Table of contents Contacts 18
|
|
- Leon Mathews
- 5 years ago
- Views:
Transcription
1 ASSESSMENT OF CYBER SECURITY IN 2016 AND PROSPECTS FOR 2017
2 Table of contents 1. Introduction 3 2. Overall estimate of DDoS attacks size 3. The true face of the bot: then and now 4. Analysis of the victims 5. DDoS in How our protection works 7. Conclusion 8. Appendix Contacts 18 2
3 ASSESSMENT OF CYBER SECURITY IN 2016 AND PROSPECTS FOR 2017 This analytical report is based on the data collected by the company's automatic statistics system and global trends. Since 2011, DDoS-GUARD has been developing and implementing DDoS protection solutiuons and services. Of course, this would not be possible without the analysis of attack patterns and tools that the cyber criminals use for conducting attacks. Having analyzed tremendous amounts of malicious traffic that targets our customers, we have prepared 2016 annual report and expressed our vision for future DDoS attacks to happen throughout Introduction The IT field is changing more rapidly than any other, and it changes the reality around us. Literally, at the beginning of the 21st century cyber attacks were a "horror story" from the TV screens, but today it is quite easy to find and hire hackers through a Google search and use their services. Some craftsmen are so generous that they give away malicious source codes for public absolutely for free, e.g. the creators of Mirai. And in Europe occasionally you may hear of DDoS legalization initiatives as "a means of expression of public opinion" ( Search bar kindly gives tips on request "ddos attack order" and gives links to specific services. But despite this, many owners of websites and other online systems do not really believe that DDoS some day can hit their projects, and consider the warning news from DDoS mitigation providers no more than marketing ploys. However, 2016 can be considered a turning point for cybersecurity. The attacks against the website of a journalist Brian Krebs, Amazon, Twitter, a number of major Russian banks, multiple hacked Chinese DVRs and routers now are not only news articles, but also these incidents opened the eyes of ordinary people to many vulnerabilities of the Internet. ( ). The reality is that today any device that has Internet connectivity can be hacked and used as a bot. Cheap DVRs and unprotected smartphones may be a source of a danger as well, however, let's talk about everything in order. 3
4 2. Overall estimate of DDoS attacks size Throughout 2016, the DDoS-GUARD experts observed DDoS power surges in general and its certain types in particular. This growth is represented in the graphs below 1. Maximum attack size per month January February March April May Gbps June July Mpps August September October November December Average attack size per month January February March April May June Gbps July Mpps August September October November December 4
5 2. The size growth of attacks per quarter, grouped by protocols Q1 Q2 Q3 Q4 UDP TCP Others By months January March May July September November UDP TCP Others As can be seen in the graphs, a significant peak of attacks occurred in the 3rd quarter of 2016, when a botnet Mirai came into play. However, the size of attacks (bps) steadily grew from the beginning to the end of the year, while packet rate increased and then decreased sharply throughout the year. 5
6 Let's look at the graph where attacks are grouped by protocols. UDP flood kept the lead throughout 2016, but starting from the 3rd quarter and until the end of the year, it sharply decreased in size, while the size of TCP attacks (TCP ACK, TCP ACK+PSH, TCP SYN) and other types of attacks jumped up dramatically. Thus, a trivial UDP flood, as predicted by the DDoS-GUARD experts, began to give way to more complex TCP attacks and GRE flood. This fact is also associated with the features of the Mirai botnet, which exploits the vulnerability of these protocols simultaneously. Generally, nowadays hackers are firmly equipped with multi-vector attack techniques starting from spring In the spring-summer 2016, most of attacks were aimed at the DDoS-GUARD infrastructure, which can reasonably be considered as sort of exploring: hackers were looking for possible weak points of the protection system. In the same period of time, another well-known DDoS protection provider - Staminus - was hacked and had its personal data stolen, including private data of the company customers. It is worth noting that in 2016, an increase in attack frequency and size against hosting service providers and telecommunication services providers was observed. Such an assault allows for disabling maximum of various online systems, in contrast to pinpoint attacks that target single sites. Last year, such well-known providers as French OVH, American Dyn were targeted with DDoS. OVH is commonly known due to its reliable protection against DDoS, which attackers decided to test for strength. Thus, hackers have spared no effort to test for strength large providers of different countries. And it turned out that a volumetric 620Gbps DDoS attack is enough for such an industry giant of cyber security like Akamai to give up the problem customer (KrebsOnSecurity.com) when it was attacked. The rapid growth in size of DDoS attacks for the last 6 years is astounding - from 100 Gbps in 2010 to 1.2 Tbps in 2016, i.e. 12 times. Attacks that some time ago were considered to be phenomenal, began to occur more and more often. In 2016 there were observed the following attacks: 17 attacks over 200 Mpps 34 attacks over 100 Mpps 29 attacks over 200 Gbps 35 attacks over 100 Gbps Having looked at the increase in the number of extra massive attacks out of the total number (percentage ratio), it may seem insignificant, but the increase is well-marked if attacks over 200 Gbps are considered: attacks attacks attacks 6
7 Gbps Hence, we can safely predict that in 2017, complex and large attacks will occur more often and surpass 1 Tbps, which is the amount of traffic, enough to overwhelm the network capacity of most telecommunication services providers. 3. The true face of the bot: then and now The main tool of DDoS makers is a botnet, which is a network of compromized devices; each device is infected with malware that injects a bot program into the device, causing it to perform certain actions without the knowledge of its legal owner. Let's look at the largest botnets existing in the world. The leader is the Zeus banking Trojan that has infected more than 13 million devices since As for the DDoS-producing botnets, there are more modest figures. For example, one of the most famous botnets - Mirai - has only 400 to 500 thousand devices. However, one should keep in mind that in the case of DDoS attacks, not quantity of bots, but the power of produced amounts of traffic and its attack patterns are important. And if botnets that distribute trojans and spam are mostly personal computers, or less often - servers, a DDoS bot can be any device that has an IP address and Internet connectivity. Home routers are becoming the most common source of spurious traffic, but in 2016, DVRs took the lead by conducting the most powerful attacks. 7
8 Botnets can be debated a lot of time, and their assessment criteria are different as well: some people say that the power of a botnet is measured in amounts of produced traffic, others say that the quantity of bots the botnet consists of is crucial. The opinion of the DDoS-GUARD experts is that the attack complexity and attack patterns are the most important factors. In this regard, the IoT botnets challenge the cyber security experts by producing malicious TCP traffic, which is almost indistinguishable from legitimate one. TCP is one of core protocols of the Internet, used to control data transmission. The TCP segment is a grouped set of data used to transmit data via TCP Protocol. The segment header has 12 fields for performing a reliable data transfer, including: source port, destination port, flags, urgent pointer field, data field, etc. Botnet Mirai produced TCP ACK+PUSH and TCP SYN flood. Let's describe how it works. 1. SYN Flood The client generates a SYN packet requesting a new session from the server. Since the TCP session is open ( TCP 3-way handshake is complete), the host will trace and process each client session till it gets closed. During SYN flood, the server under attack is bombarded with fabricated SYN requests containing fake source IP addresses. A SYN Flood attack affects the server by occupying the entire memory of the Transmission Control Block (TCB) table, which is usually used to store and process the incoming packets. This considerably undermines productivity, which entails server failure. 2. ACK & PUSH ACK Flood When the connection between the host and the ACK or the PUSH ACK client is established, packets are used to transfer information both ways till the session gets closed. The victim server attacked by an ACK flood receives fake ACK packets that do not belong to any of the sessions on the server s list of transmissions. The server under attack then wastes all its system resources (RAM, processor, etc.) trying to define where the fabricated packets belong. This results in productivity loss and partial server unavailability. The analytics from Gartner estimated that by the end of 2017 there will total 8.4 billion network-connected devices worldwide. Compared to the last year this number will grow by 31%. It is expected that by 2020 the number of IoT devices will reach 20.4 billion pieces. On October 25, 2016, SAS Institute Inc. shared the results of European studies, according to which experts identify two main problems of IoT implementation: - the need to analyze data in real time - 22%, - security issues - 22% 8
9 According to various sources, today the number of devices connected to the Internet is about 10 billion. And all of these devices are at risk, because many manufacturers prefer to integrate free and open source Linux into their products. The IoT devices employ a number of specialized Linux distributions such as Linux Lite, LXLE, OpenWrt, Ostro Linux, uclinux, and so on. According to VDC Research, the next year over 64% of IoT devices will operate on open source Llinux distributions. 100% Распространение Linux на рынке ОС 80% 60% 40% Linux 20% 0% Unlike PCs and mobile devices, not all "smart" things have a familiar interface (a display and a keyboard), so not every person will be able to diagnose the infection (verify network connectivity, check monitor activity, etc.). Very few people ever get the idea that their DVR or smart watches might ever be a target for cracking. In addition, there are no firewalls or antivirus software for the IoT. But the main problem lies in the users who use weak/standard passwords, and do not follow safety rules. Recall that all passwords are considered weak if consist of 8 or less characters. But the proper length of the password does not guarantee 100% protection, since any password involves a finite combination of numbers, letters, and symbols. According to IT experts, the more often a person changes the password, the less complex it becomes, especially if there is no strict requirements on its length. However, updating the IoT devices is perhaps the only way to protect them against hacking and intrusion. 9
10 Therefore, the user is advised to constantly check which ports of their IoT devices are busy, if there is any suspicious processes running, etc. Unfortunately, not all users know how to do it and why. Therefore, it is not surprising that hackers paid attention to such convenient tool for conducting DDoS attacks, with the widest geographical distribution, which, moreover, does not require financial costs, unlike renting dedicated servers to produce attack traffic. Unfortunately, the widespread use of IP spoofing by attackers does not allow to precisely define what initial devices were used and where the devices were located. But it is already clear that the army of bots has grown several times due to the "smart things", which may include such devices like fitness clocks, educational pens, children toys with integrated Wi-Fi-module, and there are billions of them worldwide. 4. Analysis of the victims Victims ranking over the past year and a percent ratio of each targeted type out of the total number of assaults Online stores - 36% Game servers - 29% Hosting services - 19% Banks - 7% Mass Media - 4.5% Governmental segment - 4% Others - 0.5% In particular risk are still resources associated with sales, online games and other web service. During the US the pre-election period, the attacks on media and governmental websites were intensified due to the desire of cyber criminals to manipulate public opinion and paint an image of "Russian hackers", while most of the DDoS attacks were coming from China. Indeed, the "Russian hackers" have become a kind of brand. It is very convenient for security professionals who have not coped with their tasks to blame unknown attackers over the ocean, without mentioning any particular names. Of course, this does not mean that in Russia there are no hackers who could conduct those attacks, however due to modern technologies it is quite difficult to track the exact person responsible for the attacks. 10
11 Top-targeted countries China - 39% Russia - 25% USA - 19% Other countries - 17% Like a year ago, China took the lead again due to an opportunity to rent cheap dedicated servers there by any person from any part of the world. The percentage of the US (which is obvious during the pre-election period) and Russia victims increased. The increase in DDoS attacks on Russian resources, especially in the state sector, can be regarded as a kind of retaliatory blow from foreign detractors. Also it is worth noting a series of DDoS attacks on large providers, including those attacks that targeted DDoS mitigation providers aiming to check the level protection level. Our company was targeted too, and as a tool for conducting a DDoS API of Facebook was used. By having a large number of compromised PCs, i.e., bots, cyber criminals were posting to the Facebook profiles status bar a link to a victim website. Thus, that made Facebook scripts request content from the specified links, and having lots of this requests in a unit of time was supposed to consume all the available bandwidth of the victim. As bots, the hackers used the Facebook profiles, which they gained access to illegally, taking advantage of phishing techniques, typosquatting, social engineering and other ways. 5. DDoS in 2017 This year, according to independent research, it is reasonably expected that businesses will pay more attention to the Internet of things security issues. Below are the key areas for investment in cybersecurity in 2017 (according to PwC) 30% 37% 25% 39% 53% 30% 37% 25% 39% 53% Biometric systems and methods of enhanced authentication The security of the corporate digital architecture The IoT security Cybersecurity of new business models Enhanced cooperation between business units, digitalization and IT teams Worldwide Russia 11
12 However, when focusing on new threats, we should not forget about the old ones like the Necurs botnet. This is one of the largest botnets in the world, which can significantly affect the level of spam in the world's mail traffic. According to Cisco, many of the IP addresses that produce Necurs-based spam, are infected for more than two years. Last year, the botnet was enhanced with a new proxy module and gained the functionality needed to conduct DDoS attacks. The module was classified as an available on-demand proxy that is able to route traffic through the infected hosts, utilizing HTTP, SOCKSv4, and SOCKSv5 (a network protocol that can forward packets from the client to the server through a proxy server transparently (unbeknownst to them) and thus to use the services behind firewalls). Just recently, researchers were able to understand that new functionality is associated with DDoS attacks: the bots have been sending requests to the destination port 5222 using a different protocol. It turned out that the proxy module could receive the commands that would cause the controlled machine to generate an HTTP or UDP flood towards the victim. Meanwhile, the Necurs botnet consists of more than 6 million bots. Although in 2016, it was reported that the botnet virtually disappeared from sight since it stopped distributing malware, the recently received data is a cause for concern: perhaps, the botnet owners just decided to upgrade it. One should not ignore the emergence of GRE flood. Our company monitored the maximum size of GRE flood targeted our network exactly at the same time when the attack Mirai activity was on the rise, and reached 273 Gbps. Thus, today there are more than 37 types of DDoS attacks that exploit vulnerabilities of existing protocols at 3 through 7 OSI layers (for more information proceed to the Appendix page), and to create these attacks you can use any device connected to the Internet, including hacked accounts in social networks, home routers, digital equipment for cars, etc. In this case there are two ways for solving the problem: development of advanced filtering algorithms for standing against such attacks, and expanding of existing network capacity, what our company has been doing since the moment of its foundation. 12
13 6. How our protection works At present, our company has a geographically distributed filtering network, which also has direct physical connections to the Tier-1 networks, and thus can reliably and quickly filter incoming traffic. The scrubbing centers are situated in: Amsterdam, The Netherlands Frankfurt, Germany Moscow, Russia Tokyo, Japan Washington DC, USA Following the concept of constant growth, we have already projected additional points of presence and scrubbing centers in Europe, North America and APAC region. The network architecture is designed to meet probable threats and risks associated with DDoS attacks and provides three independently redundant layers. 1. Routing layer The main purpose is fault-tolerant and flexible routing of large amounts of traffic, providing connectivity with the maximum number of external networks. An additional objective is the aggregation and reservation of client connections that use physical (fiber optic) and logical (L2/L3 VPN, GRE, IPIP etc.) channels. For this purpose, at this level we use reliable and highly efficient Juniper routers and switches. 2. Reserved cluster for packet processing (packet processing layer) The main goal for this layer is distributed traffic check at 3-4 OSI layers under ultra-large network flow that reaches Gbps at each point of presence. This layer consists of several (25, may vary depending on particular point of presence) mutually reserved devices, which check incoming packets of traffic by applying deep packet inspection (DPI). The applied algorithms are developed by engineers of our company. There is also an opportunity for immediate network capacity expansion up to Gbps in each point of presence. 3. Reserved cluster for processing of application level requests (application layer) The main task of this cluster is validation of 5-7 OSI layers requests, which are HTTP, HTTPS, DNS, SMTP, etc. Here the processes of decryption, validation, and encryption of HTTPs traffic take place. The layer is reserved regardless of the packet processing and routing. It is worth noting that for traffic filtering purposes we use our own-designed solutions. This allows us to guarantee and provide the claimed uptime level, as well as offer quick and efficient technical solutions to any unusual situations. 13
14 7. Conclusion Generally, we can conclude that due to the rapid development of Internet of Things, a potential army of bots has grown by several billion devices. And if the existing botnets that produce phishing, spam, etc. are used to conduct DDoS, this army will outnumber the world's human population and will generate terabytes of various garbage traffic. The most important aspect in the fight against DDoS attacks is a constant reminder to the public that the cyber threat is real and serious, and becoming more formidable day by day. Indeed, as shown in 2016, DDoS may affect not only private single resources, but whole segments of the Internet, used by millions of people around the world. For this reason, DDoS-GUARD is engaged in continuous monitoring and study of DDoS attacks that target not only our customers, but also explore attacks that occur worldwide, and we share achieved research results in the media. 14
15 8. Appendix DDoS attack types Volumetric attacks DNS Amplification Attacks that exploit vulnerabilities in network protocol stack IP null Attack Application level attacks HTTP Flood, Excessive VERB DNS Flood ICMP Flood NTP amplification TCP null Attack Type of Service (TOS) flood ACK & PUSH ACK Flood Single Request HTTP Flood, Multiple VERB Single Request Single Session HTTP Flood, Excessive VERB Single Session Faulty Application Attack NTP Flood RST/FIN Flood Fragmented HTTP Flood, HTTP Fragmentation Ping Flood SYN-ACK Flood Session Attack, SlowLoris UDP Flood Non-Spoofed UDP Flood UDP Fragmentation Flood, UDP Framentation SYN Flood TCP null Multiple ACK Fake Session Attack Zero Day DDoS attack VoIP Flood Multiple SYN-ACK Fake Session Attack Media Data Flood Synonymous IP атака; Same Source/Dest Flood; LAND Attack Smurf Attack Misused Application Attack Fraggle Attack Fragmented ACK Flood Fake Session Attack Ping Of Death ICMP Fragmentation Flood Zero Day DDoS attack Another amplification attacks Zero Day DDoS attack 15
16 Attack impact according to OSI model 1. Second-layer attack Data link layer Network equipment congestion caused by malicious frames, which leads to loss of legitimate traffic 2.Third-layer attack Network layer Congestion of network links of a data center and a customer, which leads to loss of legitimate traffic and unavailability of a network-enabled service 16
17 3. Fourth-layer attack Transport layer A DDoS attack that exploits vulnerabilities in transport layer protocols, causing overflow of the connection table and unavailability of a server 4. Seventh-layer attack Application layer An application-layer DDoS attack, that causes server overload 17
18
ddos-guard.net Protecting your business DDoS-GUARD: Distributed protection against distributed attacks
ddos-guard.net Protecting your business DDoS-GUARD: Distributed protection against distributed attacks 2 WHAT IS A DDOS-ATTACK AND WHY ARE THEY DANGEROUS? Today's global network is a dynamically developing
More informationA custom excerpt from Frost & Sullivan s Global DDoS Mitigation Market Research Report (NDD2-72) July, 2014 NDD2-74
Analysis of the Global Distributed Denial of Service (DDoS) Mitigation Market Abridged Version Rise of the DDoS Attack Spurs Demand for Comprehensive Solutions A custom excerpt from Frost & Sullivan s
More informationSYMANTEC ENTERPRISE SECURITY. Symantec Internet Security Threat Report September 2005 Power and Energy Industry Data Sheet
SYMANTEC ENTERPRISE SECURITY Symantec Internet Security Threat Report September 00 Power and Energy Industry Data Sheet An important note about these statistics The statistics discussed in this document
More informationINTRODUCTION: DDOS ATTACKS GLOBAL THREAT INTELLIGENCE REPORT 2015 :: COPYRIGHT 2015 NTT INNOVATION INSTITUTE 1 LLC
INTRODUCTION: DDOS ATTACKS 1 DDOS ATTACKS Though Denial of Service (DoS) and Distributed Denial of Service (DDoS) have been common attack techniques used by malicious actors for some time now, organizations
More informationVERISIGN DISTRIBUTED DENIAL OF SERVICE TRENDS REPORT
VERISIGN DISTRIBUTED DENIAL OF SERVICE TRENDS REPORT VOLUME 5, ISSUE 1 1ST QUARTER 2018 Complimentary report supplied by CONTENTS EXECUTIVE SUMMARY 3 VERISIGN-OBSERVED DDoS ATTACK TRENDS: Q1 2018 4 DDoS
More informationIoT - Next Wave of DDoS? IoT Sourced DDoS Attacks A Focus on Mirai Botnet and Best Practices in DDoS Defense
IoT - Next Wave of DDoS? IoT Sourced DDoS Attacks A Focus on Mirai Botnet and Best Practices in DDoS Defense DDoS Attacks Increasing in Size, Frequency & Complexity Arbor Networks WISR XII Largest attack
More informationERT Threat Alert New Risks Revealed by Mirai Botnet November 2, 2016
Abstract The Mirai botnet struck the security industry in three massive attacks that shook traditional DDoS protection paradigms, proving that the Internet of Things (IoT) threat is real and the grounds
More information( ) 2016 NSFOCUS
NSFOCUS 2016 Q3 Report on DDoS Situation and Trends (2016-10-20) 2016 NSFOCUS Copyright 2016 NSFOCUS Technologies, Inc. All rights reserved. Unless otherwise stated, NSFOCUS Technologies, Inc. holds the
More informationDDOS-GUARD Q DDoS Attack Report
DDOS-GUARD Q4 2017 DDoS Attack Report 02 12,7% Number of attacks also dropped by 12,7% in comparison with same period in 2016 4613 Total number of DDoS attacks 36,8% Number of attacks dropped by 36.8%
More informationVERISIGN DISTRIBUTED DENIAL OF SERVICE TRENDS REPORT
VERISIGN DISTRIBUTED DENIAL OF SERVICE TRENDS REPORT VOLUME 4, ISSUE 1 1ST QUARTER 2017 Complimentary report supplied by CONTENTS EXECUTIVE SUMMARY 3 VERISIGN-OBSERVED DDoS ATTACK TRENDS: Q1 2017 4 DDoS
More informationDistributed Denial of Service (DDoS)
Global Leader in DDoS Mitigation Threat Report Distributed Denial of Service (DDoS) Threat Report Q1 2017 456 Montgomery Street, Suite 800 San Francisco, CA 94104 USA +1 415 299 8550 Contents 1. Methodology...................
More informationCloudflare Advanced DDoS Protection
Cloudflare Advanced DDoS Protection Denial-of-service (DoS) attacks are on the rise and have evolved into complex and overwhelming security challenges. 1 888 99 FLARE enterprise@cloudflare.com www.cloudflare.com
More informationState of the Internet Security Q Mihnea-Costin Grigore Security Technical Project Manager
State of the Internet Security Q2 2017 Mihnea-Costin Grigore Security Technical Project Manager Topics 1. Introduction 2. DDoS Attack Trends 3. Web Application Attack Trends 4. Spotlights 5. Resources
More informationVERISIGN DISTRIBUTED DENIAL OF SERVICE TRENDS REPORT
VERISIGN DISTRIBUTED DENIAL OF SERVICE TRENDS REPORT VOLUME 5, ISSUE 2 2ND QUARTER 2018 Complimentary report supplied by CONTENTS EXECUTIVE SUMMARY 3 VERISIGN-OBSERVED DDoS ATTACK TRENDS: Q2 2018 4 DDoS
More informationVERISIGN DISTRIBUTED DENIAL OF SERVICE TRENDS REPORT
VERISIGN DISTRIBUTED DENIAL OF SERVICE TRENDS REPORT VOLUME 3, ISSUE 3 3RD QUARTER 2016 Complimentary report supplied by CONTENTS EXECUTIVE SUMMARY 3 VERISIGN-OBSERVED DDoS ATTACK TRENDS: Q3 2016 4 DDoS
More informationTOP TEN DNS ATTACKS PROTECTING YOUR ORGANIZATION AGAINST TODAY S FAST-GROWING THREATS
TOP TEN DNS ATTACKS PROTECTING YOUR ORGANIZATION AGAINST TODAY S FAST-GROWING THREATS 1 Introduction Your data and infrastructure are at the heart of your business. Your employees, business partners, and
More informationCLOUD-BASED DDOS PROTECTION FOR HOSTING PROVIDERS
CLOUD-BASED DDOS PROTECTION FOR HOSTING PROVIDERS A STRONG PARTNER OUR PORTFOLIO COMPANY Expand your own portfolio with an IT security expert that has redefined DDoS protection from the cloud. Link11 is
More informationProlexic Attack Report Q4 2011
Prolexic Attack Report Q4 2011 Prolexic believes the nature of DDoS attacks are changing: they are becoming more concentrated and damaging. Packet-per-second volume is increasing dramatically, while attack
More informationVERISIGN DISTRIBUTED DENIAL OF SERVICE TRENDS REPORT
VERISIGN DISTRIBUTED DENIAL OF SERVICE TRENDS REPORT VOLUME 4, ISSUE 3 3RD QUARTER 2017 Complimentary report supplied by CONTENTS EXECUTIVE SUMMARY 3 VERISIGN-OBSERVED DDoS ATTACK TRENDS: Q3 2017 4 DDoS
More informationWar Stories from the Cloud: Rise of the Machines. Matt Mosher Director Security Sales Strategy
War Stories from the Cloud: Rise of the Machines Matt Mosher Director Security Sales Strategy The Akamai Intelligent Platform The Platform 175,000+ Servers 2,300+ Locations 750+ Cities 92 Countries 1,227+
More informationHOW TO HANDLE A RANSOM- DRIVEN DDOS ATTACK
From the Security Experts at Corero Network Security HOW TO HANDLE A RANSOM- DRIVEN DDOS ATTACK Be Proactive, Not Reactive STEP-BY-STEP GUIDE The Rise of Ransom-Driven DDoS Attacks Ransom-related Denial
More informationVERISIGN DISTRIBUTED DENIAL OF SERVICE TRENDS REPORT
VERISIGN DISTRIBUTED DENIAL OF SERVICE TRENDS REPORT VOLUME 4, ISSUE 4 4TH QUARTER 2017 Complimentary report supplied by CONTENTS EXECUTIVE SUMMARY 3 VERISIGN-OBSERVED DDoS ATTACK TRENDS: Q4 2017 4 DDoS
More informationGlobal DDoS Threat Landscape
DDOS REPORT Global DDoS Threat Landscape OVERVIEW Overview The number of network layer attacks continued to fall in, the fourth consecutive quarterly drop since peaking in Q2 2016. After reaching a record
More informationSolutions to prevent IoT devices to be used for DDOS attacks. WISeKey General Business Use
Solutions to prevent IoT devices to be used for DDOS attacks WISeKey General Business Use Solutions to prevent IoT devices to be used for DDOS attacks WISeKey General Business Use Contents 3 Which protections
More informationCapability Analysis of Internet of Things (IoT) Devices in Botnets & Implications for Cyber Security Risk Assessment Processes (Part One)
Capability Analysis of Internet of Things (IoT) Devices in Botnets & Implications for Cyber Security Risk Assessment Processes (Part One) Presented by: Andrew Schmitt Theresa Chasar Mangaya Sivagnanam
More informationMulti-vector DDOS Attacks
Multi-vector DDOS Attacks Detection and Mitigation Paul Mazzucco Chief Security Officer August 2015 Key Reasons for Cyber Attacks Money and more money Large number of groups From unskilled to advanced
More informationDNS SECURITY BENEFITS OF OUTSOURCING YOUR DNS TO AN IP ANYCAST+ PROVIDER
BENEFITS OF OUTSOURCING YOUR DNS TO AN IP ANYCAST+ PROVIDER Introduction DDoS attacks are rapidly growing in magnitude and frequency every year. Just in the last year, attack rates have risen 132% (Q2
More informationArbor WISR XII The Stakes Have Changed. Julio Arruda V1.0
Arbor WISR XII The Stakes Have Changed Julio Arruda V1.0 Overview This presentation provides a quick view of the ATLAS collected information for the year of 2016, then focus in Latin America targeted DDoS,
More informationF5 comprehensive protection against application attacks. Jakub Sumpich Territory Manager Eastern Europe
F5 comprehensive protection against application attacks Jakub Sumpich Territory Manager Eastern Europe j.sumpich@f5.com Evolving Security Threat Landscape cookie tampering Identity Extraction DNS Cache
More informationSOTI SUMMER [state of the internet] / security ATTACK SPOTLIGHT
SOTI SUMMER 2018 [state of the internet] / security ATTACK SPOTLIGHT State of the Internet / Attack Spotlight ATTACK SPOTLIGHT Memcached 1.0 OVERVIEW Earlier this year, Akamai mitigated the largest DDoS
More informationThink You re Safe from DDoS Attacks? As an AWS customer, you probably need more protection. Discover the vulnerabilities and how Neustar can help.
Think You re Safe from DDoS Attacks? As an AWS customer, you probably need more protection. Discover the vulnerabilities and how Neustar can help. www.home.neustar 02 Think You're Safe from DDos Attacks?
More informationF5 Warsaw SOC. Kamil Woniak. Security Operations Manager, F5 Networks
F5 Warsaw SOC Kamil Woniak Security Operations Manager, F5 Networks k.wozniak@f5.com Agenda The Story of the SOC Threat intelligence & Research F5 Anti-Fraud, DDOS and WAF protection services Highlights
More informationDDoS: Coordinated Attacks Analysis
DDoS: Coordinated Attacks Analysis This article will cover some concepts about a well-known attack named DDoS (Distributed Denial-of-Service) with some lab demonstrations as a Proof of Concept with countermeasures.
More informationCYBER ATTACKS EXPLAINED: PACKET SPOOFING
CYBER ATTACKS EXPLAINED: PACKET SPOOFING Last month, we started this series to cover the important cyber attacks that impact critical IT infrastructure in organisations. The first was the denial-of-service
More informationCorrigendum 3. Tender Number: 10/ dated
(A premier Public Sector Bank) Information Technology Division Head Office, Mangalore Corrigendum 3 Tender Number: 10/2016-17 dated 07.09.2016 for Supply, Installation and Maintenance of Distributed Denial
More informationDistributed Denial of Service (DDoS)
Global Leader in DDoS Mitigation Threat Report Distributed Denial of Service (DDoS) Threat Report Q2 2017 456 Montgomery Street, Suite 800 San Francisco, CA 94104 USA +1 415 299 8550 Contents 1. Methodology...................
More informationDoS Cyber Attack on a Government Agency in Europe- April 2012 Constantly Changing Attack Vectors
DoS Cyber Attack on a Government Agency in Europe- April 2012 Constantly Changing Attack Vectors 1 Table of Content Preamble...3 About Radware s DefensePro... 3 About Radware s Emergency Response Team
More informationDenial of Service. Denial of Service. A metaphor: Denial-of-Dinner Attack. DDoS over the years. Ozalp Babaoglu
Denial of Service Denial of Service Ozalp Babaoglu Availability refers to the ability to use a desired information resource or service A Denial of Service attack is an attempt to make that information
More informationTrends in IoT DDoSbotnets
Trends in IoT DDoSbotnets Netnod Meeting, 14-15 March2018 Steinthor Bjarnason ASERT Network Security Research Engineer sbjarnason@arbor.net 2018 ARBOR PUBLIC 7,7 MillionDuring this presentation, approx.
More informationPanda Security 2010 Page 1
Panda Security 2010 Page 1 Executive Summary The malware economy is flourishing and affecting both consumers and businesses of all sizes. The reality is that cybercrime is growing exponentially in frequency
More information2nd SIG-NOC meeting and DDoS Mitigation Workshop Scrubbing Away DDOS Attacks. 9 th November 2015
2nd SIG-NOC meeting and DDoS Mitigation Workshop Scrubbing Away DDOS Attacks 9 th November 2015 AKAMAI SOLUTIONS WEB PERFORMANCE SOLUTIONS MEDIA DELIVERY SOLUTIONS CLOUD SECURITY SOLUTIONS CLOUD NETWORKING
More informationManaging IT Risk: What Now and What to Look For. Presented By Tina Bode IT Assurance Services
Managing IT Risk: What Now and What to Look For Presented By Tina Bode IT Assurance Services Agenda 1 2 WHAT TOP TEN IT SECURITY RISKS YOU CAN DO 3 QUESTIONS 2 IT S ALL CONNECTED Introduction All of our
More informationAnalisi degli attacchi DDOS e delle contromisure
Attacchi informatici: Strategie e tecniche per capire, prevenire e proteggersi dagli attacchi della rete Analisi degli attacchi DDOS e delle contromisure Alessandro Tagliarino 0 WHO IS ARBOR NETWORKS?
More informationChapter 10: Denial-of-Services
Chapter 10: Denial-of-Services Technology Brief This chapter, "Denial-of-Service" is focused on DoS and Distributed Denial-of-Service (DDOS) attacks. This chapter will cover understanding of different
More information2015 DDoS Attack Trends and 2016 Outlook
CDNetworks 2015 DDoS Attack Trends and 2016 Outlook 2016, January CDNetworks Security Service Team Table of Contents 1. Introduction... 3 2. Outline... 3 3. DDoS attack trends... 4 4. DDoS attack outlook
More informationThe situation of threats in cyberspace in the first half of 2018
The situation of threats in cyberspace in the first half of 2018 1. Cyber-attacks (1) Scanning activities in cyberspace a. Overview of unexpected incoming packets to the sensors 1 The number of unexpected
More informationInternet of Things (IoT) Attacks. The Internet of Things (IoT) is based off a larger concept; the Internet of Things came
Victoria Ellsworth Dr. Ping Li ICTN 4040 04/11/17 Internet of Things (IoT) Attacks The Internet of Things (IoT) is based off a larger concept; the Internet of Things came from idea of the Internet of Everything.
More informationVDS. About the customer. Case study
About the customer FirstVDS provides virtual servers (VDS). The project has been existing since 2002 and is specialized solely on virtual servers Leasing service. The company's equipment is hosted in а
More informationProtecting Against Online Fraud. F5 EMEA Webinar August 2014
Protecting Against Online Fraud F5 EMEA Webinar August 2014 Agenda Fraud threat trends and business challenges Web fraud protection Mobile fraud protection Security operations center Example architecture
More informationEnterprise Overview. Benefits and features of Cloudflare s Enterprise plan FLARE
Enterprise Overview Benefits and features of s Enterprise plan 1 888 99 FLARE enterprise@cloudflare.com www.cloudflare.com This paper summarizes the benefits and features of s Enterprise plan. State of
More informationComprehensive datacenter protection
Comprehensive datacenter protection There are several key drivers that are influencing the DDoS Protection market: DDoS attacks are increasing in frequency DDoS attacks are increasing in size DoS attack
More informationWEB DDOS PROTECTION APPLICATION PROTECTION VIA DNS FORWARDING
WEB DDOS PROTECTION APPLICATION PROTECTION VIA DNS FORWARDING A STRONG PARTNER COMPANY Link11 - longstanding security experience Link11 is a European IT security provider, headquartered in Frankfurt, Germany
More informationCybersecurity. Anna Chan, Marketing Director, Akamai Technologies
Grow revenue opportunities with fast, personalized web experiences and manage complexity from peak demand, mobile Business devices and Continuity data collection. & Cybersecurity Anna Chan, Marketing Director,
More informationCisco Firepower with Radware DDoS Mitigation
Cisco Firepower with Radware DDoS Mitigation Business Decision Maker Presentation Eric Grubel VP Business development, Radware February 2017 DDoS in the news French hosting firm flooded with 1 Tbps traffic
More informationIntrusion Detection System For Denial Of Service Flooding Attacks In Sip Communication Networks
Intrusion Detection System For Denial Of Service Flooding Attacks In Sip Communication Networks So we are proposing a network intrusion detection system (IDS) which uses a Keywords: DDoS (Distributed Denial
More informationConfiguring attack detection and prevention 1
Contents Configuring attack detection and prevention 1 Overview 1 Attacks that the device can prevent 1 Single-packet attacks 1 Scanning attacks 2 Flood attacks 3 TCP fragment attack 4 Login DoS attack
More informationComprehensive DDoS Attack Protection: Cloud-based, Enterprise Grade Mitigation F5 Silverline
Comprehensive DDoS Attack Protection: Cloud-based, Enterprise Grade Mitigation F5 Silverline PRESENTED BY: RICH BIBLE, EMEA SILVERLINE SA November 22, 2018 1 2018 F5 NETWORKS DDoS and Application Attack
More informationImma Chargin Mah Lazer
Imma Chargin Mah Lazer How to protect against (D)DoS attacks Oliver Matula omatula@ernw.de #2 Denial of Service (DoS) Outline Why is (D)DoS protection important? Infamous attacks of the past What types
More informationAuthor: Tonny Rabjerg Version: Company Presentation WSF 4.0 WSF 4.0
Author: Tonny Rabjerg Version: 20150730 Company Presentation WSF 4.0 WSF 4.0 Cybercrime is a growth industry. The returns are great, and the risks are low. We estimate that the likely annual cost to the
More informationJPCERT/CC Incident Handling Report [January 1, March 31, 2018]
JPCERT-IR-2018-01 Issued: 2018-04-12 JPCERT/CC Incident Handling Report [January 1, 2018 - March 31, 2018] 1. About the Incident Handling Report JPCERT Coordination Center (herein, JPCERT/CC) receives
More informationRouting Security DDoS and Route Hijacks. Merike Kaeo CEO, Double Shot Security
Routing Security DDoS and Route Hijacks Merike Kaeo CEO, Double Shot Security merike@doubleshotsecurity.com DISCUSSION POINTS Understanding The Growing Complexity DDoS Attack Trends Packet Filters and
More informationECE 435 Network Engineering Lecture 23
ECE 435 Network Engineering Lecture 23 Vince Weaver http://web.eece.maine.edu/~vweaver vincent.weaver@maine.edu 30 November 2017 HW#11 will be posted Announcements Don t forget projects next week Presentation
More informationDenial of Service. Denial of Service. A metaphor: Denial-of-Dinner Attack. DDoS over the years. Ozalp Babaoglu
Denial of Service Denial of Service Ozalp Babaoglu Availability refers to the ability to use a desired information resource or service A Denial of Service attack is an attempt to make that information
More informationBotnets: major players in the shadows. Author Sébastien GOUTAL Chief Science Officer
Botnets: major players in the shadows Author Sébastien GOUTAL Chief Science Officer Table of contents Introduction... 3 Birth of a botnet... 4 Life of a botnet... 5 Death of a botnet... 8 Introduction
More informationWORKSHOP CYBER SECURITY AND CYBERCRIME POLICIES FOR AFRICAN DIPLOMATS. Okechukwu Emmanuel Ibe
WORKSHOP CYBER SECURITY AND CYBERCRIME POLICIES FOR AFRICAN DIPLOMATS Okechukwu Emmanuel Ibe INTRODUCTION The Intelligence and Security Committee (ISC) is a Unit in the Office of the Chairperson of the
More information20-CS Cyber Defense Overview Fall, Network Basics
20-CS-5155 6055 Cyber Defense Overview Fall, 2017 Network Basics Who Are The Attackers? Hackers: do it for fun or to alert a sysadmin Criminals: do it for monetary gain Malicious insiders: ignores perimeter
More informationThe Interactive Guide to Protecting Your Election Website
The Interactive Guide to Protecting Your Election Website 1 INTRODUCTION Cloudflare is on a mission to help build a better Internet. Cloudflare is one of the world s largest networks. Today, businesses,
More informationsnoc Snoc DDoS Protection Fast Secure Cost effective Introduction Snoc 3.0 Global Scrubbing Centers Web Application DNS Protection
Snoc DDoS Protection Fast Secure Cost effective sales@.co.th www..co.th securenoc Introduction Snoc 3.0 Snoc DDoS Protection provides organizations with comprehensive protection against the most challenging
More informationSamu Konttinen, CEO Q3 / 2017 CORPORATE SECURITY REVENUE UP BY 11% - GOOD GROWTH CONTINUED
Samu Konttinen, CEO Q3 / 2017 CORPORATE SECURITY REVENUE UP BY 11% - GOOD GROWTH CONTINUED 1 AGENDA Key takeaways from Q3 Key figures Business updates Outlook Financials FAQ All figures refer to continuing
More informationConfiguring attack detection and prevention 1
Contents Configuring attack detection and prevention 1 Overview 1 Attacks that the device can prevent 1 Single-packet attacks 1 Scanning attacks 2 Flood attacks 3 TCP fragment attack 4 Login DoS attack
More informationCyber Attacks: Evolving Network Architectures to Meet the Challenge
Cyber Attacks: Evolving Network Architectures to Meet the Challenge Robert Crinks OnPoint Consulting, Inc. EIS 2018 discover a dynamic comprehensive technology partner that can help your agency A wholly
More informationKaspersky Security Network
The Kaspersky Security Network (KSN) is a complex distributed infrastructure dedicated to intelligently processing cybersecurity-related data streams from millions of voluntary participants around the
More informationComputer Network Vulnerabilities
Computer Network Vulnerabilities Objectives Explain how routers are used to protect networks Describe firewall technology Describe intrusion detection systems Describe honeypots Routers Routers are like
More informationInsight Guide into Securing your Connectivity
Insight Guide I Securing your Connectivity Insight Guide into Securing your Connectivity Cyber Security threats are ever present in todays connected world. This guide will enable you to see some of the
More informationakamai s [state of the internet] / security
[Volume 2 / Number 2] akamai s [state of the internet] / security Q2 215 executive summary The Security Report has five research sections: Quarter-over-quarter and year-ago quarterly attack statistics
More informationVincent van Kooten, EMEA North Fraud & Risk Intelligence Specialist RSA, The Security Division of EMC
Vincent van Kooten, EMEA North Fraud & Risk Intelligence Specialist RSA, The Security Division of EMC 1 2013 2 3 in 4 3 5.900.000.000 $ 4 RSA s Top 10 List 5 RSA s top 10 phishing list Copyright 2014 EMC
More informationMeeting 39. Guest Speaker Dr. Williams CEH Networking
Cyber@UC Meeting 39 Guest Speaker Dr. Williams CEH Networking If You re New! Join our Slack ucyber.slack.com Feel free to get involved with one of our committees: Content, Finance, Public Affairs, Outreach,
More informationTHE STATE OF MEDIA SECURITY HOW MEDIA COMPANIES ARE SECURING THEIR ONLINE PROPERTIES
THE STATE OF MEDIA SECURITY HOW MEDIA COMPANIES ARE SECURING THEIR ONLINE PROPERTIES TABLE OF CONTENTS 3 Introduction 4 Survey Findings 4 Recent Breaches Span a Broad Spectrum 4 Site Downtime and Enterprise
More informationBasic Concepts in Intrusion Detection
Technology Technical Information Services Security Engineering Roma, L Università Roma Tor Vergata, 23 Aprile 2007 Basic Concepts in Intrusion Detection JOVAN GOLIĆ Outline 2 Introduction Classification
More informationThe Value of Automated Penetration Testing White Paper
The Value of Automated Penetration Testing White Paper Overview As an information security expert and the security manager of the company, I am well aware of the difficulties of enterprises and organizations
More informationDDoS Introduction. We see things others can t. Pablo Grande.
DDoS Introduction We see things others can t Pablo Grande pgrande@arbor.net DoS & DDoS. Unavailability! Interruption! Denial of Service (DoS) attack is an attempt to make a machine or network resource
More informationAttack Prevention Technology White Paper
Attack Prevention Technology White Paper Keywords: Attack prevention, denial of service Abstract: This document introduces the common network attacks and the corresponding prevention measures, and describes
More informationIt s Flow Time! The Role and Importance of Flow Monitoring in Network Operations and Security
It s Flow Time! The Role and Importance of Flow Monitoring in Network Operations and Security Pavel Minařík, Chief Technology Officer Neutral Peering Days 2018, The Hague Your customers depend on your
More informationImperva Incapsula Product Overview
Product Overview DA T A SH E E T Application Delivery from the Cloud Whether you re running a small e-commerce business or in charge of IT operations for an enterprise, will improve your website security
More informationSecurity Device Roles
Kennesaw State University DigitalCommons@Kennesaw State University KSU Proceedings on Cybersecurity Education, Research and Practice 2017 KSU Conference on Cybersecurity Education, Research and Practice
More informationEnsuring the Success of E-Business Sites. January 2000
Ensuring the Success of E-Business Sites January 2000 Executive Summary Critical to your success in the e-business market is a high-capacity, high-availability and secure web site. And to ensure long-term
More informationImperva Incapsula Survey: What DDoS Attacks Really Cost Businesses
Survey Imperva Incapsula Survey: What DDoS Attacks Really Cost Businesses BY: TIM MATTHEWS 2016, Imperva, Inc. All rights reserved. Imperva and the Imperva logo are trademarks of Imperva, Inc. Contents
More informationDenial of Service and Distributed Denial of Service Attacks
Denial of Service and Distributed Denial of Service Attacks Objectives: 1. To understand denial of service and distributed denial of service. 2. To take a glance about DoS techniques. Distributed denial
More informationGOVERNMENT IT: FOCUSING ON 5 TECHNOLOGY PRIORITIES
GOVERNMENT IT: FOCUSING ON 5 TECHNOLOGY PRIORITIES INSIGHTS FROM PUBLIC SECTOR IT LEADERS DISCOVER NEW POSSIBILITIES. New network technology is breaking down barriers in government offices, allowing for
More informationWHITE PAPER. DDoS of Things SURVIVAL GUIDE. Proven DDoS Defense in the New Era of 1 Tbps Attacks
WHITE PAPER 2017 DDoS of Things SURVIVAL GUIDE Proven DDoS Defense in the New Era of 1 Tbps Attacks Table of Contents Cyclical Threat Trends...3 Where Threat Actors Target Your Business...4 Network Layer
More informationFighting the Shadows: How to Stop Real-world Cybersecurity Application Threats That You Can t See
Fighting the Shadows: How to Stop Real-world Cybersecurity Application Threats That You Can t See Louis Scialabba Carrier Solutions Marketing Nov 2015 November 16, 2015 Topics What s New in Cybersecurity
More informationDDOS DETECTION AND RESPONSE TRENDS IN THE ENTERPRISE: AN IANS CUSTOM REPORT
DDOS DETECTION AND RESPONSE TRENDS IN THE ENTERPRISE: AN IANS CUSTOM REPORT SEPTEMBER 2014 COMMISSIONED BY: Contents Contents... 2 Introduction... 3 About the Survey and Respondents... 3 The Current State
More informationDenial of Service. Serguei A. Mokhov SOEN321 - Fall 2004
Denial of Service Serguei A. Mokhov SOEN321 - Fall 2004 Contents DOS overview Distributed DOS Defending against DDOS egress filtering References Goal of an Attacker Reduce of an availability of a system
More informationA Review Paper on Network Security Attacks and Defences
EUROPEAN ACADEMIC RESEARCH Vol. IV, Issue 12/ March 2017 ISSN 2286-4822 www.euacademic.org Impact Factor: 3.4546 (UIF) DRJI Value: 5.9 (B+) A Review Paper on Network Security Attacks and ALLYSA ASHLEY
More informationCISO Success Strategies: On Becoming a Security Business Leader
SESSION ID: CXO W03 CISO Success Strategies: On Becoming a Security Business Leader Frank Kim CISO SANS Institute @fykim Outline Build Your Business Case Rocket Your Relationships Master Your Message 2
More informationWhat can we lose not implementing proper security in our IT environment? Aleksandar Pavlovic Security Account Manager Cisco
What can we lose not implementing proper security in our IT environment? Aleksandar Pavlovic Security Account Manager Cisco Increasing Digital Traffic Creates a Greater Attack Surface Global IP Traffic
More informationA Survey of Defense Mechanisms Against DDoS Flooding A
DDoS Defense: Scope And A Survey of Defense Mechanisms Against DDoS Flooding Attacks IIT Kanpur IEEE COMMUNICATIONS SURVEYS & TUTORIALS, VOL. 15, NO. 4, FOURTH QUARTER 2013 DDoS Defense: Scope And Outline
More informationData Sheet. DPtech Anti-DDoS Series. Overview. Series
Data Sheet DPtech Anti-DDoS Series DPtech Anti-DDoS Series Overview DoS (Denial of Service) leverage various service requests to exhaust victims system resources, causing the victim to deny service to
More informationJPCERT/CC Incident Handling Report [October 1, 2015 December 31, 2015]
JPCERT-IR-2015-05 Issued: 2016-01-14 JPCERT/CC Incident Handling Report [October 1, 2015 December 31, 2015] 1. About the Incident Handling Report JPCERT Coordination Center (herein, JPCERT/CC) receives
More informationChapter 7. Denial of Service Attacks
Chapter 7 Denial of Service Attacks DoS attack: An action that prevents or impairs the authorized use of networks, systems, or applications by exhausting resources such as central processing units (CPU),
More information