Akamai’s Prolexic Security Engineering & Research Team (PLXsert) and PhishLabs’ (R.A.I.D.) Research Analysis and Intelligence Division have worked together on a threat advisory that warns enterprises and Software-as-a-Service (SaaS) providers about new distributed denial of service (DDoS) attacks that leverage Joomla servers that have a vulnerable Google Maps plugin installed. The advisory is available for download from: www.stateoftheinternet.com/joomla-reflection.
As we mentioned in a previous blog post, it is anticipated that DDoS attacks will continue to rise in 2015 with many businesses still underprepared to fight back against an attack. Last year marked a record year as DDoS attacks grew in volume and sophistication. Stuart Scholly, Akamai’s Senior Vice President and General Manager, Security Business Unit comments on the threat advisory released today, “This is one more web application vulnerability in a sea of vulnerabilities – with no end in sight.”
The known vulnerability in the Google Maps plugin for Joomla enables the plugin to act as a proxy which means the attacker can spoof the source of the request and send traffic somewhere else – the denial of service target. Further analysis of the threat revealed that the vulnerable installations were being exploited for reflected GET floods, a DDoS attack method. As stated in the report, “PLXsert was able to identify more than 150,000 potential Joomla reflectors on the Internet. Although many of the servers appear to have been patched, reconfigured, locked or have had the plugin uninstalled, others remain vulnerable to use in this DDoS attack.”
It is clear that DDoS remains an imminent threat that will only continue to rise. Read the full report for a detailed analysis and mitigation tactics for protecting against the current threat.