Surge in online traffic increases risk to businesses

Imperva Research Labs has been monitoring the data across our thousands of customers since the outbreak of COVID-19. In reviewing anonymized data from our CyberThreat Index, we see new risks and several initial security implications from this pandemic for our customers and global businesses. We will share an ongoing stream ... Read More

Imperva Launches the Cyber Threat Index

Today, we are proud to announce the launch of the Cyber Threat Index, a new online information portal from the minds of our threat researchers at Imperva Research Labs. The current Cyber Threat Index is 776. This is categorized as High and is up 8 percent since December. But what ... Read More
Top attacked industries

2019 Global DDoS Threat Landscape Report

Today Imperva Research Labs, made up of senior researchers and industry experts who have been delivering sound and valid advice for over 15 years, is releasing a brand new Global DDoS Threat Landscape Report. The report is a statistical analysis of 3,643 network layer DDoS attacks throughout 2019 and 42,390 ... Read More
IMG 6065

2019 Hackathon Challenges Imperva to Solve Problems Together

The smell of pizza –150 boxes to be exact – filled our global offices last week as more than 220 Impervians (technical and non-technical) rolled up their sleeves to participate in Imperva’s annual company-wide hackathon. As chair of the event this year, I was determined to host a hackathon that ... Read More
The State of Web Application Vulnerabilities in 2018

The State of Web Application Vulnerabilities in 2018

(Jan. 12 update: Due to a data transfer error, some of the 2017 figures were incorrectly reported; this version of the blog has been corrected. This error did not affect our 2018 statistics, nor our conclusions.) As a web application firewall provider, part of our job at Imperva is to ... Read More
DirtyCOW Bug Drives Attackers to A Backdoor in Vulnerable Drupal Web Servers

DirtyCOW Bug Drives Attackers to A Backdoor in Vulnerable Drupal Web Servers

In this post we’ll unpack a short — but no less serious — attack that affected some Linux-based systems, on October 31. Throughout the campaign, the attacker used a chain of vulnerabilities including the infamous Drupalgeddon2 and DirtyCOW, and system misconfigurations to persistently infect vulnerable Drupal web servers and take ... Read More
Drupal, Phishing and A New Cryptomining Botnet

Drupal, Phishing and A New Cryptomining Botnet

It’s a well-known fact that security solutions must quickly adapt to new attack methods. There are several ways to achieve this goal, regularly applying security patches and updates, relying on threat intelligence and more. At Imperva, we use pattern anomaly detection as one of the tools to identify emerging threats ... Read More
The Trickster Hackers – Backdoor Obfuscation and Evasion Techniques

The Trickster Hackers – Backdoor Obfuscation and Evasion Techniques

A backdoor is a method for bypassing the normal authentication or encryption of a system. Sometimes developers construct backdoors to their own programs for various reasons. For example, to provide easy maintenance, developers introduce a backdoor that enables them to restore the manufacturer’s default password. On the other side, very ... Read More
New research shows 75% of ‘open’ Redis servers infected

New research shows 75% of ‘open’ Redis servers infected

Since our initial report on the RedisWannaMine attack that propagates through open Redis and Windows servers, we’ve been hearing about more and more attacks on Redis servers. Redis is a great tool, it can serve as in-memory distributed database, cache or a message broker and is widely popular. Redis is ... Read More
drupalgeddon 2 attacks by date

Drupalgeddon 2.0: Are Hackers Slacking Off?

Ever since March 28th, when Drupal published a patch for a RCE named Drupalgeddon 2.0 (SA-CORE-2018-002/CVE-2018-7600), Imperva has been monitoring our cloud looking for hackers’ attempts to exploit the vulnerability, but found nothing. Until today. It somehow seems fitting that nefarious activity picked up today, Friday the 13th. After a ... Read More