1 / 30

It’s Not Just You! Your Site Looks Down From Here

Latest Trends in Cyber Security. It’s Not Just You! Your Site Looks Down From Here. Santo Hartono, ANZ Country Manager. March 2014. Radware Global Network and Application Security Report. Radware’s ERT 2013 Cases Unique visibility into attacks behavior

zenda
Télécharger la présentation

It’s Not Just You! Your Site Looks Down From Here

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Latest Trends in Cyber Security It’s Not Just You! Your Site Looks Down From Here Santo Hartono, ANZ Country Manager March 2014

  2. Radware Global Network and Application Security Report

  3. Radware’s ERT 2013 Cases • Unique visibility into attacks behavior • Attacks monitored in real-time on a daily basis • More than 300 cases analyzed • Customers identity remains undisclosed

  4. The Threat Landscape DDoS is the most common attack method! Attacks last longer Government and Financial Servicesare the most attacked vectors Multi-vector trend continues

  5. DDoS Attacks Results Public attention Results of one-second delay in Web page loading: 3.5% decrease in conversion rate 2.1% decrease in shopping cart size 9.4% decrease in page views 8.3% increase in bounce rate Source: Strangeloop Networks, Case Study:The impact of HTML delay on mobile business metrics, November 2011

  6. DDoS Attack Vectors SSL Floods Internet Pipe Firewall IPS/IDS ADC Attacked Server SQL Server HTTP Floods App Misuse “Low & Slow” DoS attacks (e.g.Sockstress) Large volume network flood attacks Connection Floods Syn Floods Brute Force Network Scan

  7. 2013 Attack Tools Trends

  8. Attack Vectors Used

  9. Reflective Amplification Attacks on the Rise • Easier to create • Based on UDP protocol • Targeted protocols: DNS, NTP, SNMP • UDP connectionless nature enables to spoof the IP Address • Key feature in creating reflective attack • Obfuscates attacker real identity (IP address) • Amplification affect: 8 – 650 times larger than originated message

  10. DNS Based Attacks • Most frequently used attack vector • Amplification affect • Regular DNS replies - a normal reply is 3-4 times larger than the request • Researched replies – can reach up to 10 times the original request • Crafted replies – attacker compromises a DNS server and ensures requests are answered with the maximum DNS reply message (4096 bytes) - amplification factor of up to 100 times

  11. Notable Amplification Attack: Spamhaus • Nine day volumetric attack • First to break the ceiling of 100 Gbps • Attack reached bandwidth of 300 Gbps • Target: Anti-spam organization providing Internet service • Attacker: CyberBunker and Sven Olaf Kamphuis Internet Service Provider

  12. Harder to Detect: Web Stealth Attacks • More than HTTP floods • Dynamic IP addresses • High distributed attack • Attacks using Anonymizers / Proxy • Attacks passing CDNs • Attacks that are being obfuscated by SSL • Attacks with the ability to pass C/R • Attacks that use low-traffic volume but saturate servers’ resources

  13. Web Stealth Attacks • Attacks on Login Page are Destructive • Cause a DB search • Based on SSL • No load-balancing yet

  14. Implications of Login Page Attacks

  15. Login Page Attacks Over 40% of organizations have experienced Login Page Attack in 2013

  16. Behind the Scenes of Notable Attacks: Operation Ababil

  17. “Innocence of Muslims” Movie July 12, 2012 “Innocence of Muslims” trailer released on YouTube September 11, 2012 World-wide protest against the movie resulting in the deaths of 50 people September 18, 2012 Operation Ababil begins

  18. Operation Ababil Background July 12, 2012 “Innocence of Muslims” trailer released on YouTube September 11, 2012 World-wide protest against the movie resulting in the deaths of 50 people

  19. Operation Ababil Group name is “Izzad-din Al Qassamcyber fighters” The cyber attack is an act to stop the movie First targets Bank of America NYSE

  20. Operation Ababil Timeline

  21. Operation Ababil Target Organizations Financial Service Providers

  22. Operation Ababil Attack Vectors

  23. Overcoming HTTP Challenges

  24. Attackers Shorten Time to Bypass Mitigation Tools “Peace” Period Pre-attackPhase Post-attackPhase Pre-attackPhase Post-attackPhase

  25. Fighting Cyber Attacks: Best Practices

  26. Building the Strategy • DON’T assume that you’re not a target • BUILD your protection strategy and tactics • LEARN from the mistakes of others

  27. Adding Tactics • Don’t believe the DDoS protection propaganda – Test instead • Understand the limitations of cloud-based scrubbing solutions • Not all networking and security appliance solutions were created equal

  28. You Can’t Defend Against Attacks You Can’t Detect • Encrypted Low & Slow • Encrypted DoS Vulnerability • CDN/Proxy/Anonymizer attacks • Dynamic IP • Directed Attacks – Exploits • Scraping and Data Theft • Ajax and API attacks Application Server Front End Data Center Perimeter

  29. You Can’t Defend Against Attacks You Can’t Detect • Network DDoS • SYN Floods • HTTP Floods Application Server Front End Data Center Perimeter Cloud Scrubbing

  30. Thank You

More Related