Its Not Just You! Your Site Looks Down

Its Not Just You! Your Site Looks Down

Its Not Just You! Your Site Looks Down From Here Latest Trends in Cyber Security Santo Hartono, ANZ Country Manager March 2014 Radware Global Network and Application Security Report Radwares ERT 2013 Cases Unique visibility into attacks behavior Attacks monitored in real-time on a daily basis

More than 300 cases analyzed Customers identity remains undisclosed Slide 3 The Threat Landscape DDoS is the most common attack method! Attacks last longer Government and Financial Services are the most attacked vectors

Multi-vector trend continues Slide 4 DDoS Attacks Results Public attention Results of one-second delay in Web page loading: 3.5% 2.1% 9.4% 8.3% decrease in conversion rate

decrease in shopping cart size decrease in page views increase in bounce rate Source: Strangeloop Networks, Case Study: The impact of HTML delay on mobile business metrics, November 2011 Slide 5 DDoS Attack Vectors SSL SSL Floods Floods HTTP HTTP Floods Floods

Large Large volume volume network network flood flood attacks attacks Syn Syn Floods Floods Connection Connection Floods Floods

Low Low & & Slow Slow DoS DoS attacks attacks (e.g.Sockstress) (e.g.Sockstress) App App Misuse Misuse Brute Brute Force Force

Network Network Scan Scan Internet Pipe Firewall IPS/IDS ADC Attacked Server SQL Server

Slide 6 2013 Attack Tools Trends Attack Vectors Used Slide 8 Reflective Amplification Attacks on the Rise Easier to create Based on UDP protocol Targeted protocols: DNS, NTP, SNMP UDP connectionless nature enables to spoof the IP Address

Key feature in creating reflective attack Obfuscates attacker real identity (IP address) Amplification affect: 8 650 times larger than originated message Slide 9 DNS Based Attacks

Most frequently used attack vector Amplification affect Regular DNS replies - a normal reply is 3-4 times larger than the request Researched replies can reach up to 10 times the original request Crafted replies attacker compromises a DNS server and ensures requests are answered with the maximum DNS reply message (4096 bytes) - amplification factor of up to 100 times Slide 10 Notable Amplification Attack: Spamhaus Nine day volumetric attack

First to break the ceiling of 100 Gbps Attack reached bandwidth of 300 Gbps Target: Anti-spam organization providing Internet service Internet Service Provider Attacker: CyberBunker and Sven Olaf Kamphuis Slide 11 Harder to Detect: Web Stealth Attacks

More than HTTP floods Dynamic IP addresses High distributed attack Attacks using Anonymizers / Proxy Attacks passing CDNs Attacks that are being obfuscated by SSL Attacks with the ability to pass C/R Attacks that use low-traffic volume but saturate servers resources Slide 12

Web Stealth Attacks Attacks Attacks on on Login Login Page Page are are Destructive Destructive Cause Cause aa DB DB search search Based Based on on SSL

SSL No No load-balancing load-balancing yet yet Slide 13 Implications of Login Page Attacks Slide 14 Login Page Attacks Over 40% of organizations have experienced Login Page Attack in 2013

Slide 15 Behind the Scenes of Notable Attacks: Operation Ababil Innocence of Muslims Movie July 12, 2012 Innocence of Muslims trailer released on YouTube September 11, 2012 World-wide protest against the movie resulting in the deaths of 50 people September 18, 2012 Operation Ababil begins Slide 17

Operation Ababil Background July 12, 2012 Innocence of Muslims trailer released on YouTube September 11, 2012 World-wide protest against the movie resulting in the deaths of 50 people Slide 18 Operation Ababil The The cyber cyber attack

attack isis an an act act to to stop stop the the movie movie Group Group name name isis Izz Izz ad-din ad-din Al Al Qassam

cyber fighters Qassam cyber fighters First First targets targets Bank Bank of of America America NYSE NYSE Slide 19 Operation Ababil Timeline

Slide 20 Operation Ababil Target Organizations Financial Service Providers Slide 21 Operation Ababil Attack Vectors Slide 22 Overcoming HTTP Challenges 302 Redirect Challenge

JS Challenge Special Challenge Kamikaze Pass Not pass Not pass Kamina Pass Not pass

Not pass Terminator Pass Pass Not pass KillemAll Pass Pass

Not pass Script Slide 23 Attackers Shorten Time to Bypass Mitigation Tools Peace Period Pre-attack Phase Post-attack Phase Pre-attack

Phase Post-attack Phase Slide 24 Fighting Cyber Attacks: Best Practices Building the Strategy DONT DONT assume

assume that that youre youre not not aa target target BUILD BUILD your your protection protection strategy strategy and and tactics tactics LEARN LEARN from from the the mistakes

mistakes of of others others Slide 26 Adding Tactics Dont Dont believe believe the the DDoS DDoS protection protection propaganda

propaganda Test Test instead instead Understand Understand the the limitations limitations of of cloud-based cloud-based scrubbing scrubbing solutions solutions Not Not all all networking networking and and security

security appliance appliance solutions solutions were were created created equal equal Slide 27 You Cant Defend Against Attacks You Cant Detect Encrypted Low & Slow Encrypted DoS Vulnerability CDN/Proxy/Anonymizer attacks Dynamic IP Directed Attacks Exploits

Scraping and Data Theft Ajax and API attacks on icati r l p p A e Serv t E nd Fron er Cent Data meter Peri

Slide 28 You Cant Defend Against Attacks You Cant Detect Network DDoS SYN Floods HTTP Floods on icati r l p p A e Serv

t E nd Fron er Cent Data meter Peri d Clou g bbin Scru Slide 29 Thank You

Recently Viewed Presentations

  • 'The Farmer's Bride' - WordPress.com

    'The Farmer's Bride' - WordPress.com

    Arial MS Pゴシック Times New Roman Wingdings Georgia Refined 1_Refined 'The Farmer's Bride' Consider ORDERLESS Title Speaker and Voice Characterising the relationship Language Rhyme and Rhythm Form 'Sister Maude' Title Slide 11 Language Ballad Form - does the poem do...
  • Example of a simple learning model - TNU

    Example of a simple learning model - TNU

    Zurich SPM Course. February 14, 2014. ChristophMathys. What the brain is about. What do our imaging methods measure? Brain activity. But when does the brain become active? When predictions have to be adjusted. So where do the brain's predictions come...
  • Vehicle Requirements - Drive Smart Teen and Adult Driving School

    Vehicle Requirements - Drive Smart Teen and Adult Driving School

    The Highway Transportation System (HTS) A highway is a main road for travel by the public between important destinations, such as cities, large towns, ... and driving safety concluded that, after controlling for driving difficulty and time on task, drivers...
  • Use the Table of Integrals to evaluate the integral. {image ...

    Use the Table of Integrals to evaluate the integral. {image ...

    The choices are rounded to the nearest thousandth. Use the Table of Integrals to evaluate the integral. {image} Use the Table of Integrals to evaluate the integral. {image} Use a computer algebra system to evaluate the integral. {image} Choose the...
  • Fundamentals of the Use of Performance Reference Compounds

    Fundamentals of the Use of Performance Reference Compounds

    The "standard design" consists of a specified length (e.g., 91.4 cm between the inner welds in the low density polyethylene [LDPE] for 1 mL of triolein) of additive free, 2.5 cm wide layflat LDPE tubing. The LDPE wall thickness ranges...
  • 1èrePARTIE: ORGANISATION DES EXAMENS

    1èrePARTIE: ORGANISATION DES EXAMENS

    Implication personnelle dans le développement du judo jujitsu justifiée par le candidat par attestation délivrée par le CORG et attestant d'au moins un titre ou une fonction depuis son dernier grade parmi : - Enseignant en exercice, - Commissaire sportif...
  • Introduction to the Careers and Employability Service

    Introduction to the Careers and Employability Service

    Get involved and get rewarded with Employability Points. Other ways to develop employability skills. ... The Careers and Employability Service - how we can help you. Careers Talks and Workshops. Careers Resources Room. Comprehensive website.
  • Kick-Off

    Kick-Off

    Startade 1994 30 konsulter Kontor i Göteborg, Stockholm Lean Forum Kamilla Kohn Rådberg [email protected] * * Overproduction is seen as one of the worst categories of waste and can contribute to the other areas of waste.