KashmirBlack is the new botnet that has infected over 200,000 websites
Overview of Botnet
A new botnet, named KashmirBlack, has been identified to have infected approximately 230,000 websites running popular content management systems (CMSes) including WordPress, Joomla, PrestaShop, Magneto, Drupal, vBulletin, osCommerce, OpenCart, and Yeager since November 2019.
The botnet takes over these infected websites to mine for cryptocurrency, send spam messages and deface websites.
Exploitation of Known Vulnerabilities
The KashmirBlack botnet infected the platforms by exploiting known vulnerabilities on the targeted servers that have not been updated and performs millions of attacks per day on average. CMSes can be easily exploited for their known vulnerabilities as they are usually not kept up-to-date. This reflects the importance of patching all vulnerabilities on your server and web application.
Polaris’ built-in automated vulnerability scanner would scan your web applications and servers for known vulnerabilities on a daily basis. This allows for hot patching to be conducted so as to temporarily prevent the vulnerabilities from being exploited, giving you time to update your servers and web applications. You no longer have to worry that your web application is vulnerable to such attacks with Polaris.
Disguising as Legitimate Web Traffic
The KashmirBlack botnet attacks websites by mixing legitimate and malicious web traffic activities. By serving as a web application firewall, Polaris inspects all web traffic and filters out any malicious web traffic masquerading as legitimate traffic.
Additionally, Polaris is able to block the attack at the very first stage. Polaris’ machine learning capabilities enable it to learn user behaviour on a web application. The injecting of a code, which is required to infect a victim server, is not recognised as a regular user behaviour. Thus, Polaris would recognise this behaviour as malicious and block it.
When a website using a CMS is not protected by a web application firewall, it is susceptible to similar botnet attacks. Not only does this compromise your website, but you put your website visitors at risk too.
How Polaris Safeguards Your Website from KashmirBlack
Polaris’ next-generation web application and API protection (WAAP) solution protects your web application and server from the KashmirBlack botnet with its edge-cutting technology.
The WAF denies malicious IPs and web traffic access to your server, while the intelligence sharing database helps predict and identify threats at an early stage. Polaris’ machine learning feature analyses application and user behaviours with dynamic profiling, which are used to create baseline security rule sets.
