Prolexic, a company that provides distributed denial-of-service (DDOS) protection services, warns that cybercriminals are relying more and more on the DDOS toolkit known as itsoknoproblembro and the campaigns that leverage the crime kit will likely continue to grow in frequency.The DDOS toolkit, which has evolved a great deal over the past period, has often been used in coordinated campaigns targeting industries such as banking, hosting and energy.
Cybercriminals are utilizing itsoknoproblembro to target known vulnerabilities in web content management systems such as WordPress and Joomla in order to infect servers with malicious PHP scripts.
Some of the attacks that involved the tool – which leverages a unique, two-tier command module to launch multiple high-bandwidth attacks simultaneously – have peaked at 70 Gbps.
“Given the chatter in the hacker underground, we expect these itsoknoproblembro DDoS campaigns will continue to grow in frequency,” said Prolexic Chief Executive Officer Scott Hammack.
“We want to support the security community by sharing our knowledge, so we can help eradicate this threat and remove these malicious scripts from infected machines before they do even more damage.”
In order to help organizations protect themselves against DDOS attacks, Prolexic has issued detailed mitigation rules for the itsoknoproblembro threat. The advisory covers 11 different attack signatures.
Prolexic's Security Engineering and Response Team (PLXsert) has published a set of detection rules and a free log analysis tool that can be used by organizations to identify infected web servers and pinpoint which scripts have been accessed.
“The nature of these threats requires the cooperation of everyone in the network protection community to work together,” Hammack explained.
“Working with our fellow engineers and researchers, we will continue to provide free updates of this log analysis tool and encourage users to share their logs of compromised servers for continued analysis and refinement.”