Cyber War Chronicles Stories from the Virtual Trenches

Similar documents
Fighting the Shadows: How to Stop Real-world Cybersecurity Application Threats That You Can t See

Radware s Attack Mitigation Solution Protect Online Businesses and Data Centers Against Emerging Application & Network Threats - Whitepaper

Cisco Firepower with Radware DDoS Mitigation

Multi-vector DDOS Attacks

VERISIGN DISTRIBUTED DENIAL OF SERVICE TRENDS REPORT

An Introduction to DDoS attacks trends and protection Alessandro Bulletti Consulting Engineer, Arbor Networks

DoS Cyber Attack on a Government Agency in Europe- April 2012 Constantly Changing Attack Vectors

Radware Attack Mitigation Solution (AMS) Protect Online Businesses and Data Centers Against Emerging Application & Network Threats - Whitepaper

DDOS DETECTION AND RESPONSE TRENDS IN THE ENTERPRISE: AN IANS CUSTOM REPORT

Comprehensive datacenter protection

THE STATE OF MEDIA SECURITY HOW MEDIA COMPANIES ARE SECURING THEIR ONLINE PROPERTIES

A custom excerpt from Frost & Sullivan s Global DDoS Mitigation Market Research Report (NDD2-72) July, 2014 NDD2-74

Imperva Incapsula Survey: What DDoS Attacks Really Cost Businesses

War Stories from the Cloud Going Behind the Web Security Headlines. Emmanuel Mace Security Expert

2nd SIG-NOC meeting and DDoS Mitigation Workshop Scrubbing Away DDOS Attacks. 9 th November 2015

ERT Threat Alert New Risks Revealed by Mirai Botnet November 2, 2016

NETWORK DDOS PROTECTION STANDBY OR PERMANENT INFRASTRUCTURE PROTECTION VIA BGP ROUTING

DDoS: STRATEGIES FOR DEALING WITH A GROWING THREAT

DDoS Detection&Mitigation: Radware Solution

Service Provider View of Cyber Security. July 2017

WEB DDOS PROTECTION APPLICATION PROTECTION VIA DNS FORWARDING

Cybersecurity. Anna Chan, Marketing Director, Akamai Technologies

VERISIGN DISTRIBUTED DENIAL OF SERVICE TRENDS REPORT

Pushed to the Limit! Network and Application Security Threat Landscape Lior Zamir Technical Account Manager

A GUIDE TO DDoS PROTECTION

THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION

War Stories from the Cloud: Rise of the Machines. Matt Mosher Director Security Sales Strategy

The Bots Are Coming The Bots Are Coming Scott Taylor Director, Solutions Engineering

AKAMAI SOLUTION BROCHURE CLOUD SECURITY SOLUTIONS FAST RELIABLE SECURE.

Herding Cats. Carl Brothers, F5 Field Systems Engineer

snoc Snoc DDoS Protection Fast Secure Cost effective Introduction Snoc 3.0 Global Scrubbing Centers Web Application DNS Protection

SHARE THIS WHITEPAPER. Attack Mitigation Service Fully Managed Hybrid (Premise & Cloud) Cyber-Attack Mitigation Solution - Whitepaper

Enterprise Overview. Benefits and features of Cloudflare s Enterprise plan FLARE

The Interactive Guide to Protecting Your Election Website

F5 comprehensive protection against application attacks. Jakub Sumpich Territory Manager Eastern Europe

Radware: Anatomy of an IoT Botnet and Economics of Defense

Enterprise D/DoS Mitigation Solution offering

Global DDoS Threat Landscape

INTRODUCTION: DDOS ATTACKS GLOBAL THREAT INTELLIGENCE REPORT 2015 :: COPYRIGHT 2015 NTT INNOVATION INSTITUTE 1 LLC

VERISIGN DISTRIBUTED DENIAL OF SERVICE TRENDS REPORT

COPYRIGHT 2018 NETSCOUT SYSTEMS, INC. 1

Intelligent and Secure Network

Prolexic Attack Report Q4 2011

Keys to a more secure data environment

The 2017 State of Endpoint Security Risk

DoS Cyber Attack on a Government Agency in South America- February 2012 Anonymous Mobile LOIC in Action

State of the Internet Security Q Mihnea-Costin Grigore Security Technical Project Manager

TOP TEN DNS ATTACKS PROTECTING YOUR ORGANIZATION AGAINST TODAY S FAST-GROWING THREATS

DDoS Introduction. We see things others can t. Pablo Grande.

WHITE PAPER Hybrid Approach to DDoS Mitigation

Beyond Blind Defense: Gaining Insights from Proactive App Sec

Shifting focus: Internet of Things (IoT) from the security manufacturer's perspective

A10 DDOS PROTECTION CLOUD

Think You re Safe from DDoS Attacks? As an AWS customer, you probably need more protection. Discover the vulnerabilities and how Neustar can help.

Why IPS Devices and Firewalls Fail to Stop DDoS Threats

Opportunities for Exploiting Social Awareness in Overlay Networks. Bruce Maggs Duke University Akamai Technologies

I D C T E C H N O L O G Y S P O T L I G H T

The Presence and Future of Web Attacks

DDoS Protector. Simon Yu Senior Security Consultant. Block Denial of Service attacks within seconds CISSP-ISSAP, MBCS, CEH

the Breakdown of Perimeter Defenses

INTRODUCTION. We would like to thank HelpSystems for supporting this unique research. We hope you will enjoy the report.

NINE MYTHS ABOUT. DDo S PROTECTION

Check Point DDoS Protector Introduction

Cybersecurity Survey Results

SUPERCHARGE YOUR DDoS PROTECTION STRATEGY

Corrigendum 3. Tender Number: 10/ dated

haltdos - Web Application Firewall

HOW TO HANDLE A RANSOM- DRIVEN DDOS ATTACK

VERISIGN DISTRIBUTED DENIAL OF SERVICE TRENDS REPORT

Internet2 DDoS Mitigation Update

The Next Cyber War Geo-Political Events And Cyber Attacks. Werner Thalmeier Director Security Solutions EMEA & CALA

WEBSCALE CONVERGED APPLICATION DELIVERY PLATFORM

TDC DoS Protection Service Description and Special Terms

STOPS CYBER ATTACKS BEFORE THEY STOP YOU. Prepare, recognize, and respond to today s attacks earlier with Verizon Security Solutions.

What s next for your data center? Power Your Evolution with Physical and Virtual ADCs. Jeppe Koefoed Wim Zandee Field sales, Nordics

Application Security. Rafal Chrusciel Senior Security Operations Analyst, F5 Networks

Skybox Security Vulnerability Management Survey 2012

IBM Security Network Protection Solutions

DDoS attack patterns across the APJ cloud market. Samuel Chen CCIE#9607 Enterprise Security Architect, Manager - APJ

IBM Security Systems. IBM X-Force 2012 & CISO Survey. Cyber Security Threat Landscape IBM Corporation IBM Corporation

How your network can take on the cloud and win. Think beyond traditional networking toward a secure digital perimeter

Securing Online Businesses Against SSL-based DDoS Attacks. Whitepaper

We b Ap p A t ac ks. U ser / Iden tity. P hysi ca l 11% Other (VPN, PoS,infra.)

9 STEPS FOR FIGHTING AGAINST DDOS ATTACKS IN REAL-TIME.

Comprehensive DDoS Attack Protection: Cloud-based, Enterprise Grade Mitigation F5 Silverline

Imma Chargin Mah Lazer

Global DDoS Measurements. Jose Nazario, Ph.D. NSF CyberTrust Workshop

What can we lose not implementing proper security in our IT environment? Aleksandar Pavlovic Security Account Manager Cisco

The DNS of Things. A. 2001:19b8:10 1:2::f5f5:1d Q. WHERE IS Peter Silva Sr. Technical Marketing

Corero & GTT DDoS Trends Report Q2 Q3 2017

THE BUSINESS CASE FOR OUTSIDE-IN DATA CENTER SECURITY

Imperva Incapsula Product Overview

Protect Against Evolving DDoS Threats: The Case for Hybrid

SCHEDULE DOCUMENT N4PROTECT DDOS SERVICE PUBLIC NODE4 LIMITED 28/07/2017

DDoS Mitigation & Case Study Ministry of Finance

IBM Cloud Internet Services: Optimizing security to protect your web applications

Check Point DDoS Protector Simple and Easy Mitigation

MOBILE SECURITY 2017 SPOTLIGHT REPORT. Information Security PRESENTED BY. Group Partner

Pushed to the Limit! Network and Application Security Threat Landscape January 2018

85% 89% 10/5/2018. Do You Have A Firewall Around Your Cloud? Conquering The Big Threats & Challenges

Transcription:

Cyber War Chronicles Stories from the Virtual Trenches Ron Winward Security Evangelist Radware, Inc. March 17, 2016

Background on the Radware Report Key Cyber Attack Trends for 2015-2016 Case Study: Look into two attacks

Background on the Radware Report 5th Installment of Radware s Global Application & Network Security Report Firsthand & statistical research coupled with front-line experience Identifies trends that can help educate the security community Provides a comprehensive review of 2015 cyber-attacks Covers business and a technical perspectives Gives best practice advice for organizations to consider when planning for 2016 3

Methodology & Sources 4

More Than Just Another Survey In Depth Technical Chapters Dynamic IP Addresses: attack tactics and protections Distinguishing Bots from Legitimate Users, Good from Bad Hacktivists: In Depth TTP Review Seven Prediction for 2016

Key Cyber-Security Trends for 2015-2016

Key Findings No One Immune Few Prepared Shifts in Motives and Impact Growing Need for Security Automation 7

Key Findings No One Immune Few Prepared Over 90% Experienced Attacks in 2015 Ring of Fire Increased Attacks on Education and Hosting Are You Ready? Preparedness for Cyber-Attacks Varies Protection Gaps Identified Across the Board 8

Over 90% Experienced Attacks in 2015 DDoS 51% Half of organizations experienced DDoS and Phishing attacks Phishing Worm and Virus Damage Unauthorized Access 34% 47% 50% Almost half had Worm and Virus Damage One in ten have not experienced any of the attacks mentioned Criminal SPAM Fraud Advanced Persistent Threat Theft of Prop. Info./Intellectual Capital Corporate/Geo-political Sabotage None of the above 7% 9% 15% 29% 25% 23% 0% 10% 20% 30% 40% 50% 60% Q: What type of attack have you experienced? 9

Increased Attacks on Education and Hosting Comparing to 2014 Most verticals stayed the same Education and Hosting increased likelihood Growing number of help me DDoS my school requests Motivations varies for Hosting - Some target end customers - Some target the hosting companies 2015 Change from 2014 10

Are You Ready? Preparedness for Cyber-Attacks Varies Unauthorized Access 17% 47% 29% 6% 2% Worm and Virus Damage 15% 48% 32% 4% 1% Criminal SPAM 15% 44% 33% 7% 2% DDoS Phishing Fraud Theft of Prop. Info./Intellectual Advanced Persistent Threat 20% 14% 14% 12% 9% 33% 33% 38% 38% 35% 41% 41% 30% 39% 36% 12% 7% 10% 12% 14% 3% 2% 2% 3% 3% Extremely well prepared Very well prepared Somewhat prepared Not very prepared Not prepared at all Corporate/Geo-political Sabotage 8% 29% 39% 20% 4% 0% 20% 40% 60% 80% 100% Q.9: In your opinion, how prepared is your organization to safeguard itself from the following cyber-attacks? 11

Are You Ready? Preparedness for Cyber-Attacks Varies Unauthorized Access 17% 47% 29% 6% 2% Worm and Virus Damage 15% 48% 32% 4% 1% Criminal SPAM 15% 44% 33% 7% 2% DDoS Phishing Fraud Theft of Prop. Info./Intellectual Advanced Persistent Threat 20% 14% 14% 12% 9% 33% 33% 38% 38% 35% 41% 41% 30% 39% 36% 12% 7% 10% 12% 14% 3% 2% 2% 3% 3% Extremely well prepared Very well prepared Somewhat prepared Not very prepared Not prepared at all Corporate/Geo-political Sabotage 8% 29% 39% 20% 4% 0% 20% 40% 60% 80% 100% 3 out of 5 respondents feel they are extremely/very well prepared to safeguard against Unauthorized Access and Worm and Virus Damage. Q: In your opinion, how prepared is your organization to safeguard itself from the following cyber-attacks? 12

Are You Ready? Preparedness for Cyber-Attacks Varies Unauthorized Access 17% 47% 29% 6% 2% Worm and Virus Damage 15% 48% 32% 4% 1% Criminal SPAM 15% 44% 33% 7% 2% DDoS Phishing Fraud Theft of Prop. Info./Intellectual Advanced Persistent Threat 20% 14% 14% 12% 9% 33% 33% 38% 38% 35% 41% 41% 30% 39% 36% 12% 7% 10% 12% 14% 3% 2% 2% 3% 3% Extremely well prepared Very well prepared Somewhat prepared Not very prepared Not prepared at all Corporate/Geo-political Sabotage 8% 29% 39% 20% 4% 0% 20% 40% 60% 80% 100% 3 out of 5 respondents are somewhat/not very prepared against APT and information theft Q: In your opinion, how prepared is your organization to safeguard itself from the following cyber-attacks? 13

Are You Ready? Preparedness for Cyber-Attacks Varies Unauthorized Access 17% 47% 29% 6% 2% Worm and Virus Damage 15% 48% 32% 4% 1% Criminal SPAM 15% 44% 33% 7% 2% DDoS Phishing Fraud Theft of Prop. Info./Intellectual Advanced Persistent Threat 20% 14% 14% 12% 9% 33% 33% 38% 38% 35% 41% 41% 30% 39% 36% 12% 7% 10% 12% 14% 3% 2% 2% 3% 3% Extremely well prepared Very well prepared Somewhat prepared Not very prepared Not prepared at all Corporate/Geo-political Sabotage 8% 29% 39% 20% 4% 0% 20% 40% 60% 80% 100% The results are split evenly between those that are prepared and not prepared to protect from DDoS attacks Q: In your opinion, how prepared is your organization to safeguard itself from the following cyber-attacks? 14

Protection Gaps - Across the Board A true protection gap for most organizations today Weaknesses spread evenly among all attack types 40% 20% 22% 19% 20% 21% 23% 26% 27% 33% Volumetric and HTTPS/SSL protection lead the gap 0% Q: Where, if at all, do you think you have a weakness against DDoS attacks? 15

Key Findings No One Immune Few Prepared Slowness Still Main Impact of Cyber Attacks DDoS Remains Biggest Threat of all Cyberattack Categories Increases in Ransom as a Motive for Cyber-attacks Tangible Concerns Expand Shifts in Motives and Impact Growing Need for Security Automation 16

Increase in Ransom as a Motive for Cyber-attacks Motivation behind cyber-attacks is still largely unknown More than 50% increase in ransom as a motivator for attackers One-third cited political/hacktivism About a quarter referenced competition, ransom, or angry users 70% 60% 50% 40% 30% 20% 10% 0% 34% 34% 27% 27% 25% 22% 25% 16% 69% 66% 2014 2015 Q.8: Which of the following motives are behind any cyber-attacks your organization experienced? 17

DDoS Continues to Lead as Biggest Threat DDoS attacks and unauthorized access the main causes which harm the organizations 60% 40% 20% 0% Q.10: In your opinion, which of the following cyber-attacks will cause your organization the most harm?

Slowness - Still the Main Impact Impact on systems was mostly slowness Outage not the impact in most cases only 16% of the cases About a third saw no impact on systems Numbers are consistent with past years Outage, 16% No impact, 37% Slowness, 46% Q: What are the three biggest cyber-attacks you have suffered: Affected System? 19

DDoS Failure Points within the Network Security Products Now Cause of 36% of Downtime Internet Pipe Saturation remains single greatest failure point Stateful Firewalls jump from 15% to 26% Last third take down targeted web/sql servers

Coordinated Technology for Multi-Vector Attacks Low & Slow DoS attacks (e.g.sockstress) Large volume network flood attacks Network Scan Syn Floods HTTP Floods SSL Floods Brute Force App Misuse Internet Pipe Firewall IPS/IDS Load Balancer/ADC Server Under Attack SQL Server Cloud DDoS protection DoS protection Behavioral analysis IPS WAF SSL protection 21

Key Findings No One Immune Few Prepared Today s existing solutions frequently are multi-vendor and manual Burst Attacks on the Rise Adoption of Hybrid Solutions Continues to Grow Beyond Network: Similar Frequency for Network & Application Attacks Shifts in Motives Growing Need for and Impact Security Automation 22

Existing Solutions Multiple and Manual Over 80% of solutions require a medium to high degree of manual tuning Less than 20% require a low degree and are considered mostly automatic Multiple solutions used by almost all (91%) Only 6% use only one solution against cyber-attacks Low degree, 17% Medium degree, 58% High degree, 24% Q: What degree of manual tuning or configuration does your current solution require? 23

Burst Attacks on the Rise More than half of the three biggest attacks experienced lasted 1 hour or less Significant increase from the 27% in 2014 Another indication of increased automated attacks 60% 40% 20% 0% 57% 36% 4% 2% 1% 1 hour or less 1 hour to 1 day 1 day to 1 week Over a week Constantly 2011 2012 2013 2014 2015 Q: What are the three biggest cyber-attacks you have suffered: Duration? 24

Adoption of Hybrid Solutions Continues to Grow Significant increase in current and planned adoptions of Hybrid 50% ~50% increase ~60% increase 41% are using a hybrid solution, double from the 21% in 2014 Another 44% are planning to adopt a hybrid solution, significant increase from 2014 25% 0% 21% 41% Currently using a hybrid solution 17% 44% Planning to adopt a hybrid solution 2014 2015 *Hybrid solutions combine an on-premise DDoS and any cloud-based solution (always-on cloud based service / on-demand cloud based service / CDN solution / ISP-based or clean link service).

Similar Frequency for Network and Application Attacks 100% Network Attacks Application Attacks 80% 60% 19% 22% 22% 43% 17% 20% 22% 23% 25% 17% 20% Rarely-Never 40% 42% 37% 38% 11% 41% 38% 38% 38% 34% 52% 41% Daily / Weekly / Monthly Don't know 20% 0% 21% 22% 24% 35% 23% 25% 23% 23% 25% 15% 24% 26

Case Studies

ProtonMail Ransom Attack Case In Nov 2015 experienced back-to-back attacks initiated through a ransom request. Swiss-based encrypted email service provider Over the course of 7-10 days, experienced multiple attack vectors at high volume Radware deployed emergency service a few days into the campaign and was able to mitigate the attacks 28

ProtonMail Attack Timeline Largest and most extensive cyberattack in Switzerland Nov. 3 2015 Nov. 4 2015 Nov. 5-7 2015 Nov. 8 2015 Nov. 9-15 2015 ProtonMail receives ransom email from The Armada Collective, followed by DDoS attack that took them offline for 15 mins Next DDoS attacks hits in the morning and by afternoon reached over 100G directly attacking the datacenter and ISP infrastructure ProtonMail under pressure decides to pay ransom but attacks continue from 2 nd source ProtonMail continues to suffer from ongoing high volume, complex attacks from a second, unknown source Radware s Emergency Response Team implements its attack mitigation solution to protect ProtonMail. Service is restored shortly after Attacks continue at high volume of 30-50G at peaks during these days. Attacks are mitigated successfully by Radware 29

ProtonMail Attack A Look Inside Persistent Denial of Service Attacks 60 50 40 30 20 10 0 ProtonMail Attack Volume, Mitigated by Radware Network Application UDP Flood DNS Reflection TCP RST Flood NTP Reflection TCP-SYN SSDP TCP Out-of-State HTTP/S SYN Flood SYN-ACK ICMP 30

Evolution of Attack Vectors by Day Nov 8 th Nov 9 th Nov 10 th Nov 11 th UDP flood SYN flood DDoS-NTP-reflection DDoS-DNS-reflection SYN-ACK Flood DDoS-TCP-urgent DDoS-TCP-zero-seq DDoS-chargenreflected events UDP Flood Reflective DNS TCP RST Flood ICMP Flood SYN Flood HTTPS SYN Flood HTTP UDP Flood SSDP & NTP Reflection ICMP Flood TCP SYN Flood TCP Out-of-State Flood UDP flood DDoS-SSL TCP Out-of-Stat DDoS-udpfragmented DDoS-NTP-reflection DDoS-DNS-reflection SYN-ACK Flood Minor ICMP flood/rst flood SYN flood 31

Leading US Airline Fingerprinting Case Sophisticated attacks - bad bots programmed to scrape certain flights, routes and classes of tickets. Bots acting as faux buyers continuously creating but never completing reservations on those tickets Airline unable to sell the seats to real customers Major US Airline Dynamic source-ip attacks so security protection could not differentiate between good and bad bots Chose Radware s WAF with fingerprinting technology to block dynamic IP attack 32

Looking Ahead

Summary: What Can You Do? Preparedness is Key. Multi-layered solutions are a Must. Services are Important. Bet on Automation. It has become necessary to fight automated threats with automation technology. Cover the Blind Spot. Choose a solution with the widest coverage to protect from multivector attacks. Multi Layered Solution. Look for a single vendor, hybrid solution that can protect networks and applications for a wide range of attacks, and includes DoS protection, behavioral analysis, IPS, encrypted attack protection and web application firewall (WAF). Protect from Encrypted Attacks. SSL-based DDoS mitigation solution deployments must not affect legitimate traffic performance. Single point of contact is crucial when under attack - it will help to divert internet traffic and deploy mitigation solutions. 34

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback