The Presence and Future of Web Attacks

Transcription

1 Agenda The Presence and Future of Web Attacks Marco Fullin, CISSP Warning: This talk will be technical, chaotic and hurt

2 Akamai Today Grow revenue opportunities with fast, personalized web experiences A distributed and cloud manage platform complexity that manages from peak the demand, underlying mobile devices complexities and data of collection. the Internet servers, locations, networks, 120+ Countries Delivers over 2 trillion Internet transactions daily Akamai delivers up to 30% of the world s web traffic

3 DDoS Attacks - Stats & Trends Q % Total DDoS attacks 107% Repeat attacks per target 23% Infrastructure layer attacks 8% Average attack duration 280% Total attacks >100 Gbps Largest attack: 289 Gbps In Q1 2016, Stresser/Booter-based botnets remained the source of the vast majority of DDoS attacks observed by Akamai. These tools rely heavily upon reflection techniques to fuel their traffic.

4 DDoS Attacks from Q to Q Each dot represents a DDoS attack, and each interval covers a 10-fold increase in attack size.

5 Top 10 Source Countries for DDoS Attacks in Q China was the top source of nonspoofed by extending DDoS the Avoid data theft and downtime attacks in the first security perimeter outside the data-center and quarter, followed by protect from increasing frequency, the US. scale and sophistication of web attacks.

6 Types of DDoS Attacks & Relative Distribution in Q UDP Fragment, DNS, NTP and CHARGEN attack vectors made up almost 70% of the attacks.

7 Multi-Vector DDoS Attacks Are the Norm Multi-vector attacks accounted for 59% Avoid data theft and downtime by of extending DDoS activity the in security perimeter outside the data-center Q1 2016, and up from protect from increasing frequency, 56% scale in and Q sophistication of web attacks.

8 Web Application Attack Analysis

9 9 Common Web Attack Vectors SQLi / SQL injection: User content is passed to an SQL statement without proper validation LFI / Local file inclusion: Gains unauthorized read access to local files on the web server RFI / Remote file inclusion: Abuse of the dynamic file include mechanism available in many programming languages to load remote malicious code into the victim web application PHPi / PHP injection: Injects PHP code that gets executed by the PHP interpreter CMDi / Command injection: Executes arbitrary shell commands on the target system JAVAi / Java injection: Abuses the Object Graph Navigation Language (OGNL), a Java expression language. Popular due to recent flaws in the Java-based Struts Framework, which uses OGNL extensively MFU / Malicious file upload (or unrestricted file upload): Uploads unauthorized files to the target application that may be used later to gain full control over the system XSS / Cross-site scripting: Injects client-side code into web pages viewed by others whose browsers execute the code within the security context (or zone) of the hosting web site. Reads, modifies and/or transmits data accessible by the browser Shellshock / Disclosed in September 2014: A vulnerability in the Bash shell (the default shell for Linux and mac OS X) that allows for arbitrary command execution by a remote attacker

10 Web Application Attack Vectors Over HTTP, Q SQLi, LFI and XSS were the most prevalent attack vectors. They were used in more than 90% of the attacks over HTTP.

11 Attacks Over HTTPS, Q % of the web application attacks observed in Q were over encrypted (HTTPS) connections, an increase from only 11% the previous quarter.

12 Web Application Attacks by Industry, Q As in previous quarters, the retail industry was most frequently targeted with web application attacks in Q

13 Top 10 Source Countries for Web Application Attacks, Q1 2016

14 DDoS Attacks Looking Forward More records set for the number of DDoS attacks Driven in large part by the continued use of stresser/booter botnets Attack vectors and methods will continue to vary Majority of attacks will likely rely on reflection Inclusion of new vectors such as TFTP reflection The number of targets attacked will likely grow incrementally Large increases in attacks per target

15 DDoS Mitigation

16 Grow revenue opportunities with fast, personalized web experiences and manage complexity from peak demand, mobile devices and data collection.

17 Booter / Stresser / DDoS Attack Tools

18 Akamai Cloud Security Solutions Globally distributed cloud platform Distribution - Resiliency - Visibility Integrated web security DDoS - WAF - IP Reputation Infrastructure protection DDoS - Datacenter - Flexible Deployment DNS protection DDoS - DNSSEC - High Performance

19 Reference: