Connect with Ixia                                        

LinkedIn                                                       

Twitter                                                         

Ixia Blog                                                       

YouTube                                                        

Ixia Media Contact:

Denise Idone, Senior Corporate Communications Manager

Email:  didone@ixiacom.com

Office: (631) 849-3500

Mobile: (516) 659-7049

SecurityAsia

Author: Chuck McAuley. At Ixia, we’ve tried to make it a habit of turning the difficult into easy. With that in mind, we’ve created a new addition to our BreakingPoint Labs: The DDoS Test Lab.  This new feature allows users to select a variety of denial of service attacks through a single pane of glass.

If you are a long time BreakingPoint user, you know that we’ve had DDoS testing capabilities in the product for a long time. However, in the past each test case had to be custom tailored to the requirements of the attack. Some attacks required application-level flooding, some required high connection rate attacks on the TCP layer, and even some required bit blasting of IP fragments or specific flag combinations. And while we made examples of the most popular DDoS attacks, it always felt a little clunky.

The DDoS Lab solves this workflow by wrapping around the test components that make each attack unique and reducing the parameterization to a few options. Now, if you want to run a simulation and test your DDoS countermeasures, you are only a few clicks away.

Choose your weapon.

In this first release we’ve focused on some of the most popular attacks from the last year. Reflection attacks abusing DNS, NTP, and SSDP are in there, which according to  Verisign’s recent report, have been on the rise. We’ve also included some old but common attacks including SYN Flooding, Fragmentation Attacks, and LOIC (Low Orbit Ion Cannon).  And of course plenty of web application attacks, such as Slowloris, RUDY, and HTTP flooding. We will be expanding the diversity and attack library with our Application and Threat Intelligence (ATI) Subscription bi-weekly updates. Besides following reports and trends in the industry, we are always looking for feedback from our customers.

Another new feature of the DDoS Lab is the ability to select IP addresses based on geography. The user can now select incredibly large groups of IP addresses with only a few clicks. The same mechanism can be used to setup the background (in other words: legitimate) traffic as well. To select a geographical region for traffic, simply click on the assignment button and then the country. You’ll get true DDoS emulation at scale.

Britain's former colonies revolt

We are also working on pre-canned test plans that will demonstrate known attacks. The next time you hear one in the news, expect it to show up in the ATI release shortly afterwards. If you have one you’d like to see us make, please let us know.

As you can see, release 8.01 continues our goal of reducing complexity…giving you DDoS testing with only a few clicks of the mouse.

Leverage Subscription Service to Stay Ahead of Attacks

The Ixia BreakingPoint Application and Threat Intelligence (ATI) Subscription provides bi-weekly updates of the latest application protocols and attacks for use with Ixia platforms.

Author: Oana Murarasu. You think you’ve got it all sorted out when it comes to malware? Well, think again. Every day hundreds of thousands of new malware samples are observed, curtesy of the relentless toil and innovation of malware authors around the world. Some samples that get reverse-engineered appear unique and complex, revealing that we are actually dealing with advanced creators. Some are variations of old, well-known malware. Some are easy to identify and detect. Most are recompiled or obfuscated samples of the same malware. Regardless, all types of malware are highly effective after perimeter defenses have been breached.

2016 has already become yet another year that has contributed to the exponentially growing number of malware families. The first few months have brought about malware targeting operating systems that were previously ignored more than others were. One example is OS X. Not long ago, ransomware that targeted this operating system was functionally incomplete (see FileCoder discovered by Kaspersky in 2014). Then KeRanger appeared in early March and the Internet sat up and took notice. A fully functional ransomware hits and Mac users are not disregarded anymore. The surprise should not be that OS X was targeted, but that it took so long for a strong ransomware contender to appear considering the target-rich environment that the platform provides.

With the above concerns in mind, let’s recap some of the malware news for the first months of 2016.

Triada - Android

Triada is a recently discovered Android malware with a modular architecture that provides full access to an infected system. The key feature of Triada is its ability to inject itself into the Zygote process. This process contains core system libraries and frameworks that are used by installed applications and constitutes a template for new ones. Think of it as the init process of Android. By infiltrating its code into Zygote, Triada has visibility and control of all the applications installed on a device. This control provides the attackers with means of collecting SMS messages, as is the case of Triada, but could be expanded to harvesting emails, stealing browser session cookies, monitoring phone calls, injecting ads, or taking malicious activity on just about any phone-based activity.

Retefe - Windows and Android Hybrid

(source: virustotal.com)

Retefe is a malware family first seen in 2014. At that time, it didn’t attract a lot of attention since it targeted users mostly from Sweden, Austria, Switzerland, and Japan. Recently Retefe has evolved to bypass two factor authentication used by banks. The means for distributing this malware is through phishing emails that contain zip archives with malicious executables inside. Once installed, all traffic towards certain banks is redirected to a proxy. The user is prompted with a pop-up notifying of a site modification that requires new credentials. Afterwards another pop-up offers the choice of selecting two factor authentication via SMS or RSA token. The user provides the mobile phone number and the phone’s operating system and receives a SMS with instructions to install a new Android Application Package (APK). By luring the user into installing the latter application, the attacker not only gains control over the mobile phone but also gets to hijack the legit SMS messages sent by the bank. This mechanism hands two-factor authentication over to the hijackers for draining the bank account at their leisure.

Locky – Windows

(source: malwr.com)

Locky is a new ransomware for Windows systems. This malware has received a lot of attention since it was discovered in February. The malicious code for this particular malware relies on JavaScript attachments to download itself. Like other recent ransomware, it encrypts local files as well as network shares with AES encryption and renames them to [unique_id][identifier].locky. The victim is requested to pay a ransom to get the files decrypted.

KeRanger - OS X

KeRanger is one of the first documented ransomwares to target Mac users. It was recently discovered by Palo Alto Networks packaged with the popular BitTorrent client Transmission. After installation on the victim’s machine, KeRanger encrypts documents, images, video files, email archives and databases located on the hard drive. Victims are then asked to pay a bitcoin ransom to get their files decrypted. To date, KeRanger has only been detected in the transmission app for Mac, but more than likely, we will see it appear again shortly.

Mazar – Android

(source: heimdalsecurity.com)

Mazar is a new Android malware that spreads through SMS or MMS messages that contain a link to a malicious APK. A click on this link causes a download of the APK file that when run, prompts the user with the installation of a new application and also asks for administrative privileges. Once installed it can send/read messages, make calls to any of the contacts, infect the browser, change/read phone settings, access the Internet, erase the device’s storage, and so on. It can also download other Android apps that enable the attacker to spy on the victim’s web traffic.

Teslacrypt3 – Windows

Teslacrypt3 is an older ransomware that has been recently extended with additional features to make it harder to detect or remove. When researchers discover code flaws to detect or remove malware, the creators find new ways of solving them. In 2016, we’ve already seen news of Teslacrypt3, then 3.0.1, then 4. This malware used to only target computers with specific computer games installed, but newer versions of it no longer look for this anymore. This malware is distributed through well-known exploit kits, such as Angler. AES encryption is used for file encryption and, like other ransomware, it demands payment in bitcoin.

Did you consider all of the above for your network, application, and device testing? We did. These and many other malware samples, together with their corresponding botnet traffic you can find in the new and improved ATI Malware and Botnets Monthly Update February/March – 2016. Using this package, you can test your IPS, inline sandboxing, and other network security solutions to make sure they remain up to date on the latest malware trends as soon as they come out.

Leverage Subscription Service to Stay Ahead of Attacks

The Ixia BreakingPoint Application and Threat Intelligence (ATI) Subscription provides bi-weekly updates of the latest application protocols and attacks for use with Ixia platforms.

IxiaAnnouncesPreliminaryFinancialResultsforFirstQuarter2016

CALABASAS,CA,April 14,2016- Ixia (Nasdaq:XXIA) today reported certain preliminary financial results for the first quarter ended March 31, 2016.

Ixia currently expects revenue for the 2016 first quarter to be between $108 million and $111 million, below the company’s previous guidance of $121 million to $126 million. The company currently expects a GAAP loss for the quarter of between $0.03 and $0.05 per diluted share, compared with previous guidance of breakeven to a loss of $0.04 per diluted share. The company currently expects non-GAAP earnings for the quarter to be between $0.05 and $0.08 per diluted share, compared with previous guidance of between $0.10 and $0.14 per diluted share.

"We are disappointed with our first quarter results. Our topline performance was primarily impacted by an unexpected and marked slowdown in network test spending from our North America network equipment manufacturer customers in March, and we continued to experience delays in closing network visibility deals," said Bethany Mayer, Ixia’s president and chief executive officer. "Despite these near-term headwinds, we remain confident in our strategy to grow our business and are committed to financial discipline.”

These are preliminary results and remain subject to the completion of the company's customary quarterly financial closing and review procedures. Material adjustments may arise between the date of this press release and the dates on which Ixia announces its full 2016 first quarter results and files its Form 10-Q for the first quarter with the SEC.

2016FirstQuarterConferenceCall

Ixia will release its full financial results for the 2016 first quarter after the U.S. markets close on Tuesday, May 3, 2016.

Ixia will also host a conference call to discuss the company’s 2016 first quarter results and its business outlook and guidance for the 2016 second quarter on Tuesday, May 3, 2016, at 1:30 p.m. Pacific time (4:30 p.m. Eastern time).

The call will be open to the public, and interested parties may listen to the call by dialing (844) 858-9864. A live audio webcast of the conference call will be accessible from the "Investors" section of the company's website (www.ixiacom.com/investors). Following the live webcast, an archived version will be available in the "Investors" section of the Ixia website for at least 90 days.

Certain supplemental financial information will be posted promptly to the website following the issuance of Ixia’s 2016 first quarter results press release, and certain additional supplemental financial information will be posted just prior to the start of the conference call.

Non-GAAPFinancialMeasures

To supplement our consolidated financial results prepared in accordance with Generally Accepted Accounting Principles ("GAAP"), we have included certain non-GAAP financial measures in this press release and in the attachments hereto. Specifically, we have provided non-GAAP earnings per diluted share measures, which exclude certain non-cash and/or non- recurring income and expense items such as expenses relating to internal investigations and any related remediation efforts, the pending securities class action and shareholder derivative action against the company and certain of its current and former officers and directors as well as an ongoing SEC investigation, stock-based compensation expenses, acquisition and other related costs, restructuring expenses, the amortization of acquisition-related intangible assets, and the related income tax effects of these items, as well as certain other non-cash income tax impacts such as changes in the valuation allowance recorded against certain deferred tax assets. The aforementioned items represent income and expense items that may be difficult to estimate from period to period and/or that we believe are not directly attributable to and/or reflective of the underlying performance of our business operations. We believe that, by excluding these items, these non-GAAP measures provide supplemental information to both management and investors that is useful in assessing our core operating performance, evaluating our ongoing business operations, identifying and assessing financial and business trends, and comparing our results of operations on a consistent basis from period to period. Non-GAAP financial measures are provided to enhance the user's overall understanding of our financial performance. Non-GAAP financial measures are also used by management to plan and forecast future periods and to assist management in making operating and strategic decisions. The presentation of Non-GAAP financial information is not prepared in accordance with GAAP. The information may not necessarily be comparable to that of other companies that may calculate their non-GAAP financial measures differently and should be considered as a supplement to, and not a substitute for or superior to, the corresponding measures calculated in accordance with GAAP. Investors are encouraged to review the reconciliation of our non-GAAP financial measures to the most directly comparable GAAP financial measures included in the attached financial tables and also posted on our website.

SafeHarborunderthePrivateSecurities LitigationReformActof1995

Certain statements made in this press release may be deemed to be forward-looking statements including, without limitation, statements regarding the company’s expectations regarding certain of its financial results for the first quarter of 2016 and regarding the company’s strategy to grow its business and financial discipline. In some cases, such forward-looking statements can be identified by words such as "may,""will,""should,""could,""would,""expect,""plan,""anticipate,""believe,""estimate,""project,""predict,""potential," or the like. These statements reflect our current views with respect to future events and are based on assumptions and are subject to risks and uncertainties. These risks and uncertainties, as well as other factors, may cause our future results, performance, or achievements to be materially different from those expressed or implied by such forward-looking statements. Factors that could cause the actual results to differ materially from those expressed or implied in such forward-looking statements include, among others: any changes to our expected financial results resulting from the completion of our quarterly financial close and review procedures, our success in developing, producing, and introducing new products and in keeping pace with the rapid technological changes that characterize our market; our success in developing new sales channels and customers; market acceptance of our products; competition; changes in the global economy and in market conditions; consistency of orders from significant customers; our success in leveraging our intellectual property portfolio, expertise and market opportunities; our expectations regarding the transition into Software Defined Networks (SDN) and Network Functions Virtualization (NFV); material weaknesses in our internal controls; the company’s ability to manage expenses; and war, terrorism, political unrest, natural disasters, cybersecurity attacks, and other circumstances that could, among other consequences, reduce the demand for our products, disrupt our supply chain, and/or impact the delivery of our products. The factors that may cause future results to differ materially from our current expectations also include, without limitation, the risks identified in our Annual Report on Form 10-K for the year ended December 31, 2015 and in our other filings with the Securities and Exchange Commission. We undertake no obligation to update any forward-looking statements, whether as a result of new information, future events, or otherwise.

AboutIxia

Ixia (Nasdaq: XXIA) provides testing, visibility, and security solutions, strengthening applications across physical and virtual networks for enterprises, service providers, and network equipment manufacturers. Ixia offers companies trusted environments in which to develop, deploy, and operate. Customers worldwide rely on Ixia to verify their designs, optimize their performance, and ensure protection of their networks to make their applications stronger.

Learn more at www.ixiacom.com.

Ixia and the Ixia logo are trademarks or registered trademarks of Ixia in the United States and other jurisdictions.

FinancialContact: The Blueshirt Group Maria Riley

Tel: 415-217-7722