Cybersecurity threats are constantly evolving. Threat advisories can help you protect your enterprise from cyber-attacks and vulnerabilities.

Threat Advisories

Understand the sources and attributes of emerging cybersecurity threats, and best practices to prevent, identify and mitigate DDoS attacks and vulnerabilities to protect your enterprise.

  • XOR DDoS Threat Advisory

    Published September 29, 2015

    Linux machines infected by XOR DDoS malware are launching DDoS attacks at as many as 20 targets a day.

  • Summary of Operation DD4BC Case Study

    Published September 9, 2015

    The latest bitcoin extortion campaigns by DD4BC in May through July 2015 involved new social tactics and DDoS methodology.

  • RIPv1 Reflection DDoS Threat Advisory

    Published July 01, 2015

    Attackers are using an outdated Routing Information Protocol version one (RIPv1) for reflection and amplification attacks.

  • DD4BC Operation Profile

    Published April 23, 2015

    A malicious group that extorts bitcoins while threatening large DDoS attacks and offering DDoS protection has expanded its range of targets.

  • Joomla Reflection DDoS-for-Hire Threat Advisory

    Published February 25, 2015

    Attackers are using reflection techniques against compromised Joomla servers to launch DDoS GET floods.

  • MS SQL Reflection DDoS Threat Advisory

    Published February 12, 2015

    Attackers are using reflection techniques against Internet-exposed SQL Server instances to launch amplified DDoS attacks against targets.

  • Data Breaches Fuel Login Attacks Threat Advisory

    Published December 30, 2014

    Attackers use automated tools and login data from public dumps of compromised data in multiple systematic attacks.

  • Man-in-the-Middle Attacks Target iOS and Android Threat Advisory

    Published December 17, 2014

    Attackers may be using phishing and remote access Trojans such as Xsser mRAT to target mobile phones for surveillance, stealing credentials and DDoS attacks.

  • Yummba Webinject Tools Threat Advisory

    Published November 20, 2014

    Yummba webinject tools and ATSengine are used to steal bank logins and transfer funds. Includes analysis and vulnerability mitigation

  • Crafted DNS Attack Threat Advisory

    Published November 11, 2014

    Malicious actors are crafting large TXT records to increase amplification in DNS reflection and amplification attacks.

  • Shellshock Bash Bug DDoS Botnet Threat Advisory

    Published October 30, 2014

    DDoS botnet-builders are using the Shellshock Bash bug in Linux-based, Mac OS X and Cygwin systems to propagate a DDoS botnet, launch DDoS attacks, exfiltrate confidential data and run malicious programs.

  • Poodle SSLv3 Vulnerability Threat Advisory

    Published October 27, 2014

    A Secure Socket Layer version 3 (SSLv3) vulnerability, CVE-2014-3566, may allow an attacker to calculate the plaintext (cleartext) in secure connections, effectively defeating SSL protection.

  • SSDP Reflection DDoS Attacks Threat Advisory

    Published October 15, 2014

    Vulnerabilities in common devices using the Universal Plug and Play (UPnP) and Simple Service Discovery (SSDP) protocols can be employed as tools for reflection and amplification DDoS attacks.

  • Spike DDoS Toolkit Threat Advisory

    Published September 24, 2014

    The capability of this kit to infect and control a broader range of devices, including Linux and ARM-based devices, allows DDoS attackers to launch large attacks and to propagate botnets in a post-PC era.

  • IptabLes and IptabLex DDoS Bots Threat Advisory

    Published September 3, 2014

    Linux systems are being infiltrated via known vulnerabilities in Apache Struts, Tomcat and Elasticsearch to host IptabLes and IptabLex malware for use in DDoS botnets.

  • Blackshades RAT Threat Advisory

    Published July 9, 2014

    Blackshades RAT crimeware is used for identity theft and blackmail. It allows malicious actors to spy on users by monitoring video and audio, keylogging, harvesting banking and website access credentials, and controlling the victim machine to hijack files and to launch executables.

  • Zeus Crimeware Threat Advisory

    Published June 10, 2014

    The Zeus toolkit is used in many types of cybercrime, including customized attacks to target Fortune 500 enterprises. Attackers leverage the resources of infected devices and extract sensitive information for identity theft and fraud. Includes mitigation details.

  • SNMP Reflector Threat Advisory

    Published May 22, 2014

    Simple Network Management Protocol (SNMP) reflection tools are used by malicious actors to harness devices such as printers, switches, firewalls and routers for use in DDoS attacks. Network administrators need to take the remediation steps described.

  • Storm Network Stress Tester Threat Advisory

    Published April 29, 2014

    The Storm crimeware kit infects Windows XP (and higher) systems for malicious uses and enables file uploads and downloads and the launching of executables, including four DDoS attacks. Remote access lets malicious actors use a PC for malicious activity, such as the infection of other devices.

  • NTP Amplification Threat Advisory

    Published March 12, 2014

    With only a handful of vulnerable NTP servers, NTP amplification attack toolkits enable malicious actors to launch 100 Gbps DDoS attacks and larger.

  • Domain Name System (DNS) Flooder Threat Advisory

    Published February 11, 2014

    Malicious actors are purchasing, setting up and using their own DNS servers in reflection DDoS attacks, avoiding the need to source vulnerable DNS servers on the Internet. Includes a sample payload, analysis, source code, Snort rule, ACL mitigation and two case studies.

  • Drive, a Dirt Jumper variant Threat Advisory

    Published August 28, 2013

    Finance and e-Commerce firms have been targeted with the Drive DDoS toolkit as a planned distraction by criminals engaging in identity theft and fraud of customer accounts. Includes an analysis of payloads, capabilities, and IDS signatures for DDoS detection.

  • Itsoknoproblembro Threat Advisory

    Published January 3, 2013

    This threat advisory includes profiles of 11 different attack signatures, with detailed Snort rules for DDoS mitigation, detection rules to identify infected web servers (brobots), and a free log analysis tool ( that can be used to pinpoint which scripts were accessed, by what IP address and for what DDoS targets.

  • Dirt Jumper Vulnerability Disclosure Report Threat Advisory

    Published August 14, 2012

    The Dirt Jumper family of DDoS toolkits are popular. This vulnerability report exposes key weaknesses in the command and control (C&C) architecture that could neutralize would-be attackers.

  • Pandora Threat Advisory

    Published August 14, 2012

    This toolkit offers five DDoS attack modes and appears to be authored by the same individual responsible for the Dirt Jumper family of tools.

  • SNMP Amp (SAD) Threat Advisory

    Published March 2012

    Identify and protect against SNMP Amplification DDoS (SAD) attacks. Includes the SAD attack signature and recommendations for DDoS mitigation.

  • HULK (HTTP Unbearable Load King) Threat Advisory

    Published June 1, 2012

    HULK takes advantage of common weaknesses with out-of-the-box web server functionality by launching 500 threads, which each spawn an additional 500 threads at the target web server.

  • Booter Shell Scripts Threat Advisory

    Published April 25, 2012

    These sophisticated, easy-to-use DDoS attack scripts can bring down web servers without vast networks of infected zombie computers.

  • High Orbit Ion Cannon (HOIC) Threat Advisory

    Published February 23, 2012

    This stealth DDoS attack tool targets up to 256 URLs simultaneously and randomizes attack signatures.

Contact Us