dos-attack

Analysis

A short denial-of-service (DoS) assault that interrupted NPM and caused users to receive the "Service Unavailable" error message was recently launched against the Node.js npm open source package repository by hackers. Open source repositories are frequently listed highly in search engine results, therefore this kind of assault takes use of it. This was exploited by the attackers, who built phoney websites and uploaded empty npm modules with links to them in the README.md files. As a consequence, there are now 1.42 million package versions accessible on npm, up from 800,000 previously. 

Although there have been other phishing efforts of a similar kind in the past, this most recent attack was especially sophisticated and widespread.

Prevention

  • Start the usage of flood-protection in your project by running `npm i flood-protection`.
  • Setting up Rate – limiting.
  • Disconnect a user or connection when a too much request appears.

Detection

Create rules based on Dos and Ddos attacks in the SIEM (Security incident event management) tool for detection of activity.

Indicators of Compromise (IOCs)

  • Abnormal Network Traffic.
  • Anomalous DNS Requests.
  • DDoS Attacks.
  • Unusual Login Activity.
  • Abnormal Privileged Account Activity.
  • Spikes in Database Read Volume.
  • Repeated Requests for Same File.
  • User-Application Mismatch.

References

the hacker news

copado

 

Get in touch

Send us a Message

Looking for general information or have a specific question. Fill the form below or drop
us a line at susan@positka.com.

Enquiry Now