Holidays Are Coming – the State of Security for E-commerce in 2020

With the Coronavirus pandemic driving consumers online, a new report from Imperva reveals how this year’s holiday shopping season will present online retailers with a level of traffic – and cyber-attack threats ...
timeseries aspg blog

Imperva SD-SOC: How Using AI and Time Series Traffic Improves DDoS Mitigation

Much has changed since we first started providing protection against DDoS attacks. Attacks which were once considered huge are now mitigated on a daily basis, attackers are becoming more sophisticated by the ...
Weblogic RCE in one request CVE-2020-14882

Bug hunting for a quick buck using WebLogic vulnerability (CVE-2020–14882)

| | Research labs
Introduction Popular within the commercial sphere, Oracle WebLogic Server is a scalable enterprise Java platform application server for Java-based web applications. When a vulnerability is discovered in WebLogic, hackers will try to ...
Figure 1 KashmirBlack botnet flow diagram

CrimeOps of the KashmirBlack Botnet – Part II

Introduction The previous blog – “CrimeOps of the KasmirBlack Botnet – Part I” – described the DevOps behind the botnet. It showed how its well-designed infrastructure makes it easy to expand and ...
Figure 1 KashmirBlack botnet flow diagram

CrimeOps of the KashmirBlack Botnet – Part I

Introduction Being in a research team exposes us to a variety of attacks on different platforms, of different types, scope, and volume. It also gives us the opportunity to select particularly interesting ...
DDoS attack 1

Major Global Ransom Denial of Service Campaign Continues Rising Trend in Global DDoS Attacks

Extortionists Claim Connection to Fancy Bear and Lazarus Group In the past weeks the number of serious Ransom Denial of Service (RDoS) threats has ramped-up considerably, with extortion campaigns targeting thousands of ...
largest ddos attack

Imperva mitigates largest DDoS attacks of 2020… so far…

The word “unprecedented” has never been used so much as it has during 2020. And in the latest of many unprecedented events, July saw the two largest recorded DDoS attacks of the ...
architecture of the new component

Fast, Furious, and Scalable: Designing a High-throughput, Real-time Network Traffic Analyzer

These days, our focus is on spoiling our customers. For example, we give our DDoS Protection customers the peace of mind that their network traffic is routing through Imperva’s cloud for consistent ...
The server blocks a legitimate HTTP request with JS

Avoid Alert Fatigue: Web Application Firewall Installation, Configuration and Best Practices

Alert fatigue – introducing false positives in WAF All WAF experts know what it’s like handling massive amounts of alerts. They’re also very likely wasting a lot of time fishing false positives ...
Every row represents a different attack

The Anatomy of Massive Application Layer DDoS Attacks

During 2020 between June 18 and June 24 Imperva mitigated massive 200K RPS (Request Per Second) attacks on a daily basis. Here at Imperva we investigate major attacks we mitigated in order ...