SlideShare uma empresa Scribd logo

Robin Hoods And Criminals

Ziv Ichilov
Ziv Ichilov

April 2012 - DoS, DDoS, Cyber Crime and What can be done.

1 de 30
Cyber Security Robin Hoods and Criminals Ziv Ichilov DefensePro Product Manager, Radware ICTExpo Helsinki, April 2012
Breaking News Anonymous has taken down the following this week • Central Intelligence Agency (CIA) • Department of Justice (DOJ) • Federal Bureau of Investigation (FBI) • National Aeronautics and Space Administration (NASA) • Secret Intelligence Service (MI6) 2
AGEND DoS – What is it about? 2011 DoS Attacks Robin Hoods or Criminals Protect Yourself – What is Missing? Radware Attack Mitigation System
AGENDA DoS – What is it about? 2011 DoS Attacks Robin Hoods or Criminals Protect Yourself – What is Missing? Radware Attack Mitigation System
DoS – Originators and Goals • Hacktivisim – Gain Public Attention • Protestors • Cyber Crime – Extortion • Criminals – Business Affairs • Competition – Data Theft • DoS for Covering Surreptitious Attacks (criminals) • Cyber War – Country Level Attacks – Business / Military Intelligence – “Real” Critical Infrastructure Paralysis 5
DoS – Digital Sit-in or Crime • Protest – Digital Sit-in “A sit-in or sit-down is a form of direct action that involves one or more persons nonviolently occupying an area for a protest, often to promote political, social, or economic change.” Wikipedia “There’s no such thing as a DDoS attack. A DDoS is a protest, it’s a digital sit-it. It is no different than physically occupying a space. It’s not a crime, it’s speech. Nothing was malicious, there was no malware, no Trojans. This was merely a digital sit-in. It is no different from occupying the Woolworth’s lunch counter in the civil rights era” Jay Leiderman (sept 2011, TPM) 6
DoS – How does it Look • Simple Way – Excessive or specially crafted traffic causing network/server/application resources misuse, thus preventing legitimate traffic to reach its destination and limits the service providing, generated by tools, humans or both. Can be based on Volume / Rate / Vulnerability Exploitation • Detailed – Layer 3 Floods – targeting the network equipment, and the actual pipe capacity – Layer 4 Floods – targeting the servers (physical or virtual), their stack resources – Layer 7 Floods – targeting real applications and services 7
DoS – Effects • Direct Effects – Embarrassing nuisance and inconvenience – Revenue and reputation loss • Side Effect – Immediate Data Loss – Penetration to the Organization • Long Term Effect – Infection – Involuntary Be Harness to Future Attacks 8
AGENDA DoS – What is it about? 2011 DoS Attacks Robin Hoods or Criminals Protect Yourself – What is Missing? Radware Attack Mitigation System
Size does not matter! – Most organization may never experience an intense attack – Less intensive application attacks can cause more damage than network attacks The impact of application flood attacks are much more severe than network flood attacks 76 percent of the attacks surveyed were under 1Gbps 76% of attacks are below 1Gbps 10
Network Attacks and Application Attacks Coexist 11
Which Elements Are Bottlenecks For DDoS? Internet link Stateful devices are is saturated vulnerable to DDoS (27% of the (36% of the attacks) attacks) 12
More Organization Are Threatened by DoS 13
Anonymous Attacks Grow 14
AGENDA DoS – What is it about? 2011 DoS Attacks Robin Hoods or Criminals Protect Yourself – What is Missing? Radware Attack Mitigation System
Robin Hoods or Criminals? • SONY Example – Massive DoS attack taking down the PlayStation network for hours – Initiated after filing a sue against hacker who broke PS3 protection mechanism – During attack CC data of millions of users was stolen – Anonymous involvement was partially denied 16
Robin Hoods or Criminals? • Sic Semper Tyrannis – Long campaign against the Vatican web infrastructure – Started with a failed attempt to hack Vatican systems and databases – Continued as a massive DoS attack lasting for days, in repeating waves 17
Robin Hoods or Criminals? • Russian Presidential Elections – During elections time in Russia, first Duma and then for Presidency ... – DDoS attacks on protestors blogs, parties websites, reporting websites etc. ““It can’t be long before we observe a DDoS attack between two political parties based on one and the same botnet.” Eugene Kaspersky (blog) 18
Robin Hoods or Criminals? • The Israeli Case January 3rd Saudi hacker 0xOmar leaks tens of thousands Israeli credit card numbers and other personal sensitive information. January 16th 0xOmar and the Pro-Palestinian “Nightmare” hacker group sends an email to the Jerusalem Post, threatening to attack EL-AL website. EL-AL, Tel-Aviv Stock Exchange, First International Bank of Israel and Discount Bank websites are attacked and are unavailable for hours. January 17th Israeli hacker group “IDF-Team” retaliates by attacking Saudi and UAE’s Stock Exchanges websites January 18th More Israeli websites targeted: Bank of Israel website under attack 19
Robin Hoods or Criminals? • The Israeli Case In the following weeks, dozens of Israeli web sites were attacked by Pro-Palestinian hacker groups A Cyber War emerged 20
Robin Hoods or Criminals? "One man's terrorist is another man's freedom fighter." ? • DoS activity is considered today as illegal activity in most of the world • DoS attacks are used for launching surreptitious attack • Well known examples for criminal hacktivism 21
AGENDA DoS – What is it about? 2011 DoS Attacks Robin Hoods or Criminals Protect Yourself – What is Missing? Radware Attack Mitigation System
What is Missing What We Have? • Most of DDoS/DoS Attack Types are Known – Network floods, SYN floods, GET floods, Invite floods, etc. • Protection Methodologies are Known – Rate limit, Black list/haul, Authentication (Challenge), Behavioral Analysis, etc. • High Performance Mitigation Devices Exist 23
What is Missing What is Missing? • Intelligence – In detection – application data consideration – In identification of attackers – smart algorithms and authentication methods – In mitigation – real-time dynamic filtering • Capabilities – Dealing with new challenges – further analysis, secured traffic, etc. – Experienced Human Touch – for visibility and expertise • Cooperation – On premises always-on immediate detection (including layer 7) – In-the-Cloud detection & mitigation for high rate attacks (link saturation) – More than Anti-DoS protection devices – WAF/NG-FW/IPS/Etc. 24
What is Missing? – Exmaple Israel Attacks Example – Attackers Distribution • Usage of bots reduces Geo-IP importance d 25
DDoS Attack Tools Become Prevalent Public Attacks LOIC Mobile LOIC webLOIC Inner Circle Attacks Network Application Low & Slow Vulnerability based Flood UDP floods Dynamic HTTP floods Slowloris Intrusion attempts SYN floods HTTPS floods Pyloris SQL Injections Fragmented floods R.U.D.Y #RefRef FIN+ACK floods XerXes 26
Attack Mitigation System
Radware Attack Mitigation System (AMS) 31
Radware end-to-end mitigation solution On-premises protection against: • Application DDoS attacks • SSL based attacks Internet • Low & Slow attacks SSL attacks ISP Core Network Protection NBA Anti-DoS IPS In-the-cloud Anti-DoS Service Attack Mitigation System Anti-DoS Attack Mitigation System In-the cloud protection against: Customer site • Volumetric bandwidth attacks 32
Thank you Ziv Ichilov zivi@radware.com DefensePro Product Manager, Radware

Recomendados

Cyber war or business as usual
Cyber war or business as usualCyber war or business as usual
Cyber war or business as usual
EnclaveSecurity
 
Profile Of The Worlds Top Hackers Webinar Slides 063009
Profile Of The Worlds Top Hackers Webinar Slides 063009Profile Of The Worlds Top Hackers Webinar Slides 063009
Profile Of The Worlds Top Hackers Webinar Slides 063009
Lumension
 
About cyber war
About cyber warAbout cyber war
About cyber war
eugenvaleriu
 
DSS ITSEC Conference 2012 - Radware - Protection from SSL DDOS Attacks
DSS ITSEC Conference 2012 - Radware - Protection from SSL DDOS AttacksDSS ITSEC Conference 2012 - Radware - Protection from SSL DDOS Attacks
DSS ITSEC Conference 2012 - Radware - Protection from SSL DDOS Attacks
Andris Soroka
 
Anatomy of an Attack
Anatomy of an AttackAnatomy of an Attack
Anatomy of an Attack
spoofyroot
 
Information_Security_Class
Information_Security_ClassInformation_Security_Class
Information_Security_Class
Dr. Robert L. Straitt
 
The Endless Wave of Online Threats - Protecting our Community
The Endless Wave of Online Threats - Protecting our CommunityThe Endless Wave of Online Threats - Protecting our Community
The Endless Wave of Online Threats - Protecting our Community
AVG Technologies AU
 
Cyber warfare Threat to Cyber Security by Prashant Mali
Cyber warfare Threat to Cyber Security by Prashant MaliCyber warfare Threat to Cyber Security by Prashant Mali
Cyber warfare Threat to Cyber Security by Prashant Mali
Adv Prashant Mali
 

Recomendados

Cyber war or business as usual
Cyber war or business as usualCyber war or business as usual
Cyber war or business as usual
EnclaveSecurity
 
Profile Of The Worlds Top Hackers Webinar Slides 063009
Profile Of The Worlds Top Hackers Webinar Slides 063009Profile Of The Worlds Top Hackers Webinar Slides 063009
Profile Of The Worlds Top Hackers Webinar Slides 063009
Lumension
 
About cyber war
About cyber warAbout cyber war
About cyber war
eugenvaleriu
 
DSS ITSEC Conference 2012 - Radware - Protection from SSL DDOS Attacks
DSS ITSEC Conference 2012 - Radware - Protection from SSL DDOS AttacksDSS ITSEC Conference 2012 - Radware - Protection from SSL DDOS Attacks
DSS ITSEC Conference 2012 - Radware - Protection from SSL DDOS Attacks
Andris Soroka
 
Anatomy of an Attack
Anatomy of an AttackAnatomy of an Attack
Anatomy of an Attack
spoofyroot
 
Information_Security_Class
Information_Security_ClassInformation_Security_Class
Information_Security_Class
Dr. Robert L. Straitt
 
The Endless Wave of Online Threats - Protecting our Community
The Endless Wave of Online Threats - Protecting our CommunityThe Endless Wave of Online Threats - Protecting our Community
The Endless Wave of Online Threats - Protecting our Community
AVG Technologies AU
 
Cyber warfare Threat to Cyber Security by Prashant Mali
Cyber warfare Threat to Cyber Security by Prashant MaliCyber warfare Threat to Cyber Security by Prashant Mali
Cyber warfare Threat to Cyber Security by Prashant Mali
Adv Prashant Mali
 
Cyber war
Cyber warCyber war
Cyber war
Praveen
 
Cyber Warfare vs. Hacking (in English)
Cyber Warfare vs. Hacking (in English)Cyber Warfare vs. Hacking (in English)
Cyber Warfare vs. Hacking (in English)
Digicomp Academy AG
 
Cybersecurity Awareness- Libya' 1st Cybersecurity Days Conference (CDC)
Cybersecurity Awareness- Libya' 1st Cybersecurity Days Conference (CDC)Cybersecurity Awareness- Libya' 1st Cybersecurity Days Conference (CDC)
Cybersecurity Awareness- Libya' 1st Cybersecurity Days Conference (CDC)
Esam Abulkhirat
 
In the Line of Fire - The Morphology of Cyber-Attacks
In the Line of Fire - The Morphology of Cyber-AttacksIn the Line of Fire - The Morphology of Cyber-Attacks
In the Line of Fire - The Morphology of Cyber-Attacks
Radware
 
Tierpoint webinar: Multi-vector DDoS attacks: detection and mitigation_Jan2016
Tierpoint webinar: Multi-vector DDoS attacks: detection and mitigation_Jan2016Tierpoint webinar: Multi-vector DDoS attacks: detection and mitigation_Jan2016
Tierpoint webinar: Multi-vector DDoS attacks: detection and mitigation_Jan2016
TierPoint
 
GTB Data Loss Prevention
GTB Data Loss PreventionGTB Data Loss Prevention
GTB Data Loss Prevention
refaeli
 
Cyber warfare ss
Cyber warfare ssCyber warfare ss
Cyber warfare ss
Maira Asif
 
2012 Global Application and Network Security Report
2012 Global Application and Network Security Report2012 Global Application and Network Security Report
2012 Global Application and Network Security Report
Radware
 
Sovereignty in Cyberspace
Sovereignty in CyberspaceSovereignty in Cyberspace
Sovereignty in Cyberspace
Directorate of Information Security | Ditjen Aptika
 
Cyberwarfare
CyberwarfareCyberwarfare
Cyberwarfare
Space Defense Newsletter
 
Cyber state
Cyber stateCyber state
Cyber state
Iftach Ian Amit
 
In the Line of Fire-the Morphology of Cyber Attacks
In the Line of Fire-the Morphology of Cyber AttacksIn the Line of Fire-the Morphology of Cyber Attacks
In the Line of Fire-the Morphology of Cyber Attacks
Radware
 
Cyber Warfare -
Cyber Warfare -Cyber Warfare -
Cyber Warfare -
ideaflashed
 
Cyber crimeppt1-1209117277348428-8
Cyber crimeppt1-1209117277348428-8Cyber crimeppt1-1209117277348428-8
Cyber crimeppt1-1209117277348428-8
Ajeet Choudhary
 
Security Lifecycle Management Process
Security Lifecycle Management ProcessSecurity Lifecycle Management Process
Security Lifecycle Management Process
Bill Ross
 
Cyber crime
Cyber crimeCyber crime
Cyber crime
Vaughan Olufemi ACIB, AICEN, ANIM
 
Public Private Partnership - Combating CyberCrime
Public Private Partnership - Combating CyberCrime Public Private Partnership - Combating CyberCrime
Public Private Partnership - Combating CyberCrime
c0c0n - International Cyber Security and Policing Conference
 
Apresentação Allen ES
Apresentação Allen ESApresentação Allen ES
Apresentação Allen ES
Allen Informática
 
Computer Security Cyber Security DOS_DDOS Attacks By: Professor Lili Saghafi
Computer Security Cyber Security DOS_DDOS Attacks By: Professor Lili SaghafiComputer Security Cyber Security DOS_DDOS Attacks By: Professor Lili Saghafi
Computer Security Cyber Security DOS_DDOS Attacks By: Professor Lili Saghafi
Professor Lili Saghafi
 
The Art of Cyber War [From Black Hat Brazil 2014]
The Art of Cyber War [From Black Hat Brazil 2014]The Art of Cyber War [From Black Hat Brazil 2014]
The Art of Cyber War [From Black Hat Brazil 2014]
Radware
 
Kaseya Connect 2012 – A Kaspersky Researcher Perspective
Kaseya Connect 2012 – A Kaspersky Researcher PerspectiveKaseya Connect 2012 – A Kaspersky Researcher Perspective
Kaseya Connect 2012 – A Kaspersky Researcher Perspective
Kaseya
 
DDoS Attack PPT by Nitin Bisht
DDoS Attack PPT by Nitin BishtDDoS Attack PPT by Nitin Bisht
DDoS Attack PPT by Nitin Bisht
Nitin Bisht
 

Mais conteúdo relacionado

Mais procurados

Cyber crimeppt1-1209117277348428-8
Cyber crimeppt1-1209117277348428-8Cyber crimeppt1-1209117277348428-8
Cyber crimeppt1-1209117277348428-8
Ajeet Choudhary
 

Mais procurados (17)

Cyber war
Cyber warCyber war
Cyber war
 
Cyber Warfare vs. Hacking (in English)
Cyber Warfare vs. Hacking (in English)Cyber Warfare vs. Hacking (in English)
Cyber Warfare vs. Hacking (in English)
 
Cybersecurity Awareness- Libya' 1st Cybersecurity Days Conference (CDC)
Cybersecurity Awareness- Libya' 1st Cybersecurity Days Conference (CDC)Cybersecurity Awareness- Libya' 1st Cybersecurity Days Conference (CDC)
Cybersecurity Awareness- Libya' 1st Cybersecurity Days Conference (CDC)
 
In the Line of Fire - The Morphology of Cyber-Attacks
In the Line of Fire - The Morphology of Cyber-AttacksIn the Line of Fire - The Morphology of Cyber-Attacks
In the Line of Fire - The Morphology of Cyber-Attacks
 
Tierpoint webinar: Multi-vector DDoS attacks: detection and mitigation_Jan2016
Tierpoint webinar: Multi-vector DDoS attacks: detection and mitigation_Jan2016Tierpoint webinar: Multi-vector DDoS attacks: detection and mitigation_Jan2016
Tierpoint webinar: Multi-vector DDoS attacks: detection and mitigation_Jan2016
 
GTB Data Loss Prevention
GTB Data Loss PreventionGTB Data Loss Prevention
GTB Data Loss Prevention
 
Cyber warfare ss
Cyber warfare ssCyber warfare ss
Cyber warfare ss
 
2012 Global Application and Network Security Report
2012 Global Application and Network Security Report2012 Global Application and Network Security Report
2012 Global Application and Network Security Report
 
Sovereignty in Cyberspace
Sovereignty in CyberspaceSovereignty in Cyberspace
Sovereignty in Cyberspace
 
Cyberwarfare
CyberwarfareCyberwarfare
Cyberwarfare
 
Cyber state
Cyber stateCyber state
Cyber state
 
In the Line of Fire-the Morphology of Cyber Attacks
In the Line of Fire-the Morphology of Cyber AttacksIn the Line of Fire-the Morphology of Cyber Attacks
In the Line of Fire-the Morphology of Cyber Attacks
 
Cyber Warfare -
Cyber Warfare -Cyber Warfare -
Cyber Warfare -
 
Cyber crimeppt1-1209117277348428-8
Cyber crimeppt1-1209117277348428-8Cyber crimeppt1-1209117277348428-8
Cyber crimeppt1-1209117277348428-8
 
Security Lifecycle Management Process
Security Lifecycle Management ProcessSecurity Lifecycle Management Process
Security Lifecycle Management Process
 
Cyber crime
Cyber crimeCyber crime
Cyber crime
 
Public Private Partnership - Combating CyberCrime
Public Private Partnership - Combating CyberCrime Public Private Partnership - Combating CyberCrime
Public Private Partnership - Combating CyberCrime
 

Semelhante a Robin Hoods And Criminals

The Art of Cyber War [From Black Hat Brazil 2014]
The Art of Cyber War [From Black Hat Brazil 2014]The Art of Cyber War [From Black Hat Brazil 2014]
The Art of Cyber War [From Black Hat Brazil 2014]
Radware
 
7 mike-steenberg-carlos-lopera-us-bank
7 mike-steenberg-carlos-lopera-us-bank7 mike-steenberg-carlos-lopera-us-bank
7 mike-steenberg-carlos-lopera-us-bank
shreemala1
 
The Art of Cyber War: Cyber Security Strategies in a Rapidly Evolving Theatre
The Art of Cyber War: Cyber Security Strategies in a Rapidly Evolving TheatreThe Art of Cyber War: Cyber Security Strategies in a Rapidly Evolving Theatre
The Art of Cyber War: Cyber Security Strategies in a Rapidly Evolving Theatre
Radware
 
Raimund genes from traditional malware to targeted attacks
Raimund genes from traditional malware to targeted attacksRaimund genes from traditional malware to targeted attacks
Raimund genes from traditional malware to targeted attacks
Graeme Wood
 
Asal and Rethemeyer - Cyber Cafe
Asal and Rethemeyer - Cyber CafeAsal and Rethemeyer - Cyber Cafe
Asal and Rethemeyer - Cyber Cafe
Amy Lenzo
 

Semelhante a Robin Hoods And Criminals (20)

Apresentação Allen ES
Apresentação Allen ESApresentação Allen ES
Apresentação Allen ES
 
Computer Security Cyber Security DOS_DDOS Attacks By: Professor Lili Saghafi
Computer Security Cyber Security DOS_DDOS Attacks By: Professor Lili SaghafiComputer Security Cyber Security DOS_DDOS Attacks By: Professor Lili Saghafi
Computer Security Cyber Security DOS_DDOS Attacks By: Professor Lili Saghafi
 
The Art of Cyber War [From Black Hat Brazil 2014]
The Art of Cyber War [From Black Hat Brazil 2014]The Art of Cyber War [From Black Hat Brazil 2014]
The Art of Cyber War [From Black Hat Brazil 2014]
 
Kaseya Connect 2012 – A Kaspersky Researcher Perspective
Kaseya Connect 2012 – A Kaspersky Researcher PerspectiveKaseya Connect 2012 – A Kaspersky Researcher Perspective
Kaseya Connect 2012 – A Kaspersky Researcher Perspective
 
DDoS Attack PPT by Nitin Bisht
DDoS Attack PPT by Nitin BishtDDoS Attack PPT by Nitin Bisht
DDoS Attack PPT by Nitin Bisht
 
nitinbisht-170409175645 (2).pdf
nitinbisht-170409175645 (2).pdfnitinbisht-170409175645 (2).pdf
nitinbisht-170409175645 (2).pdf
 
7 mike-steenberg-carlos-lopera-us-bank
7 mike-steenberg-carlos-lopera-us-bank7 mike-steenberg-carlos-lopera-us-bank
7 mike-steenberg-carlos-lopera-us-bank
 
DDoS Explained
DDoS ExplainedDDoS Explained
DDoS Explained
 
DDoS.pptx
DDoS.pptxDDoS.pptx
DDoS.pptx
 
Network Security - Luxury or Must Have?
Network Security - Luxury or Must Have? Network Security - Luxury or Must Have?
Network Security - Luxury or Must Have?
 
DNS Cybersecurity in 2012-2015
DNS Cybersecurity in 2012-2015DNS Cybersecurity in 2012-2015
DNS Cybersecurity in 2012-2015
 
The Art of Cyber War: Cyber Security Strategies in a Rapidly Evolving Theatre
The Art of Cyber War: Cyber Security Strategies in a Rapidly Evolving TheatreThe Art of Cyber War: Cyber Security Strategies in a Rapidly Evolving Theatre
The Art of Cyber War: Cyber Security Strategies in a Rapidly Evolving Theatre
 
Dos n d dos
Dos n d dosDos n d dos
Dos n d dos
 
The Anatomy of an Anonymous Attack
The Anatomy of an Anonymous AttackThe Anatomy of an Anonymous Attack
The Anatomy of an Anonymous Attack
 
Aleksei zaitchenkov slides about DOS Attacks
Aleksei zaitchenkov slides about DOS AttacksAleksei zaitchenkov slides about DOS Attacks
Aleksei zaitchenkov slides about DOS Attacks
 
Nominum 2016 Fall Data Revelations Security Report
Nominum 2016 Fall Data Revelations Security ReportNominum 2016 Fall Data Revelations Security Report
Nominum 2016 Fall Data Revelations Security Report
 
Nominum Data Science Security Report, Fall 2016
Nominum Data Science Security Report, Fall 2016Nominum Data Science Security Report, Fall 2016
Nominum Data Science Security Report, Fall 2016
 
Raimund genes from traditional malware to targeted attacks
Raimund genes from traditional malware to targeted attacksRaimund genes from traditional malware to targeted attacks
Raimund genes from traditional malware to targeted attacks
 
Asal and Rethemeyer - Cyber Cafe
Asal and Rethemeyer - Cyber CafeAsal and Rethemeyer - Cyber Cafe
Asal and Rethemeyer - Cyber Cafe
 
Ddos extortion campaigns
Ddos extortion campaignsDdos extortion campaigns
Ddos extortion campaigns
 

Robin Hoods And Criminals

  • 1. Cyber Security Robin Hoods and Criminals Ziv Ichilov DefensePro Product Manager, Radware ICTExpo Helsinki, April 2012
  • 2. Breaking News Anonymous has taken down the following this week • Central Intelligence Agency (CIA) • Department of Justice (DOJ) • Federal Bureau of Investigation (FBI) • National Aeronautics and Space Administration (NASA) • Secret Intelligence Service (MI6) 2
  • 3. AGEND DoS – What is it about? 2011 DoS Attacks Robin Hoods or Criminals Protect Yourself – What is Missing? Radware Attack Mitigation System
  • 4. AGENDA DoS – What is it about? 2011 DoS Attacks Robin Hoods or Criminals Protect Yourself – What is Missing? Radware Attack Mitigation System
  • 5. DoS – Originators and Goals • Hacktivisim – Gain Public Attention • Protestors • Cyber Crime – Extortion • Criminals – Business Affairs • Competition – Data Theft • DoS for Covering Surreptitious Attacks (criminals) • Cyber War – Country Level Attacks – Business / Military Intelligence – “Real” Critical Infrastructure Paralysis 5
  • 6. DoS – Digital Sit-in or Crime • Protest – Digital Sit-in “A sit-in or sit-down is a form of direct action that involves one or more persons nonviolently occupying an area for a protest, often to promote political, social, or economic change.” Wikipedia “There’s no such thing as a DDoS attack. A DDoS is a protest, it’s a digital sit-it. It is no different than physically occupying a space. It’s not a crime, it’s speech. Nothing was malicious, there was no malware, no Trojans. This was merely a digital sit-in. It is no different from occupying the Woolworth’s lunch counter in the civil rights era” Jay Leiderman (sept 2011, TPM) 6
  • 7. DoS – How does it Look • Simple Way – Excessive or specially crafted traffic causing network/server/application resources misuse, thus preventing legitimate traffic to reach its destination and limits the service providing, generated by tools, humans or both. Can be based on Volume / Rate / Vulnerability Exploitation • Detailed – Layer 3 Floods – targeting the network equipment, and the actual pipe capacity – Layer 4 Floods – targeting the servers (physical or virtual), their stack resources – Layer 7 Floods – targeting real applications and services 7
  • 8. DoS – Effects • Direct Effects – Embarrassing nuisance and inconvenience – Revenue and reputation loss • Side Effect – Immediate Data Loss – Penetration to the Organization • Long Term Effect – Infection – Involuntary Be Harness to Future Attacks 8
  • 9. AGENDA DoS – What is it about? 2011 DoS Attacks Robin Hoods or Criminals Protect Yourself – What is Missing? Radware Attack Mitigation System
  • 10. Size does not matter! – Most organization may never experience an intense attack – Less intensive application attacks can cause more damage than network attacks The impact of application flood attacks are much more severe than network flood attacks 76 percent of the attacks surveyed were under 1Gbps 76% of attacks are below 1Gbps 10
  • 11. Network Attacks and Application Attacks Coexist 11
  • 12. Which Elements Are Bottlenecks For DDoS? Internet link Stateful devices are is saturated vulnerable to DDoS (27% of the (36% of the attacks) attacks) 12
  • 13. More Organization Are Threatened by DoS 13
  • 15. AGENDA DoS – What is it about? 2011 DoS Attacks Robin Hoods or Criminals Protect Yourself – What is Missing? Radware Attack Mitigation System
  • 16. Robin Hoods or Criminals? • SONY Example – Massive DoS attack taking down the PlayStation network for hours – Initiated after filing a sue against hacker who broke PS3 protection mechanism – During attack CC data of millions of users was stolen – Anonymous involvement was partially denied 16
  • 17. Robin Hoods or Criminals? • Sic Semper Tyrannis – Long campaign against the Vatican web infrastructure – Started with a failed attempt to hack Vatican systems and databases – Continued as a massive DoS attack lasting for days, in repeating waves 17
  • 18. Robin Hoods or Criminals? • Russian Presidential Elections – During elections time in Russia, first Duma and then for Presidency ... – DDoS attacks on protestors blogs, parties websites, reporting websites etc. ““It can’t be long before we observe a DDoS attack between two political parties based on one and the same botnet.” Eugene Kaspersky (blog) 18
  • 19. Robin Hoods or Criminals? • The Israeli Case January 3rd Saudi hacker 0xOmar leaks tens of thousands Israeli credit card numbers and other personal sensitive information. January 16th 0xOmar and the Pro-Palestinian “Nightmare” hacker group sends an email to the Jerusalem Post, threatening to attack EL-AL website. EL-AL, Tel-Aviv Stock Exchange, First International Bank of Israel and Discount Bank websites are attacked and are unavailable for hours. January 17th Israeli hacker group “IDF-Team” retaliates by attacking Saudi and UAE’s Stock Exchanges websites January 18th More Israeli websites targeted: Bank of Israel website under attack 19
  • 20. Robin Hoods or Criminals? • The Israeli Case In the following weeks, dozens of Israeli web sites were attacked by Pro-Palestinian hacker groups A Cyber War emerged 20
  • 21. Robin Hoods or Criminals? "One man's terrorist is another man's freedom fighter." ? • DoS activity is considered today as illegal activity in most of the world • DoS attacks are used for launching surreptitious attack • Well known examples for criminal hacktivism 21
  • 22. AGENDA DoS – What is it about? 2011 DoS Attacks Robin Hoods or Criminals Protect Yourself – What is Missing? Radware Attack Mitigation System
  • 23. What is Missing What We Have? • Most of DDoS/DoS Attack Types are Known – Network floods, SYN floods, GET floods, Invite floods, etc. • Protection Methodologies are Known – Rate limit, Black list/haul, Authentication (Challenge), Behavioral Analysis, etc. • High Performance Mitigation Devices Exist 23
  • 24. What is Missing What is Missing? • Intelligence – In detection – application data consideration – In identification of attackers – smart algorithms and authentication methods – In mitigation – real-time dynamic filtering • Capabilities – Dealing with new challenges – further analysis, secured traffic, etc. – Experienced Human Touch – for visibility and expertise • Cooperation – On premises always-on immediate detection (including layer 7) – In-the-Cloud detection & mitigation for high rate attacks (link saturation) – More than Anti-DoS protection devices – WAF/NG-FW/IPS/Etc. 24
  • 25. What is Missing? – Exmaple Israel Attacks Example – Attackers Distribution • Usage of bots reduces Geo-IP importance d 25
  • 26. DDoS Attack Tools Become Prevalent Public Attacks LOIC Mobile LOIC webLOIC Inner Circle Attacks Network Application Low & Slow Vulnerability based Flood UDP floods Dynamic HTTP floods Slowloris Intrusion attempts SYN floods HTTPS floods Pyloris SQL Injections Fragmented floods R.U.D.Y #RefRef FIN+ACK floods XerXes 26
  • 28. Radware Attack Mitigation System (AMS) 31
  • 29. Radware end-to-end mitigation solution On-premises protection against: • Application DDoS attacks • SSL based attacks Internet • Low & Slow attacks SSL attacks ISP Core Network Protection NBA Anti-DoS IPS In-the-cloud Anti-DoS Service Attack Mitigation System Anti-DoS Attack Mitigation System In-the cloud protection against: Customer site • Volumetric bandwidth attacks 32
  • 30. Thank you Ziv Ichilov zivi@radware.com DefensePro Product Manager, Radware

Notas do Editor

  1. Orchestrated by a Brazilian guy Havittaja, these attacks were for the lulz, but also for public attention to arrested Anonymous supporters participating in last 24 months attacks, mainly in the UK and the US.
  2. What happens after the Backend server clogs depends on the type of CDN service provided, two options here:Static content still provided by CDN, dynamic content unavailable2. Service is not provided at all when backend server is not responsive