Forefront Insights: New HTTP/2 DoS Attack

In this week’s Forefront Insights update, we will explore some of the significant news in the world of cybersecurity, which have once again reminded us of the persistent and evolving nature of cyber-attacks targeting organizations. From sophisticated attacks aimed at bringing down web servers to critical vulnerabilities in widely used platforms, the developments of the past week underscore the importance of vigilance and robust cybersecurity measures.

New HTTP/2 DoS Attack

Researchers have uncovered a Denial of Service (DoS) attack called "CONTINUATION Flood", which exploits the HTTP/2 protocol and can take down web servers with just a single connection. This attack method manipulates the inherent complexities and enhancements of HTTP/2, designed to make web communications more efficient, which was released in 2015 and is, at the time of writing this, used by around 63% of the world’s traffic, according to Cloudflare Radar.

By sending a series of malicious requests, an attacker can deplete server resources, causing disruptions or complete service outages.

This vulnerability makes clear the continuous need for server administrators to remain vigilant, ensuring their web servers are protected by a Web Application Firewall, which can prevent these attacks. Here at Forefront, we work closely with Cloudflare, the world’s leading DDoS attack mitigator, to protect our partners. Cloudflare has received the most "High" ratings when compared to 6 other DDoS vendors across 23 criteria in Gartner’s 2020 "Solution Comparison for DDoS Cloud Scrubbing Centers"

In other news...

Critical SQL Injection Vulnerability in WordPress

The discovery of a critical SQL injection vulnerability within a popular WordPress plugin, LayerSlider, has sent ripples across the almost 40% of all websites in the world that use WordPress. This vulnerability, which was discovered by a researcher, opens the door for attackers to tamper with SQL queries by injecting malicious code, potentially leading to unauthorized data access, website defacement, or worse, complete site takeover.

The widespread use of WordPress as well as the significant number of out-of-date WordPress plugins and instances, mean that many websites may be at risk. Again, all our partners are protected against SQL injection attacks of all kinds, as Cloudflare’s ML pre-emptively blocks all attempts before they reach the origin.

JSOutProx Malware affecting financial institutions in MENA and APAC regions

In a concerning development in the world of malware, a new wave of JSOutProx malware campaigns has been identified, targeting users with refined precision. Unlike the broad and widespread approach of traditional malware, JSOutProx demonstrates a chilling focus, using sophisticated techniques to infiltrate systems and evade detection.

This malware, disguised as legitimate operations, represents a significant step forward in the sophistication of cyber threats. It's a stark reminder of how targeted malware attacks are becoming, and how traditional antivirus solutions just don’t cut it nowadays.

We work with many financial institutions and like to emphasize how attacks today target the bank’s CEO, or CISO, and not just the bank, meaning that traditional antivirus solutions will never have seen that signature before. Our partner, SentinelOne, protects millions of endpoints by analysing every file and not just relying on signatures.

We deploy SentinelOne at scale with Forefront Endpoint, as well as managing administrator privileges and filtering DNS.

In Conclusion

This week's cybersecurity events remind us of the ever-present and evolving nature of cyber threats. From servers giving up under the strain of a single malicious connection to the infiltration of cutting-edge malware, these incidents serve as a call for enhanced cybersecurity awareness and preparedness. Staying informed and ready for tomorrow’s attack is not just a recommendation; it's a necessity. By understanding the mechanics behind these threats and proactively fortifying our partner’s digital defences, we help our partners protect themselves and their business operations.