ShellShock, the remote code execution bug affecting GNU Bash, the command interpreter present on many Unix systems and Linux distributions, is still being exploited by attackers.

Experts warn about attackers leveraging a new version of the Bashlite malware, which was initially created as a DDoS bot with brute forcing capabilities and exploits the ShellShock bug. The malware now targets both computers and other devices running on BusyBox, located on the same network. The BusyBox software provides a number of Unix tools in a single executable file, and was specifically developed for embedded operating systems with limited resources. 

In the world of infrastructure security, a little bit of knowledge can go a long way toward protecting your organization. That's why Incapsula is always working hard to learn what's going on with the current state of DDoS attacks, including the top trends in DDoS attacks and how DDoS attackers are changing their methods.

During our work, we noticed that there's little understanding out there about exactly how DDoS attacks put businesses at risk. Some companies seem to ignore the risk altogether, while others know the danger is real, but are unsure exactly what that entails. We thought that it would be a good idea to show the actual impact that DDoS attacks can have on a business. 

Cybercriminals have started a new trend for conducting distributed denial-of-service attacks and rely on a type of DNS amplification that leverages text records for making the operation more effective; in some campaigns, parts of a press release from the White House have been observed by researchers.

The tactic is not new, but more and more incidents of this sort have been recorded. The entertainment sector is the most targeted. Attackers have used large TXT records in reflection attacks in the past. Cybercriminals often use intermediate victims to reflect the bad traffic to their target.

Distributed Denial of Service attacks against Hong Kong websites increased a whopping 111% as pro-democracy protests in the Special Administrative Region of China took hold. Data demonstrating a striking correlation between real-world and online conflict was examined.

While establishing definitive causal relationships and attribution is tricky, DDoS attacks appear to have become the “new normal” in countries experiencing political unrest. Additionally, large-scale DDoS attacks were observed targeting Hong Kong-related internet properties that coincide with reports of debilitating disruptions of online media outlets sympathetic to the protest movement.

The size and volume of distributed denial-of-service attacks has exploded in the past year, with a 389 per cent increase in average attack bandwidth between the third quarter of 2013 and the third quarter of 2014.

This should make companies consider using Cloud-based security services, such as the DDoS filtering technology Akamai provides. Defending against DDoS attacks in the cloud gives companies the ability to fight and deflect these attacks with a distributed infrastructure. One extended campaign targeting a gaming site featured 39 distinct DDoS attacks over a two-month period, with eight of the attacks peaking at over 100 Gbps.

The well-known delivery services became popular among spammers. Spammers pretended to be such companies as DHL, FedEx, UPS and TNT. Hackers have more chances to achieve results, posing as well-known companies. A large amount of phishing emails were explored with the help of which attackers pretended to be famous international delivery service.

Making phishing attacks, spammers have two main goals: to get customer‘s information, both financial and personal data; or to infect the victim's PC with malware. If the download is succeed, such computers start spamming or become first step for organizing DDoS-attacks. 

A router-to-router bot first detected two years ago has evolved - and now has the capability to reconfigure the firewalls of its victims. The Lightaidra malware captured by security researcher TimelessP is an IRC-based mass router scanner/exploiter that's rare because it spreads through consumer network devices instead of vulnerable Windows PCs.

TimelessP detected the router-to-router bot‪ ‬using a honeypot. The bot, first developed in 2012, targets consumer grade cable and DSL modems with default usernames and passwords in order to spread. Lightaidra requires Linux to be running on the device in order to infect equipment. The primary use of the malware is in running DDoS attacks.‬