Latest Threat: Statistics, Case Study and Solutions

Transcription

1 Knownsec Hong Kong Latest Threat: Statistics, Case Study and Solutions ZHAO Wei, CEO LAI Anthony, Researcher Knownsec (

2 Knownsec Hong Kong What are we going to talk about?

3 Agenda Part 1: ZoomEye Statistics for Hong Kong Part 2: Case Study of DDoS and Web Attack Part 3: Our Solutions, Research and Conference

4 In the past 8 years We have handled various attacks and threats: Web attack DDoS Brand Violation/Spoofing We are not going to talk about what is OWASP Top 10, what is DDoS attack, you could simply check it out from Google :)

5 Our latest defense for community

6 Part 1: ZoomEye Statistics for Hong Kong

7 Statistics 1. ZoomEye Statistics for Hong Kong a. Public Device b. Web Service c. Challenge

8 ZoomEye Statistics - Public Device

9 ZoomEye Statistics - Public Device

10 ZoomEye Statistics - Public Device

11 ZoomEye Statistics - Web Service

12 ZoomEye Statistics - Web Service

13 Observation Online devices including printer, NAS and webcam are significant in number. Web servers are not readily upgraded CMS system are not widely updated Wordpress and dedecms are popular You could find our global statistics from here:

14 Challenge Understand and get to know how many vulnerable devices facing the Internet Decision between upgrade or not, simply, remove it from your network Preparation of upgrade and patching Post-upgrade and patching verification and testing

15 Part 2: Case Study of DDoS and Web Attack

16 Lesson Learnt Do you think you have a good incident response policy? What is your expected response time from the vendor if attack is found What is your goal of the response? Keep the service or investigate into the origin Do you have adequate defense when attack strikes?

17 Part 3: Our Solutions, Research and Conference

18 Defense in Depth Jiasule - Anti-DDoS ZoomEye - Open Intelligence Platform WebSOC - Web Monitoring Solutions K-WAF (Web Application Firewall) servers Online and applications servers Devices, and Web applications Site, Servers and Applications Brand Protection

19 Our Products and Services: WebSOC It helps to monitor the Web application and site for content change, vulnerabilities and availability as well as any malicious code injected to the site. We give preliminary penetration test to enumerate information with the found vulnerabilities Our attack knowledge base is built by daily threat collection We have two public companies in Hong Kong and Macau separately engaging our WebSOC services.

20 Our Products and Services: Jiasule Cloud-based Anti-DDoS Solutions and block layers 3,4 and 7 attacks We provide logs and attack trend as well as volume statistics We classify various attacks against the web application

21 Our Products and Services: ZoomEye It is an open intelligence and devices identification platforms It is free but offer commercial subscription It could help to scan, monitor and identify any vulnerable and knownsec devices and services in your subnet and network It is beneficial to authority, government and entities with large network for security management.

22 Our Products and Services: Brand Protection We have formed an alliance called Anquan.org, which is formed by various enterprises and security companies Once a threat, malicious or/and fake web sites are identified, we will notify each parties, afterwards, and labeled as risky in search engine, WeChat and other platforms. Meanwhile, as requested, if the fake site is located in China, we could try to take it down for your brand.

23

24 Our Research and Conference You could visit our blog for our research: We hold K-CON in Beijing every year and plan to hold a 1-day KCON in Hong Kong

25 Our Research and Conference

26 Thank you for your listening Please feel free to reach us for trying out our services and protection. ZHAO, Wei LAI, Anthony