An Introduction to DDoS attacks trends and protection Alessandro Bulletti Consulting Engineer, Arbor Networks abulletti@arbor.net
Topics Covered The DDOS cyber threat and impacts Cyprus attacks trend in 2016 How to address DDoS Challenges 2
Things you should know about DDoS attacks It s never been easier to launch a DDoS attack. DDoS attacks increasing in size, frequency and complexity. DDoS attacks are used as smoke screens diversion during advanced threat campaigns. Of the Top 3 causes of unplanned outages, DDoS attacks are the most costly to an organization. $5:$100sK DDoS for Hire Did You Know? 500Gbps For $5/hr anyone can launch a DDoS attack an cause $100sK in damage DDoS attack size increasing 1 74% involved DDOS as a diversion 2 78% 42% experienced multi-vectored attacks 1 Increase in demand for DDoS Protection services 1 3
DDoS background What is a DDoS Distributed Denial Of Service attack? An attempt to consume finite resources, exploit weaknesses in software design or implementations, or exploit lack of infrastructure. An attempt to make an online service unavailable by overwhelming it with traffic from multiple sources. DDoS attacks effect availability! No Availability, no applications/services/data/internet! NO revenue! Attacks are almost always distributed for more significant effect. 4
DDoS Growth continues Largest attack reported in 2015 was 500 Gbps with other respondents reporting attacks of 450 Gbps, 425 Gbps, and 337 Gbps. Another five respondents reported 200+ Gbps attacks. Nearly one quarter of respondents report peak attacks over 100Gbps. Over half of data center respondents saw attacks that completely saturated their Internet connectivity. 5
DDoS as an Evolving Threat ISP 1 Attackers use a combination of techniques Layer 4-7, Smart DDoS Impact DATA CENTER ISP 2 ISP Exhaustion of Service SATURATION Firewall IPS Load Balancer ISP n EXHAUSTION Target Applications & Services Volumetric, Brute Force DDoS Impact 6
DDoS Attacks Exposure Financial Services Gaming Online Retail Education Government Cloud Services Any organization can be the target of a DDoS attack Most affected industries: Public, Retail, and Financial Services ** Picture: Number of DDoS attacks by victim industry and organization size (small is < 1,000 employees) ** **Source Verizon 2015 DBIR 7
DDoS Attacks Motivations Enterprise respondents Service Provider respondents 8
DDoS Attacks Impacts Short Term Impact Service Degradation Network Outage Mid Term Impact APT Target Campaign Long Term Impact Loss of Reputation Decrease Revenue 9
DDoS and the move to Cloud Global cloud IP traffic will almost quadruple (3.7-fold) over the next 5 years. Overall, cloud IP traffic will grow at a CAGR of 30 percent from 2015 to 2020 ** ** Source Cisco Global Cloud Index: Forecast and Methodology, 2015 2020 10
DDoS Attacks to SP and the Enterprise 11
DDoS Attacks in Cyprus 2016 Sample Arbor Data Attack BPS Breakout Attacks PPS Breakout 23% 9% 23% 1G to 2G 2G to 5G 5G to 10G > 10G 31% 6% 63% less than 500k 500k to 1M > 1M 45% 12
DDoS Attacks in Cyprus 2016 Sample Arbor Data 1% Attack Duraton in Hours 6% 2% 1% 3% 3% Type of attack less than 0.5 16% IP Fragmentation, UDP, chargen Amplification 93% 0.5 to 1 1 to 3 IP Fragmentation, UDP, DNS Amplification IP Fragmentation, UDP, DNS Amplification, chargen Amplification UDP, NTP Amplification UDP, SSDP Amplification 70 60 50 40 30 20 10 0 Attack Duraton in Hours less than 0.5 0.5 to 1 1 to 3 75% UDP 13
Stopping DDoS Attacks Layered DDoS Attack Protection 1 Stop volumetric attacks In-Cloud Scrubbing Center 3 Intelligent communication between both environments Volumetric Attack Application Attack The Internet Your (ISP s) Network Your Data Centers/Internal Networks 4 Backed by continuous threat intelligence Backed by Continuous Threat Intelligence 2 Stop application layer DDoS attacks & other advanced threats; detect abnormal outbound activity A Recommended Industry Best Practice: 14
Arbor s DDoS Protection Solution Comprehensive DDoS Protection Products & Services Target/Compromised Hosts Armed with Global Visibility & Actionable Threat Intelligence 15
The Internet Atlas and ASERT 15 years of deployment in a majority of world s ISPs offer unique visibility into global threats Over 300 ISPs participating in ATLAS; providing Global Visibility and Threat Intelligence ASERT is a team of industry experts who conduct threat research, help customer mitigate DDoS attacks and create ATLAS Intelligence Feeds IF ATLAS & ASERT continuously arm all Arbor products and services with global threat intelligence ATLAS Intelligence Feed allowing customers to stay abreast of DDoS and advanced threats 16
Conclusion DDoS Attacks may bring down any Service Direct impact as loss of revenues, lower customers experience Arbor Networks Solution guarantees Protection by: Continuous traffic analysis and visibility: ATLAS, Digital Attack Map AIF, ASERT network trend and application analysis Automated Workflow for Mitigating all attacks on premises and cloud Detection and Mitigation of full scope DDoS Attacks with High Accuracy Shortest time to protect 17
Thank You abulletti@arbor.net +39 3388661617