Fortinet's latest Threat Landscape report revealed several new security hazards, including a new "Apache Killer" tool that is currently being used to exploit an Apache server vulnerability that can be used for denial of service (DoS) attacks.
Fortinet said Apache has fixed the flaw and recommends that users immediately upgrade to Apache 2.2.20. The "Apache Killer" can be used to launch DoS attacks against Web hosts running older versions of the software platform.
The Threat Landscape report also cited the latest effort by hacktivist group Anonymous, which recently deployed a new distributed denial of service (DDoS) tool called #RefRef, which exploits SQL server vulnerabilities. According to the report, the #RefRef tool was used to assist "Operation Occupy Wall Street," a grass roots protest group that have filled lower Manhattan to criticize Wall Street firms on a variety of issues.
Derek Manky, senior security strategist at Fortinet, said the #RefRef tool is unlike Anonymous' previous hacking efforts that require multiple users to target a site with repeated attacks of TCP and UDP packets. The #RefRef tool, according to Fortinet, requires just a single attack and uses the system's processing power to crash itself. Fortinet's FortiGuard Labs released the IPS signature 'RefRef.DoS' to help mitigate this threat.
Manky, speaking to CRN at Fortinet's Global Partner Conference in Miami, discussed other trends in security threats, including a rise in mobile malware. "There's a lot of malware on mobile devices today," Manky said. "We used to see it mostly on the Symbian OS but now it's really growing on Android."
In addition to mobile malware, Manky said malicious code for 64-bit systems is on the rise. "We're seeing a lot more root kits and bot nets for 64-bit operating systems like Windows 7," Manky said. "Malware is definitely becoming more sophisticated."
