Corero & GTT DDoS Trends Report Q2 Q3 2017

Similar documents
HOW TO HANDLE A RANSOM- DRIVEN DDOS ATTACK

IBM Cloud Internet Services: Optimizing security to protect your web applications

DDoS Managed Security Services Playbook

WHITE PAPER Hybrid Approach to DDoS Mitigation

Cyber Attacks: Evolving Network Architectures to Meet the Challenge

VERISIGN DISTRIBUTED DENIAL OF SERVICE TRENDS REPORT

INTRODUCTION: DDOS ATTACKS GLOBAL THREAT INTELLIGENCE REPORT 2015 :: COPYRIGHT 2015 NTT INNOVATION INSTITUTE 1 LLC

A custom excerpt from Frost & Sullivan s Global DDoS Mitigation Market Research Report (NDD2-72) July, 2014 NDD2-74

Cybersecurity. Anna Chan, Marketing Director, Akamai Technologies

SmartWall Threat Defense System - NTD1100

Arbor White Paper Keeping the Lights On

DDoS MITIGATION BEST PRACTICES

Arbor White Paper. DDoS: THE STAKES HAVE CHANGED. HAVE YOU? REVEALED: 3 dangerous myths about DDoS attacks

VERISIGN DISTRIBUTED DENIAL OF SERVICE TRENDS REPORT

2nd SIG-NOC meeting and DDoS Mitigation Workshop Scrubbing Away DDOS Attacks. 9 th November 2015

COPYRIGHT 2018 NETSCOUT SYSTEMS, INC. 1

IoT - Next Wave of DDoS? IoT Sourced DDoS Attacks A Focus on Mirai Botnet and Best Practices in DDoS Defense

An Introduction to DDoS attacks trends and protection Alessandro Bulletti Consulting Engineer, Arbor Networks

Cisco Firepower with Radware DDoS Mitigation

DoS Cyber Attack on a Government Agency in Europe- April 2012 Constantly Changing Attack Vectors

Prolexic Attack Report Q4 2011

THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION

Analisi degli attacchi DDOS e delle contromisure

AKAMAI SOLUTION BROCHURE CLOUD SECURITY SOLUTIONS FAST RELIABLE SECURE.

War Stories from the Cloud Going Behind the Web Security Headlines. Emmanuel Mace Security Expert

Downtime by DDoS: Taking an Integrated Multi-Layered Approach. Arbor Solution Brief

TOP TEN DNS ATTACKS PROTECTING YOUR ORGANIZATION AGAINST TODAY S FAST-GROWING THREATS

Why IPS Devices and Firewalls Fail to Stop DDoS Threats

Comprehensive DDoS Attack Protection: Cloud-based, Enterprise Grade Mitigation F5 Silverline

State of the Internet Security Q Mihnea-Costin Grigore Security Technical Project Manager

VERISIGN DISTRIBUTED DENIAL OF SERVICE TRENDS REPORT

WEB DDOS PROTECTION APPLICATION PROTECTION VIA DNS FORWARDING

Intelligent and Secure Network

AKAMAI CLOUD SECURITY SOLUTIONS

Protect Your Endpoint, Keep Your Business Safe. White Paper. Exosphere, Inc. getexosphere.com

ERT Threat Alert New Risks Revealed by Mirai Botnet November 2, 2016

Safeguard Your Internet Presence with Sophisticated DDoS Mitigation.

THE BUSINESS CASE FOR OUTSIDE-IN DATA CENTER SECURITY

Imperva Incapsula Survey: What DDoS Attacks Really Cost Businesses

CABLE MSO AND TELCO USE CASE HANDBOOK

Corero SmartWall TDS Real-time, Automatic and Highly-Scalable DDoS Defense Solutions

DoS Cyber Attack on a Government Agency in South America- February 2012 Anonymous Mobile LOIC in Action

VERISIGN DISTRIBUTED DENIAL OF SERVICE TRENDS REPORT

akamai s [state of the internet] / security

RESELLER LOGO RADICALLY BETTER. DDoS PROTECTION. Radically more effective, radically more affordable solutions for small and medium enterprises

A Top US Bank Trusts Neustar SiteProtect for Reliable DDoS Protection Depth

Combating Cyberattacks Through Network Agility and Automation Sagi Chief Technology Officer

Radware: Anatomy of an IoT Botnet and Economics of Defense

Imperva Incapsula Product Overview

Corero SmartWall TDS Real-time, Automatic and Highly-Scalable DDoS Defense Solutions

Multi-vector DDOS Attacks

DDOS DETECTION AND RESPONSE TRENDS IN THE ENTERPRISE: AN IANS CUSTOM REPORT

Defending against increasingly sophisticated DDoS attacks

NETWORK DDOS PROTECTION STANDBY OR PERMANENT INFRASTRUCTURE PROTECTION VIA BGP ROUTING

Cyber War Chronicles Stories from the Virtual Trenches

Cloudflare Advanced DDoS Protection

Enterprise D/DoS Mitigation Solution offering

War Stories from the Cloud: Rise of the Machines. Matt Mosher Director Security Sales Strategy

DDoS Detection&Mitigation: Radware Solution

SOLUTION BRIEF RSA NETWITNESS EVOLVED SIEM

CYBER RESILIENCE & INCIDENT RESPONSE

SmartWall Threat Defense System - NTD120

WHITE PAPER. DDoS of Things SURVIVAL GUIDE. Proven DDoS Defense in the New Era of 1 Tbps Attacks

Pushed to the Limit! Network and Application Security Threat Landscape Lior Zamir Technical Account Manager

CIO INSIGHTS Boosting Agility and Performance on the Evolving Internet

with Advanced Protection

ddos-guard.net Protecting your business DDoS-GUARD: Distributed protection against distributed attacks

A GUIDE TO DDoS PROTECTION

DNS SECURITY BENEFITS OF OUTSOURCING YOUR DNS TO AN IP ANYCAST+ PROVIDER

Arbor Solution Brief Arbor Cloud for Enterprises

DHG presenter. August 17, Addressing the Evolving Cybersecurity Landscape. DHG Birmingham CPE Seminar 1

Distributed Denial of Service (DDoS)

Service. Sentry Cyber Security Gain protection against sophisticated and persistent security threats through our layered cyber defense solution

SOLUTION BRIEF. Enabling and Securing Digital Business in API Economy. Protect APIs Serving Business Critical Applications

Are we breached? Deloitte's Cyber Threat Hunting

Hongbo Yang, Xiaobing Sun, Richard Zhao

Combating Cyber Risk in the Supply Chain

How NSFOCUS Protected the G20 Summit. Guy Rosefelt on the Strategy, Staff and Tools Needed to Ensure Cybersecurity

Your First Line of Defense AGAINST DDOS ATTACKS. change the rules for inspection performance, security intelligence and

Panda Security 2010 Page 1

Service Provider View of Cyber Security. July 2017

RSA NetWitness Suite Respond in Minutes, Not Months

DIGITAL TRANSFORMATION IN FINANCIAL SERVICES

SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM

I D C T E C H N O L O G Y S P O T L I G H T

Radware Attack Mitigation Solution (AMS) Protect Online Businesses and Data Centers Against Emerging Application & Network Threats - Whitepaper

VERISIGN DISTRIBUTED DENIAL OF SERVICE TRENDS REPORT

Smart and Secured Infrastructure. Rajesh Kumar Technical Consultant

Neustar Security Solutions Overview

The Interactive Guide to Protecting Your Election Website

VERISIGN DISTRIBUTED DENIAL OF SERVICE TRENDS REPORT

CLOUD-BASED DDOS PROTECTION FOR HOSTING PROVIDERS

RiskSense Attack Surface Validation for IoT Systems

Global DDoS Threat Landscape

IBM Global Technology Services Provide around-the-clock expertise and protect against Internet threats.

2015 DDoS Attack Trends and 2016 Outlook

Capability Analysis of Internet of Things (IoT) Devices in Botnets & Implications for Cyber Security Risk Assessment Processes (Part One)

How DDoS Mitigation is about Corporate Social Responsibility

RSA INCIDENT RESPONSE SERVICES

Comprehensive datacenter protection

Transcription:

Corero & GTT DDoS Trends Report Q2 Q3 2017

Executive Summary KEY TRENDS KEY INSIGHTS RECOMMENDATIONS SUMMARY 3 6 7 9 Organizations around the globe have become increasingly dependent on the Internet as a means to conduct business, and the Internet-connected world has grown more complex due to faster throughput, larger connections, the Internet of Things, and public and private clouds. Simultaneously, Distributed Denial of Service (DDoS) threats have become more sophisticated and common. Internet reliability can come down to a fraction of a second; since its inception, the Internet has been all about availability. When the Internet goes down, businesses that rely on that service go down with it, and DDoS attacks are considered one of the most serious threats to Internet availability today. Downtime or latency significantly impacts brand reputation and ultimately, revenue. When you combine the frequency and duration of attacks, and the low volume, sub-saturating nature of the threats, victims are faced with a significant security and availability challenge. Automated, real-time mitigation techniques must be in place to eliminate the repercussions of a DDoS attack. This report contains observations from DDoS attack attempts against Corero customers in Q2 2017 and Q3 2017, as well as comparisons against previous quarters. The data represents the frequency and sophistication of DDoS attacks that organizations face today. 2

KEY TREND Increase in frequency We have just passed the oneyear anniversary of what many believe to be one of the largest DDoS attacks recorded. Domain Name Service Provider Dyn came under attack by two large and complex DDoS attacks against its managed DNS infrastructure. Because of the attacks, dozens of Internet platforms and services including major brands such as Twitter, Spotify, Reddit, Netflix and others felt the significant ripple effect of service outages. Since that incident, other various large-scale DDoS attacks have made national or even global headline news. However, those large-scale attacks are atypical of the types of disruptions that companies suffer from day-to-day. Frequent, modest-sized, short duration DDoS attacks are the modern-day problem, as they regularly cause the most damage. It s these types of attacks on which businesses should focus. Corero has observed a jump in the frequency of attack attempts against customers. In the last quarter (Q3 2017), Corero customers experienced an average of 237 attacks per month, an increase of 35% compared to Q2 2017 (175 attacks). Worryingly, we saw an average of 8 attack attempts per customer, per day in Q3 2017 double what was observed in Q1 2017. 3.6 8 Attacks per Day 4.1 6 Daily Average Attack per Customer 8 44 25.228.6 35% Increase in Attacks per Quarter Weekly 59 124 109 175 Monthly 237 328 372 526 Quarter 710 Q4 2016 Q1 2017 Q2 2016 Q3 2017 3

KEY TREND Low volume, short duration attacks While the frequency of attacks is concerning, the size and duration of attacks are also important to call out. Roughly 96 percent of mitigated DDoS attacks were less than 5 Gbps in volume, in both Q2 and Q3 2017. The average duration of DDoS attacks is also cause for concern. 65 percent of attacks in Q2 2017 lasted 10 minutes or less, and in Q3, 71% percent were 10 minutes or less. 71% 10 Minutes or Less Average Size of DDoS Attacks SIZE Q4 2016 Q1 2017 Q2 2017 Q3 2017 <1G 79% 80% 82% 81% 1G 5G 18% 15% 15% 15% 5G 10G 4% 4% 2% 3% >10G 1% 2% 1% 1% Average Duration of DDoS Attacks MINUTES Q4 2016 Q1 2017 Q2 2017 Q3 2017 0 5 57% 56% 51% 58% 6 10 17% 16% 14% 13% 11 20 7% 6% 13% 11% 21 30 11% 12% 7% 6% 31 60 4% 5% 8% 6% >60 5% 5% 7% 6% 96% Attacks 5Gbps or Less While attacks lasting 5 minutes or less make up the majority of the attack attempts, we noticed that the attacks lasting 21-30 minutes dropped by 50 percent (Q1 vs Q3). 4

KEY TREND Attack Types Corero has observed a wide range of DDoS attack types over the last two quarters. Two distinct attack types stand out: 1. Sophisticated, multi-vector attacks, aimed to deceive and overrun traditional IT security measures made up a significant portion of the attacks observed this year. 2. Service Flood attacks aim to saturate the bandwidth target victim, resulting in service outages, downtime and latency. Multi-vector Attacks 20% in Q2 2017 Service Floods 39% in Q2 2017 > < 15% in Q3 2017 41% in Q3 2017 Cyber-criminals are also switching methods, from simple volumetric attacks to multi-vector DDoS attacks. Modern toolkits can launch both infrastructure-based and application-based DDoS payloads, and attacks include SYN flood, UDP flood, Domain Name System (DNS) query flood and GET floods. Attackers are implementing techniques to profile the nature of the target network s security defenses, and utilizing subsequent techniques to implement second or third attacks designed to circumvent an organization s layered protection strategy. Corero has found that multi-vector attack attempts are used regularly (see figure 1) against Corero customers. More frequently, we see Service Flood attacks as shown in figure 2, comprised of TCP or UDP attacks such as SYN flood, ACK flood, Reset flood etc. Mbps 20,000 10,000 1:00am Multi-Vector Attack Mitigation FIGURE 1 Corero SecureWatch Analytics visualization of a multi-vector attack mitigation. Attack lasting 15 minutes in duration, peaking at 17 Gbps. Service Flood DDoS Attack Mitigation Packets per Second (pps) 30,000,000 20,000,000 10,000,000 Inbound Traffic Aug 27, 2017 1:05am 1:10am 1:15am Time (EDT) Inbound Traffic Jul 1, 2017 3:15pm 3:20pm 3:25pm 3:30pm 3:35pm 3:40pm Time (EDT) BLOCKED ALLOWED BLOCKED ALLOWED FIGURE 2 Corero SecureWatch Analytics visualization of a service flood attack mitigation. Attack lasting 15 minutes in duration, peaking at 22.5 million pps. 5

KEY INSIGHT RDoS Ransom Denial of Service (RDoS) made a significant comeback in Q3 2017. A widespread wave of RDoS threats from the Phantom Squad hacker group kicked off in September. These threats targeted companies throughout the US, Europe and Asia. This extortion campaign launched messages demanding Bitcoin payment, with promise to execute attacks on September 30 unless the demands were met. Recent examples span across industries from banking and financial institutions, to hosting providers, online gaming services and SaaS organizations. Unfortunately, most cyber security solutions focus on recovery from criminal extortion attacks, rather than defeating one. DDoS mitigation technology has evolved to deal with these attacks, automatically and instantaneously to eliminate the threat to your business. KEY INSIGHT IoT Botnets should be a grave concern Despite its advantages, the IoT comes with a host of security disadvantages. IoT devices are usually poorly managed, patched and secured; thus they are prime targets for hacker infiltration and takeover. Aside from the personal privacy and security concerns that result from these security gaps, the bigger danger is that these connected devices can be harnessed by hackers for a variety of nefarious purposes; in many cases hackers use them to form a botnet to carry out DDoS attacks. The latest IoT botnet plague making headlines is the Reaper botnet. Reportedly having infected over a million devices, this botnet is much more dangerous than the Mirai botnet of late last year. It leverages known security flaws in the code of unsecured machines, taking over unsecured IoT devices with the use of hacking tools and then spreading itself further. At the time this paper was authored (Nov 2017) the botnet was in the recruitment phase, and DDoS security experts have yet to see an attack executed with this new powerful bot. The potential scale and power of this botnet has the ability to create Internet chaos and dire results for target victims. 6

KEY INSIGHT DDoS distraction; data exfiltration Once a DDoS attack is underway, security personnel are often distracted by the DDoS traffic, which allows hackers to use whatever means at their disposal to penetrate a network or plant ransomware or malware. Such attacks are not designed to deny service, but to deny security, by acting as a camouflage that masks more sinister activities usually data theft and network infiltration. These attacks act as a diversion tactic, distracting IT teams from the breach that s taking place, which could involve data being exfiltrated, networks being mapped for vulnerabilities, or a whole host of other potential risks. RECOMMENDATION Understand the evolving threat landscape The DDoS threat landscape will continue to evolve just as it has for the last couple of decades. We continue to see an increase in attack attempts against our customers quarter over quarter, with some of our customers experiencing thousands of attack attempts per day. The sophistication of DDoS attacks continues to evolve, with multivector attacks being used more often than not. These attacks are used to profile existing security solutions and infrastructure, to probe and determine which vectors and techniques will prove successful. These attacks are also sophisticated enough to leave just enough bandwidth available for other cyber attacks to make their way undetected into the network, past weakened network security layers. There would be little to no trace of these additional attack vectors infiltrating the compromised network, as the initial DDoS had accomplished its purpose of distracting all security resources from performing their intended functions. 7

RECOMMENDATION Talk DDoS with your ISP Organizations that once had DDoS protection projects on the back burner are now re-prioritizing their security strategies to place DDoS mitigation at the forefront. This shift in precedence puts increased pressure on Internet and cloud providers to enable this protection for their customers, and eliminate DDoS threats closer to the source. Providers are now accepting a greater responsibility for defending their customers and networks against DDoS attacks. This approach allows for new security service offerings that protect and increase customer satisfaction. RECOMMENDATION Enable real-time threat detection and mitigation mechanisms To keep up with the growing sophistication and organization of well-equipped and well-funded threat actors, it s essential that organizations maintain comprehensive visibility and automated mitigation capabilities across their networks to instantly detect and block any potential DDoS attacks as they arise. Proactive DDoS protection is a critical element in proper cyber security against loss of service availability and data breach activity. The everyday DDoS attack that Corero has highlighted in this report cannot be properly defeated with traditional Internet gateway security solutions such as firewalls, Intrusion Prevention Systems and the like. Similarly, cloud based DDoS scrubbing alternatives cannot achieve successful mitigation with the low volume, short duration attacks that are impacting organizations every day. As organizations develop their DDoS resiliency plans, and choose their methods of DDoS protection, time-to-mitigation must be a critical factor. 8

Summary 35% Increase in Attacks per Quarter 8 Attacks per Customer per Day 71% Attacks 10 Minutes or Less 96% Attacks 5Gbps or Less About Corero Network Security Corero Network Security is the leader in real-time, high-performance DDoS defense solutions. Service providers, hosting providers and online enterprises rely on Corero s award winning technology to eliminate the DDoS threat to their environment through automatic attack detection and mitigation, coupled with complete network visibility, analytics and reporting. This industry leading technology provides cost effective, scalable protection capabilities against DDoS attacks in the most complex environments while enabling a more cost effective economic model than previously available. For more information, visit www.corero.com. About GTT GTT connects people across organizations and around the world. The company provides multinationals with a better way to reach the cloud through its suite of cloud networking services, including optical transport, wide area networking, internet, managed services, voice and video. GTT operates a Tier 1 IP backbone, ranked top five in the world, and the lowest latency transatlantic fiber network, providing services in over 100 countries. GTT delivers an outstanding client experience by living its core values of simplicity, speed and agility. For more information on how GTT is redefining global communications, please visit www.gtt.net. US Headquarters 225 Cedar Hill Street Suite 337 Marlborough, MA 01752 +1 978-212-1500 info@corero.com EMEA Headquarters Regus House, Highbridge, Oxford Road Uxbridge, England UB8 1HR, UK +44 (0) 1895-876579 Headquarters 7900 Tysons One Place, Suite 1450 McLean, VA 22102 Americas: +1 703 442 5500 EMEA: +44 020 7489 7200 APAC: +852 8107 1088 Copyright 2017 Corero Network Security, Inc. and GTT Communications, Inc. 9

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback