• Businesses believe they are more likely to be targeted by distributed denial of service (DDoS) attacks from rival firms than cyber criminals, according to Kaspersky Lab. DDoS attacks have quickly become a big concern for businesses. ... Imperva finished 2016 by fending off the largest attack ever recorded on its network.
  • Terry Ray, chief product strategist at Imperva, the cybersecurity software company based in Redwood Shores, Calif., said it may be "easy to villainize a company" for a data leak, but preventing this kind of forged cookie attack is harder than some might think. “The sad unfortunate truth about web applications is that most of them are not patched when they should be, almost all of them have components that rarely if ever get patched and cookie attacks don't get the same level [of] attention as more common attacks like SQL injection and cross-site scripting."
  • It's easy to villainize a company or an executive for having a data leak, Terry Ray, chief strategist at Imperva, told SC, but he believes it's worth noting that many companies would have been unable to prevent a forged cookie.
  • From around 9:30am Monday, the web servers of many state authorities and offices in Luxembourg were down or difficult to reach. Commenting on this, Ben Herzberg, Security Research Group Manager at Imperva Incapsula said “Organisations need to prepare for DDoS attacks, and know ahead of time what they will do when an attack will hit them (And DDoS is a family with different types of attacks, so the organisation need to know they have them all covered).”
  • As anyone with a website will know, app security is always a concern, whether it's your website being disrupted by a DDoS attack or a cyber criminal hacking into your system to steal sensitive data. With cloud services making this app security technology more affordable, all businesses with web applications are being encouraged to enlist the services of a dedicated WAF provider. Indeed, as explained by Incapsula, WAFs not only protect against OWASP’s Top 10 Threats, they also “prevent disruption to your application and improve website performance”.
  • “With the great increase of IoT devices, from teddy bears like the ones connecting with CloudPets to medical devices monitoring patients to connected refrigerators, our race for innovation brings a lot of cool stuff to life in a very short time, and this will continue in the next years, as there is a potential to revolutionize the way we're living,” said Ben Herzberg, security research group manager at Redwood Shores, Imperva.
  • Ben Herzberg, security group research manager at Imperva, says it's interesting that Necurs has now added a feature for DDoS attacks. But threat actors are likely to increasingly favor using IoT botnets such as Mirai because they are easier to infect and use than desktop botnets like Necurs, he said.
  • A botnet has never been a particularly nice thing. Even going all the way back to 2000 when GTbot was causing rudimentary denial of service attacks, botnets were designed for one thing and one thing only: malicious activity. Professional DDoS mitigation providers Imperva Incapsula found themselves staring down a 400 Gbps attack aimed at their network.
  • 'Smart' teddy bears that listened to the voices of children and parents have leaked 2 million recorded messages online - and hackers are now holding them for ransom. The company that makes the 'CloudPets' toys also leaked the user details of 800,000 accounts, including email addresses and passwords. Ben Herzberg, Security Research Group Manager at Imperva Incapsula, said: 'Internet of things' (IoT) devices have the potential to revolutionise the way we’re living. 'However, we’ve seen a lot of security glitches from these IoT companies, and they need to understand that Information Security is not a "good-to-have".
  • The past year has underscored the growing threat of cyberattacks. Security firm Incapsula identifies data breaches and DDoS attacks as among the top threats businesses encounter on a daily basis. Data breaches steal confidential information while DDoS – which stands for distributed denial of service – attacks render sites and services inaccessible, disrupting usage and operations.
  • On the vulnerability front, the total number of Web application vulnerabilities actually decreased in 2016. This stat comes by way of Imperva researchers who last week reported their findings in a technical analysis of vulnerability trends for 2016. While that might get those with rose-colored glasses to proclaim progress in Web app security, researchers Nadav Avital and Mia Joskowicz believe that corresponding attack data shoots that down as unlikely. Instead, they believe that there's only so many security researchers out there in the wide world and right now, they've got other fish to fry.
  • Amichai Shulman, CTO Imperva, explained that, “This Yahoo breach and others before it teach us a couple of things: Attackers are still ahead of enterprises, even the larger companies when it comes to covering their tracks. The alleged breaches were only detected once the leaked information surfaced on the web; and time is still a factor.” 
  • Security firm Imperva has analyzed web application vulnerability trends in 2016 and determined that while some types of flaws have declined, others have become more common. Data collected by the company shows that the total number of vulnerabilities found over the past two years has increased, but the number of flaws affecting web applications has actually dropped.
  • Web security firm Imperva was hit by a 650Gbps (Gigabit per second) distributed denial of service (DDoS) attack at the end of 2016, the largest ever recorded on its network. The Leet botnet attack, which occurred just four days before Christmas, targeted several anycasted IPs on the Imperva Incapsula network over two waves, both of which were effectively defended against.
  • Just 10 days before the end of 2016, researchers from Imperva uncovered a massive 650Gbps DDoS attack generated by a new internet of things (IoT) botnet, dubbed “Leet” after a character string in the payload. It’s the first that can rival Mirai. “Attacks that combine the use of small and large payloads have become increasingly common since we first reported them in the spread their odds by trying to both clog network pipes and bring down network switches,” researchers said in an analysis.
  • With the Mirai source code open sourced and its effectiveness proven, more people looking for a quick buck are getting into it. With more players in the market, the price will go down. Pros will start modifying the Mirai and other code bases and it will evolve. In fact, Imperva has already detected a new 650Gbps botnet cannonwhose signature differs from Mirai.