Recently, Akamai's Prolexic Security Engineering & Research Team (PLXsert) in partnership with Phishlabs' R.A.I.D has introduced a new cyber security warning advisory alerts enterprises and Software-as-a-Service (SaaS) providers of attackers with the help of Joomla servers with a assailable Google Maps plugin installed as a platform for launching distributed denial of service (DDoS) attacks.
Stuart Scholly, a senior vice president and general manager of Security Business Unit, Akamai, said “Vulnerabilities in web applications hosted by Software-as-a-Service providers continue to provide ammunition for criminal entrepreneurs. Now they are preying on a vulnerable Joomla plugin for which they've invented a new DDoS attack and DDoS-for-hire tools.”
He also added, “This is one more web application vulnerability in a sea of vulnerabilities – with no end in sight. Enterprises need to have a DDoS protection plan in place to mitigate denial of service traffic from the millions of cloud-based SaaS servers that can be used for DdoS."
A popular exposure in a Google Maps plugin for Joomal enables plugin to act as a proxy. Being an intermediator server, proxy processes a petition and returns the result on behalf of someone else.
The vulnerable Google Maps plugin allows Joomla servers that use it to be used as a proxy. Attackers spoof (fake) the source of the requests, causing the results to be sent from the proxy to someone else – their denial of service target. The true source of the attack remains unknown, because the attack traffic appears to come from the Joomla servers.
When it comes to talking about the known vulnerability in a Google Maps plugin for Joomla, it enables the plugin to act as a proxy. However, proxy is an intermediary server, which processes a request and returns the result on behalf of someone else.
Through vulnerable Google Maps plugin, Joomla servers can be used as a proxy. Attackers take off the source of the requests, causing the results to be sent from the proxy to someone else – their denial of service target. The real source of the attack remains unknown as the attack traffic looks to come from the Joomla servers.
PLXsert well-matched DdoS signature traffic that arises from multiple Joomla websites with co-operation from PhishLabs' RAID. It also indicates vulnerable installations that are utilized en masse for reflected GET floods, a type of DdoS attack. Discovered attack traffic as well as data suggest the attack is being offered on well-known DDoS-for-hire websites.
On the web, PLXsert was allowed to recognize more than 150000 potential Joomla reflectors. A lot of servers seem to have been spotted, locked or reconfigured the plugin uninstalled and others remain vulnerable to use in this DdoS attack. Rather than an Akamai customer in November, PLXsert alleviated a DdoS attack of this kind. The huge number of the top attacking IP addresses are originated from Germany. However, the similar IP addresses, which participated in this attack, have taken part in DDoS attacks opposing other Akamai customers in the industries of hosting and consumer goods.
Cloud-based DdoS attack mitigation can have conflict this problem to protect entities from despiteful traffic. However, edge-based security and scrubbing centers stop DdoS attack traffic long before it impacts a customer's website or data center.
To get more information on Joomla and its solutions, keep visiting our blog as here you can find top stories related to Joomla. Moreover, you can also get support from Joomla developer if you have any query or project to discuss.
More Information regarding Joomla Development email id info@perceptionsystem.com
More Information regarding Joomla Development email id info@perceptionsystem.com
0Awesome Comments!