Presentation from one of the remarkable IT Security events in the Baltic States organized by “Data Security Solutions” (www.dss.lv ) Event took place in Riga, on 7th of November, 2013 and was visited by more than 400 participants at event place and more than 300 via online live streaming.
3. Ponemon Research 2012:
Cyber security threats
Cyber security threats according to risk mitigation priority
10 = Highest Priority to 1 = Lowest Priority
Denial of service (DoS)
Server side injection
Distributed denial of service (DDoS)
Viruses, worms and trojans
Malware
Botnets
Malicious insiders
Cross site scripting
Web scrapping
Phishing and social engineering
9.0
8.6
8.2
7.9
7.7
6.4
5.4
3.2
3.0
2.8
0.0
2.0
4.0
6.0
8.0
10.0
3
4. Attacks Have Become More Complex
ERT Cases – Attack Vectors
29%
29%
16%
30%
20%
16%
10%
4%
0%
7%
5-6
7-8
2011
2012
Complexity
9-10
Attacks are more complex: 2013 DoS/DDoS attacks have become more sophisticated, using
more complex attack vectors. Note the number of attacks with a complexity level of 7-10.
4
5. Botnet Evolution
To subdue the enemy without fighting is the acme of skill.
Individual Servers
Malicious software
installed on hosts and
servers (mostly located
at Russian and east
European universities),
controlled by a single entity
by direct communication.
Examples:
Trin00, TFN, Trinity
1998 - 2002
5
Botnets
Stealthy malicious
software installed mostly
on personal computers
without the owner’s
consent; controlled by a
single entity through
indirect channels
(IRC, HTTP)
Examples:
Agobot, DirtJumper,
Zemra
1998 - Present
Voluntary Botnets
Many users, at times as
part of a Hacktivist
group, willingly share their
personal computers.
Using
predetermined and
publicly available attack
tools and methods, with
an optional remote control
channel.
New Server-based
Botnets
Powerful, well
orchestrated
attacks, using a
geographically spread
server infrastructure. Few
attacking servers generate
the same impact as
hundreds of clients.
Examples:
LOIC, HOIC
2010 - Present
2012
7. It is cheap!
Current prices on the Russian underground market:
Hacking corporate mailbox: $500
Winlocker ransomware: $10-$20
Unintelligent exploit bundle: $25
Intelligent exploit bundle: $10-$3,000
Basic crypter (for inserting rogue code into benign file): $10-$30
SOCKS bot (to get around firewalls): $100
Hiring a DDoS attack: $30-$70 / day, $1,200 / month
Botnet: $200 for 2,000 bots
DDoS Botnet: $700
ZeuS source code: $200-$250
Windows rootkit (for installing malicious drivers): $292
Hacking Facebook or Twitter account: $130
Hacking Gmail account: $162
Email spam: $10 per one million emails
Email scam (using customer database): $50-$500 per one million emails
7
8. • Lithuania – just weeks before becoming a chairman of EU
(1.07.2013) – DDoS attack on a news website resulted by
harming Internet for the entire country. New waves of the
attack are coming every several weeks on governmental
and private sites using 7-8 different attack vectors
• In July new DDoS protection system from Radware
installed and protecting sites with coverage of Emergency
Response Team
8
9. • Russia – Anonymous Caucasus attacking all major banks
(Central Bank, Sberbank, VTB, Alfa, Gazprombank) a
month ago
• Old fashion systems/services they used before that
Russia – Anonymous Caucasus attacking
(IPS, IDS, DDoS, NG Firewalls, Kaspersky etc) were
all major banks (Central Bank,
unable to stop the attacks
9
10. • US – Op Ababil – all major banks were attacked in multiple
waves by Iranian and Arab fundamentalists since 0912
• 5-6 vectors per attack including TCP, UDP, HTTP, HTTPS
floods, DNS amplification attacks etc
• Old fashion systems they used before that
(IPS, IDS, DDoS, NG Firewalls, etc) were unable to stop
the attacks
• Radware DDoS protection was installed in march – just
before 3rd wave of attack and stopped 3rd and 4th waves
10
11. • Attacks become more complex!
• Attacks become longer!
• More financially motivated attacks, but at the
same time more politically motivated attacks
on government and private organizations !
You never know if you are on sight of future
attack!
11
13. Old fashion systems are volnurable
Firewall, IPS (even NG) cannot stop DDoS !
Radware Confidential Jan 2012
13
14. Mapping Security Protection Tools
In the cloud DDoS protection
DoS protection
Behavioral analysis
SSL protection
IPS
WAF
UDP Garbage flood on ports 80 and 443
ICMP flood attacks
To fight back you need:
SYN/TCP OOS flood attacks
• An integrated solution with all security technologies
Server cracking attacks
Business
• Mitigate attacks beyond the perimeter
SSL/TLS negotiation attacks
HTTP flood attack
HTTPS flood attack
Web attacks: XSS, SQL Injection, Brute force
14
19. US Banks Under Attack: AMS Deployment
• Mitigate all type of
DDoS attacks
• Mitigate SSL attacks
Alteon
AppWall
DefensePro
• Mitigate web
application explits
Application Infrastructure
19
21. Top Account Wins in Every Segment
Online
Businesses
Critical
Infrastructure
Carrier/ISP DDoS
Mitigation Service
Radware is THE leader in the DDoS
Hosting
Cloud
protection market.
Scrubbers
Carrier
Backbone
21
Now I will review Radware attack mitigation system.
Now I will review Radware attack mitigation system.
Now I will review Radware attack mitigation system.
The application infrastructure is targeted at all layers - with network flood attacks consuming network resources, syn flood attacks and server cracking targeting server resources and TCP/IP stack vulnerabilities; and application vulnerability exploits and application flooding targeting the application resources. All or part of these vectors results with the same impact – service slow down or shut down.To mitigate the multi vector attack campaign you need multiple protection tools:In the cloud dos mitigation – to remove volumetric network floodsDoS protection – to detect and mitigate SYN flood attacks and lower volume network attacksBehavioral Analysis – to detect anomalous traffic patterns such as server cracking and application misuse attacksSSL protection – to detect and mitigate encrypted flood attacksIPS – to block known attack toolsAnd Web application firewall – to prevent web application vulnerability exploitationsBut multiple protection modules also require multiple vendors….
Except for Radware attack mitigation system, which provides Anti-DoS, network behavioral analysis, SSL defense, IPS, WAF and in the cloud DoS mitigation in one integrated system, supported on dedicated hardware designed to fight multiple attack types in parallel.To mitigate network attacks that threaten to saturate the internet pipe we have launch this year DefensePipe – an in the cloud DDoS scrubbing service that work in sync with the on premse AMS solution.The system is accompanies with central monitoring and reporting system to provide unified situational awareness.In the case of a long lasting attack campaign where the system cannot mitigate all attack vectors out of the box – we provide the support of Radware ERT – a 24 by 7 team of security experts that help customer under attack in real time to fight back and restore operational status.
Now lets see where does AMS fit – where are your key business opportunities.
The top retailers, financial service providers, government and telcos have one common need: fight availability-based attacks. All selected Radware for their attack mitigation solution.Why Radware AMS? Because we are the only vendor to offer:Scalable solution that offers the widest security coverageImmediate mitigation response time ERT - Single contact point during an attack
The top retailers, financialsrvice providers, government and telcos have one common need: fight availability-based attacks. All selected Radware for their attack mitigation solution.Why Radware AMS? Because we are the only vendor to offer:Scalable solution that offers the widest security coverageImmediate mitigation response time ERT - Single contact point during an attack