on the Kik messenger service that were timed to coincide with seasonal events.

The spam messages involved the use of images belonging to well-known brands to try and get recipients to follow links to malicious websites. What was noteworthy was the fact that each campaign was tied to a specific event. For instance one of the Kik spam campaigns was launched around Halloween and featured an image message purportedly from Amazon. Another campaign around Thanksgiving involved spam featuring spoofed McDonalds images while one in the days preceding Cyber Monday featured BestBuy related spam.

While the campaign was not technically very sophisticated, the effort put into creating individual picture messages purporting to be from major brands, suggested a specialist campaign, Adaptive Mobile had noted.

Find out more about security threats at Interop 2016, May 2-6, at the Mandalay Bay Convention Center, Las Vegas. Register today and receive an early bird discount of $200.

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year … View Full Bio

Article source: http://www.darkreading.com/endpoint/valentines-day-inspires-ddos-attacks-against-online-florists-/d/d-id/1324312?_mc=RSS_DR_EDT