Anúncio
The Other Advanced Attacks: DNS/NTP Amplification and Careto
The Other Advanced Attacks: DNS/NTP Amplification and Careto
The Other Advanced Attacks: DNS/NTP Amplification and Careto
The Other Advanced Attacks: DNS/NTP Amplification and Careto
The Other Advanced Attacks: DNS/NTP Amplification and Careto
The Other Advanced Attacks: DNS/NTP Amplification and Careto
The Other Advanced Attacks: DNS/NTP Amplification and Careto
The Other Advanced Attacks: DNS/NTP Amplification and Careto
The Other Advanced Attacks: DNS/NTP Amplification and Careto
The Other Advanced Attacks: DNS/NTP Amplification and Careto
The Other Advanced Attacks: DNS/NTP Amplification and Careto
The Other Advanced Attacks: DNS/NTP Amplification and Careto
The Other Advanced Attacks: DNS/NTP Amplification and Careto
The Other Advanced Attacks: DNS/NTP Amplification and Careto
The Other Advanced Attacks: DNS/NTP Amplification and Careto
The Other Advanced Attacks: DNS/NTP Amplification and Careto
The Other Advanced Attacks: DNS/NTP Amplification and Careto
The Other Advanced Attacks: DNS/NTP Amplification and Careto
The Other Advanced Attacks: DNS/NTP Amplification and Careto
The Other Advanced Attacks: DNS/NTP Amplification and Careto
The Other Advanced Attacks: DNS/NTP Amplification and Careto
The Other Advanced Attacks: DNS/NTP Amplification and Careto
The Other Advanced Attacks: DNS/NTP Amplification and Careto
The Other Advanced Attacks: DNS/NTP Amplification and Careto
The Other Advanced Attacks: DNS/NTP Amplification and Careto
The Other Advanced Attacks: DNS/NTP Amplification and Careto
The Other Advanced Attacks: DNS/NTP Amplification and Careto
The Other Advanced Attacks: DNS/NTP Amplification and Careto
The Other Advanced Attacks: DNS/NTP Amplification and Careto
The Other Advanced Attacks: DNS/NTP Amplification and Careto
The Other Advanced Attacks: DNS/NTP Amplification and Careto
The Other Advanced Attacks: DNS/NTP Amplification and Careto
The Other Advanced Attacks: DNS/NTP Amplification and Careto
The Other Advanced Attacks: DNS/NTP Amplification and Careto
The Other Advanced Attacks: DNS/NTP Amplification and Careto
The Other Advanced Attacks: DNS/NTP Amplification and Careto
The Other Advanced Attacks: DNS/NTP Amplification and Careto
The Other Advanced Attacks: DNS/NTP Amplification and Careto
The Other Advanced Attacks: DNS/NTP Amplification and Careto
The Other Advanced Attacks: DNS/NTP Amplification and Careto

Check these out next

Firewall buyers-guide
Firewall buyers-guide
Andy Kwong
Issa jason dablow
Issa jason dablow
ISSA LA
Investigating, Mitigating and Preventing Cyber Attacks with Security Analytics
Investigating, Mitigating and Preventing Cyber Attacks with Security Analytics
IBMGovernmentCA
DDOS ATTACK DETECTION ON INTERNET OF THINGS USING UNSUPERVISED ALGORITHMS
DDOS ATTACK DETECTION ON INTERNET OF THINGS USING UNSUPERVISED ALGORITHMS
ijfls
Esteban Próspero
Esteban Próspero
ClusterCba
Defense in Depth: Implementing a Layered Privileged Password Security Strategy
Defense in Depth: Implementing a Layered Privileged Password Security Strategy
BeyondTrust
HIPAA 101 Compliance Threat Landscape & Best Practices
HIPAA 101 Compliance Threat Landscape & Best Practices
Hostway|HOSTING
MITRE ATT&CKcon 2.0: Flashback with ATT&CK: Exploring Malware History with AT...
MITRE ATT&CKcon 2.0: Flashback with ATT&CK: Exploring Malware History with AT...
MITRE - ATT&CKcon
1 de 40

The Other Advanced Attacks: DNS/NTP Amplification and Careto

18 de Mar de 2014
Baixar para ler offline
Tecnologia

This session gives you a list of things besides spearphishing to worry about. You may think DDoS is old hat, but there’s a new spin on how to do it every month, including (to take one example) spoofing packets sent to an amplification server. These attacks leverage misconfigured DNS and NTP services to exhaust all bandwidth available to a third party victim. We’ve also learned in the past few weeks about a threat - Careto - that has been waging cyberwar against the Internet for at least seven years. In this webcast, we explore those new threats and ways that you can better defend your organization.

Mike Chapple
Senior Director, IT Service Delivery and Concurrent Assistant Professor at University of Notre Dame em University of Notre Dame
Anúncio
Anúncio
Anúncio

Recomendados

Threat-Based Adversary Emulation with MITRE ATT&CKThreat-Based Adversary Emulation with MITRE ATT&CK
Threat-Based Adversary Emulation with MITRE ATT&CKKatie Nickels2.6K visualizações30 slides
Putting MITRE ATT&CK into Action with What You Have, Where You ArePutting MITRE ATT&CK into Action with What You Have, Where You Are
Putting MITRE ATT&CK into Action with What You Have, Where You AreKatie Nickels12.6K visualizações46 slides
Ntxissacsc5 blue 4-the-attack_life_cycle_erich_muellerNtxissacsc5 blue 4-the-attack_life_cycle_erich_mueller
Ntxissacsc5 blue 4-the-attack_life_cycle_erich_muellerNorth Texas Chapter of the ISSA410 visualizações26 slides
ShamoonShamoon
ShamoonShakacon638 visualizações22 slides
Are you ready for the next attack? Reviewing the SP Security ChecklistAre you ready for the next attack? Reviewing the SP Security Checklist
Are you ready for the next attack? Reviewing the SP Security ChecklistMyNOG1.1K visualizações23 slides
MITRE ATT&CKcon 2018: Playing Devil’s Advocate to Security Initiatives with A...MITRE ATT&CKcon 2018: Playing Devil’s Advocate to Security Initiatives with A...
MITRE ATT&CKcon 2018: Playing Devil’s Advocate to Security Initiatives with A...MITRE - ATT&CKcon3K visualizações36 slides

Mais conteúdo relacionado

Apresentações para você(20)

Firewall buyers-guideFirewall buyers-guide
Firewall buyers-guide
Andy Kwong77 visualizações
Issa jason dablowIssa jason dablow
Issa jason dablow
ISSA LA1.5K visualizações
Investigating, Mitigating and Preventing Cyber Attacks with Security AnalyticsInvestigating, Mitigating and Preventing Cyber Attacks with Security Analytics
Investigating, Mitigating and Preventing Cyber Attacks with Security Analytics
IBMGovernmentCA1.2K visualizações
DDOS ATTACK DETECTION ON INTERNET OF THINGS USING UNSUPERVISED ALGORITHMSDDOS ATTACK DETECTION ON INTERNET OF THINGS USING UNSUPERVISED ALGORITHMS
DDOS ATTACK DETECTION ON INTERNET OF THINGS USING UNSUPERVISED ALGORITHMS
ijfls71 visualizações
Esteban PrósperoEsteban Próspero
Esteban Próspero
ClusterCba952 visualizações
Defense in Depth: Implementing a Layered Privileged Password Security Strategy Defense in Depth: Implementing a Layered Privileged Password Security Strategy
Defense in Depth: Implementing a Layered Privileged Password Security Strategy
BeyondTrust869 visualizações
HIPAA 101 Compliance Threat Landscape & Best PracticesHIPAA 101 Compliance Threat Landscape & Best Practices
HIPAA 101 Compliance Threat Landscape & Best Practices
Hostway|HOSTING220 visualizações
MITRE ATT&CKcon 2.0: Flashback with ATT&CK: Exploring Malware History with AT...MITRE ATT&CKcon 2.0: Flashback with ATT&CK: Exploring Malware History with AT...
MITRE ATT&CKcon 2.0: Flashback with ATT&CK: Exploring Malware History with AT...
MITRE - ATT&CKcon3.8K visualizações
Dreaming of IoCs Adding Time Context to Threat IntelligenceDreaming of IoCs Adding Time Context to Threat Intelligence
Dreaming of IoCs Adding Time Context to Threat Intelligence
Priyanka Aash1.4K visualizações
Atelier Technique ARBOR NETWORKS ACSS 2018Atelier Technique ARBOR NETWORKS ACSS 2018
Atelier Technique ARBOR NETWORKS ACSS 2018
African Cyber Security Summit443 visualizações
PLNOG15-DNS is the root of all evil in the network. How to become a superhero...PLNOG15-DNS is the root of all evil in the network. How to become a superhero...
PLNOG15-DNS is the root of all evil in the network. How to become a superhero...
PROIDEA113 visualizações
Honey, I Stole Your C2 Server: A Dive into Attacker InfrastructureHoney, I Stole Your C2 Server: A Dive into Attacker Infrastructure
Honey, I Stole Your C2 Server: A Dive into Attacker Infrastructure
Shakacon438 visualizações
Clean dns enusClean dns enus
Clean dns enus
Bruno Guerreiro, COBIT, ITIL, MCSO, LPIC3 Security318 visualizações
How to Protect Your Organization from the Ransomware EpidemicHow to Protect Your Organization from the Ransomware Epidemic
How to Protect Your Organization from the Ransomware Epidemic
Tripwire1.6K visualizações
BSidesLV 2016 - Powershell - Hunting on the Endpoint - GerritzBSidesLV 2016 - Powershell - Hunting on the Endpoint - Gerritz
BSidesLV 2016 - Powershell - Hunting on the Endpoint - Gerritz
Christopher Gerritz9K visualizações
Combating Cyberattacks through Network Agility and AutomationCombating Cyberattacks through Network Agility and Automation
Combating Cyberattacks through Network Agility and Automation
Sagi Brody86 visualizações
Burning Down the Haystack to Find the Needle: Security Analytics in ActionBurning Down the Haystack to Find the Needle: Security Analytics in Action
Burning Down the Haystack to Find the Needle: Security Analytics in Action
Josh Sokol2K visualizações
MITRE ATT&CKcon 2018: ATT&CK: All the Things, Neelsen Cyrus and David Thompso...MITRE ATT&CKcon 2018: ATT&CK: All the Things, Neelsen Cyrus and David Thompso...
MITRE ATT&CKcon 2018: ATT&CK: All the Things, Neelsen Cyrus and David Thompso...
MITRE - ATT&CKcon8.7K visualizações
Conclusions from Tracking Server Attacks at ScaleConclusions from Tracking Server Attacks at Scale
Conclusions from Tracking Server Attacks at Scale
Guardicore1.2K visualizações
21092018-C4E-What's Next for the Net? Security, Reliability, Capability, Perf...21092018-C4E-What's Next for the Net? Security, Reliability, Capability, Perf...
21092018-C4E-What's Next for the Net? Security, Reliability, Capability, Perf...
Center for Entrepreneurship (C4E), University of Cyprus151 visualizações

Similar a The Other Advanced Attacks: DNS/NTP Amplification and Careto(20)

Yi-Lang Tsai - Cyber Security, Threat Hunting and Defence Challenge in Taiwan...Yi-Lang Tsai - Cyber Security, Threat Hunting and Defence Challenge in Taiwan...
Yi-Lang Tsai - Cyber Security, Threat Hunting and Defence Challenge in Taiwan...
REVULN219 visualizações
Cyber espionage - Tinker, taylor, soldier, spyCyber espionage - Tinker, taylor, soldier, spy
Cyber espionage - Tinker, taylor, soldier, spy
b coatesworth3.1K visualizações
Clean dns enusClean dns enus
Clean dns enus
Bruno Guerreiro, COBIT, ITIL, MCSO, LPIC3 Security120 visualizações
Avast @ Machine LearningAvast @ Machine Learning
Avast @ Machine Learning
Avast226 visualizações
CleanDNS_enUSCleanDNS_enUS
CleanDNS_enUS
Bruno Guerreiro, COBIT, ITIL, MCSO, LPIC3 Security246 visualizações
IoT DDoS Attacks: the stakes have changed IoT DDoS Attacks: the stakes have changed
IoT DDoS Attacks: the stakes have changed
Great Bay Software599 visualizações
ION Malta - Introduction to DNSSECION Malta - Introduction to DNSSEC
ION Malta - Introduction to DNSSEC
Deploy360 Programme (Internet Society)648 visualizações
Brooks18Brooks18
Brooks18
Chuck Brooks295 visualizações
The Threat Is Real. Protect Yourself.The Threat Is Real. Protect Yourself.
The Threat Is Real. Protect Yourself.
Teri Radichel1.5K visualizações
Ethical hacking Ethical hacking
Ethical hacking
Institute of Information Security (IIS)3.2K visualizações
NETSCOUT Threat Intelligence Report: Findings Summary 1st half of 2018 NETSCOUT Threat Intelligence Report: Findings Summary 1st half of 2018
NETSCOUT Threat Intelligence Report: Findings Summary 1st half of 2018
NETSCOUT99 visualizações
Solving the Visibility Gap for Effective SecuritySolving the Visibility Gap for Effective Security
Solving the Visibility Gap for Effective Security
Lancope, Inc.523 visualizações
DNS Security Presentation ISSADNS Security Presentation ISSA
DNS Security Presentation ISSA
Srikrupa Srivatsan9.6K visualizações
Using NetFlow to Streamline Security Analysis and Response to Cyber ThreatsUsing NetFlow to Streamline Security Analysis and Response to Cyber Threats
Using NetFlow to Streamline Security Analysis and Response to Cyber Threats
Emulex Corporation2K visualizações
Het ecosysteem als complete bescherming tegen cybercriminaliteit [pvh]Het ecosysteem als complete bescherming tegen cybercriminaliteit [pvh]
Het ecosysteem als complete bescherming tegen cybercriminaliteit [pvh]
Nancy Nimmegeers206 visualizações
IoT Security - Preparing for the WorstIoT Security - Preparing for the Worst
IoT Security - Preparing for the Worst
Satria Ady Pradana295 visualizações
BreakingPoint & Stonesoft RSA Conference 2011 Presentation: Evaluating IPSBreakingPoint & Stonesoft RSA Conference 2011 Presentation: Evaluating IPS
BreakingPoint & Stonesoft RSA Conference 2011 Presentation: Evaluating IPS
Ixia471 visualizações
Revealing the dark webRevealing the dark web
Revealing the dark web
Veriato56 visualizações
CrowdCasts Monthly: Going Beyond the IndicatorCrowdCasts Monthly: Going Beyond the Indicator
CrowdCasts Monthly: Going Beyond the Indicator
CrowdStrike3.6K visualizações
5 Ways To Fight A DDoS Attack5 Ways To Fight A DDoS Attack
5 Ways To Fight A DDoS Attack
RedZone Technologies2.7K visualizações
Anúncio

Último(20)

Testing SMTs? Testcontainers to the Rescue! with Fábio Sequeira & Mafalda SantosTesting SMTs? Testcontainers to the Rescue! with Fábio Sequeira & Mafalda Santos
Testing SMTs? Testcontainers to the Rescue! with Fábio Sequeira & Mafalda Santos
HostedbyConfluent0 visão
Playing with Xbox Data with Dale LanePlaying with Xbox Data with Dale Lane
Playing with Xbox Data with Dale Lane
HostedbyConfluent0 visão
Learnings From Shipping 1000+ Streaming Data Pipelines To Production with Hak...Learnings From Shipping 1000+ Streaming Data Pipelines To Production with Hak...
Learnings From Shipping 1000+ Streaming Data Pipelines To Production with Hak...
HostedbyConfluent0 visão
AI-Driven Market Research PlatformAI-Driven Market Research Platform
AI-Driven Market Research Platform
Prasanna Hegde0 visão
#StandardsGoals for 2023 Standards & certification roundup - Tech Forum 2023#StandardsGoals for 2023 Standards & certification roundup - Tech Forum 2023
#StandardsGoals for 2023 Standards & certification roundup - Tech Forum 2023
BookNet Canada0 visão
JupyChat - Michigan PythonJupyChat - Michigan Python
JupyChat - Michigan Python
Eli Wilson0 visão
Power futures.pptxPower futures.pptx
Power futures.pptx
ssuser17d4710 visão
Our Business Goals.pdfOur Business Goals.pdf
Our Business Goals.pdf
mennaHendy0 visão
Memory Matters: Drift Detection with a Low Memory Footprint for ML Models on ...Memory Matters: Drift Detection with a Low Memory Footprint for ML Models on ...
Memory Matters: Drift Detection with a Low Memory Footprint for ML Models on ...
HostedbyConfluent0 visão
A Practical Guide To End-to-End Tracing In Event Driven Architectures with Ro...A Practical Guide To End-to-End Tracing In Event Driven Architectures with Ro...
A Practical Guide To End-to-End Tracing In Event Driven Architectures with Ro...
HostedbyConfluent0 visão
Unveiling the Inner Workings of Apache Kafka® with Flamegraphs with Christo L...Unveiling the Inner Workings of Apache Kafka® with Flamegraphs with Christo L...
Unveiling the Inner Workings of Apache Kafka® with Flamegraphs with Christo L...
HostedbyConfluent0 visão
Transcript: #StandardsGoals for 2023 Standards & certification roundup - Tech...Transcript: #StandardsGoals for 2023 Standards & certification roundup - Tech...
Transcript: #StandardsGoals for 2023 Standards & certification roundup - Tech...
BookNet Canada0 visão
Safeguarding - Protecting Your Kafka from Misbehaving Clients with Tom ScottSafeguarding - Protecting Your Kafka from Misbehaving Clients with Tom Scott
Safeguarding - Protecting Your Kafka from Misbehaving Clients with Tom Scott
HostedbyConfluent0 visão
Azure Pizza as a Service ModelAzure Pizza as a Service Model
Azure Pizza as a Service Model
Carlo Sacchi0 visão
The California Age Appropriate Design Code Act Navigating the New Requirement...The California Age Appropriate Design Code Act Navigating the New Requirement...
The California Age Appropriate Design Code Act Navigating the New Requirement...
TrustArc0 visão
Digital Marketing Plan.pdfDigital Marketing Plan.pdf
Digital Marketing Plan.pdf
mennaHendy0 visão
Nanotechnology.pdfNanotechnology.pdf
Nanotechnology.pdf
shikharbhadouria0 visão
Powering Consistent, High-throughput, Real-time Distributed Calculation Engin...Powering Consistent, High-throughput, Real-time Distributed Calculation Engin...
Powering Consistent, High-throughput, Real-time Distributed Calculation Engin...
HostedbyConfluent0 visão
Intelligent, Automatic Restarts for Unhealthy Kafka Consumers on Kubernetes w...Intelligent, Automatic Restarts for Unhealthy Kafka Consumers on Kubernetes w...
Intelligent, Automatic Restarts for Unhealthy Kafka Consumers on Kubernetes w...
HostedbyConfluent0 visão
Bench, a Framework for Benchmarking Kafka Using K8s and OpenMessaging Benchma...Bench, a Framework for Benchmarking Kafka Using K8s and OpenMessaging Benchma...
Bench, a Framework for Benchmarking Kafka Using K8s and OpenMessaging Benchma...
HostedbyConfluent0 visão

The Other Advanced Attacks: DNS/NTP Amplification and Careto

  1. The Other Advanced Attacks Mike Chapple, CISSP, Ph.D. Senior Director, IT Service Delivery University of Notre Dame © TechTarget @mchapple mchapple@nd.edu
  2. Agenda 2© TechTarget • The Threat is Changing • DNS Threats • NTP DDoS Amplification • Unmasking Careto
  3. 3© TechTarget The Threat is Changing
  4. 4 Script Kiddies Are So Nineties
  5. The New Threats • Governments • Terrorist Organizations • Organized Crime 5© TechTarget
  6. 6 Cyberwarfare Is Real
  7. The Participants Are Well-Funded
  8. Inside an Iranian Nuclear Facility 8 Source: Vitaly Shmatikov And The Targets Are High Stakes
  9. 9
  10. 10 “We're glad they are having trouble with their centrifuge machine and (we) are doing everything we can to make sure that we complicate matters for them.” Gary Samore Special Assistant to the President and White House Coordinator for Arms Control and WMD
  11. Zero Day Vulnerabilities 11© TechTarget
  12. NEED VIGILANCE 12© TechTarget We Must Remain Vigilant
  13. 13© TechTarget DNS Threats
  14. Denial of Service Attacks • Send huge number of requests to a targeted server, seeking to overwhelm it • Difficult to distinguish legitimate requests from attack traffic • Several limitations for the attacker – Requires massive bandwidth – Easy for victims to block based upon IP 14© TechTarget
  15. Distributed Denial of Service Attacks • Leverage botnets to exhaust all resources on a targeted system • Difficult to distinguish legitimate requests from attack traffic 15© TechTarget
  16. Amplified DDoS Attacks • Traditional DDoS still limited by bandwidth of zombie PCs • Amplification attacks leverage the bandwidth of non-compromised intermediaries • Requires a service that sends responses that are much larger than the queries 16© TechTarget
  17. Amplification Factor • Amplification factor is the degree to which the attack is increased in size • 64 byte query resulting in a 512 byte response is an amplification factor of 8 17© TechTarget
  18. Characteristics of an Amplification Attack • Use botnets • Leverage misconfigured services • Spoof source addresses • Require connectionless protocol 18© TechTarget
  19. How DNS Should Work • DNS servers should provide domain name resolution services: 1. To the systems on an organization’s network (for all addresses) 2. To the general Internet (for public names owned by the organization) • Most DNS communications take place over UDP • Some systems are configured as “open resolvers”, answering any question from the Internet at large 19© TechTarget
  20. DNS Amplification Attack 20© TechTarget Source: Microsoft Amplification Factor of 60X
  21. Don’t Be a Relay • Ensure that you’re not an open resolver • Open Resolver Project openresolverproject.org • DNS Inspect dnsinspect.com 21© TechTarget
  22. Be a Good Internet Citizen 22© TechTarget
  23. 23© TechTarget NTP DDoS Amplification
  24. 24© TechTarget How Dangerous Can a Clock Be?
  25. NTP • Network Time Protocol used for clock synchronization • Almost three decades of operation • Relies upon UDP for sync traffic 25© TechTarget
  26. MON_GETLIST • System monitoring command • Retrieves the list of the last 600 systems that interacted with the server • Ideal for an amplification attack when used with forged source addresses 26© TechTarget
  27. Exploring MON_GETLIST 27© TechTarget Source: CloudFlare Amplification Factor up to 206X
  28. Be a Good Citizen • Upgrade NTP servers to v4.2.7p26 or later • Perform egress filtering at the firewall • Disable MONLIST and related features (see CERT VU#348126) 28© TechTarget
  29. 29© TechTarget Unmasking Careto
  30. What is Careto? • Spanish for “The Mask” • Not a single piece of code, but an advanced threat • Engaged in espionage activities since at least 2007, undetected until February 2014 • Victimized over 1,000 IPs in 31 countries • Definite Spanish flavor 30© TechTarget
  31. Naming the Beast 31© TechTarget Source: Kaspersky
  32. Who is Targeted? • Government Agencies • Energy Companies • Researchers • Private Equity Firms • Activists 32© TechTarget
  33. Initial Infection • Spear phishing messages direct users to a website – linkconf.net – redirserver.net – swupdt.com • Malware hosted in non-indexed folders on those sites 33© TechTarget
  34. Malware Bears a Digital Signature 34© TechTarget Source: Kaspersky
  35. Variety of Targets 35© TechTarget
  36. Diverse Objectives • Intercept network traffic • Perform keylogging • Monitor Skype conversations • Steal PGP keys • Analyze WiFi traffic • Perform screen captures 36© TechTarget
  37. Stolen File Types 37© TechTarget Source: Kaspersky
  38. Hides from Kaspersky AV • Exploits a 2008 vulnerability in Kaspersky • Attempts to whitelist itself to avoid detection • Vulnerability patched long ago; relying upon old copies with expired update subscriptions 38© TechTarget
  39. Protecting Against APTs • Update, update, update • Filter at the gateway and defend at the endpoint • Maintain a defense-in-depth approach that does not rely upon any single layer of control • Monitor rigorously 39© TechTarget
  40. 40 Questions? © TechTarget mchapple@nd.edu @mchapple
Anúncio