• “There is a growing sophistication in DDoS attack techniques, and Incapsula’s advanced technology provides the headroom and capacity to handle larger attacks that will inevitably occur,” said Yoav Cohen, vice president of Incapsula research and development at Imperva. “Our unique approach of strategically located PoPs, increased bandwidth, and the Behemoth 2 allows Incapsula to detect and start mitigating a DDoS attack in seconds, effectively protecting against downtime.”

  • Meanwhile, Ben Herzberg, security research group manager at Imperva, told SC Media that attackers are "changing tactics rapidly specifically to defeat anti-DDoS solutions, such as hit-and-run and pulse wave attacks" which should come as no great surprise to anyone. James Willett, SVP of products at Neustar, explained that attackers "routinely scout and reconnoitre their targets launching throttled attacks to identify defence response, defence tactics, and defence capacity." Once known, the proper types and sizes of attacks can be readily crafted to overwhelm unsuspecting organisations that lack effective cloud-based mitigation depth.

  • “There is a growing sophistication in DDoS attack techniques, and Incapsula’s advanced technology provides the headroom and capacity to handle larger attacks that will inevitably occur,” said Yoav Cohen, vice president of Incapsula research and development at Imperva. “Our unique approach of strategically located PoPs, increased bandwidth, and the Behemoth 2 allows Incapsula to detect and start mitigating a DDoS attack in seconds, effectively protecting against downtime.”

  • Security firm Imperva has found that a staggering 52% of website traffic is actually just bots. P&G’s CMO, Mark Pritchard, has declared online media buying "murky at best, and fraudulent at worst."

  • Newly known as the pulse wave DDoS attack, this assault eschews the typical DDoS pattern, which is a slow ramp-up to a peak, and then either a quick drop-off or a slower descent. The pattern might be repeated, or it might not be. When plotted on a graph these attacks typically look like jagged waves…This particular assault pattern was first noticed by the team at Incapsula, experts on how to stop DDoS attacks, and even they have called this type of attack ferocious. There are several big bad reasons for that.

  • Imperva, a supplier of DDoS protection services, said it found a new attack tactic, nicknamed “pulse wave DDoS”, due to the traffic pattern it generates: A rapid succession of attack bursts that split a botnet’s attack output, enabling an offender to go after multiple targets. One such attack was also the largest network layer assault it mitigated in the second quarter peaked at 350 Gbps.

  • The latest update from Yahoo tells us that three billion accounts were compromised. Yahoo’s number, you may recall, has been changing from the very beginning. As Ajay Uggirala, director of product marketing at Imperva, told me in an email comment: It’s not surprising that the Yahoo! breach is larger than originally reported. Troves of data from this breach apparently compromised as long ago as 2012, popped on the Dark Net in 2016, which likely means that at least some of this data has been circulating through the Dark Net for years.

  • There was an increase in the amount of distributed denial of service (DDoS) application layer attacks in the second quarter compared to last year, with three quarters of victims subjected to multiple attacks, according to a report. That was a big jump from 2016 when 43.2 percent of targets suffered from multiple attacks in the second quarter, according to Imperva’s Global DDoS Threat Landscape for Q2 2017.

  • With a more measured approach, Ajay Uggirala, director of product marketing at Imperva provided Website Magazine with the following commentary…“The Yahoo! breach and others confirm what we’ve suspected, that attackers are still ahead of enterprises, even the larger companies, when it comes to covering their tracks. The alleged breaches were only detected once the leaked information surfaced on the Web. In these mega breaches, time is still a factor. While the passwords were not leaked in clear text, the time between leakage and detection allowed the attackers, using modern computing power, to crack most of the passwords.

  • According to experts, it's not uncommon for forensic investigations to expose a greater number of victims than initial estimates. “It’s not surprising that the Yahoo! breach is larger than originally reported," Ajay Uggirala, director of product marketing at Imperva said. "Troves of data from this breach apparently compromised as long ago as 2012, popped on the Dark Net in 2016, which likely means that at least some of this data has been circulating through the Dark Net for years."

  • According to Imperva’s Q2 2017 Global DDoS Threat Landscape Report, the number of network layer assaults continue to decline for the fifth consecutive quarter. Organizations should not rejoice however, as the same report highlights a disturbing new DDoS attack trend of repeat assaults and increased intensity on the same target network. Igal Zeifman, Incapsula Security Evangelist at Imperva, observed that, “Attack frequency is rising even as the total number of assaults is trending down. With these repeat assaults, offenders are waging a war of attrition against protected targets – a DDoS equivalent to laying siege on an impenetrable castle.”

  • Pulse-wave attacks were encountered on multiple occasions throughout the quarter, according to Imperva’s data. In the plus column, this quarter, there was a small dip in application layer attacks, which fell to 973 per week from an all-time high of 1,099 in Q1. However, don’t rejoice just quite yet. “There is no reason to assume that the minor decline in the number of application layer assaults is the beginning of a new trend,” said Igal Zeifman, Incapsula security evangelist at Imperva—noting the change was minor at best.

  • Imperva published the Global DDoS Threat Landscape for Q2 2017; the report shows an increase in the amount of persistent application layer DDoS attack over a one-year period. According to Imperva, over 75% of targets were hit multiple times in Q2 2017, while the percentage was only 43.2% in the same period of 2016.

  • Amid an increase in frequency of repeat application layer distributed denial of service (DDoS) attacks during the second quarter of the year, over 75% of targets were hit multiple times, according to statistics from Imperva. The company’s Global DDoS Threat Landscape for Q2 2017 shows an increase in the amount of persistent application layer assaults over a one-year period. Thus, while only 43.2% of targets were subjected to multiple attacks in the second quarter of 2016, the percentage increased to 75.8% during the same three-month window this year.

  • Taking positive steps after such massive and well publicized attacks is important. For example stopping a company's IT and cybersecurity departments from turning on each other while trying to assign blame is also a necessity, says Imperva CISO Shahar Ben-Hador. This is not only important for company moral, but will help when another attack takes place. “When an organization succumbs to an attack such as the recent WannaCry or NotPetya, it's not an issue of blaming an individual or group. Instead, it should be an opportunity to test and improve the relationship between Infosecurity and IT and the overall process…”

  • Alive And Kickin'

    October 2, 2017

    “Ransomware attacks have been widespread this year and as these recent attacks against MongoDB show, there's a growing trend of ransomware attacks against big data databases in the form of database corruption attacks,” says Morgan Gerhart, vice president of product marketing at Imperva. “As the volume of data grows, the challenge of securing it is tied to the nature of the data itself.”

  • The algorithms that power the JavaScript miner are also well suited for running on a consumer's CPU, Imperva Incapsula Application Security Research Team Leader Nadav Avital told SC Media. Although there is a relatively high return on investment for threat actors injecting theses miners onto sites, the attacks aren't completely without problems. “Infecting a web server with a miner that runs on the server, while very efficient in terms of ROI, is less efficient in terms of persistency as mining cryptocurrency involves heavy mathematical computations that hogs the server's CPU,” Avital said.

  • Itsik Mantin, the Director of Security Research at Imperva, disagrees however, “Like anyone that got the scary pop-up – YOU GOT 23 VIRUSES!! PRESS THIS LINK TO GET PROTECTED! – using fear from malware as a means to distribute malware is common practice for attackers, and thus infecting anti-virus software with a malicious backdoor is less surprising than one would expect.”

  • This Dark Reading’s “Threat Intelligence” column discusses how despite the great promise of AI, businesses that handle European data cannot yet place their faith in machines to ease the burden of the DPO and meet the pending requirements of the GDPR.

  • "For most threats, there are security practices users can take in order to lower the chances of getting infected," said Itsik Mantin, director of security research at Imperva. "In this case, there was really nothing the victims could do," he told the E-Commerce Times. "The software was properly signed, so they had every reason to trust it."

  • Itsik Mantin, director of security research at security software company Imperva, said the CCleaner malware incident shows "there's not much users can do when the vendor gets infected." "This hack creates a new reality where users need to assume that their desktops, laptops and smartphones are infected, which has been the reality for security officers at organizations in the last years…"

  • Politico Morning Cybersecurity!

    September 18, 2017

    The group, OurMine, has claimed responsibility for the online leak of over three terabyte of files stolen Vevo files, which include notes on dozens of musical artists, according to Variety, although Gizmodo, which first reported the breach, notes that the published materials are “pretty mild.” Regardless, Terry Ray, the chief technology officer of security firm Imperva, urged businesses to take stock of their data. “Since most organizations will get hacked at one point or another, organizations should ask themselves what is their sensitive data, where is their sensitive data and try to invest in protecting it.”

  • "Regardless of whether this modification was made by a hacker that gained control over the download server, or over an endpoint that had access to this server, and regardless of whether the attacker came from outside or from within, history teaches us that modern attackers tend to remain stealth and keep their foothold in the organization for as long as possible," says Itsik Mantin, director of security research at Imperva.

  • “Another large company has had data stolen, and it’s the attackers that are bringing it to light,” Terry Ray, CTO at www.imperva.com said, “While we don’t know the specifics yet, it is common that companies become aware of a breach only once the data has been shared beyond the attacker, this was further highlighted in a Verizon Data Breach Report a few years back…”

  • "We don't know how long they [the hackers] have been accessing the Vevo system or what additional data –financial, email, employee info – the attackers may have..." cautioned Terry Ray, CTO of data and application security company Imperva, in emailed comments.

  • We Need One Of Those?: A survey of 310 IT security professionals by data protection firm Imperva found 22% said their organization has yet to hire a data protection officer, despite their efforts to become compliant with the European Union’s pending General Data Protection Regulation.

  • “Humans will always be humans,” says Luda Lazar, security research engineer at Imperva’s Defense Center. By that she means we always have it in us to do stupid things like click on links in emails or download attachments.

  • "The attacker could change the instructions and have it infiltrate confidential information on the device," says Robert Hamilton, director of product marketing at Imperva.

  • Security researchers from data centre security vendor Imperva recently detected and blocked thousands of attacks attempting to exploit this Apache Struts2 vulnerability (CVE-2017-9805), with roughly 80 percent of them tried to deliver a malicious payload.

  • Security firm Imperva has detected thousands of attacks attempting to exploit a recently patched remote code execution vulnerability affecting the Apache Struts 2 open source development framework. The security hole, tracked as CVE-2017-9805, affects applications that use the REST plugin with the XStream handler for XML payloads, and it exists due to the way Struts deserializes untrusted data.

  • Exploit code has been published for CVE-2017-9805 and CVE-201712611. Cisco's Talos security division, along with Imperva, have reported in-the-wild attacks against CVE-2017-9805. "To date, our systems have successfully blocked thousands of attacks from all over the world with China, as usual in Apache Struts vulnerabilities, identified as the most prominent source of attacks," Nadav Avital, Imperva security researcher noted last week.

  • An Incapsula survey estimates that the average DDoS attack costs its victim $40,000 per hour, with a median cost per incident of $500,000. Over 90% of the 270 U.S. companies that responded to the survey reported a DDoS attack over the last year, while two-thirds of the companies had been targeted two or more times.

  • Ransomware has loomed large in the news of late. The untraceability of Bitcoin payments, coupled with new blackhat tools available to anyone at little (if any) cost, means extortion attempts will continue to grab headlines worldwide.

  • According to Imperva’s Q1 2017 Global DDoS Threat Landscape Report, application layer attacks are on the rise. The report found that application layer DDoS attacks reached an all-time high of 1,099 attacks per week in the second quarter of 2017, a rise of 23 percent over the previous quarter’s 892.

  • A year ago, Imperva first spotted a DDoS attack from an Android botnet through their Incapsula service. Imperva Incapsula is a cloud-based application delivery service that increases website performance and protects websites from attack.

  • Spencer Young, RVP EMEA at Imperva said: “While this is a welcome intervention from the UK’s government to attempt to provide severe financial consequences for not taking cybersecurity seriously, it could be said that this state intervention represents a little too much of the stick, and not enough of the carrot. By focusing on the severity of the fines, we lose sight of the fact that there are better reasons than fines to have a comprehensive cybersecurity policy in place.

  • During a recent pen test of GitLab, Imperva researchers were surprised to come across a vulnerability that leaves users exposed to session hijacking attacks. The vulnerability stems from the type of session tokens used by GitLab.

  • “A crucial takeaway from this survey is that companies need to be engaging with GDPR compliance now,” said Terry Ray, CTO of Imperva. “The fact that a high percentage of respondents said they had already hired a DPO is encouraging. GDPR will rear its head in ways that nobody predicted, so engaging early and being ready for every possibility is absolutely crucial.”

  • GitLab is a widely used SaaS provider that focuses on developer related issues, including Git repository management, issue tracking and code review. During a recent pen test of GitLab (I wanted to see the service was a good fit to use at Incapsula), I was surprised to come across a vulnerability that leaves users exposed to session hijacking attacks.

  • GitLab, the popular web-based Git repository manager, fixed a vulnerability recently that could have exposed its users to session hijacking attacks. Daniel Svartman, a security researcher with Imperva, discovered the issue in May but couldn’t disclose it until Wednesday, after GitLab was able to patch the issue and confirm it had been fixed.

  • A recent Imperva survey of 310 IT security professionals found that 55 percent of respondents are counting on artificial intelligence (AI) or machine learning solutions to bear some of their data protection workload over the next three to five years, and 27 percent said they're expecting the same within the next year or two. "A crucial takeaway from this survey is that companies need to be engaging with GDPR compliance now," Imperva CTO Terry Ray said in a statement.

  • Imperva's Global Threat Landscape Report for Q1 2017 is cited multiple times in this slideshow feature.

  • While the IT industry is preparing for the General Data Protection Regulation (GDPR), some organizations are still struggling with staffing for it—about a fifth (22%) haven’t yet hired a data protection officer (DPO). That’s according to Imperva, in a survey of 310 IT security professionals taken at the Infosecurity Europe 2017 trade show. The firm also found that 52% of those that don’t have a DPO aren’t planning on hiring one until the second half of 2018 or beyond—after GDPR enforcement commences.

  • “A crucial takeaway from this survey is that companies need to be engaging with GDPR compliance now,” said Imperva CTO Terry Ray.

  • Paine said WireX is “one of the first, and certainly one of the biggest, Android-based DDoS botnets.” Last year, researchers from DDoS-mitigation service Incapsula, reported a separate Android-based DDoS botnet.

  • “Internet browsers have to be updated to fix this vulnerability. In the meantime, users can defend against these types of attacks, which consist of bogus requests to APIs, by blocking these requests using a firewall or other application level access control devices.” Ajay Uggirala, director of product marketing at Imperva, told SecurityWeek in an emailed statement.

  • Because sites actively try to deter bots, programmers must “try to make the bot seem like a human, and by human, I mean seem like a [human] browser,” says Igal Zeifman, an evangelist with the web security company Imperva. Bots used for automated shopping are considered “impersonator” bots, which constitute almost a quarter of the bots used on the internet. According to Imperva, in 2016 almost 52% of web traffic came from bots.

  • A dive taken by an online security company Incapsula into the depths of a botnet behind Viagra spam emails revealed a major problem, one that seemingly has no ties to the polite maple syrup lovers of the north…When Incapsula intercepted encoded communications from a botnet, they found themselves with the opportunity to take a behind the scenes look at the botnet’s operations.

  • "With so many medical devices connected to the internet, it’s not surprising to know that some of these devices were rendered useless by WannaCry," says Terry Ray, chief product strategist for Imperva.

  • Terry Ray, chief product strategist for Imperva, noted that the healthcare industry continues to be a top target for cybercriminals, because of the large quantity of valuable data they manage and the potential to negatively impact critical patient care. “With so many medical devices connected to the internet, it’s not surprising to know that some of these devices were rendered useless by WannaCry,” Ray told Infosecurity.

  • In a survey by Imperva, carried out at the RSA 2017 security conference, 59% of those questioned said downtime was the largest business impact of a ransomware attack.

  • "As we see in this attack, even the most tech savvy companies and users can fall victim to phishing," he said. "It just takes one well-crafted email to be clicked by one person. Therefore, we must not be complacent when it comes to user training and awareness." "And remember, if you are not 100 percent sure an email is genuine -- no matter how urgent it sounds -- it is always better to check with your IT team first," Ajay Uggirala added.

  • Ransomware’s popularity continues to skyrocket, due to its successful business model and the significant profit paid by its victims. Unlike other malware business models, based on Darknet sales, hackers who utilize ransomware as their attack vector receive payment directly from their victims.

  • A survey of IT executives and managers at the RSA conference by data security company Imperva found 11% were unsure whether the EU’s European General Data Protection Regulation would affect their organization, while 29% said their company wasn’t preparing for the coming rules and 28% were unsure if preparations were under way.

  • According to an Imperva survey of 170 security professionals conducted at this year’s RSA Conference, 51 percent of respondents admitted that the GDPR would impact their companies, IT Briefcase reported. Additionally, 43 percent indicated that they were “evaluating or implementing change in preparation for GDPR,” while 29 percent said they were not preparing. A separate 28 percent indicated that they were unaware of specific preparations for the GDPR.

  • O2 has admitted that thieves exploited flaws in SS7 to steal money from victim's bank accounts. Amichai Shulman, CTO and co-founder at Imperva, told SC Media UK that the existence of an unsecure telco network in some countries was enough for bypassing this specific type of 2FA.

  • Morgan Gerhart, vice president of marketing at Imperva, warned that a major component of the cost of ransomware isn't the ransom, "It's the disruption and downtime." "Theoretically, if you can recover your data in real time, the backup is effective. Most people can't. And even a few hours of downtime is hugely disruptive to an enterprise," Gerhart told SearchSecurity. "We believe the most effective solution is to monitor the data in real time to detect when it's being accessed by ransomware so you can stop the attack."

  • The director of network and infrastructure at inland Southern California's largest school district reflects on his experiences and provides recommendations for preventing cyber attacks. CNUSD needed a solution that was simple to use and not overly technical. We also didn’t want it to require a tremendous amount of professional services or a steep learning curve. It also had to be easy to implement and maintain. We reached out to a security analyst who recommended the Imperva Incapsula website protection service.

  • GDPR will affect all EU-based companies, and all US companies that have any trade with the EU. Despite the threat of hefty non-compliance fines, Gartner is not alone in finding a lack of preparatory urgency among organizations. "The Gartner data aligns with a survey Imperva recently conducted of IT security professionals at RSA," Imperva's chief product strategist Terry Ray told SecurityWeek. "Our data showed an overall lack of urgency among the IT professionals surveyed, with only 43 percent of respondents indicating that they are evaluating or implementing change in preparation for GDPR."

  • Featured article by Terry Ray, Chief Product Strategist for Imperva, Inc. Well-talked about in international circles, the European General Data Protection Regulation (GDPR) is a new regulation to protect the privacy of European citizens – however, many people may not realize that it applies to all businesses that hold and process personal data collected in the European Union, regardless of their industry or location. It becomes effective on May 25, 2018, so there is just over a year to prepare. It sounds like a long way off, but will there be enough time for your company to comply?

  • “Fundamental to digital transformation is that enterprises are simply generating more data than ever before. It’s part and parcel of a knowledge-driven economy and how enterprises create and deliver value. All of this data—stored in an ever-shifting array of locations and repositories—simply presents more opportunity to the cybercrime industry.”

  • A fat-fingered human accidentally broke a transatlantic internet backbone that knackered Cloudflare's content delivery network in the US. Incapsula shows some transit issues around 0926 PT, hours after Cloudflare's stumble.

  • What is the current state of company preparedness for the European General Data Protection Regulation (GDPR)? An Imperva survey has sought to answer this question. The survey of 170 security professionals was taken at RSA 2017, the world’s largest security conference. “US companies should be evaluating the impact GDPR will have on their data practices, given the major fines for non-compliance,” said Terry Ray, chief product strategist at Imperva.

  • Netflix has learned a valuable lesson about ransomware: that is that you should pay up if you really don't want to get burned. "Hackers are looking for the largest payday possible. Why target an individual and request a few hundred dollars, when you can put in almost the same effort and get tens of thousands of dollars or even millions from a major media organisation?," pondered Ajay Uggirala, director at security firm Imperva.

  • Security is really a means to an end, and that end is for the business to succeed. “A successful CISO needs to be both strategic — long-term plan, collaborate with teams, communicate to executive management and the board — and tactical. The devil is in the details,” said Imperva CISO Shahar Ben-Hador in a blog post. “As a CISO, I have to assess what’s going to be a fundamental technology over a longer period of time and what’s fundamental for our business.”

  • Amichai Shulman, co-founder and CTO of Imperva, offered further measures: “To prevent brute force attacks, security officers should not rely on password policies only, but should take specific detection measures like rate limiting login attempts, detecting login attempts from automated browsers, treat with caution logins from unexpected countries and anonymous sources, and compare login data to popular passwords and stolen credentials.”

  • State-sponsored hackers are targeting universities while criminal gangs hold hospitals to ransom by infecting their IT systems with viruses which they remove on payment, researchers say. Ajay Uggirala, Director of Imperva, a cybersecurity firm, said: ‘It makes sense that ransomware attacks are on the rise given the technical skill needed, and the associated cost with phishing campaigns has gone down, making it easier than ever to launch a campaign due to the availability inexpensive servers and DIY kits. These advances leave the hacker with more time to focus on identifying the target and crafting its bait’.

  • For companies with a larger budget, Incapsula offers a much bigger and faster network with enterprise-grade security for only $300/month (Business plan). If you’re an eCommerce business and need to secure highly valuable customer data while supercharging your site performance, Incapsula is your winner.

  • Customer information is in many ways now simply plunder, much as in ancient times soldiers were rewarded with whatever loot they could find after they'd won a battle.“In this case, after collecting the data on their political targets, which includes employees of commercial entities in transportation and financial services, the hackers were given free rein with the spoils — the data from 500 million Yahoo users,” said Tim Matthews, vice president of marketing for the computer security company Imperva.

  • Businesses believe they are more likely to be targeted by distributed denial of service (DDoS) attacks from rival firms than cyber criminals, according to Kaspersky Lab. DDoS attacks have quickly become a big concern for businesses. ... Imperva finished 2016 by fending off the largest attack ever recorded on its network.

  • Terry Ray, chief product strategist at Imperva, the cybersecurity software company based in Redwood Shores, Calif., said it may be "easy to villainize a company" for a data leak, but preventing this kind of forged cookie attack is harder than some might think. “The sad unfortunate truth about web applications is that most of them are not patched when they should be, almost all of them have components that rarely if ever get patched and cookie attacks don't get the same level [of] attention as more common attacks like SQL injection and cross-site scripting."

  • It's easy to villainize a company or an executive for having a data leak, Terry Ray, chief strategist at Imperva, told SC, but he believes it's worth noting that many companies would have been unable to prevent a forged cookie.

  • From around 9:30am Monday, the web servers of many state authorities and offices in Luxembourg were down or difficult to reach. Commenting on this, Ben Herzberg, Security Research Group Manager at Imperva Incapsula said “Organisations need to prepare for DDoS attacks, and know ahead of time what they will do when an attack will hit them (And DDoS is a family with different types of attacks, so the organisation need to know they have them all covered).”

  • As anyone with a website will know, app security is always a concern, whether it's your website being disrupted by a DDoS attack or a cyber criminal hacking into your system to steal sensitive data. With cloud services making this app security technology more affordable, all businesses with web applications are being encouraged to enlist the services of a dedicated WAF provider. Indeed, as explained by Incapsula, WAFs not only protect against OWASP’s Top 10 Threats, they also “prevent disruption to your application and improve website performance”.

  • “With the great increase of IoT devices, from teddy bears like the ones connecting with CloudPets to medical devices monitoring patients to connected refrigerators, our race for innovation brings a lot of cool stuff to life in a very short time, and this will continue in the next years, as there is a potential to revolutionize the way we're living,” said Ben Herzberg, security research group manager at Redwood Shores, Imperva.

  • Ben Herzberg, security group research manager at Imperva, says it's interesting that Necurs has now added a feature for DDoS attacks. But threat actors are likely to increasingly favor using IoT botnets such as Mirai because they are easier to infect and use than desktop botnets like Necurs, he said.

  • A botnet has never been a particularly nice thing. Even going all the way back to 2000 when GTbot was causing rudimentary denial of service attacks, botnets were designed for one thing and one thing only: malicious activity. Professional DDoS mitigation providers Imperva Incapsula found themselves staring down a 400 Gbps attack aimed at their network.

  • 'Smart' teddy bears that listened to the voices of children and parents have leaked 2 million recorded messages online - and hackers are now holding them for ransom. The company that makes the 'CloudPets' toys also leaked the user details of 800,000 accounts, including email addresses and passwords. Ben Herzberg, Security Research Group Manager at Imperva Incapsula, said: 'Internet of things' (IoT) devices have the potential to revolutionise the way we’re living. 'However, we’ve seen a lot of security glitches from these IoT companies, and they need to understand that Information Security is not a "good-to-have".

  • The past year has underscored the growing threat of cyberattacks. Security firm Incapsula identifies data breaches and DDoS attacks as among the top threats businesses encounter on a daily basis. Data breaches steal confidential information while DDoS – which stands for distributed denial of service – attacks render sites and services inaccessible, disrupting usage and operations.

  • There's still work to do, but it's great to see the DHS leading a coordinated effort because something needs to be done. Last year, DDoS protection provider Imperva Incapsula reported helping its customers fend off an average of 445 attacks every week. Their intensity increased dramatically, too, up from around 200Gbps in 2015 to 470Gbps in 2016.

  • The Internet is Mostly Bots

    January 31, 2017

    Overall, bots—good and bad—are responsible for 52 percent of web traffic, according to a new report by the security firm Imperva, which issues an annual assessment of bot activity online. The 52-percent stat is significant because it represents a tip of the scales since last year’s report, which found human traffic had overtaken bot traffic for the first time since at least 2012, when Imperva began tracking bot activity online.

  • Too many damned bots:Imperva Incapsula looked at 16.7 billion website visits from early August to early November 2016, and it found that 51.8 percent of traffic was created by bots. That means less than half of the content, according to the web-security player, was seen by humans.

  • Considering the internet was made by humans for humans you would, quite sensibly assume that the vast majority of all traffic on the internet does then come from humans. Well you’re wrong, so very wrong.A new report by Imperva has shown that not only are we not alone in using the internet, we’re actually in the minority. Over half of all internet traffic was in fact generated by bots.

  • Launching a DDoS attack against Whitehouse.gov? Definitely illegal. Staging a non-registered protest against Whitehouse.gov with the same intended outcome? That could very well be interpreted as illegal, too.Amichai Shulman, who is CTO of security at Imperva, told a reporter at Dark Reading "if you open a browser and constantly refresh, that's a legitimate protest by a human being." Courts may, however, disagree with his assessment.

  • Commenting on the year ahead, Igal Zeifman, director at Imperva Incapsula stated, "Mirai was responsible for many high-profile attacks in the second half of 2016. It safe to say that, in 2017, we will continue to see more evolutions of that specific malware type, which will exploit vulnerabilities in IoT devices. We will also witness the expansion of botnet-for-hire industry, facilitated by the existence of the aforementioned effective, easy to use, and widely available malware."

  • "Bots" - often just a few lines of code, a set of programmed instructions - scamper all around us as we journey through the internet.  According to research firm Incapsula, 61 per cent of internet traffic in 2013 came from bots, a rise of ten per cent in just 12 months.

  • On the vulnerability front, the total number of Web application vulnerabilities actually decreased in 2016. This stat comes by way of Imperva researchers who last week reported their findings in a technical analysis of vulnerability trends for 2016. While that might get those with rose-colored glasses to proclaim progress in Web app security, researchers Nadav Avital and Mia Joskowicz believe that corresponding attack data shoots that down as unlikely. Instead, they believe that there's only so many security researchers out there in the wide world and right now, they've got other fish to fry.

  • Amichai Shulman, CTO Imperva, explained that, “This Yahoo breach and others before it teach us a couple of things: Attackers are still ahead of enterprises, even the larger companies when it comes to covering their tracks. The alleged breaches were only detected once the leaked information surfaced on the web; and time is still a factor.” 

  • Security firm Imperva has analyzed web application vulnerability trends in 2016 and determined that while some types of flaws have declined, others have become more common. Data collected by the company shows that the total number of vulnerabilities found over the past two years has increased, but the number of flaws affecting web applications has actually dropped.

  • Web security firm Imperva was hit by a 650Gbps (Gigabit per second) distributed denial of service (DDoS) attack at the end of 2016, the largest ever recorded on its network. The Leet botnet attack, which occurred just four days before Christmas, targeted several anycasted IPs on the Imperva Incapsula network over two waves, both of which were effectively defended against.

  • Just 10 days before the end of 2016, researchers from Imperva uncovered a massive 650Gbps DDoS attack generated by a new internet of things (IoT) botnet, dubbed “Leet” after a character string in the payload. It’s the first that can rival Mirai. “Attacks that combine the use of small and large payloads have become increasingly common since we first reported them in the spread their odds by trying to both clog network pipes and bring down network switches,” researchers said in an analysis.

  • With the Mirai source code open sourced and its effectiveness proven, more people looking for a quick buck are getting into it. With more players in the market, the price will go down. Pros will start modifying the Mirai and other code bases and it will evolve. In fact, Imperva has already detected a new 650Gbps botnet cannonwhose signature differs from Mirai.